From fb98beff970c9cf70db6f7c237c4ebdcf436e12a Mon Sep 17 00:00:00 2001 From: =?utf8?q?Elan=20Ruusam=C3=A4e?= Date: Mon, 10 Oct 2011 19:36:37 +0000 Subject: [PATCH] - add bunch of bug and cve backports from 5.3 by centalt (php-5.2.17-7.el5.src.rpm) Changed files: php-5.2.17-CVE-2011-0708.patch -> 1.1.2.1 php-5.2.17-CVE-2011-1092.patch -> 1.1.2.1 php-5.2.17-CVE-2011-1148.patch -> 1.1.2.1 php-5.2.17-CVE-2011-1938.patch -> 1.1.2.1 php-5.2.17-CVE-2011-2202.patch -> 1.1.2.1 php-5.2.17-bug-39847.patch -> 1.1.2.1 php-5.2.17-bug-48484.patch -> 1.1.2.1 php-5.2.17-bug-49072.patch -> 1.1.2.1 php-5.2.17-bug-52063.patch -> 1.1.2.1 php-5.2.17-bug-55082.patch -> 1.1.2.1 php-5.3.6-39199.patch -> 1.1.2.1 php-5.3.6-bug-47435.patch -> 1.1.2.1 php-5.3.6-bug-48607.patch -> 1.1.2.1 php-5.3.6-bug-51336.patch -> 1.1.2.1 php-5.3.6-bug-52209.patch -> 1.1.2.1 php-5.3.6-bug-52290.patch -> 1.1.2.1 php-5.3.6-bug-53150.patch -> 1.1.2.1 php-5.3.6-bug-53377.patch -> 1.1.2.1 php-5.3.6-bug-53515.patch -> 1.1.2.1 php-5.3.6-bug-53568.patch -> 1.1.2.1 php-5.3.6-bug-53574.patch -> 1.1.2.1 php-5.3.6-bug-53577.patch -> 1.1.2.1 php-5.3.6-bug-53579.patch -> 1.1.2.1 php-5.3.6-bug-53603.patch -> 1.1.2.1 php-5.3.6-bug-53630.patch -> 1.1.2.1 php-5.3.6-bug-53854.patch -> 1.1.2.1 php-5.3.6-bug-53903.patch -> 1.1.2.1 php-5.3.6-bug-53924.patch -> 1.1.2.1 php-5.3.6-bug-54055.patch -> 1.1.2.1 php-5.3.6-bug-54089.patch -> 1.1.2.1 php-5.3.6-bug-54092.patch -> 1.1.2.1 php-5.3.7-bug-48465.patch -> 1.1.2.1 php-5.3.7-bug-50363.patch -> 1.1.2.1 php-5.3.7-bug-51958.patch -> 1.1.2.1 php-5.3.7-bug-51997.patch -> 1.1.2.1 php-5.3.7-bug-52104.patch -> 1.1.2.1 php-5.3.7-bug-52496.patch -> 1.1.2.1 php-5.3.7-bug-52935.patch -> 1.1.2.1 php-5.3.7-bug-53037.patch -> 1.1.2.1 php-5.3.7-bug-53782.patch -> 1.1.2.1 php-5.3.7-bug-53848.patch -> 1.1.2.1 php-5.3.7-bug-54121.patch -> 1.1.2.1 php-5.3.7-bug-54137.patch -> 1.1.2.1 php-5.3.7-bug-54180.patch -> 1.1.2.1 php-5.3.7-bug-54221.patch -> 1.1.2.1 php-5.3.7-bug-54242.patch -> 1.1.2.1 php-5.3.7-bug-54269.patch -> 1.1.2.1 php-5.3.7-bug-54312.patch -> 1.1.2.1 php-5.3.7-bug-54318.patch -> 1.1.2.1 php-5.3.7-bug-54329.patch -> 1.1.2.1 php-5.3.7-bug-54440.patch -> 1.1.2.1 php-5.3.7-bug-54494.patch -> 1.1.2.1 php-5.3.7-bug-54529.patch -> 1.1.2.1 php-5.3.7-bug-54601.patch -> 1.1.2.1 php-5.3.7-bug-54946.patch -> 1.1.2.1 php-5.3.7-bug-55014.patch -> 1.1.2.1 php-5.3.7-bug-55323.patch -> 1.1.2.1 php-5.3.7-bug-55399.patch -> 1.1.2.1 php.spec -> 1.805.2.91 --- php-5.2.17-CVE-2011-0708.patch | 52 +++++++++++ php-5.2.17-CVE-2011-1092.patch | 11 +++ php-5.2.17-CVE-2011-1148.patch | 159 +++++++++++++++++++++++++++++++++ php-5.2.17-CVE-2011-1938.patch | 14 +++ php-5.2.17-CVE-2011-2202.patch | 21 +++++ php-5.2.17-bug-39847.patch | 21 +++++ php-5.2.17-bug-48484.patch | 18 ++++ php-5.2.17-bug-49072.patch | 28 ++++++ php-5.2.17-bug-52063.patch | 21 +++++ php-5.2.17-bug-55082.patch | 35 ++++++++ php-5.3.6-39199.patch | 57 ++++++++++++ php-5.3.6-bug-47435.patch | 45 ++++++++++ php-5.3.6-bug-48607.patch | 38 ++++++++ php-5.3.6-bug-51336.patch | 11 +++ php-5.3.6-bug-52209.patch | 11 +++ php-5.3.6-bug-52290.patch | 10 +++ php-5.3.6-bug-53150.patch | 24 +++++ php-5.3.6-bug-53377.patch | 11 +++ php-5.3.6-bug-53515.patch | 38 ++++++++ php-5.3.6-bug-53568.patch | 14 +++ php-5.3.6-bug-53574.patch | 52 +++++++++++ php-5.3.6-bug-53577.patch | 16 ++++ php-5.3.6-bug-53579.patch | 10 +++ php-5.3.6-bug-53603.patch | 20 +++++ php-5.3.6-bug-53630.patch | 11 +++ php-5.3.6-bug-53854.patch | 15 ++++ php-5.3.6-bug-53903.patch | 10 +++ php-5.3.6-bug-53924.patch | 39 ++++++++ php-5.3.6-bug-54055.patch | 77 ++++++++++++++++ php-5.3.6-bug-54089.patch | 13 +++ php-5.3.6-bug-54092.patch | 122 +++++++++++++++++++++++++ php-5.3.7-bug-48465.patch | 19 ++++ php-5.3.7-bug-50363.patch | 26 ++++++ php-5.3.7-bug-51958.patch | 60 +++++++++++++ php-5.3.7-bug-51997.patch | 11 +++ php-5.3.7-bug-52104.patch | 14 +++ php-5.3.7-bug-52496.patch | 11 +++ php-5.3.7-bug-52935.patch | 27 ++++++ php-5.3.7-bug-53037.patch | 25 ++++++ php-5.3.7-bug-53782.patch | 15 ++++ php-5.3.7-bug-53848.patch | 41 +++++++++ php-5.3.7-bug-54121.patch | 11 +++ php-5.3.7-bug-54137.patch | 10 +++ php-5.3.7-bug-54180.patch | 13 +++ php-5.3.7-bug-54221.patch | 11 +++ php-5.3.7-bug-54242.patch | 11 +++ php-5.3.7-bug-54269.patch | 11 +++ php-5.3.7-bug-54312.patch | 16 ++++ php-5.3.7-bug-54318.patch | 12 +++ php-5.3.7-bug-54329.patch | 11 +++ php-5.3.7-bug-54440.patch | 13 +++ php-5.3.7-bug-54494.patch | 15 ++++ php-5.3.7-bug-54529.patch | 20 +++++ php-5.3.7-bug-54601.patch | 18 ++++ php-5.3.7-bug-54946.patch | 12 +++ php-5.3.7-bug-55014.patch | 19 ++++ php-5.3.7-bug-55323.patch | 69 ++++++++++++++ php-5.3.7-bug-55399.patch | 13 +++ php.spec | 128 +++++++++++++++++++++++++- 59 files changed, 1685 insertions(+), 1 deletion(-) create mode 100644 php-5.2.17-CVE-2011-0708.patch create mode 100644 php-5.2.17-CVE-2011-1092.patch create mode 100644 php-5.2.17-CVE-2011-1148.patch create mode 100644 php-5.2.17-CVE-2011-1938.patch create mode 100644 php-5.2.17-CVE-2011-2202.patch create mode 100644 php-5.2.17-bug-39847.patch create mode 100644 php-5.2.17-bug-48484.patch create mode 100644 php-5.2.17-bug-49072.patch create mode 100644 php-5.2.17-bug-52063.patch create mode 100644 php-5.2.17-bug-55082.patch create mode 100644 php-5.3.6-39199.patch create mode 100644 php-5.3.6-bug-47435.patch create mode 100644 php-5.3.6-bug-48607.patch create mode 100644 php-5.3.6-bug-51336.patch create mode 100644 php-5.3.6-bug-52209.patch create mode 100644 php-5.3.6-bug-52290.patch create mode 100644 php-5.3.6-bug-53150.patch create mode 100644 php-5.3.6-bug-53377.patch create mode 100644 php-5.3.6-bug-53515.patch create mode 100644 php-5.3.6-bug-53568.patch create mode 100644 php-5.3.6-bug-53574.patch create mode 100644 php-5.3.6-bug-53577.patch create mode 100644 php-5.3.6-bug-53579.patch create mode 100644 php-5.3.6-bug-53603.patch create mode 100644 php-5.3.6-bug-53630.patch create mode 100644 php-5.3.6-bug-53854.patch create mode 100644 php-5.3.6-bug-53903.patch create mode 100644 php-5.3.6-bug-53924.patch create mode 100644 php-5.3.6-bug-54055.patch create mode 100644 php-5.3.6-bug-54089.patch create mode 100644 php-5.3.6-bug-54092.patch create mode 100644 php-5.3.7-bug-48465.patch create mode 100644 php-5.3.7-bug-50363.patch create mode 100644 php-5.3.7-bug-51958.patch create mode 100644 php-5.3.7-bug-51997.patch create mode 100644 php-5.3.7-bug-52104.patch create mode 100644 php-5.3.7-bug-52496.patch create mode 100644 php-5.3.7-bug-52935.patch create mode 100644 php-5.3.7-bug-53037.patch create mode 100644 php-5.3.7-bug-53782.patch create mode 100644 php-5.3.7-bug-53848.patch create mode 100644 php-5.3.7-bug-54121.patch create mode 100644 php-5.3.7-bug-54137.patch create mode 100644 php-5.3.7-bug-54180.patch create mode 100644 php-5.3.7-bug-54221.patch create mode 100644 php-5.3.7-bug-54242.patch create mode 100644 php-5.3.7-bug-54269.patch create mode 100644 php-5.3.7-bug-54312.patch create mode 100644 php-5.3.7-bug-54318.patch create mode 100644 php-5.3.7-bug-54329.patch create mode 100644 php-5.3.7-bug-54440.patch create mode 100644 php-5.3.7-bug-54494.patch create mode 100644 php-5.3.7-bug-54529.patch create mode 100644 php-5.3.7-bug-54601.patch create mode 100644 php-5.3.7-bug-54946.patch create mode 100644 php-5.3.7-bug-55014.patch create mode 100644 php-5.3.7-bug-55323.patch create mode 100644 php-5.3.7-bug-55399.patch diff --git a/php-5.2.17-CVE-2011-0708.patch b/php-5.2.17-CVE-2011-0708.patch new file mode 100644 index 0000000..564c25e --- /dev/null +++ b/php-5.2.17-CVE-2011-0708.patch @@ -0,0 +1,52 @@ +--- PHP_5_3/ext/exif/exif.c 2011/02/14 08:46:53 308315 ++++ PHP_5_3/ext/exif/exif.c 2011/02/14 09:08:44 308316 +@@ -40,6 +40,10 @@ + #include "php.h" + #include "ext/standard/file.h" + ++#ifdef PHP_WIN32 ++include "win32/php_stdint.h" ++#endif ++ + #if HAVE_EXIF + + /* When EXIF_DEBUG is defined the module generates a lot of debug messages +@@ -2821,6 +2825,7 @@ + int tag, format, components; + char *value_ptr, tagname[64], cbuf[32], *outside=NULL; + size_t byte_count, offset_val, fpos, fgot; ++ int64_t byte_count_signed; + xp_field_type *tmp_xp; + #ifdef EXIF_DEBUG + char *dump_data; +@@ -2845,13 +2850,20 @@ + /*return TRUE;*/ + } + +- byte_count = components * php_tiff_bytes_per_format[format]; ++ if (components < 0) { ++ exif_error_docref("exif_read_data#error_ifd" EXIFERR_CC, ImageInfo, E_WARNING, "Process tag(x%04X=%s): Illegal byte_count(%ld)", tag, exif_get_tagname(tag, tagname, -12, tag_table TSRMLS_CC), byte_count); ++ return FALSE; ++ } ++ ++ byte_count_signed = (int64_t)components * php_tiff_bytes_per_format[format]; + +- if ((ssize_t)byte_count < 0) { ++ if (byte_count_signed < 0 || (byte_count_signed > 2147483648)) { + exif_error_docref("exif_read_data#error_ifd" EXIFERR_CC, ImageInfo, E_WARNING, "Process tag(x%04X=%s): Illegal byte_count(%ld)", tag, exif_get_tagname(tag, tagname, -12, tag_table TSRMLS_CC), byte_count); + return FALSE; + } + ++ byte_count = (size_t)byte_count_signed; ++ + if (byte_count > 4) { + offset_val = php_ifd_get32u(dir_entry+8, ImageInfo->motorola_intel); + /* If its bigger than 4 bytes, the dir entry contains an offset. */ +@@ -2916,6 +2928,7 @@ + efree(dump_data); + } + #endif ++ + if (section_index==SECTION_THUMBNAIL) { + if (!ImageInfo->Thumbnail.data) { + switch(tag) { diff --git a/php-5.2.17-CVE-2011-1092.patch b/php-5.2.17-CVE-2011-1092.patch new file mode 100644 index 0000000..4ef65d9 --- /dev/null +++ b/php-5.2.17-CVE-2011-1092.patch @@ -0,0 +1,11 @@ +--- PHP_5_3/ext/shmop/shmop.c 2011/01/01 02:19:59 306939 ++++ PHP_5_3/ext/shmop/shmop.c 2011/03/08 13:11:14 309018 +@@ -256,7 +256,7 @@ + RETURN_FALSE; + } + +- if (start + count > shmop->size || count < 0) { ++ if (count < 0 || start > (INT_MAX - count) || start + count > shmop->size) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "count is out of range"); + RETURN_FALSE; + } diff --git a/php-5.2.17-CVE-2011-1148.patch b/php-5.2.17-CVE-2011-1148.patch new file mode 100644 index 0000000..2bd8b4a --- /dev/null +++ b/php-5.2.17-CVE-2011-1148.patch @@ -0,0 +1,159 @@ +--- PHP_5_3/ext/standard/string.c 2011/04/13 03:32:19 310193 ++++ PHP_5_3/ext/standard/string.c 2011/04/13 06:32:41 310194 +@@ -2352,20 +2352,35 @@ + + zend_hash_internal_pointer_reset_ex(Z_ARRVAL_PP(str), &pos_str); + while (zend_hash_get_current_data_ex(Z_ARRVAL_PP(str), (void **) &tmp_str, &pos_str) == SUCCESS) { +- convert_to_string_ex(tmp_str); ++ zval *orig_str; ++ zval dummy; ++ if(Z_TYPE_PP(tmp_str) != IS_STRING) { ++ dummy = **tmp_str; ++ orig_str = &dummy; ++ zval_copy_ctor(orig_str); ++ convert_to_string(orig_str); ++ } else { ++ orig_str = *tmp_str; ++ } + + if (Z_TYPE_PP(from) == IS_ARRAY) { + if (SUCCESS == zend_hash_get_current_data_ex(Z_ARRVAL_PP(from), (void **) &tmp_from, &pos_from)) { +- convert_to_long_ex(tmp_from); ++ if(Z_TYPE_PP(tmp_from) != IS_LONG) { ++ zval dummy = **tmp_from; ++ zval_copy_ctor(&dummy); ++ convert_to_long(&dummy); ++ f = Z_LVAL(dummy); ++ } else { ++ f = Z_LVAL_PP(tmp_from); ++ } + +- f = Z_LVAL_PP(tmp_from); + if (f < 0) { +- f = Z_STRLEN_PP(tmp_str) + f; ++ f = Z_STRLEN_P(orig_str) + f; + if (f < 0) { + f = 0; + } +- } else if (f > Z_STRLEN_PP(tmp_str)) { +- f = Z_STRLEN_PP(tmp_str); ++ } else if (f > Z_STRLEN_P(orig_str)) { ++ f = Z_STRLEN_P(orig_str); + } + zend_hash_move_forward_ex(Z_ARRVAL_PP(from), &pos_from); + } else { +@@ -2374,72 +2389,94 @@ + } else { + f = Z_LVAL_PP(from); + if (f < 0) { +- f = Z_STRLEN_PP(tmp_str) + f; ++ f = Z_STRLEN_P(orig_str) + f; + if (f < 0) { + f = 0; + } +- } else if (f > Z_STRLEN_PP(tmp_str)) { +- f = Z_STRLEN_PP(tmp_str); ++ } else if (f > Z_STRLEN_P(orig_str)) { ++ f = Z_STRLEN_P(orig_str); + } + } + + if (argc > 3 && Z_TYPE_PP(len) == IS_ARRAY) { + if (SUCCESS == zend_hash_get_current_data_ex(Z_ARRVAL_PP(len), (void **) &tmp_len, &pos_len)) { +- convert_to_long_ex(tmp_len); ++ if(Z_TYPE_PP(tmp_len) != IS_LONG) { ++ zval dummy = **tmp_len; ++ zval_copy_ctor(&dummy); ++ convert_to_long(&dummy); ++ l = Z_LVAL(dummy); ++ } else { ++ l = Z_LVAL_PP(tmp_len); ++ } + + l = Z_LVAL_PP(tmp_len); + zend_hash_move_forward_ex(Z_ARRVAL_PP(len), &pos_len); + } else { +- l = Z_STRLEN_PP(tmp_str); ++ l = Z_STRLEN_P(orig_str); + } + } else if (argc > 3) { + l = Z_LVAL_PP(len); + } else { +- l = Z_STRLEN_PP(tmp_str); ++ l = Z_STRLEN_P(orig_str); + } + + if (l < 0) { +- l = (Z_STRLEN_PP(tmp_str) - f) + l; ++ l = (Z_STRLEN_P(orig_str) - f) + l; + if (l < 0) { + l = 0; + } + } + +- if ((f + l) > Z_STRLEN_PP(tmp_str)) { +- l = Z_STRLEN_PP(tmp_str) - f; ++ if ((f + l) > Z_STRLEN_P(orig_str)) { ++ l = Z_STRLEN_P(orig_str) - f; + } + +- result_len = Z_STRLEN_PP(tmp_str) - l; ++ result_len = Z_STRLEN_P(orig_str) - l; + + if (Z_TYPE_PP(repl) == IS_ARRAY) { + if (SUCCESS == zend_hash_get_current_data_ex(Z_ARRVAL_PP(repl), (void **) &tmp_repl, &pos_repl)) { +- convert_to_string_ex(tmp_repl); +- result_len += Z_STRLEN_PP(tmp_repl); ++ zval *repl_str; ++ zval zrepl; ++ if(Z_TYPE_PP(tmp_repl) != IS_STRING) { ++ zrepl = **tmp_repl; ++ repl_str = &zrepl; ++ zval_copy_ctor(repl_str); ++ convert_to_string(repl_str); ++ } else { ++ repl_str = *tmp_repl; ++ } ++ ++ result_len += Z_STRLEN_P(repl_str); + zend_hash_move_forward_ex(Z_ARRVAL_PP(repl), &pos_repl); + result = emalloc(result_len + 1); + +- memcpy(result, Z_STRVAL_PP(tmp_str), f); +- memcpy((result + f), Z_STRVAL_PP(tmp_repl), Z_STRLEN_PP(tmp_repl)); +- memcpy((result + f + Z_STRLEN_PP(tmp_repl)), Z_STRVAL_PP(tmp_str) + f + l, Z_STRLEN_PP(tmp_str) - f - l); ++ memcpy(result, Z_STRVAL_P(orig_str), f); ++ memcpy((result + f), Z_STRVAL_P(repl_str), Z_STRLEN_P(repl_str)); ++ memcpy((result + f + Z_STRLEN_P(repl_str)), Z_STRVAL_P(orig_str) + f + l, Z_STRLEN_P(orig_str) - f - l); ++ if(Z_TYPE_PP(tmp_repl) != IS_STRING) { ++ zval_dtor(repl_str); ++ } + } else { + result = emalloc(result_len + 1); + +- memcpy(result, Z_STRVAL_PP(tmp_str), f); +- memcpy((result + f), Z_STRVAL_PP(tmp_str) + f + l, Z_STRLEN_PP(tmp_str) - f - l); ++ memcpy(result, Z_STRVAL_P(orig_str), f); ++ memcpy((result + f), Z_STRVAL_P(orig_str) + f + l, Z_STRLEN_P(orig_str) - f - l); + } + } else { + result_len += Z_STRLEN_PP(repl); + + result = emalloc(result_len + 1); + +- memcpy(result, Z_STRVAL_PP(tmp_str), f); ++ memcpy(result, Z_STRVAL_P(orig_str), f); + memcpy((result + f), Z_STRVAL_PP(repl), Z_STRLEN_PP(repl)); +- memcpy((result + f + Z_STRLEN_PP(repl)), Z_STRVAL_PP(tmp_str) + f + l, Z_STRLEN_PP(tmp_str) - f - l); ++ memcpy((result + f + Z_STRLEN_PP(repl)), Z_STRVAL_P(orig_str) + f + l, Z_STRLEN_P(orig_str) - f - l); + } + + result[result_len] = '\0'; + add_next_index_stringl(return_value, result, result_len, 0); +- ++ if(Z_TYPE_PP(tmp_str) != IS_STRING) { ++ zval_dtor(orig_str); ++ } + zend_hash_move_forward_ex(Z_ARRVAL_PP(str), &pos_str); + } /*while*/ + } /* if */ diff --git a/php-5.2.17-CVE-2011-1938.patch b/php-5.2.17-CVE-2011-1938.patch new file mode 100644 index 0000000..55aa3d9 --- /dev/null +++ b/php-5.2.17-CVE-2011-1938.patch @@ -0,0 +1,14 @@ +diff -up php-5.2.17/ext/sockets/sockets.c.CVE-2011-1938 php-5.2.17/ext/sockets/sockets.c +--- php-5.2.17/ext/sockets/sockets.c.CVE-2011-1938 2011-08-19 08:40:08.000000000 +0700 ++++ php-5.2.17/ext/sockets/sockets.c 2011-08-19 08:41:11.000000000 +0700 +@@ -1176,6 +1176,10 @@ PHP_FUNCTION(socket_connect) + break; + + case AF_UNIX: ++ if (addr_len >= sizeof(s_un.sun_path)) { ++ php_error_docref(NULL TSRMLS_CC, E_WARNING, "Path too long", php_sock->type); ++ RETURN_FALSE; ++ } + memset(&s_un, 0, sizeof(struct sockaddr_un)); + + s_un.sun_family = AF_UNIX; diff --git a/php-5.2.17-CVE-2011-2202.patch b/php-5.2.17-CVE-2011-2202.patch new file mode 100644 index 0000000..8250097 --- /dev/null +++ b/php-5.2.17-CVE-2011-2202.patch @@ -0,0 +1,21 @@ +diff -up php-5.2.17/main/rfc1867.c.orig php-5.2.17/main/rfc1867.c +--- php-5.2.17/main/rfc1867.c.orig 2011-08-19 08:33:09.000000000 +0700 ++++ php-5.2.17/main/rfc1867.c 2011-08-19 08:34:29.000000000 +0700 +@@ -1215,7 +1215,7 @@ filedone: + #endif + + if (!is_anonymous) { +- if (s && s > filename) { ++ if (s && s >= filename) { + safe_php_register_variable(lbuf, s+1, strlen(s+1), NULL, 0 TSRMLS_CC); + } else { + safe_php_register_variable(lbuf, filename, strlen(filename), NULL, 0 TSRMLS_CC); +@@ -1228,7 +1228,7 @@ filedone: + } else { + snprintf(lbuf, llen, "%s[name]", param); + } +- if (s && s > filename) { ++ if (s && s >= filename) { + register_http_post_files_variable(lbuf, s+1, http_post_files, 0 TSRMLS_CC); + } else { + register_http_post_files_variable(lbuf, filename, http_post_files, 0 TSRMLS_CC); diff --git a/php-5.2.17-bug-39847.patch b/php-5.2.17-bug-39847.patch new file mode 100644 index 0000000..ca3305c --- /dev/null +++ b/php-5.2.17-bug-39847.patch @@ -0,0 +1,21 @@ +diff -up php-5.2.17/ext/mysqli/mysqli_api.c.bug-39847 php-5.2.17/ext/mysqli/mysqli_api.c +--- php-5.2.17/ext/mysqli/mysqli_api.c.bug-39847 2010-04-21 19:52:24.000000000 +0700 ++++ php-5.2.17/ext/mysqli/mysqli_api.c 2011-08-28 11:33:15.000000000 +0700 +@@ -795,6 +795,8 @@ PHP_FUNCTION(mysqli_fetch_field) + add_property_string(return_value, "orgname",(field->org_name ? field->org_name : ""), 1); + add_property_string(return_value, "table",(field->table ? field->table : ""), 1); + add_property_string(return_value, "orgtable",(field->org_table ? field->org_table : ""), 1); ++ add_property_string(return_value, "db",(field->db ? field->db : ""), 1); ++ add_property_string(return_value, "catalog",(field->catalog ? field->catalog : ""), 1); + add_property_string(return_value, "def",(field->def ? field->def : ""), 1); + add_property_long(return_value, "max_length", field->max_length); + add_property_long(return_value, "length", field->length); +@@ -878,6 +880,8 @@ PHP_FUNCTION(mysqli_fetch_field_direct) + add_property_string(return_value, "orgname",(field->org_name ? field->org_name : ""), 1); + add_property_string(return_value, "table",(field->table ? field->table : ""), 1); + add_property_string(return_value, "orgtable",(field->org_table ? field->org_table : ""), 1); ++ add_property_string(return_value, "db",(field->db ? field->db : ""), 1); ++ add_property_string(return_value, "catalog",(field->catalog ? field->catalog : ""), 1); + add_property_string(return_value, "def",(field->def ? field->def : ""), 1); + add_property_long(return_value, "max_length", field->max_length); + add_property_long(return_value, "length", field->length); diff --git a/php-5.2.17-bug-48484.patch b/php-5.2.17-bug-48484.patch new file mode 100644 index 0000000..b9fe81f --- /dev/null +++ b/php-5.2.17-bug-48484.patch @@ -0,0 +1,18 @@ +diff -up php-5.2.17/ext/standard/array.c.bug-48484 php-5.2.17/ext/standard/array.c +--- php-5.2.17/ext/standard/array.c.bug-48484 2010-11-20 04:06:44.000000000 +0600 ++++ php-5.2.17/ext/standard/array.c 2011-08-28 00:21:52.000000000 +0700 +@@ -4368,11 +4368,11 @@ PHP_FUNCTION(array_product) + php_error_docref(NULL TSRMLS_CC, E_WARNING, "The argument should be an array"); + return; + } +- ++ ++ ZVAL_LONG(return_value, 1); + if (!zend_hash_num_elements(Z_ARRVAL_PP(input))) { +- RETURN_LONG(0); ++ return; + } +- ZVAL_LONG(return_value, 1); + + for (zend_hash_internal_pointer_reset_ex(Z_ARRVAL_PP(input), &pos); + zend_hash_get_current_data_ex(Z_ARRVAL_PP(input), (void **)&entry, &pos) == SUCCESS; diff --git a/php-5.2.17-bug-49072.patch b/php-5.2.17-bug-49072.patch new file mode 100644 index 0000000..b2a1689 --- /dev/null +++ b/php-5.2.17-bug-49072.patch @@ -0,0 +1,28 @@ +diff -up php-5.2.17/ext/zip/zip_stream.c.bug-49072 php-5.2.17/ext/zip/zip_stream.c +--- php-5.2.17/ext/zip/zip_stream.c.bug-49072 2011-08-28 14:06:52.000000000 +0700 ++++ php-5.2.17/ext/zip/zip_stream.c 2011-08-28 14:09:41.000000000 +0700 +@@ -34,7 +34,7 @@ static size_t php_zip_ops_read(php_strea + STREAM_DATA_FROM_STREAM(); + + if (self->za && self->zf) { +- n = (size_t)zip_fread(self->zf, buf, (int)count); ++ n = zip_fread(self->zf, buf, count); + if (n < 0) { + int ze, se; + zip_file_error_get(self->zf, &ze, &se); +@@ -42,13 +42,13 @@ static size_t php_zip_ops_read(php_strea + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Zip stream error: %s", zip_file_strerror(self->zf)); + return 0; + } +- if (n == 0 || n < count) { ++ if (n == 0 || n < (ssize_t)count) { + stream->eof = 1; + } else { + self->cursor += n; + } + } +- return n<1 ? 0 : n; ++ return (n < 1 ? 0 : (size_t)n); + } + /* }}} */ + diff --git a/php-5.2.17-bug-52063.patch b/php-5.2.17-bug-52063.patch new file mode 100644 index 0000000..255552e --- /dev/null +++ b/php-5.2.17-bug-52063.patch @@ -0,0 +1,21 @@ +diff -up php-5.2.17/ext/date/php_date.c.bug-52063 php-5.2.17/ext/date/php_date.c +--- php-5.2.17/ext/date/php_date.c.bug-52063 2011-08-28 09:44:11.000000000 +0700 ++++ php-5.2.17/ext/date/php_date.c 2011-08-28 09:45:09.000000000 +0700 +@@ -1778,7 +1778,7 @@ PHP_FUNCTION(date_create) + char *time_str = NULL; + int time_str_len = 0; + +- if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "|sO", &time_str, &time_str_len, &timezone_object, date_ce_timezone) == FAILURE) { ++ if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "|sO!", &time_str, &time_str_len, &timezone_object, date_ce_timezone) == FAILURE) { + RETURN_FALSE; + } + +@@ -1799,7 +1799,7 @@ PHP_METHOD(DateTime, __construct) + int time_str_len = 0; + + php_set_error_handling(EH_THROW, NULL TSRMLS_CC); +- if (SUCCESS == zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "|sO", &time_str, &time_str_len, &timezone_object, date_ce_timezone)) { ++ if (SUCCESS == zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "|sO!", &time_str, &time_str_len, &timezone_object, date_ce_timezone)) { + date_initialize(zend_object_store_get_object(getThis() TSRMLS_CC), time_str, time_str_len, timezone_object, 1 TSRMLS_CC); + } + php_set_error_handling(EH_NORMAL, NULL TSRMLS_CC); diff --git a/php-5.2.17-bug-55082.patch b/php-5.2.17-bug-55082.patch new file mode 100644 index 0000000..7ff123d --- /dev/null +++ b/php-5.2.17-bug-55082.patch @@ -0,0 +1,35 @@ +diff -up php-5.2.17/ext/standard/var.c.bug-55082 php-5.2.17/ext/standard/var.c +--- php-5.2.17/ext/standard/var.c.bug-55082 2010-09-14 03:14:18.000000000 +0700 ++++ php-5.2.17/ext/standard/var.c 2011-08-28 15:18:52.000000000 +0700 +@@ -401,7 +401,7 @@ static int php_object_element_export(zva + { + int level; + smart_str *buf; +- char *prop_name, *class_name; ++ + TSRMLS_FETCH(); + + level = va_arg(args, int); +@@ -409,11 +409,20 @@ static int php_object_element_export(zva + + buffer_append_spaces(buf, level + 2); + if (hash_key->nKeyLength != 0) { +- zend_unmangle_property_name(hash_key->arKey, hash_key->nKeyLength - 1, &class_name, &prop_name); ++ char *class_name, /* ignored, but must be passed to unmangle */ ++ *pname, ++ *pname_esc; ++ int pname_esc_len; ++ ++ zend_unmangle_property_name(hash_key->arKey, hash_key->nKeyLength - 1, ++ &class_name, &pname); ++ pname_esc = php_addcslashes(pname, strlen(pname), &pname_esc_len, 0, ++ "'\\", 2 TSRMLS_CC); + + smart_str_appendc(buf, '\''); +- smart_str_appends(buf, prop_name); ++ smart_str_appendl(buf, pname_esc, pname_esc_len); + smart_str_appendc(buf, '\''); ++ efree(pname_esc); + } else { + smart_str_append_long(buf, hash_key->h); + } diff --git a/php-5.3.6-39199.patch b/php-5.3.6-39199.patch new file mode 100644 index 0000000..0bf13a0 --- /dev/null +++ b/php-5.3.6-39199.patch @@ -0,0 +1,57 @@ +--- PHP_5_3/ext/pdo_oci/oci_statement.c 2010/12/10 00:30:23 306148 ++++ PHP_5_3/ext/pdo_oci/oci_statement.c 2010/12/10 00:33:48 306149 +@@ -31,6 +31,8 @@ + #include "php_pdo_oci_int.h" + #include "Zend/zend_extensions.h" + ++#define PDO_OCI_LOBMAXSIZE (4294967295UL) /* OCI_LOBMAXSIZE */ ++ + #define STMT_CALL(name, params) \ + do { \ + S->last_err = name params; \ +@@ -634,11 +636,14 @@ + &amt, self->offset, buf, count, + NULL, NULL, 0, SQLCS_IMPLICIT); + +- if (r != OCI_SUCCESS) { ++ if (r != OCI_SUCCESS && r != OCI_NEED_DATA) { + return (size_t)-1; + } + + self->offset += amt; ++ if (amt < count) { ++ stream->eof = 1; ++ } + return amt; + } + +@@ -664,14 +669,17 @@ + return 0; + } + +-/* TODO: implement + static int oci_blob_seek(php_stream *stream, off_t offset, int whence, off_t *newoffset TSRMLS_DC) + { + struct oci_lob_self *self = (struct oci_lob_self*)stream->abstract; + +- return -1; ++ if (offset >= PDO_OCI_LOBMAXSIZE) { ++ return -1; ++ } else { ++ self->offset = offset + 1; /* Oracle LOBS are 1-based, but PHP is 0-based */ ++ return 0; ++ } + } +-*/ + + static php_stream_ops oci_blob_stream_ops = { + oci_blob_write, +@@ -679,7 +687,7 @@ + oci_blob_close, + oci_blob_flush, + "pdo_oci blob stream", +- NULL, /*oci_blob_seek,*/ ++ oci_blob_seek, + NULL, + NULL, + NULL diff --git a/php-5.3.6-bug-47435.patch b/php-5.3.6-bug-47435.patch new file mode 100644 index 0000000..40cd8d3 --- /dev/null +++ b/php-5.3.6-bug-47435.patch @@ -0,0 +1,45 @@ +--- PHP_5_3/ext/filter/logical_filters.c 2010/12/12 19:35:11 306289 ++++ PHP_5_3/ext/filter/logical_filters.c 2010/12/12 19:54:21 306290 +@@ -735,8 +735,40 @@ + RETURN_VALIDATION_FAILED + } + } +- if (flags & FILTER_FLAG_NO_RES_RANGE && Z_STRLEN_P(value) == 3 && !strcmp("::1", Z_STRVAL_P(value))) { +- RETURN_VALIDATION_FAILED ++ if (flags & FILTER_FLAG_NO_RES_RANGE) { ++ switch (Z_STRLEN_P(value)) { ++ case 1: case 0: ++ break; ++ case 2: ++ if (!strcmp("::", Z_STRVAL_P(value))) { ++ RETURN_VALIDATION_FAILED ++ } ++ break; ++ case 3: ++ if (!strcmp("::1", Z_STRVAL_P(value)) || !strcmp("5f:", Z_STRVAL_P(value))) { ++ RETURN_VALIDATION_FAILED ++ } ++ break; ++ default: ++ if (Z_STRLEN_P(value) >= 5) { ++ if ( ++ !strncasecmp("fe8", Z_STRVAL_P(value), 3) || ++ !strncasecmp("fe9", Z_STRVAL_P(value), 3) || ++ !strncasecmp("fea", Z_STRVAL_P(value), 3) || ++ !strncasecmp("feb", Z_STRVAL_P(value), 3) ++ ) { ++ RETURN_VALIDATION_FAILED ++ } ++ } ++ if ( ++ (Z_STRLEN_P(value) >= 9 && !strncasecmp("2001:0db8", Z_STRVAL_P(value), 9)) || ++ (Z_STRLEN_P(value) >= 2 && !strncasecmp("5f", Z_STRVAL_P(value), 2)) || ++ (Z_STRLEN_P(value) >= 4 && !strncasecmp("3ff3", Z_STRVAL_P(value), 4)) || ++ (Z_STRLEN_P(value) >= 8 && !strncasecmp("2001:001", Z_STRVAL_P(value), 8)) ++ ) { ++ RETURN_VALIDATION_FAILED ++ } ++ } + } + } + break; diff --git a/php-5.3.6-bug-48607.patch b/php-5.3.6-bug-48607.patch new file mode 100644 index 0000000..6216ac7 --- /dev/null +++ b/php-5.3.6-bug-48607.patch @@ -0,0 +1,38 @@ +--- PHP_5_3/ext/standard/ftp_fopen_wrapper.c 2010/12/13 14:29:42 306341 ++++ PHP_5_3/ext/standard/ftp_fopen_wrapper.c 2010/12/13 16:53:26 306342 +@@ -98,13 +98,33 @@ + static int php_stream_ftp_stream_close(php_stream_wrapper *wrapper, php_stream *stream TSRMLS_DC) + { + php_stream *controlstream = (php_stream *)stream->wrapperdata; ++ int ret = 0; + + if (controlstream) { ++ if (strpbrk(stream->mode, "wa+")) { ++ char tmp_line[512]; ++ int result; ++ ++ /* For write modes close data stream first to signal EOF to server */ ++ stream->wrapperdata = NULL; ++ php_stream_close(stream); ++ stream = NULL; ++ ++ result = GET_FTP_RESULT(controlstream); ++ if (result != 226 && result != 250) { ++ php_error_docref(NULL TSRMLS_CC, E_WARNING, "FTP server error %d:%s", result, tmp_line); ++ ret = EOF; ++ } ++ } ++ + php_stream_write_string(controlstream, "QUIT\r\n"); + php_stream_close(controlstream); +- stream->wrapperdata = NULL; ++ if (stream) { ++ stream->wrapperdata = NULL; ++ } + } +- return 0; ++ ++ return ret; + } + /* }}} */ + diff --git a/php-5.3.6-bug-51336.patch b/php-5.3.6-bug-51336.patch new file mode 100644 index 0000000..f09ee8d --- /dev/null +++ b/php-5.3.6-bug-51336.patch @@ -0,0 +1,11 @@ +--- PHP_5_2/ext/snmp/snmp.c 2011/01/31 11:17:22 307875 ++++ PHP_5_2/ext/snmp/snmp.c 2011/01/31 11:34:12 307876 +@@ -502,7 +502,7 @@ + } + } + } else { +- if (st != SNMP_CMD_WALK || response->errstat != SNMP_ERR_NOSUCHNAME) { ++ if ((st != SNMP_CMD_WALK && st != SNMP_CMD_REALWALK) || response->errstat != SNMP_ERR_NOSUCHNAME) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Error in packet: %s", snmp_errstring(response->errstat)); + if (response->errstat == SNMP_ERR_NOSUCHNAME) { + for (count=1, vars = response->variables; vars && count != response->errindex; diff --git a/php-5.3.6-bug-52209.patch b/php-5.3.6-bug-52209.patch new file mode 100644 index 0000000..482a4b7 --- /dev/null +++ b/php-5.3.6-bug-52209.patch @@ -0,0 +1,11 @@ +--- PHP_5_3/ext/filter/filter.c 2010/12/22 16:03:43 306574 ++++ PHP_5_3/ext/filter/filter.c 2010/12/22 16:18:59 306575 +@@ -559,7 +559,7 @@ + if (jit_initialization) { + zend_is_auto_global("_ENV", sizeof("_ENV")-1 TSRMLS_CC); + } +- array_ptr = IF_G(env_array); ++ array_ptr = IF_G(env_array) ? IF_G(env_array) : PG(http_globals)[TRACK_VARS_ENV]; + break; + case PARSE_SESSION: + /* FIXME: Implement session source */ diff --git a/php-5.3.6-bug-52290.patch b/php-5.3.6-bug-52290.patch new file mode 100644 index 0000000..cee1ee3 --- /dev/null +++ b/php-5.3.6-bug-52290.patch @@ -0,0 +1,10 @@ +--- PHP_5_3/ext/date/php_date.c 2011/01/30 09:28:54 307852 ++++ PHP_5_3/ext/date/php_date.c 2011/01/30 10:18:12 307853 +@@ -3090,6 +3090,7 @@ + dateobj->time->y = y; + dateobj->time->m = 1; + dateobj->time->d = 1; ++ memset(&dateobj->time->relative, 0, sizeof(dateobj->time->relative)); + dateobj->time->relative.d = timelib_daynr_from_weeknr(y, w, d); + dateobj->time->have_relative = 1; + diff --git a/php-5.3.6-bug-53150.patch b/php-5.3.6-bug-53150.patch new file mode 100644 index 0000000..01040ff --- /dev/null +++ b/php-5.3.6-bug-53150.patch @@ -0,0 +1,24 @@ +--- PHP_5_3/ext/filter/logical_filters.c 2010/12/12 18:27:59 306281 ++++ PHP_5_3/ext/filter/logical_filters.c 2010/12/12 18:36:21 306282 +@@ -710,8 +710,11 @@ + if (flags & FILTER_FLAG_NO_RES_RANGE) { + if ( + (ip[0] == 0) || ++ (ip[0] == 128 && ip[1] == 0) || ++ (ip[0] == 191 && ip[1] == 255) || + (ip[0] == 169 && ip[1] == 254) || + (ip[0] == 192 && ip[1] == 0 && ip[2] == 2) || ++ (ip[0] == 127 && ip[1] == 0 && ip[2] == 0 && ip[3] == 1) || + (ip[0] >= 224 && ip[0] <= 255) + ) { + RETURN_VALIDATION_FAILED +@@ -731,6 +734,9 @@ + if (Z_STRLEN_P(value) >=2 && (!strncasecmp("FC", Z_STRVAL_P(value), 2) || !strncasecmp("FD", Z_STRVAL_P(value), 2))) { + RETURN_VALIDATION_FAILED + } ++ } ++ if (flags & FILTER_FLAG_NO_RES_RANGE && Z_STRLEN_P(value) == 3 && !strcmp("::1", Z_STRVAL_P(value))) { ++ RETURN_VALIDATION_FAILED + } + } + break; diff --git a/php-5.3.6-bug-53377.patch b/php-5.3.6-bug-53377.patch new file mode 100644 index 0000000..7352911 --- /dev/null +++ b/php-5.3.6-bug-53377.patch @@ -0,0 +1,11 @@ +--- PHP_5_3/ext/imap/php_imap.c 2010/11/23 10:22:34 305685 ++++ PHP_5_3/ext/imap/php_imap.c 2010/11/23 10:34:44 305686 +@@ -4235,7 +4235,7 @@ + } + + offset = end_token+2; +- for (i = 0; (string[offset + i] == ' ') || (string[offset + i] == 0x0a) || (string[offset + i] == 0x0d); i++); ++ for (i = 0; (string[offset + i] == ' ') || (string[offset + i] == 0x0a) || (string[offset + i] == 0x0d) || (string[offset + i] == '\t'); i++); + if ((string[offset + i] == '=') && (string[offset + i + 1] == '?') && (offset + i < end)) { + offset += i; + } diff --git a/php-5.3.6-bug-53515.patch b/php-5.3.6-bug-53515.patch new file mode 100644 index 0000000..d0a7f5a --- /dev/null +++ b/php-5.3.6-bug-53515.patch @@ -0,0 +1,38 @@ +--- PHP_5_3/ext/spl/spl_array.c 2010/12/10 22:51:08 306212 ++++ PHP_5_3/ext/spl/spl_array.c 2010/12/10 23:58:33 306213 +@@ -579,8 +579,15 @@ + switch(Z_TYPE_P(offset)) { + case IS_STRING: + if (check_empty) { +- if (zend_symtable_find(spl_array_get_hash_table(intern, 0 TSRMLS_CC), Z_STRVAL_P(offset), Z_STRLEN_P(offset)+1, (void **) &tmp) != FAILURE && zend_is_true(*tmp)) { +- return 1; ++ if (zend_symtable_find(spl_array_get_hash_table(intern, 0 TSRMLS_CC), Z_STRVAL_P(offset), Z_STRLEN_P(offset)+1, (void **) &tmp) != FAILURE) { ++ switch (check_empty) { ++ case 0: ++ return Z_TYPE_PP(tmp) != IS_NULL; ++ case 2: ++ return 1; ++ default: ++ return zend_is_true(*tmp); ++ } + } + return 0; + } else { +@@ -597,8 +604,15 @@ + } + if (check_empty) { + HashTable *ht = spl_array_get_hash_table(intern, 0 TSRMLS_CC); +- if (zend_hash_index_find(ht, index, (void **)&tmp) != FAILURE && zend_is_true(*tmp)) { +- return 1; ++ if (zend_hash_index_find(ht, index, (void **)&tmp) != FAILURE) { ++ switch (check_empty) { ++ case 0: ++ return Z_TYPE_PP(tmp) != IS_NULL; ++ case 2: ++ return 1; ++ default: ++ return zend_is_true(*tmp); ++ } + } + return 0; + } else { diff --git a/php-5.3.6-bug-53568.patch b/php-5.3.6-bug-53568.patch new file mode 100644 index 0000000..5e54497 --- /dev/null +++ b/php-5.3.6-bug-53568.patch @@ -0,0 +1,14 @@ +--- PHP_5_3/ext/zip/lib/zip_dirent.c 2010/12/17 21:21:06 306415 ++++ PHP_5_3/ext/zip/lib/zip_dirent.c 2010/12/17 23:05:26 306416 +@@ -473,10 +473,8 @@ + static time_t + _zip_d2u_time(int dtime, int ddate) + { +- struct tm tm; ++ struct tm tm = {0}; + +- memset(&tm, sizeof(tm), 0); +- + /* let mktime decide if DST is in effect */ + tm.tm_isdst = -1; + diff --git a/php-5.3.6-bug-53574.patch b/php-5.3.6-bug-53574.patch new file mode 100644 index 0000000..bdb4f58 --- /dev/null +++ b/php-5.3.6-bug-53574.patch @@ -0,0 +1,52 @@ +--- PHP_5_3/ext/calendar/julian.c 2010/12/19 23:46:27 306474 ++++ PHP_5_3/ext/calendar/julian.c 2010/12/19 23:47:00 306475 +@@ -146,6 +146,7 @@ + **************************************************************************/ + + #include "sdncal.h" ++#include + + #define JULIAN_SDN_OFFSET 32083 + #define DAYS_PER_5_MONTHS 153 +@@ -164,15 +165,22 @@ + int dayOfYear; + + if (sdn <= 0) { +- *pYear = 0; +- *pMonth = 0; +- *pDay = 0; +- return; ++ goto fail; + } +- temp = (sdn + JULIAN_SDN_OFFSET) * 4 - 1; ++ /* Check for overflow */ ++ if (sdn > (LONG_MAX - JULIAN_SDN_OFFSET * 4 + 1) / 4 || sdn < LONG_MIN / 4) { ++ goto fail; ++ } ++ temp = sdn * 4 + (JULIAN_SDN_OFFSET * 4 - 1); + + /* Calculate the year and day of year (1 <= dayOfYear <= 366). */ +- year = temp / DAYS_PER_4_YEARS; ++ { ++ long yearl = temp / DAYS_PER_4_YEARS; ++ if (yearl > INT_MAX || yearl < INT_MIN) { ++ goto fail; ++ } ++ year = (int) yearl; ++ } + dayOfYear = (temp % DAYS_PER_4_YEARS) / 4 + 1; + + /* Calculate the month and day of month. */ +@@ -196,6 +204,12 @@ + *pYear = year; + *pMonth = month; + *pDay = day; ++ return; ++ ++fail: ++ *pYear = 0; ++ *pMonth = 0; ++ *pDay = 0; + } + + long int JulianToSdn( diff --git a/php-5.3.6-bug-53577.patch b/php-5.3.6-bug-53577.patch new file mode 100644 index 0000000..67d1a53 --- /dev/null +++ b/php-5.3.6-bug-53577.patch @@ -0,0 +1,16 @@ +--- PHP_5_3/main/fopen_wrappers.c.orig Mon Dec 20 16:53:43 2010 ++++ PHP_5_3/main/fopen_wrappers.c Mon Dec 20 17:27:43 2010 +*************** +*** 229,235 **** +--- 229,239 ---- + if (expand_filepath(local_open_basedir, resolved_basedir TSRMLS_CC) != NULL) { + /* Handler for basedirs that end with a / */ + resolved_basedir_len = strlen(resolved_basedir); ++ #if defined(PHP_WIN32) || defined(NETWARE) ++ if (basedir[strlen(basedir) - 1] == PHP_DIR_SEPARATOR || basedir[strlen(basedir) - 1] == '/') { ++ #else + if (basedir[strlen(basedir) - 1] == PHP_DIR_SEPARATOR) { ++ #endif + if (resolved_basedir[resolved_basedir_len - 1] != PHP_DIR_SEPARATOR) { + resolved_basedir[resolved_basedir_len] = PHP_DIR_SEPARATOR; + resolved_basedir[++resolved_basedir_len] = '\0'; diff --git a/php-5.3.6-bug-53579.patch b/php-5.3.6-bug-53579.patch new file mode 100644 index 0000000..5dc019b --- /dev/null +++ b/php-5.3.6-bug-53579.patch @@ -0,0 +1,10 @@ +--- PHP_5_3/ext/zip/zip_stream.c 2010/12/20 10:50:59 306492 ++++ PHP_5_3/ext/zip/zip_stream.c 2010/12/20 11:00:27 306493 +@@ -216,6 +216,7 @@ + self->stream = NULL; + self->cursor = 0; + stream = php_stream_alloc(&php_stream_zipio_ops, self, NULL, mode); ++ stream->orig_path = estrdup(path); + } else { + zip_close(stream_za); + } diff --git a/php-5.3.6-bug-53603.patch b/php-5.3.6-bug-53603.patch new file mode 100644 index 0000000..5c2e71f --- /dev/null +++ b/php-5.3.6-bug-53603.patch @@ -0,0 +1,20 @@ +--- PHP_5_3/ext/zip/php_zip.c 2010/12/24 19:31:38 306626 ++++ PHP_5_3/ext/zip/php_zip.c 2010/12/24 22:38:36 306627 +@@ -196,7 +196,7 @@ + } + + /* let see if the path already exists */ +- if (php_stream_stat_path(file_dirname_fullpath, &ssb) < 0) { ++ if (php_stream_stat_path_ex(file_dirname_fullpath, PHP_STREAM_URL_STAT_QUIET, &ssb, NULL) < 0) { + + #if defined(PHP_WIN32) && (PHP_MAJOR_VERSION == 5 && PHP_MINOR_VERSION == 1) + char *e; +@@ -2378,7 +2378,7 @@ + RETURN_FALSE; + } + +- if (php_stream_stat_path(pathto, &ssb) < 0) { ++ if (php_stream_stat_path_ex(pathto, PHP_STREAM_URL_STAT_QUIET, &ssb, NULL) < 0) { + ret = php_stream_mkdir(pathto, 0777, PHP_STREAM_MKDIR_RECURSIVE, NULL); + if (!ret) { + RETURN_FALSE; diff --git a/php-5.3.6-bug-53630.patch b/php-5.3.6-bug-53630.patch new file mode 100644 index 0000000..e312d02 --- /dev/null +++ b/php-5.3.6-bug-53630.patch @@ -0,0 +1,11 @@ +--- PHP_5_3/ext/readline/readline.c 2011/01/10 17:34:26 307342 ++++ PHP_5_3/ext/readline/readline.c 2011/01/10 18:19:02 307343 +@@ -196,7 +196,7 @@ + int prompt_len; + char *result; + +- if (FAILURE == zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s!", &prompt, &prompt_len)) { ++ if (FAILURE == zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "|s!", &prompt, &prompt_len)) { + RETURN_FALSE; + } + diff --git a/php-5.3.6-bug-53854.patch b/php-5.3.6-bug-53854.patch new file mode 100644 index 0000000..c603714 --- /dev/null +++ b/php-5.3.6-bug-53854.patch @@ -0,0 +1,15 @@ +--- PHP_5_3/ext/zip/php_zip.c 2011/01/28 04:17:08 307806 ++++ PHP_5_3/ext/zip/php_zip.c 2011/01/28 04:19:40 307807 +@@ -2754,6 +2754,12 @@ + REGISTER_ZIP_CLASS_CONST_LONG("CM_DEFLATE", ZIP_CM_DEFLATE); + REGISTER_ZIP_CLASS_CONST_LONG("CM_DEFLATE64", ZIP_CM_DEFLATE64); + REGISTER_ZIP_CLASS_CONST_LONG("CM_PKWARE_IMPLODE", ZIP_CM_PKWARE_IMPLODE); ++ REGISTER_ZIP_CLASS_CONST_LONG("CM_BZIP2", ZIP_CM_BZIP2); ++ REGISTER_ZIP_CLASS_CONST_LONG("CM_LZMA", ZIP_CM_LZMA); ++ REGISTER_ZIP_CLASS_CONST_LONG("CM_TERSE", ZIP_CM_TERSE); ++ REGISTER_ZIP_CLASS_CONST_LONG("CM_LZ77", ZIP_CM_LZ77); ++ REGISTER_ZIP_CLASS_CONST_LONG("CM_WAVPACK", ZIP_CM_WAVPACK); ++ REGISTER_ZIP_CLASS_CONST_LONG("CM_PPMD", ZIP_CM_PPMD); + + /* Error code */ + REGISTER_ZIP_CLASS_CONST_LONG("ER_OK", ZIP_ER_OK); /* N No error */ diff --git a/php-5.3.6-bug-53903.patch b/php-5.3.6-bug-53903.patch new file mode 100644 index 0000000..7cfed50 --- /dev/null +++ b/php-5.3.6-bug-53903.patch @@ -0,0 +1,10 @@ +--- PHP_5_3/main/streams/userspace.c 2011/02/01 20:59:25 307933 ++++ PHP_5_3/main/streams/userspace.c 2011/02/01 22:55:17 307934 +@@ -856,6 +856,7 @@ + + #define STAT_PROP_ENTRY_EX(name, name2) \ + if (SUCCESS == zend_hash_find(Z_ARRVAL_P(array), #name, sizeof(#name), (void**)&elem)) { \ ++ SEPARATE_ZVAL(elem); \ + convert_to_long(*elem); \ + ssb->sb.st_##name2 = Z_LVAL_PP(elem); \ + } diff --git a/php-5.3.6-bug-53924.patch b/php-5.3.6-bug-53924.patch new file mode 100644 index 0000000..3c7b77b --- /dev/null +++ b/php-5.3.6-bug-53924.patch @@ -0,0 +1,39 @@ +--- PHP_5_3/ext/standard/url.c 2011/02/04 19:22:43 308034 ++++ PHP_5_3/ext/standard/url.c 2011/02/04 21:41:15 308035 +@@ -180,15 +180,20 @@ + parse_port: + p = e + 1; + pp = p; +- ++ + while (pp-p < 6 && isdigit(*pp)) { + pp++; + } +- ++ + if (pp-p < 6 && (*pp == '/' || *pp == '\0')) { + memcpy(port_buf, p, (pp-p)); + port_buf[pp-p] = '\0'; + ret->port = atoi(port_buf); ++ if (!ret->port && (pp - p) > 0) { ++ STR_FREE(ret->scheme); ++ efree(ret); ++ return NULL; ++ } + } else { + goto just_path; + } +@@ -267,6 +272,13 @@ + memcpy(port_buf, p, (e-p)); + port_buf[e-p] = '\0'; + ret->port = atoi(port_buf); ++ if (!ret->port && (e - p)) { ++ STR_FREE(ret->scheme); ++ STR_FREE(ret->user); ++ STR_FREE(ret->pass); ++ efree(ret); ++ return NULL; ++ } + } + p--; + } diff --git a/php-5.3.6-bug-54055.patch b/php-5.3.6-bug-54055.patch new file mode 100644 index 0000000..e430a48 --- /dev/null +++ b/php-5.3.6-bug-54055.patch @@ -0,0 +1,77 @@ +--- PHP_5_3/main/snprintf.c 2011/02/21 06:22:00 308524 ++++ PHP_5_3/main/snprintf.c 2011/02/21 06:53:24 308525 +@@ -677,10 +677,6 @@ + + /* + * Check if a precision was specified +- * +- * XXX: an unreasonable amount of precision may be specified +- * resulting in overflow of num_buf. Currently we +- * ignore this possibility. + */ + if (*fmt == '.') { + adjust_precision = YES; +@@ -694,6 +690,10 @@ + precision = 0; + } else + precision = 0; ++ ++ if (precision > FORMAT_CONV_MAX_PRECISION) { ++ precision = FORMAT_CONV_MAX_PRECISION; ++ } + } else + adjust_precision = NO; + } else +--- PHP_5_3/main/snprintf.h 2011/02/21 06:22:00 308524 ++++ PHP_5_3/main/snprintf.h 2011/02/21 06:53:24 308525 +@@ -12,7 +12,7 @@ + | obtain it through the world-wide-web, please send a note to | + | license@php.net so we can mail you a copy immediately. | + +----------------------------------------------------------------------+ +- | Author: Stig Sæther Bakken | ++ | Author: Stig Sæther Bakken | + | Marcus Boerger | + +----------------------------------------------------------------------+ + */ +@@ -157,6 +157,17 @@ + + extern char * ap_php_conv_p2(register u_wide_int num, register int nbits, + char format, char *buf_end, register int *len); ++ ++/* The maximum precision that's allowed for float conversion. Does not include ++ * decimal separator, exponent, sign, terminator. Currently does not affect ++ * the modes e/f, only g/k/H, as those have a different limit enforced at ++ * another level (see NDIG in php_conv_fp()). ++ * Applies to the formatting functions of both spprintf.c and snprintf.c, which ++ * use equally sized buffers of MAX_BUF_SIZE = 512 to hold the result of the ++ * call to php_gcvt(). ++ * This should be reasonably smaller than MAX_BUF_SIZE (I think MAX_BUF_SIZE - 9 ++ * should be enough, but let's give some more space) */ ++#define FORMAT_CONV_MAX_PRECISION 500 + + #endif /* SNPRINTF_H */ + +--- PHP_5_3/main/spprintf.c 2011/02/21 06:22:00 308524 ++++ PHP_5_3/main/spprintf.c 2011/02/21 06:53:24 308525 +@@ -285,10 +285,6 @@ + + /* + * Check if a precision was specified +- * +- * XXX: an unreasonable amount of precision may be specified +- * resulting in overflow of num_buf. Currently we +- * ignore this possibility. + */ + if (*fmt == '.') { + adjust_precision = YES; +@@ -302,6 +298,10 @@ + precision = 0; + } else + precision = 0; ++ ++ if (precision > FORMAT_CONV_MAX_PRECISION) { ++ precision = FORMAT_CONV_MAX_PRECISION; ++ } + } else + adjust_precision = NO; + } else diff --git a/php-5.3.6-bug-54089.patch b/php-5.3.6-bug-54089.patch new file mode 100644 index 0000000..30290d8 --- /dev/null +++ b/php-5.3.6-bug-54089.patch @@ -0,0 +1,13 @@ +--- PHP_5_3/ext/tokenizer/tokenizer.c 2011/02/28 14:16:00 308760 ++++ PHP_5_3/ext/tokenizer/tokenizer.c 2011/02/28 15:18:27 308761 +@@ -151,6 +151,10 @@ + ZVAL_NULL(&token); + + token_line = CG(zend_lineno); ++ ++ if (token_type == T_HALT_COMPILER) { ++ break; ++ } + } + } + diff --git a/php-5.3.6-bug-54092.patch b/php-5.3.6-bug-54092.patch new file mode 100644 index 0000000..cd557a9 --- /dev/null +++ b/php-5.3.6-bug-54092.patch @@ -0,0 +1,122 @@ +--- PHP_5_3/ext/standard/ftp_fopen_wrapper.c 2011/02/27 20:10:08 308733 ++++ PHP_5_3/ext/standard/ftp_fopen_wrapper.c 2011/02/27 20:23:54 308734 +@@ -72,6 +72,12 @@ + #define FTPS_ENCRYPT_DATA 1 + #define GET_FTP_RESULT(stream) get_ftp_result((stream), tmp_line, sizeof(tmp_line) TSRMLS_CC) + ++typedef struct _php_ftp_dirstream_data { ++ php_stream *datastream; ++ php_stream *controlstream; ++ php_stream *dirstream; ++} php_ftp_dirstream_data; ++ + /* {{{ get_ftp_result + */ + static inline int get_ftp_result(php_stream *stream, char *buffer, size_t buffer_size TSRMLS_DC) +@@ -97,7 +103,7 @@ + */ + static int php_stream_ftp_stream_close(php_stream_wrapper *wrapper, php_stream *stream TSRMLS_DC) + { +- php_stream *controlstream = (php_stream *)stream->wrapperdata; ++ php_stream *controlstream = stream->wrapperthis; + int ret = 0; + + if (controlstream) { +@@ -106,10 +112,6 @@ + int result; + + /* For write modes close data stream first to signal EOF to server */ +- stream->wrapperdata = NULL; +- php_stream_close(stream); +- stream = NULL; +- + result = GET_FTP_RESULT(controlstream); + if (result != 226 && result != 250) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "FTP server error %d:%s", result, tmp_line); +@@ -119,9 +121,7 @@ + + php_stream_write_string(controlstream, "QUIT\r\n"); + php_stream_close(controlstream); +- if (stream) { +- stream->wrapperdata = NULL; +- } ++ stream->wrapperthis = NULL; + } + + return ret; +@@ -584,7 +584,7 @@ + } + + /* remember control stream */ +- datastream->wrapperdata = (zval *)stream; ++ datastream->wrapperthis = stream; + + php_url_free(resource); + return datastream; +@@ -608,11 +608,13 @@ + static size_t php_ftp_dirstream_read(php_stream *stream, char *buf, size_t count TSRMLS_DC) + { + php_stream_dirent *ent = (php_stream_dirent *)buf; +- php_stream *innerstream = (php_stream *)stream->abstract; ++ php_stream *innerstream; + size_t tmp_len; + char *basename; + size_t basename_len; + ++ innerstream = ((php_ftp_dirstream_data *)stream->abstract)->datastream; ++ + if (count != sizeof(php_stream_dirent)) { + return 0; + } +@@ -656,13 +658,18 @@ + */ + static int php_ftp_dirstream_close(php_stream *stream, int close_handle TSRMLS_DC) + { +- php_stream *innerstream = (php_stream *)stream->abstract; ++ php_ftp_dirstream_data *data = stream->abstract; + +- if (innerstream->wrapperdata) { +- php_stream_close((php_stream *)innerstream->wrapperdata); +- innerstream->wrapperdata = NULL; +- } +- php_stream_close((php_stream *)stream->abstract); ++ /* close control connection */ ++ if (data->controlstream) { ++ php_stream_close(data->controlstream); ++ data->controlstream = NULL; ++ } ++ /* close data connection */ ++ php_stream_close(data->datastream); ++ data->datastream = NULL; ++ ++ efree(data); + stream->abstract = NULL; + + return 0; +@@ -688,6 +695,7 @@ + php_stream * php_stream_ftp_opendir(php_stream_wrapper *wrapper, char *path, char *mode, int options, char **opened_path, php_stream_context *context STREAMS_DC TSRMLS_DC) + { + php_stream *stream, *reuseid, *datastream = NULL; ++ php_ftp_dirstream_data *dirsdata; + php_url *resource = NULL; + int result = 0, use_ssl, use_ssl_on_data = 0; + char *hoststart = NULL, tmp_line[512]; +@@ -747,11 +755,14 @@ + goto opendir_errexit; + } + +- /* remember control stream */ +- datastream->wrapperdata = (zval *)stream; +- + php_url_free(resource); +- return php_stream_alloc(&php_ftp_dirstream_ops, datastream, 0, mode); ++ ++ dirsdata = emalloc(sizeof *dirsdata); ++ dirsdata->datastream = datastream; ++ dirsdata->controlstream = stream; ++ dirsdata->dirstream = php_stream_alloc(&php_ftp_dirstream_ops, dirsdata, 0, mode); ++ ++ return dirsdata->dirstream; + + opendir_errexit: + if (resource) { diff --git a/php-5.3.7-bug-48465.patch b/php-5.3.7-bug-48465.patch new file mode 100644 index 0000000..e268999 --- /dev/null +++ b/php-5.3.7-bug-48465.patch @@ -0,0 +1,19 @@ +--- PHP_5_3/main/php_open_temporary_file.c 2011/03/28 16:34:07 309791 ++++ PHP_5_3/main/php_open_temporary_file.c 2011/03/28 16:43:49 309792 +@@ -204,9 +204,13 @@ + */ + { + char sTemp[MAX_PATH]; +- DWORD n = GetTempPath(sizeof(sTemp),sTemp); +- assert(0 < n); /* should *never* fail! */ +- temporary_directory = strdup(sTemp); ++ DWORD len = GetTempPath(sizeof(sTemp),sTemp); ++ assert(0 < len); /* should *never* fail! */ ++ if (sTemp[len - 1] == DEFAULT_SLASH) { ++ temporary_directory = zend_strndup(sTemp, len - 1); ++ } else { ++ temporary_directory = zend_strndup(sTemp, len); ++ } + return temporary_directory; + } + #else diff --git a/php-5.3.7-bug-50363.patch b/php-5.3.7-bug-50363.patch new file mode 100644 index 0000000..81ea37b --- /dev/null +++ b/php-5.3.7-bug-50363.patch @@ -0,0 +1,26 @@ +--- PHP_5_3/ext/standard/filters.c 2011/05/24 23:49:04 311406 ++++ PHP_5_3/ext/standard/filters.c 2011/05/24 23:49:26 311407 +@@ -1050,20 +1050,16 @@ + } + } /* break is missing intentionally */ + +- case 2: { +- unsigned int nbl; +- ++ case 2: { + if (icnt <= 0) { + goto out; + } +- nbl = (*ps >= 'A' ? *ps - 0x37 : *ps - 0x30); + +- if (nbl > 15) { ++ if (!isxdigit((int) *ps)) { + err = PHP_CONV_ERR_INVALID_SEQ; + goto out; + } +- next_char = (next_char << 4) | nbl; +- ++ next_char = (next_char << 4) | (*ps >= 'A' ? *ps - 0x37 : *ps - 0x30); + scan_stat++; + ps++, icnt--; + if (scan_stat != 3) { diff --git a/php-5.3.7-bug-51958.patch b/php-5.3.7-bug-51958.patch new file mode 100644 index 0000000..019c1ce --- /dev/null +++ b/php-5.3.7-bug-51958.patch @@ -0,0 +1,60 @@ +--- PHP_5_3/ext/sockets/sockets.c 2011/03/14 22:27:40 309237 ++++ PHP_5_3/ext/sockets/sockets.c 2011/03/14 22:59:05 309238 +@@ -402,16 +402,13 @@ + } + /* }}} */ + +-static int php_accept_connect(php_socket *in_sock, php_socket **new_sock, struct sockaddr *la TSRMLS_DC) /* {{{ */ ++static int php_accept_connect(php_socket *in_sock, php_socket **new_sock, struct sockaddr *la, socklen_t *la_len TSRMLS_DC) /* {{{ */ + { +- socklen_t salen; + php_socket *out_sock = (php_socket*)emalloc(sizeof(php_socket)); + + *new_sock = out_sock; +- salen = sizeof(*la); +- out_sock->blocking = 1; + +- out_sock->bsd_socket = accept(in_sock->bsd_socket, la, &salen); ++ out_sock->bsd_socket = accept(in_sock->bsd_socket, la, la_len); + + if (IS_INVALID_SOCKET(out_sock)) { + PHP_SOCKET_ERROR(out_sock, "unable to accept incoming connection", errno); +@@ -419,6 +416,10 @@ + return 0; + } + ++ out_sock->error = 0; ++ out_sock->blocking = 1; ++ out_sock->type = la->sa_family; ++ + return 1; + } + /* }}} */ +@@ -1023,9 +1024,10 @@ + Accepts a connection on the listening socket fd */ + PHP_FUNCTION(socket_accept) + { +- zval *arg1; +- php_socket *php_sock, *new_sock; +- struct sockaddr_in sa; ++ zval *arg1; ++ php_socket *php_sock, *new_sock; ++ php_sockaddr_storage sa; ++ socklen_t sa_len = sizeof(sa); + + if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "r", &arg1) == FAILURE) { + return; +@@ -1033,12 +1035,9 @@ + + ZEND_FETCH_RESOURCE(php_sock, php_socket *, &arg1, -1, le_socket_name, le_socket); + +- if (!php_accept_connect(php_sock, &new_sock, (struct sockaddr *) &sa TSRMLS_CC)) { ++ if (!php_accept_connect(php_sock, &new_sock, (struct sockaddr*)&sa, &sa_len TSRMLS_CC)) { + RETURN_FALSE; + } +- +- new_sock->error = 0; +- new_sock->blocking = 1; + + ZEND_REGISTER_RESOURCE(return_value, new_sock, le_socket); + } diff --git a/php-5.3.7-bug-51997.patch b/php-5.3.7-bug-51997.patch new file mode 100644 index 0000000..54181e4 --- /dev/null +++ b/php-5.3.7-bug-51997.patch @@ -0,0 +1,11 @@ +--- PHP_5_3/main/streams/streams.c 2011/06/05 21:44:34 311848 ++++ PHP_5_3/main/streams/streams.c 2011/06/05 21:57:01 311849 +@@ -1184,7 +1184,7 @@ + } + + /* emulate forward moving seeks with reads */ +- if (whence == SEEK_CUR && offset > 0) { ++ if (whence == SEEK_CUR && offset >= 0) { + char tmp[1024]; + size_t didread; + while(offset > 0) { diff --git a/php-5.3.7-bug-52104.patch b/php-5.3.7-bug-52104.patch new file mode 100644 index 0000000..45dc3e9 --- /dev/null +++ b/php-5.3.7-bug-52104.patch @@ -0,0 +1,14 @@ +--- PHP_5_3/ext/pdo/pdo_stmt.c 2011/06/01 12:53:07 311710 ++++ PHP_5_3/ext/pdo/pdo_stmt.c 2011/06/01 13:23:25 311711 +@@ -349,7 +349,10 @@ + /* if you prepare and then execute passing an array of params keyed by names, + * then this will trigger, and we don't want that */ + if (param->paramno == -1) { +- php_error_docref(NULL TSRMLS_CC, E_WARNING, "Did not found column name '%s' in the defined columns; it will not be bound", param->name); ++ char *tmp; ++ spprintf(&tmp, 0, "Did not find column name '%s' in the defined columns; it will not be bound", param->name); ++ pdo_raise_impl_error(stmt->dbh, stmt, "HY000", tmp TSRMLS_CC); ++ efree(tmp); + } + } + diff --git a/php-5.3.7-bug-52496.patch b/php-5.3.7-bug-52496.patch new file mode 100644 index 0000000..524d137 --- /dev/null +++ b/php-5.3.7-bug-52496.patch @@ -0,0 +1,11 @@ +--- PHP_5_3/sapi/cli/php_cli.c 2011/05/30 15:55:32 311599 ++++ PHP_5_3/sapi/cli/php_cli.c 2011/05/30 15:57:50 311600 +@@ -799,7 +799,7 @@ + request_started = 1; + php_cli_usage(argv[0]); + php_end_ob_buffers(1 TSRMLS_CC); +- exit_status=0; ++ exit_status = (c == '?' && argc > 1 && !strchr(argv[1], c)); + goto out; + + case 'i': /* php info & quit */ diff --git a/php-5.3.7-bug-52935.patch b/php-5.3.7-bug-52935.patch new file mode 100644 index 0000000..06c4839 --- /dev/null +++ b/php-5.3.7-bug-52935.patch @@ -0,0 +1,27 @@ +--- PHP_5_3/main/streams/streams.c 2011/07/05 14:12:01 312936 ++++ PHP_5_3/main/streams/streams.c 2011/07/05 16:09:06 312937 +@@ -154,6 +154,7 @@ + char *tmp = estrdup(path); + char *msg; + int free_msg = 0; ++ php_stream_wrapper orig_wrapper; + + if (wrapper) { + if (wrapper->err_count > 0) { +@@ -198,7 +199,16 @@ + } + + php_strip_url_passwd(tmp); ++ if (wrapper) { ++ /* see bug #52935 */ ++ orig_wrapper = *wrapper; ++ wrapper->err_stack = NULL; ++ wrapper->err_count = 0; ++ } + php_error_docref1(NULL TSRMLS_CC, tmp, E_WARNING, "%s: %s", caption, msg); ++ if (wrapper) { ++ *wrapper = orig_wrapper; ++ } + efree(tmp); + if (free_msg) { + efree(msg); diff --git a/php-5.3.7-bug-53037.patch b/php-5.3.7-bug-53037.patch new file mode 100644 index 0000000..3a2763d --- /dev/null +++ b/php-5.3.7-bug-53037.patch @@ -0,0 +1,25 @@ +--- PHP_5_3/ext/filter/sanitizing_filters.c 2011/04/03 12:25:43 309919 ++++ PHP_5_3/ext/filter/sanitizing_filters.c 2011/04/03 16:30:31 309920 +@@ -205,7 +205,11 @@ + + if (new_len == 0) { + zval_dtor(value); +- ZVAL_EMPTY_STRING(value); ++ if (flags & FILTER_FLAG_EMPTY_STRING_NULL) { ++ ZVAL_NULL(value); ++ } else { ++ ZVAL_EMPTY_STRING(value); ++ } + return; + } + } +@@ -280,6 +284,9 @@ + } + + php_filter_encode_html(value, enc); ++ } else if (flags & FILTER_FLAG_EMPTY_STRING_NULL && Z_STRLEN_P(value) == 0) { ++ zval_dtor(value); ++ ZVAL_NULL(value); + } + } + /* }}} */ diff --git a/php-5.3.7-bug-53782.patch b/php-5.3.7-bug-53782.patch new file mode 100644 index 0000000..528a08c --- /dev/null +++ b/php-5.3.7-bug-53782.patch @@ -0,0 +1,15 @@ +--- PHP_5_3/ext/pdo_mysql/mysql_statement.c 2011/05/16 15:36:12 311087 ++++ PHP_5_3/ext/pdo_mysql/mysql_statement.c 2011/05/16 15:37:39 311088 +@@ -656,7 +656,11 @@ + #endif /* PDO_USE_MYSQLND */ + + if ((S->current_data = mysql_fetch_row(S->result)) == NULL) { +- if (mysql_errno(S->H->server)) { ++#if PDO_USE_MYSQLND ++ if (S->result->unbuf && !S->result->unbuf->eof_reached && mysql_errno(S->H->server)) { ++#else ++ if (!S->result->eof && mysql_errno(S->H->server)) { ++#endif + pdo_mysql_error_stmt(stmt); + } + PDO_DBG_RETURN(0); diff --git a/php-5.3.7-bug-53848.patch b/php-5.3.7-bug-53848.patch new file mode 100644 index 0000000..b2b606f --- /dev/null +++ b/php-5.3.7-bug-53848.patch @@ -0,0 +1,41 @@ +--- PHP_5_3/ext/standard/file.c 2011/05/29 09:23:08 311542 ++++ PHP_5_3/ext/standard/file.c 2011/05/29 10:23:06 311543 +@@ -2196,30 +2196,17 @@ + char *comp_end, *hunk_begin; + + tptr = temp; +- +- /* 1. Strip any leading space */ +- for (;;) { +- inc_len = (bptr < limit ? (*bptr == '\0' ? 1: php_mblen(bptr, limit - bptr)): 0); +- switch (inc_len) { +- case -2: +- case -1: +- inc_len = 1; +- php_mblen(NULL, 0); +- break; +- case 0: +- goto quit_loop_1; +- case 1: +- if (!isspace((int)*(unsigned char *)bptr) || *bptr == delimiter) { +- goto quit_loop_1; +- } +- break; +- default: +- goto quit_loop_1; ++ inc_len = (bptr < limit ? (*bptr == '\0' ? 1: php_mblen(bptr, limit - bptr)): 0); ++ if (inc_len == 1) { ++ char *tmp = bptr; ++ while (isspace((int)*(unsigned char *)tmp)) { ++ tmp++; ++ } ++ if (*tmp == enclosure) { ++ bptr = tmp; + } +- bptr += inc_len; + } + +- quit_loop_1: + if (first_field && bptr == line_end) { + add_next_index_null(return_value); + break; diff --git a/php-5.3.7-bug-54121.patch b/php-5.3.7-bug-54121.patch new file mode 100644 index 0000000..2c4ee9e --- /dev/null +++ b/php-5.3.7-bug-54121.patch @@ -0,0 +1,11 @@ +--- PHP_5_3/ext/exif/exif.c 2011/04/12 17:30:42 310166 ++++ PHP_5_3/ext/exif/exif.c 2011/04/12 18:33:08 310167 +@@ -2909,7 +2909,7 @@ + fgot = php_stream_tell(ImageInfo->infile); + if (fgot!=offset_val) { + EFREE_IF(outside); +- exif_error_docref(NULL EXIFERR_CC, ImageInfo, E_WARNING, "Wrong file pointer: 0x%08X != 0x08X", fgot, offset_val); ++ exif_error_docref(NULL EXIFERR_CC, ImageInfo, E_WARNING, "Wrong file pointer: 0x%08X != 0x%08X", fgot, offset_val); + return FALSE; + } + fgot = php_stream_read(ImageInfo->infile, value_ptr, byte_count); diff --git a/php-5.3.7-bug-54137.patch b/php-5.3.7-bug-54137.patch new file mode 100644 index 0000000..5e0a177 --- /dev/null +++ b/php-5.3.7-bug-54137.patch @@ -0,0 +1,10 @@ +--- PHP_5_3/ext/standard/http_fopen_wrapper.c 2011/05/29 07:35:10 311541 ++++ PHP_5_3/ext/standard/http_fopen_wrapper.c 2011/05/29 09:23:08 311542 +@@ -631,7 +631,6 @@ + } + php_stream_write(stream, "\r\n", sizeof("\r\n")-1); + php_stream_write(stream, Z_STRVAL_PP(tmpzval), Z_STRLEN_PP(tmpzval)); +- php_stream_write(stream, "\r\n\r\n", sizeof("\r\n\r\n")-1); + } else { + php_stream_write(stream, "\r\n", sizeof("\r\n")-1); + } diff --git a/php-5.3.7-bug-54180.patch b/php-5.3.7-bug-54180.patch new file mode 100644 index 0000000..6b079bf --- /dev/null +++ b/php-5.3.7-bug-54180.patch @@ -0,0 +1,13 @@ +--- PHP_5_3/ext/standard/url.c 2011/03/17 16:20:19 309351 ++++ PHP_5_3/ext/standard/url.c 2011/03/17 18:02:58 309352 +@@ -316,6 +316,10 @@ + pp = strchr(s, '#'); + + if (pp && pp < p) { ++ if (pp - s) { ++ ret->path = estrndup(s, (pp-s)); ++ php_replace_controlchars_ex(ret->path, (pp - s)); ++ } + p = pp; + goto label_parse; + } diff --git a/php-5.3.7-bug-54221.patch b/php-5.3.7-bug-54221.patch new file mode 100644 index 0000000..96d9024 --- /dev/null +++ b/php-5.3.7-bug-54221.patch @@ -0,0 +1,11 @@ +--- PHP_5_3/ext/mysqli/mysqli_warning.c 2011/03/17 10:13:20 309338 ++++ PHP_5_3/ext/mysqli/mysqli_warning.c 2011/03/17 10:28:53 309339 +@@ -197,7 +197,7 @@ + + MYSQLI_FETCH_RESOURCE(w, MYSQLI_WARNING *, &mysqli_warning, "mysqli_warning", MYSQLI_STATUS_VALID); + +- if (w->next) { ++ if (w && w->next) { + w = w->next; + ((MYSQLI_RESOURCE *)(obj->ptr))->ptr = w; + RETURN_TRUE; diff --git a/php-5.3.7-bug-54242.patch b/php-5.3.7-bug-54242.patch new file mode 100644 index 0000000..bf1097b --- /dev/null +++ b/php-5.3.7-bug-54242.patch @@ -0,0 +1,11 @@ +--- PHP_5_3/ext/dba/dba_flatfile.c 2011/03/13 14:19:31 309171 ++++ PHP_5_3/ext/dba/dba_flatfile.c 2011/03/13 14:21:58 309172 +@@ -96,7 +96,7 @@ + return SUCCESS; + case 1: + php_error_docref1(NULL TSRMLS_CC, key, E_WARNING, "Key already exists"); +- return SUCCESS; ++ return FAILURE; + } + } + diff --git a/php-5.3.7-bug-54269.patch b/php-5.3.7-bug-54269.patch new file mode 100644 index 0000000..3140774 --- /dev/null +++ b/php-5.3.7-bug-54269.patch @@ -0,0 +1,11 @@ +--- PHP_5_3/ext/interbase/php_ibase_includes.h 2011/05/22 17:19:40 311340 ++++ PHP_5_3/ext/interbase/php_ibase_includes.h 2011/05/22 19:06:21 311341 +@@ -51,7 +51,7 @@ + #define LE_PLINK "Firebird/InterBase persistent link" + #define LE_TRANS "Firebird/InterBase transaction" + +-#define IBASE_MSGSIZE 256 ++#define IBASE_MSGSIZE 512 + #define MAX_ERRMSG (IBASE_MSGSIZE*2) + + #define IB_DEF_DATE_FMT "%Y-%m-%d" diff --git a/php-5.3.7-bug-54312.patch b/php-5.3.7-bug-54312.patch new file mode 100644 index 0000000..a05c33b --- /dev/null +++ b/php-5.3.7-bug-54312.patch @@ -0,0 +1,16 @@ +--- PHP_5_3/ext/soap/soap.c 2011/03/19 17:14:28 309432 ++++ PHP_5_3/ext/soap/soap.c 2011/03/19 17:36:01 309433 +@@ -1213,9 +1213,11 @@ + zval **tmp; + + if (zend_hash_find(ht, "soap_version", sizeof("soap_version"), (void**)&tmp) == SUCCESS) { +- if (Z_TYPE_PP(tmp) == IS_LONG || +- (Z_LVAL_PP(tmp) == SOAP_1_1 && Z_LVAL_PP(tmp) == SOAP_1_2)) { ++ if (Z_TYPE_PP(tmp) == IS_LONG && ++ (Z_LVAL_PP(tmp) == SOAP_1_1 || Z_LVAL_PP(tmp) == SOAP_1_2)) { + version = Z_LVAL_PP(tmp); ++ } else { ++ php_error_docref(NULL TSRMLS_CC, E_ERROR, "'soap_version' option must be SOAP_1_1 or SOAP_1_2"); + } + } + diff --git a/php-5.3.7-bug-54318.patch b/php-5.3.7-bug-54318.patch new file mode 100644 index 0000000..2ee64d8 --- /dev/null +++ b/php-5.3.7-bug-54318.patch @@ -0,0 +1,12 @@ +--- PHP_5_3/ext/pdo_pgsql/config.m4 2011/03/22 09:08:00 309544 ++++ PHP_5_3/ext/pdo_pgsql/config.m4 2011/03/22 09:12:01 309545 +@@ -69,7 +69,8 @@ + AC_DEFINE(HAVE_PDO_PGSQL,1,[Whether to build PostgreSQL for PDO support or not]) + + AC_MSG_CHECKING([for openssl dependencies]) +- if grep -q openssl $PGSQL_INCLUDE/libpq-fe.h ; then ++ grep openssl $PGSQL_INCLUDE/libpq-fe.h >/dev/null 2>&1 ++ if test $? -eq 0 ; then + AC_MSG_RESULT([yes]) + dnl First try to find pkg-config + AC_PATH_PROG(PKG_CONFIG, pkg-config, no) diff --git a/php-5.3.7-bug-54329.patch b/php-5.3.7-bug-54329.patch new file mode 100644 index 0000000..db3e11e --- /dev/null +++ b/php-5.3.7-bug-54329.patch @@ -0,0 +1,11 @@ +--- PHP_5_3/ext/pdo_dblib/dblib_stmt.c 2011/07/03 18:01:36 312859 ++++ PHP_5_3/ext/pdo_dblib/dblib_stmt.c 2011/07/03 19:01:42 312860 +@@ -39,7 +39,7 @@ + + for (i = 0; i < S->nrows; i++) { + for (j = 0; j < S->ncols; j++) { +- pdo_dblib_colval *val = &S->rows[i] + j; ++ pdo_dblib_colval *val = &S->rows[i*S->ncols] + j; + if (val->data) { + efree(val->data); + val->data = NULL; diff --git a/php-5.3.7-bug-54440.patch b/php-5.3.7-bug-54440.patch new file mode 100644 index 0000000..03f22e1 --- /dev/null +++ b/php-5.3.7-bug-54440.patch @@ -0,0 +1,13 @@ +--- PHP_5_3/ext/libxml/libxml.c 2011/04/09 16:59:36 310108 ++++ PHP_5_3/ext/libxml/libxml.c 2011/04/09 18:32:55 310109 +@@ -310,9 +310,7 @@ + } + } + +- if (LIBXML(stream_context)) { +- context = zend_fetch_resource(&LIBXML(stream_context) TSRMLS_CC, -1, "Stream-Context", NULL, 1, php_le_stream_context()); +- } ++ context = php_stream_context_from_zval(LIBXML(stream_context), 0); + + ret_val = php_stream_open_wrapper_ex(path_to_open, (char *)mode, ENFORCE_SAFE_MODE|REPORT_ERRORS, NULL, context); + if (isescaped) { diff --git a/php-5.3.7-bug-54494.patch b/php-5.3.7-bug-54494.patch new file mode 100644 index 0000000..604b07e --- /dev/null +++ b/php-5.3.7-bug-54494.patch @@ -0,0 +1,15 @@ +--- PHP_5_3/ext/mbstring/libmbfl/mbfl/mbfilter.c 2011/04/09 16:02:40 310107 ++++ PHP_5_3/ext/mbstring/libmbfl/mbfl/mbfilter.c 2011/04/09 16:59:36 310108 +@@ -1202,10 +1202,10 @@ + len = string->len; + start = from; + end = from + length; +- if (encoding->flag & (MBFL_ENCTYPE_WCS2BE | MBFL_ENCTYPE_MWC2LE)) { ++ if (encoding->flag & (MBFL_ENCTYPE_WCS2BE | MBFL_ENCTYPE_WCS2LE)) { + start *= 2; + end = start + length*2; +- } else if (encoding->flag & (MBFL_ENCTYPE_WCS4BE | MBFL_ENCTYPE_MWC4LE)) { ++ } else if (encoding->flag & (MBFL_ENCTYPE_WCS4BE | MBFL_ENCTYPE_WCS4LE)) { + start *= 4; + end = start + length*4; + } else if (encoding->mblen_table != NULL) { diff --git a/php-5.3.7-bug-54529.patch b/php-5.3.7-bug-54529.patch new file mode 100644 index 0000000..0881895 --- /dev/null +++ b/php-5.3.7-bug-54529.patch @@ -0,0 +1,20 @@ +--- PHP_5_3/sapi/apache2handler/apache_config.c 2011/05/22 19:06:21 311341 ++++ PHP_5_3/sapi/apache2handler/apache_config.c 2011/05/23 01:47:06 311342 +@@ -192,11 +192,12 @@ + zend_hash_get_current_key_ex(&d->config, &str, &str_len, NULL, 0, + NULL) == HASH_KEY_IS_STRING; + zend_hash_move_forward(&d->config)) { +- zend_hash_get_current_data(&d->config, (void **) &data); +- phpapdebug((stderr, "APPLYING (%s)(%s)\n", str, data->value)); +- if (zend_alter_ini_entry(str, str_len, data->value, data->value_len, data->status, data->htaccess?PHP_INI_STAGE_HTACCESS:PHP_INI_STAGE_ACTIVATE) == FAILURE) { +- phpapdebug((stderr, "..FAILED\n")); +- } ++ if (zend_hash_get_current_data(&d->config, (void **) &data) == SUCCESS) { ++ phpapdebug((stderr, "APPLYING (%s)(%s)\n", str, data->value)); ++ if (zend_alter_ini_entry(str, str_len, data->value, data->value_len, data->status, data->htaccess?PHP_INI_STAGE_HTACCESS:PHP_INI_STAGE_ACTIVATE) == FAILURE) { ++ phpapdebug((stderr, "..FAILED\n")); ++ } ++ } + } + } + diff --git a/php-5.3.7-bug-54601.patch b/php-5.3.7-bug-54601.patch new file mode 100644 index 0000000..9032687 --- /dev/null +++ b/php-5.3.7-bug-54601.patch @@ -0,0 +1,18 @@ +--- PHP_5_3/ext/libxml/libxml.c 2011/05/29 10:23:06 311543 ++++ PHP_5_3/ext/libxml/libxml.c 2011/05/29 11:39:49 311544 +@@ -222,6 +222,7 @@ + switch (node->type) { + /* Skip property freeing for the following types */ + case XML_NOTATION_NODE: ++ case XML_ENTITY_DECL: + break; + case XML_ENTITY_REF_NODE: + php_libxml_node_free_list((xmlNodePtr) node->properties TSRMLS_CC); +@@ -233,7 +234,6 @@ + case XML_ATTRIBUTE_DECL: + case XML_DTD_NODE: + case XML_DOCUMENT_TYPE_NODE: +- case XML_ENTITY_DECL: + case XML_NAMESPACE_DECL: + case XML_TEXT_NODE: + php_libxml_node_free_list(node->children TSRMLS_CC); diff --git a/php-5.3.7-bug-54946.patch b/php-5.3.7-bug-54946.patch new file mode 100644 index 0000000..17d9d9e --- /dev/null +++ b/php-5.3.7-bug-54946.patch @@ -0,0 +1,12 @@ +--- PHP_5_3/main/streams/streams.c 2011/05/29 11:39:49 311544 ++++ PHP_5_3/main/streams/streams.c 2011/05/29 12:29:19 311545 +@@ -1291,6 +1291,9 @@ + ptr = *buf = pemalloc_rel_orig(maxlen + 1, persistent); + while ((len < maxlen) && !php_stream_eof(src)) { + ret = php_stream_read(src, ptr, maxlen - len); ++ if (!ret) { ++ break; ++ } + len += ret; + ptr += ret; + } diff --git a/php-5.3.7-bug-55014.patch b/php-5.3.7-bug-55014.patch new file mode 100644 index 0000000..122c98b --- /dev/null +++ b/php-5.3.7-bug-55014.patch @@ -0,0 +1,19 @@ +--- PHP_5_3/main/reentrancy.c 2011/07/11 17:00:04 313143 ++++ PHP_5_3/main/reentrancy.c 2011/07/11 17:01:23 313144 +@@ -60,14 +60,14 @@ + + PHPAPI char *php_ctime_r(const time_t *clock, char *buf) + { +- if (ctime_r(clock, buf, 26) == buf) ++ if (ctime_r(clock, buf) == buf) + return (buf); + return (NULL); + } + + PHPAPI char *php_asctime_r(const struct tm *tm, char *buf) + { +- if (asctime_r(tm, buf, 26) == buf) ++ if (asctime_r(tm, buf) == buf) + return (buf); + return (NULL); + } diff --git a/php-5.3.7-bug-55323.patch b/php-5.3.7-bug-55323.patch new file mode 100644 index 0000000..6d2476c --- /dev/null +++ b/php-5.3.7-bug-55323.patch @@ -0,0 +1,69 @@ +--- PHP_5_3/ext/soap/php_encoding.c 2011/08/10 13:30:20 314736 ++++ PHP_5_3/ext/soap/php_encoding.c 2011/08/10 13:44:48 314737 +@@ -114,6 +114,26 @@ + } \ + } + ++#define CHECK_XML_NULL(xml) \ ++ { \ ++ xmlAttrPtr null; \ ++ if (!xml) { \ ++ zval *ret; \ ++ ALLOC_INIT_ZVAL(ret); \ ++ ZVAL_NULL(ret); \ ++ return ret; \ ++ } \ ++ if (xml->properties) { \ ++ null = get_attribute(xml->properties, "nil"); \ ++ if (null) { \ ++ zval *ret; \ ++ ALLOC_INIT_ZVAL(ret); \ ++ ZVAL_NULL(ret); \ ++ return ret; \ ++ } \ ++ } \ ++ } ++ + #define FIND_ZVAL_NULL(zval, xml, style) \ + { \ + if (!zval || Z_TYPE_P(zval) == IS_NULL) { \ +@@ -338,6 +358,19 @@ + return 0; + } + ++static zval* soap_find_xml_ref(xmlNodePtr node TSRMLS_DC) ++{ ++ zval **data_ptr; ++ ++ if (SOAP_GLOBAL(ref_map) && ++ zend_hash_index_find(SOAP_GLOBAL(ref_map), (ulong)node, (void**)&data_ptr) == SUCCESS) { ++ Z_SET_ISREF_PP(data_ptr); ++ Z_ADDREF_PP(data_ptr); ++ return *data_ptr; ++ } ++ return NULL; ++} ++ + static zend_bool soap_check_xml_ref(zval **data, xmlNodePtr node TSRMLS_DC) + { + zval **data_ptr; +@@ -1513,6 +1546,11 @@ + sdlType->encode->details.sdl_type->kind != XSD_TYPEKIND_LIST && + sdlType->encode->details.sdl_type->kind != XSD_TYPEKIND_UNION) { + ++ CHECK_XML_NULL(data); ++ if ((ret = soap_find_xml_ref(data TSRMLS_CC)) != NULL) { ++ return ret; ++ } ++ + if (ce != ZEND_STANDARD_CLASS_DEF_PTR && + sdlType->encode->to_zval == sdl_guess_convert_zval && + sdlType->encode->details.sdl_type != NULL && +@@ -1526,7 +1564,6 @@ + } else { + ret = master_to_zval_int(sdlType->encode, data); + } +- FIND_XML_NULL(data, ret); + if (soap_check_xml_ref(&ret, data TSRMLS_CC)) { + return ret; + } diff --git a/php-5.3.7-bug-55399.patch b/php-5.3.7-bug-55399.patch new file mode 100644 index 0000000..3efb737 --- /dev/null +++ b/php-5.3.7-bug-55399.patch @@ -0,0 +1,13 @@ +--- PHP_5_3/ext/standard/url.c 2011/08/11 12:34:51 314782 ++++ PHP_5_3/ext/standard/url.c 2011/08/11 13:01:52 314783 +@@ -197,6 +197,10 @@ + efree(ret); + return NULL; + } ++ } else if (p == pp && *pp == '\0') { ++ STR_FREE(ret->scheme); ++ efree(ret); ++ return NULL; + } else { + goto just_path; + } diff --git a/php.spec b/php.spec index 88b9195..faf9567 100644 --- a/php.spec +++ b/php.spec @@ -112,7 +112,7 @@ Summary(ru.UTF-8): PHP Версии 5 - язык препроцессирова Summary(uk.UTF-8): PHP Версії 5 - мова препроцесування HTML-файлів, виконувана на сервері Name: php Version: 5.2.17 -Release: 6 +Release: 7 Epoch: 4 License: PHP Group: Libraries @@ -192,6 +192,69 @@ Patch56: %{name}-krb5.patch Patch57: php-php_dl.patch # http://spot.fedorapeople.org/php-5.3.6-libzip.patch Patch65: system-libzip.patch +# CENTALT patches +# CVE +Patch201: php-5.2.17-CVE-2011-2202.patch +Patch202: php-5.2.17-CVE-2011-1938.patch +Patch203: php-5.2.17-CVE-2011-1148.patch +Patch204: php-5.2.17-CVE-2011-0708.patch +Patch205: php-5.2.17-CVE-2011-1092.patch +# Backport from 5.3.6 +Patch301: php-5.3.6-bug-54055.patch +Patch302: php-5.3.6-bug-53577.patch +Patch303: php-5.2.17-bug-48484.patch +Patch304: php-5.3.6-bug-48607.patch +Patch305: php-5.3.6-bug-53574.patch +Patch306: php-5.3.6-bug-52290.patch +Patch307: php-5.2.17-bug-52063.patch +Patch308: php-5.3.6-bug-53924.patch +Patch309: php-5.3.6-bug-53150.patch +Patch310: php-5.3.6-bug-52209.patch +Patch311: php-5.3.6-bug-47435.patch +Patch312: php-5.3.6-bug-53377.patch +Patch313: php-5.2.17-bug-39847.patch +Patch314: php-5.3.6-39199.patch +Patch315: php-5.3.6-bug-53630.patch +Patch316: php-5.3.6-bug-51336.patch +Patch317: php-5.3.6-bug-53515.patch +Patch318: php-5.3.6-bug-54092.patch +Patch319: php-5.3.6-bug-53903.patch +Patch320: php-5.3.6-bug-54089.patch +Patch321: php-5.3.6-bug-53603.patch +Patch322: php-5.3.6-bug-53854.patch +Patch323: php-5.3.6-bug-53579.patch +Patch324: php-5.3.6-bug-53568.patch +Patch325: php-5.2.17-bug-49072.patch +# 5.3.7 +Patch330: php-5.3.7-bug-55399.patch +Patch331: php-5.2.17-bug-55082.patch +Patch332: php-5.3.7-bug-55014.patch +#Patch333: php-5.3.7-bug-54924.patch +Patch334: php-5.3.7-bug-54180.patch +Patch335: php-5.3.7-bug-54137.patch +Patch336: php-5.3.7-bug-53848.patch +Patch337: php-5.3.7-bug-52935.patch +Patch338: php-5.3.7-bug-51997.patch +Patch339: php-5.3.7-bug-50363.patch +Patch340: php-5.3.7-bug-48465.patch +Patch341: php-5.3.7-bug-54529.patch +Patch342: php-5.3.7-bug-52496.patch +Patch343: php-5.3.7-bug-54242.patch +Patch344: php-5.3.7-bug-54121.patch +Patch345: php-5.3.7-bug-53037.patch +Patch346: php-5.3.7-bug-54269.patch +Patch347: php-5.3.7-bug-54601.patch +Patch348: php-5.3.7-bug-54440.patch +Patch349: php-5.3.7-bug-54494.patch +Patch350: php-5.3.7-bug-54221.patch +Patch351: php-5.3.7-bug-52104.patch +Patch352: php-5.3.7-bug-54329.patch +Patch353: php-5.3.7-bug-53782.patch +Patch354: php-5.3.7-bug-54318.patch +Patch355: php-5.3.7-bug-55323.patch +Patch356: php-5.3.7-bug-54312.patch +Patch357: php-5.3.7-bug-51958.patch +Patch358: php-5.3.7-bug-54946.patch URL: http://www.php.net/ %{?with_interbase:%{!?with_interbase_inst:BuildRequires: Firebird-devel >= 1.0.2.908-2}} %{?with_pspell:BuildRequires: aspell-devel >= 2:0.50.0} @@ -1872,6 +1935,69 @@ done %patch57 -p1 %patch65 -p1 +%patch201 -p1 -b .CVE-2011-2202 +%patch202 -p1 -b .CVE-2011-1938 +%patch203 -p1 -b .CVE-2011-1148 +%patch204 -p1 -b .CVE-2011-0708 +%patch205 -p1 -b .CVE-2011-1092 + +# Bugfix backport from 5.3.6 +%patch301 -p1 -b .bug-54055 +%patch302 -p1 -b .bug-53577 +%patch303 -p1 -b .bug-48484 +%patch304 -p1 -b .bug-48607 +%patch305 -p1 -b .bug-53574 +%patch306 -p1 -b .bug-52290 +%patch307 -p1 -b .bug-52063 +%patch308 -p1 -b .bug-53924 +%patch309 -p1 -b .bug-53150 +%patch310 -p1 -b .bug-52209 +%patch311 -p1 -b .bug-47435 +%patch312 -p1 -b .bug-53377 +%patch313 -p1 -b .bug-39847 +%patch314 -p1 -b .bug-39199 +%patch315 -p1 -b .bug-53630 +%patch316 -p1 -b .bug-51336 +%patch317 -p1 -b .bug-53515 +%patch318 -p1 -b .bug-54092 +%patch319 -p1 -b .bug-53903 +%patch320 -p1 -b .bug-54089 +%patch321 -p1 -b .bug-53603 +%patch322 -p1 -b .bug-53854 +%patch323 -p1 -b .bug-53579 +%patch324 -p1 -b .bug-53568 +%patch325 -p1 -b .bug-49072 +# Bugfix backport from 5.3.7 +%patch330 -p1 -b .bug-55399 +%patch331 -p1 -b .bug-55082 +%patch332 -p1 -b .bug-55014 +#accert %patch333 -p1 -b .bug-54924 +%patch334 -p1 -b .bug-54180 +%patch335 -p1 -b .bug-54137 +%patch336 -p1 -b .bug-53848 +%patch337 -p1 -b .bug-52935 +%patch338 -p1 -b .bug-51997 +%patch339 -p1 -b .bug-50363 +%patch340 -p1 -b .bug-48465 +%patch341 -p1 -b .bug-54529 +%patch342 -p1 -b .bug-52496 +%patch343 -p1 -b .bug-54242 +%patch344 -p1 -b .bug-54121 +%patch345 -p1 -b .bug-53037 +%patch346 -p1 -b .bug-54269 +%patch347 -p1 -b .bug-54601 +%patch348 -p1 -b .bug-54440 +%patch349 -p1 -b .bug-54494 +%patch350 -p1 -b .bug-54221 +%patch351 -p1 -b .bug-52104 +%patch352 -p1 -b .bug-54329 +%patch353 -p1 -b .bug-53782 +%patch354 -p1 -b .bug-54318 +#soap %patch355 -p1 -b .bug-55323 +%patch356 -p1 -b .bug-54312 +%patch357 -p1 -b .bug-51958 +%patch358 -p1 -b .bug-54946 + # conflict seems to be resolved by recode patches rm -f ext/recode/config9.m4 -- 2.44.0