PHP_SUBST(PHP_MODULES)
PHP_SUBST(PHP_ZEND_EX)
---- php-5.3.8/Makefile.global~ 2011-10-14 08:58:00.288329595 +0300
-+++ php-5.3.8/Makefile.global 2011-10-14 08:50:16.670234576 +0300
+--- php-5.3.29/Makefile.global~ 2014-08-19 16:59:48.000000000 +0300
++++ php-5.3.29/Makefile.global 2014-08-19 17:47:47.112627301 +0300
@@ -77,8 +77,15 @@
done; \
fi
if test "x$(PHP_MODULES)" != "x"; then \
for i in $(PHP_MODULES)""; do \
. $$i; $(top_srcdir)/build/shtool echo -n -- " -d extension=$$dlname"; \
-@@ -107,7 +114,10 @@
+@@ -114,7 +114,9 @@
TEST_PHP_EXECUTABLE=$(PHP_EXECUTABLE) \
TEST_PHP_SRCDIR=$(top_srcdir) \
CC="$(CC)" \
- $(PHP_EXECUTABLE) -n -c $(top_builddir)/tmp-php.ini $(PHP_TEST_SETTINGS) $(top_srcdir)/run-tests.php -n -c $(top_builddir)/tmp-php.ini -d extension_dir=$(top_builddir)/modules/ $(PHP_TEST_SHARED_EXTENSIONS) $(TESTS); \
-+ $(PHP_EXECUTABLE) -n -c $(top_builddir)/tmp-php.ini \
+ -d extension_dir=$(top_builddir)/modules/ -d 'extension=$(EXTENSION_DIR)/pcre.$(SHLIB_DL_SUFFIX_NAME)' \
-+ $(PHP_TEST_SETTINGS) $(top_srcdir)/run-tests.php -n -c $(top_builddir)/tmp-php.ini \
-+ -d extension_dir=$(top_builddir)/modules/ $(PHP_TEST_SHARED_EXTENSIONS) $(RUN_TESTS_SETTINGS) $(TESTS); \
++ $(PHP_TEST_SETTINGS) $(top_srcdir)/run-tests.php -n -c $(top_builddir)/tmp-php.ini -d extension_dir=$(top_builddir)/modules/ $(PHP_TEST_SHARED_EXTENSIONS) \
++ $(RUN_TESTS_SETTINGS) $(TESTS); \
+ TEST_RESULT_EXIT_CODE=$$?; \
rm $(top_builddir)/tmp-php.ini; \
- else \
- echo "ERROR: Cannot run tests without CLI sapi."; \
+ exit $$TEST_RESULT_EXIT_CODE; \
-; permissions must be set in order to allow connections from a web server. Many
-; BSD-derived systems allow connections regardless of permissions.
-; Default Values: user and group are set as the running user
--; mode is set to 0666
+-; mode is set to 0660
-;listen.owner = @php_fpm_user@
-;listen.group = @php_fpm_group@
--;listen.mode = 0666
+-;listen.mode = 0660
-
-; List of ipv4 addresses of FastCGI clients which are allowed to connect.
-; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original
+; permissions must be set in order to allow connections from a web server. Many
+; BSD-derived systems allow connections regardless of permissions.
+; Default Values: user and group are set as the running user
-+; mode is set to 0666
++; mode is set to 0660
+;listen.owner = @php_fpm_user@
+;listen.group = @php_fpm_group@
-+;listen.mode = 0666
++;listen.mode = 0660
+
+; List of ipv4 addresses of FastCGI clients which are allowed to connect.
+; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original
+++ /dev/null
-commit fb0128af2a95ec0d1a0360be49776c5b056d1f33
-Author: Stanislav Malyshev <stas@php.net>
-Date: Mon Jun 23 00:19:37 2014 -0700
-
- Fix bug #67498 - phpinfo() Type Confusion Information Leak Vulnerability
-
-diff --git a/ext/standard/info.c b/ext/standard/info.c
-index 70b2e2f..0f15bbe 100644
---- a/ext/standard/info.c
-+++ b/ext/standard/info.c
-@@ -875,16 +875,16 @@ PHPAPI void php_print_info(int flag TSRMLS_DC)
-
- php_info_print_table_start();
- php_info_print_table_header(2, "Variable", "Value");
-- if (zend_hash_find(&EG(symbol_table), "PHP_SELF", sizeof("PHP_SELF"), (void **) &data) != FAILURE) {
-+ if (zend_hash_find(&EG(symbol_table), "PHP_SELF", sizeof("PHP_SELF"), (void **) &data) != FAILURE && Z_TYPE_PP(data) == IS_STRING) {
- php_info_print_table_row(2, "PHP_SELF", Z_STRVAL_PP(data));
- }
-- if (zend_hash_find(&EG(symbol_table), "PHP_AUTH_TYPE", sizeof("PHP_AUTH_TYPE"), (void **) &data) != FAILURE) {
-+ if (zend_hash_find(&EG(symbol_table), "PHP_AUTH_TYPE", sizeof("PHP_AUTH_TYPE"), (void **) &data) != FAILURE && Z_TYPE_PP(data) == IS_STRING) {
- php_info_print_table_row(2, "PHP_AUTH_TYPE", Z_STRVAL_PP(data));
- }
-- if (zend_hash_find(&EG(symbol_table), "PHP_AUTH_USER", sizeof("PHP_AUTH_USER"), (void **) &data) != FAILURE) {
-+ if (zend_hash_find(&EG(symbol_table), "PHP_AUTH_USER", sizeof("PHP_AUTH_USER"), (void **) &data) != FAILURE && Z_TYPE_PP(data) == IS_STRING) {
- php_info_print_table_row(2, "PHP_AUTH_USER", Z_STRVAL_PP(data));
- }
-- if (zend_hash_find(&EG(symbol_table), "PHP_AUTH_PW", sizeof("PHP_AUTH_PW"), (void **) &data) != FAILURE) {
-+ if (zend_hash_find(&EG(symbol_table), "PHP_AUTH_PW", sizeof("PHP_AUTH_PW"), (void **) &data) != FAILURE && Z_TYPE_PP(data) == IS_STRING) {
- php_info_print_table_row(2, "PHP_AUTH_PW", Z_STRVAL_PP(data));
- }
- php_print_gpcse_array(ZEND_STRL("_REQUEST") TSRMLS_CC);
-diff --git a/ext/standard/tests/general_functions/bug67498.phpt b/ext/standard/tests/general_functions/bug67498.phpt
-new file mode 100644
-index 0000000..5b5951b
---- /dev/null
-+++ b/ext/standard/tests/general_functions/bug67498.phpt
-@@ -0,0 +1,15 @@
-+--TEST--
-+phpinfo() Type Confusion Information Leak Vulnerability
-+--FILE--
-+<?php
-+$PHP_SELF = 1;
-+phpinfo(INFO_VARIABLES);
-+
-+?>
-+==DONE==
-+--EXPECTF--
-+phpinfo()
-+
-+PHP Variables
-+%A
-+==DONE==
%endif
%endif
-%define rel 12
+%define rel 1
%define orgname php
%define ver_suffix 53
%define php_suffix %{!?with_default_php:%{ver_suffix}}
Summary(ru.UTF-8): PHP Версии 5 - язык препроцессирования HTML-файлов, выполняемый на сервере
Summary(uk.UTF-8): PHP Версії 5 - мова препроцесування HTML-файлів, виконувана на сервері
Name: %{orgname}%{php_suffix}
-Version: 5.3.28
+Version: 5.3.29
Release: %{rel}%{?with_type_hints:.th}%{?with_oci8:.oci}
Epoch: 4
License: PHP
Group: Libraries
Source0: http://www.php.net/distributions/%{orgname}-%{version}.tar.bz2
-# Source0-md5: 56ff88934e068d142d6c0deefd1f396b
+# Source0-md5: 9469e240cbe6ac865aeaec89b253dd30
Source2: %{orgname}-mod_%{orgname}.conf
Source3: %{orgname}-cgi-fcgi.ini
Source4: %{orgname}-apache.ini
%if %{with type_hints}
Patch12: http://ilia.ws/patch/type_hint_53_v2.txt
%endif
-Patch13: php-secbug-67498.patch
Patch14: %{orgname}-no_pear_install.patch
Patch15: %{orgname}-zlib.patch
Patch17: %{orgname}-readline.patch
%if %{with type_hints}
%patch12 -p0
%endif
-%patch13 -p1
%patch14 -p1
%patch15 -p1
%patch17 -p1
}
+#if SUHOSIN_PATCH
+#if ZEND_DEBUG
-+ php_printf("PHP %s with Suhosin-Patch (%s) (built: %s %s) (DEBUG)\nCopyright (c) 1997-2013 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version());
++ php_printf("PHP %s with Suhosin-Patch (%s) (built: %s %s) (DEBUG)\nCopyright (c) 1997-2014 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version());
+#else
-+ php_printf("PHP %s with Suhosin-Patch (%s) (built: %s %s)\nCopyright (c) 1997-2013 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version());
++ php_printf("PHP %s with Suhosin-Patch (%s) (built: %s %s)\nCopyright (c) 1997-2014 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version());
+#endif
+#else
#if ZEND_DEBUG
- php_printf("PHP %s (%s) (built: %s %s) (DEBUG)\nCopyright (c) 1997-2013 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version());
+ php_printf("PHP %s (%s) (built: %s %s) (DEBUG)\nCopyright (c) 1997-2014 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version());
#else
- php_printf("PHP %s (%s) (built: %s %s)\nCopyright (c) 1997-2013 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version());
+ php_printf("PHP %s (%s) (built: %s %s)\nCopyright (c) 1997-2014 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version());
#endif
+#endif
php_request_shutdown((void *) 0);
}
request_started = 1;
-- php_printf("PHP %s (%s) (built: %s %s) %s\nCopyright (c) 1997-2013 The PHP Group\n%s",
+- php_printf("PHP %s (%s) (built: %s %s) %s\nCopyright (c) 1997-2014 The PHP Group\n%s",
+ php_printf("PHP %s "
+#if SUHOSIN_PATCH
+ "with Suhosin-Patch "
+#endif
-+ "(%s) (built: %s %s) %s\nCopyright (c) 1997-2013 The PHP Group\n%s",
++ "(%s) (built: %s %s) %s\nCopyright (c) 1997-2014 The PHP Group\n%s",
PHP_VERSION, sapi_module.name, __DATE__, __TIME__,
#if ZEND_DEBUG && defined(HAVE_GCOV)
"(DEBUG GCOV)",
if (php_request_startup(TSRMLS_C) != FAILURE) {
+#if SUHOSIN_PATCH
+ #if ZEND_DEBUG
-+ php_printf("PHP %s with Suhosin-Patch (%s) (built: %s %s) (DEBUG)\nCopyright (c) 1997-2013 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version());
++ php_printf("PHP %s with Suhosin-Patch (%s) (built: %s %s) (DEBUG)\nCopyright (c) 1997-2014 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version());
+ #else
-+ php_printf("PHP %s with Suhosin-Patch (%s) (built: %s %s)\nCopyright (c) 1997-2013 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version());
++ php_printf("PHP %s with Suhosin-Patch (%s) (built: %s %s)\nCopyright (c) 1997-2014 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version());
+ #endif
+#else
#if ZEND_DEBUG
- php_printf("PHP %s (%s) (built: %s %s) (DEBUG)\nCopyright (c) 1997-2013 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version());
+ php_printf("PHP %s (%s) (built: %s %s) (DEBUG)\nCopyright (c) 1997-2014 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version());
#else
- php_printf("PHP %s (%s) (built: %s %s)\nCopyright (c) 1997-2013 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version());
+ php_printf("PHP %s (%s) (built: %s %s)\nCopyright (c) 1997-2014 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version());
#endif
+#endif
#ifdef PHP_OUTPUT_NEWAPI
SG(headers_sent) = 1;
SG(request_info).no_headers = 1;
+#if SUHOSIN_PATCH
-+ php_printf("PHP %s with Suhosin-Patch (%s) (built: %s %s)\nCopyright (c) 1997-2013 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version());
++ php_printf("PHP %s with Suhosin-Patch (%s) (built: %s %s)\nCopyright (c) 1997-2014 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version());
+#else
- php_printf("PHP %s (%s) (built: %s %s)\nCopyright (c) 1997-2013 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version());
+ php_printf("PHP %s (%s) (built: %s %s)\nCopyright (c) 1997-2014 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version());
+#endif
php_end_ob_buffers(1 TSRMLS_CC);
exit(1);
projects / packages / php.git / commitdiff