--- /dev/null
+--- PHP_5_3/ext/exif/exif.c 2011/02/14 08:46:53 308315
++++ PHP_5_3/ext/exif/exif.c 2011/02/14 09:08:44 308316
+@@ -40,6 +40,10 @@
+ #include "php.h"
+ #include "ext/standard/file.h"
+
++#ifdef PHP_WIN32
++include "win32/php_stdint.h"
++#endif
++
+ #if HAVE_EXIF
+
+ /* When EXIF_DEBUG is defined the module generates a lot of debug messages
+@@ -2821,6 +2825,7 @@
+ int tag, format, components;
+ char *value_ptr, tagname[64], cbuf[32], *outside=NULL;
+ size_t byte_count, offset_val, fpos, fgot;
++ int64_t byte_count_signed;
+ xp_field_type *tmp_xp;
+ #ifdef EXIF_DEBUG
+ char *dump_data;
+@@ -2845,13 +2850,20 @@
+ /*return TRUE;*/
+ }
+
+- byte_count = components * php_tiff_bytes_per_format[format];
++ if (components < 0) {
++ exif_error_docref("exif_read_data#error_ifd" EXIFERR_CC, ImageInfo, E_WARNING, "Process tag(x%04X=%s): Illegal byte_count(%ld)", tag, exif_get_tagname(tag, tagname, -12, tag_table TSRMLS_CC), byte_count);
++ return FALSE;
++ }
++
++ byte_count_signed = (int64_t)components * php_tiff_bytes_per_format[format];
+
+- if ((ssize_t)byte_count < 0) {
++ if (byte_count_signed < 0 || (byte_count_signed > 2147483648)) {
+ exif_error_docref("exif_read_data#error_ifd" EXIFERR_CC, ImageInfo, E_WARNING, "Process tag(x%04X=%s): Illegal byte_count(%ld)", tag, exif_get_tagname(tag, tagname, -12, tag_table TSRMLS_CC), byte_count);
+ return FALSE;
+ }
+
++ byte_count = (size_t)byte_count_signed;
++
+ if (byte_count > 4) {
+ offset_val = php_ifd_get32u(dir_entry+8, ImageInfo->motorola_intel);
+ /* If its bigger than 4 bytes, the dir entry contains an offset. */
+@@ -2916,6 +2928,7 @@
+ efree(dump_data);
+ }
+ #endif
++
+ if (section_index==SECTION_THUMBNAIL) {
+ if (!ImageInfo->Thumbnail.data) {
+ switch(tag) {
--- /dev/null
+--- PHP_5_3/ext/shmop/shmop.c 2011/01/01 02:19:59 306939
++++ PHP_5_3/ext/shmop/shmop.c 2011/03/08 13:11:14 309018
+@@ -256,7 +256,7 @@
+ RETURN_FALSE;
+ }
+
+- if (start + count > shmop->size || count < 0) {
++ if (count < 0 || start > (INT_MAX - count) || start + count > shmop->size) {
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "count is out of range");
+ RETURN_FALSE;
+ }
--- /dev/null
+--- PHP_5_3/ext/standard/string.c 2011/04/13 03:32:19 310193
++++ PHP_5_3/ext/standard/string.c 2011/04/13 06:32:41 310194
+@@ -2352,20 +2352,35 @@
+
+ zend_hash_internal_pointer_reset_ex(Z_ARRVAL_PP(str), &pos_str);
+ while (zend_hash_get_current_data_ex(Z_ARRVAL_PP(str), (void **) &tmp_str, &pos_str) == SUCCESS) {
+- convert_to_string_ex(tmp_str);
++ zval *orig_str;
++ zval dummy;
++ if(Z_TYPE_PP(tmp_str) != IS_STRING) {
++ dummy = **tmp_str;
++ orig_str = &dummy;
++ zval_copy_ctor(orig_str);
++ convert_to_string(orig_str);
++ } else {
++ orig_str = *tmp_str;
++ }
+
+ if (Z_TYPE_PP(from) == IS_ARRAY) {
+ if (SUCCESS == zend_hash_get_current_data_ex(Z_ARRVAL_PP(from), (void **) &tmp_from, &pos_from)) {
+- convert_to_long_ex(tmp_from);
++ if(Z_TYPE_PP(tmp_from) != IS_LONG) {
++ zval dummy = **tmp_from;
++ zval_copy_ctor(&dummy);
++ convert_to_long(&dummy);
++ f = Z_LVAL(dummy);
++ } else {
++ f = Z_LVAL_PP(tmp_from);
++ }
+
+- f = Z_LVAL_PP(tmp_from);
+ if (f < 0) {
+- f = Z_STRLEN_PP(tmp_str) + f;
++ f = Z_STRLEN_P(orig_str) + f;
+ if (f < 0) {
+ f = 0;
+ }
+- } else if (f > Z_STRLEN_PP(tmp_str)) {
+- f = Z_STRLEN_PP(tmp_str);
++ } else if (f > Z_STRLEN_P(orig_str)) {
++ f = Z_STRLEN_P(orig_str);
+ }
+ zend_hash_move_forward_ex(Z_ARRVAL_PP(from), &pos_from);
+ } else {
+@@ -2374,72 +2389,94 @@
+ } else {
+ f = Z_LVAL_PP(from);
+ if (f < 0) {
+- f = Z_STRLEN_PP(tmp_str) + f;
++ f = Z_STRLEN_P(orig_str) + f;
+ if (f < 0) {
+ f = 0;
+ }
+- } else if (f > Z_STRLEN_PP(tmp_str)) {
+- f = Z_STRLEN_PP(tmp_str);
++ } else if (f > Z_STRLEN_P(orig_str)) {
++ f = Z_STRLEN_P(orig_str);
+ }
+ }
+
+ if (argc > 3 && Z_TYPE_PP(len) == IS_ARRAY) {
+ if (SUCCESS == zend_hash_get_current_data_ex(Z_ARRVAL_PP(len), (void **) &tmp_len, &pos_len)) {
+- convert_to_long_ex(tmp_len);
++ if(Z_TYPE_PP(tmp_len) != IS_LONG) {
++ zval dummy = **tmp_len;
++ zval_copy_ctor(&dummy);
++ convert_to_long(&dummy);
++ l = Z_LVAL(dummy);
++ } else {
++ l = Z_LVAL_PP(tmp_len);
++ }
+
+ l = Z_LVAL_PP(tmp_len);
+ zend_hash_move_forward_ex(Z_ARRVAL_PP(len), &pos_len);
+ } else {
+- l = Z_STRLEN_PP(tmp_str);
++ l = Z_STRLEN_P(orig_str);
+ }
+ } else if (argc > 3) {
+ l = Z_LVAL_PP(len);
+ } else {
+- l = Z_STRLEN_PP(tmp_str);
++ l = Z_STRLEN_P(orig_str);
+ }
+
+ if (l < 0) {
+- l = (Z_STRLEN_PP(tmp_str) - f) + l;
++ l = (Z_STRLEN_P(orig_str) - f) + l;
+ if (l < 0) {
+ l = 0;
+ }
+ }
+
+- if ((f + l) > Z_STRLEN_PP(tmp_str)) {
+- l = Z_STRLEN_PP(tmp_str) - f;
++ if ((f + l) > Z_STRLEN_P(orig_str)) {
++ l = Z_STRLEN_P(orig_str) - f;
+ }
+
+- result_len = Z_STRLEN_PP(tmp_str) - l;
++ result_len = Z_STRLEN_P(orig_str) - l;
+
+ if (Z_TYPE_PP(repl) == IS_ARRAY) {
+ if (SUCCESS == zend_hash_get_current_data_ex(Z_ARRVAL_PP(repl), (void **) &tmp_repl, &pos_repl)) {
+- convert_to_string_ex(tmp_repl);
+- result_len += Z_STRLEN_PP(tmp_repl);
++ zval *repl_str;
++ zval zrepl;
++ if(Z_TYPE_PP(tmp_repl) != IS_STRING) {
++ zrepl = **tmp_repl;
++ repl_str = &zrepl;
++ zval_copy_ctor(repl_str);
++ convert_to_string(repl_str);
++ } else {
++ repl_str = *tmp_repl;
++ }
++
++ result_len += Z_STRLEN_P(repl_str);
+ zend_hash_move_forward_ex(Z_ARRVAL_PP(repl), &pos_repl);
+ result = emalloc(result_len + 1);
+
+- memcpy(result, Z_STRVAL_PP(tmp_str), f);
+- memcpy((result + f), Z_STRVAL_PP(tmp_repl), Z_STRLEN_PP(tmp_repl));
+- memcpy((result + f + Z_STRLEN_PP(tmp_repl)), Z_STRVAL_PP(tmp_str) + f + l, Z_STRLEN_PP(tmp_str) - f - l);
++ memcpy(result, Z_STRVAL_P(orig_str), f);
++ memcpy((result + f), Z_STRVAL_P(repl_str), Z_STRLEN_P(repl_str));
++ memcpy((result + f + Z_STRLEN_P(repl_str)), Z_STRVAL_P(orig_str) + f + l, Z_STRLEN_P(orig_str) - f - l);
++ if(Z_TYPE_PP(tmp_repl) != IS_STRING) {
++ zval_dtor(repl_str);
++ }
+ } else {
+ result = emalloc(result_len + 1);
+
+- memcpy(result, Z_STRVAL_PP(tmp_str), f);
+- memcpy((result + f), Z_STRVAL_PP(tmp_str) + f + l, Z_STRLEN_PP(tmp_str) - f - l);
++ memcpy(result, Z_STRVAL_P(orig_str), f);
++ memcpy((result + f), Z_STRVAL_P(orig_str) + f + l, Z_STRLEN_P(orig_str) - f - l);
+ }
+ } else {
+ result_len += Z_STRLEN_PP(repl);
+
+ result = emalloc(result_len + 1);
+
+- memcpy(result, Z_STRVAL_PP(tmp_str), f);
++ memcpy(result, Z_STRVAL_P(orig_str), f);
+ memcpy((result + f), Z_STRVAL_PP(repl), Z_STRLEN_PP(repl));
+- memcpy((result + f + Z_STRLEN_PP(repl)), Z_STRVAL_PP(tmp_str) + f + l, Z_STRLEN_PP(tmp_str) - f - l);
++ memcpy((result + f + Z_STRLEN_PP(repl)), Z_STRVAL_P(orig_str) + f + l, Z_STRLEN_P(orig_str) - f - l);
+ }
+
+ result[result_len] = '\0';
+ add_next_index_stringl(return_value, result, result_len, 0);
+-
++ if(Z_TYPE_PP(tmp_str) != IS_STRING) {
++ zval_dtor(orig_str);
++ }
+ zend_hash_move_forward_ex(Z_ARRVAL_PP(str), &pos_str);
+ } /*while*/
+ } /* if */
--- /dev/null
+diff -up php-5.2.17/ext/sockets/sockets.c.CVE-2011-1938 php-5.2.17/ext/sockets/sockets.c
+--- php-5.2.17/ext/sockets/sockets.c.CVE-2011-1938 2011-08-19 08:40:08.000000000 +0700
++++ php-5.2.17/ext/sockets/sockets.c 2011-08-19 08:41:11.000000000 +0700
+@@ -1176,6 +1176,10 @@ PHP_FUNCTION(socket_connect)
+ break;
+
+ case AF_UNIX:
++ if (addr_len >= sizeof(s_un.sun_path)) {
++ php_error_docref(NULL TSRMLS_CC, E_WARNING, "Path too long", php_sock->type);
++ RETURN_FALSE;
++ }
+ memset(&s_un, 0, sizeof(struct sockaddr_un));
+
+ s_un.sun_family = AF_UNIX;
--- /dev/null
+diff -up php-5.2.17/main/rfc1867.c.orig php-5.2.17/main/rfc1867.c
+--- php-5.2.17/main/rfc1867.c.orig 2011-08-19 08:33:09.000000000 +0700
++++ php-5.2.17/main/rfc1867.c 2011-08-19 08:34:29.000000000 +0700
+@@ -1215,7 +1215,7 @@ filedone:
+ #endif
+
+ if (!is_anonymous) {
+- if (s && s > filename) {
++ if (s && s >= filename) {
+ safe_php_register_variable(lbuf, s+1, strlen(s+1), NULL, 0 TSRMLS_CC);
+ } else {
+ safe_php_register_variable(lbuf, filename, strlen(filename), NULL, 0 TSRMLS_CC);
+@@ -1228,7 +1228,7 @@ filedone:
+ } else {
+ snprintf(lbuf, llen, "%s[name]", param);
+ }
+- if (s && s > filename) {
++ if (s && s >= filename) {
+ register_http_post_files_variable(lbuf, s+1, http_post_files, 0 TSRMLS_CC);
+ } else {
+ register_http_post_files_variable(lbuf, filename, http_post_files, 0 TSRMLS_CC);
--- /dev/null
+diff -up php-5.2.17/ext/mysqli/mysqli_api.c.bug-39847 php-5.2.17/ext/mysqli/mysqli_api.c
+--- php-5.2.17/ext/mysqli/mysqli_api.c.bug-39847 2010-04-21 19:52:24.000000000 +0700
++++ php-5.2.17/ext/mysqli/mysqli_api.c 2011-08-28 11:33:15.000000000 +0700
+@@ -795,6 +795,8 @@ PHP_FUNCTION(mysqli_fetch_field)
+ add_property_string(return_value, "orgname",(field->org_name ? field->org_name : ""), 1);
+ add_property_string(return_value, "table",(field->table ? field->table : ""), 1);
+ add_property_string(return_value, "orgtable",(field->org_table ? field->org_table : ""), 1);
++ add_property_string(return_value, "db",(field->db ? field->db : ""), 1);
++ add_property_string(return_value, "catalog",(field->catalog ? field->catalog : ""), 1);
+ add_property_string(return_value, "def",(field->def ? field->def : ""), 1);
+ add_property_long(return_value, "max_length", field->max_length);
+ add_property_long(return_value, "length", field->length);
+@@ -878,6 +880,8 @@ PHP_FUNCTION(mysqli_fetch_field_direct)
+ add_property_string(return_value, "orgname",(field->org_name ? field->org_name : ""), 1);
+ add_property_string(return_value, "table",(field->table ? field->table : ""), 1);
+ add_property_string(return_value, "orgtable",(field->org_table ? field->org_table : ""), 1);
++ add_property_string(return_value, "db",(field->db ? field->db : ""), 1);
++ add_property_string(return_value, "catalog",(field->catalog ? field->catalog : ""), 1);
+ add_property_string(return_value, "def",(field->def ? field->def : ""), 1);
+ add_property_long(return_value, "max_length", field->max_length);
+ add_property_long(return_value, "length", field->length);
--- /dev/null
+diff -up php-5.2.17/ext/standard/array.c.bug-48484 php-5.2.17/ext/standard/array.c
+--- php-5.2.17/ext/standard/array.c.bug-48484 2010-11-20 04:06:44.000000000 +0600
++++ php-5.2.17/ext/standard/array.c 2011-08-28 00:21:52.000000000 +0700
+@@ -4368,11 +4368,11 @@ PHP_FUNCTION(array_product)
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "The argument should be an array");
+ return;
+ }
+-
++
++ ZVAL_LONG(return_value, 1);
+ if (!zend_hash_num_elements(Z_ARRVAL_PP(input))) {
+- RETURN_LONG(0);
++ return;
+ }
+- ZVAL_LONG(return_value, 1);
+
+ for (zend_hash_internal_pointer_reset_ex(Z_ARRVAL_PP(input), &pos);
+ zend_hash_get_current_data_ex(Z_ARRVAL_PP(input), (void **)&entry, &pos) == SUCCESS;
--- /dev/null
+diff -up php-5.2.17/ext/zip/zip_stream.c.bug-49072 php-5.2.17/ext/zip/zip_stream.c
+--- php-5.2.17/ext/zip/zip_stream.c.bug-49072 2011-08-28 14:06:52.000000000 +0700
++++ php-5.2.17/ext/zip/zip_stream.c 2011-08-28 14:09:41.000000000 +0700
+@@ -34,7 +34,7 @@ static size_t php_zip_ops_read(php_strea
+ STREAM_DATA_FROM_STREAM();
+
+ if (self->za && self->zf) {
+- n = (size_t)zip_fread(self->zf, buf, (int)count);
++ n = zip_fread(self->zf, buf, count);
+ if (n < 0) {
+ int ze, se;
+ zip_file_error_get(self->zf, &ze, &se);
+@@ -42,13 +42,13 @@ static size_t php_zip_ops_read(php_strea
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "Zip stream error: %s", zip_file_strerror(self->zf));
+ return 0;
+ }
+- if (n == 0 || n < count) {
++ if (n == 0 || n < (ssize_t)count) {
+ stream->eof = 1;
+ } else {
+ self->cursor += n;
+ }
+ }
+- return n<1 ? 0 : n;
++ return (n < 1 ? 0 : (size_t)n);
+ }
+ /* }}} */
+
--- /dev/null
+diff -up php-5.2.17/ext/date/php_date.c.bug-52063 php-5.2.17/ext/date/php_date.c
+--- php-5.2.17/ext/date/php_date.c.bug-52063 2011-08-28 09:44:11.000000000 +0700
++++ php-5.2.17/ext/date/php_date.c 2011-08-28 09:45:09.000000000 +0700
+@@ -1778,7 +1778,7 @@ PHP_FUNCTION(date_create)
+ char *time_str = NULL;
+ int time_str_len = 0;
+
+- if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "|sO", &time_str, &time_str_len, &timezone_object, date_ce_timezone) == FAILURE) {
++ if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "|sO!", &time_str, &time_str_len, &timezone_object, date_ce_timezone) == FAILURE) {
+ RETURN_FALSE;
+ }
+
+@@ -1799,7 +1799,7 @@ PHP_METHOD(DateTime, __construct)
+ int time_str_len = 0;
+
+ php_set_error_handling(EH_THROW, NULL TSRMLS_CC);
+- if (SUCCESS == zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "|sO", &time_str, &time_str_len, &timezone_object, date_ce_timezone)) {
++ if (SUCCESS == zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "|sO!", &time_str, &time_str_len, &timezone_object, date_ce_timezone)) {
+ date_initialize(zend_object_store_get_object(getThis() TSRMLS_CC), time_str, time_str_len, timezone_object, 1 TSRMLS_CC);
+ }
+ php_set_error_handling(EH_NORMAL, NULL TSRMLS_CC);
--- /dev/null
+diff -up php-5.2.17/ext/standard/var.c.bug-55082 php-5.2.17/ext/standard/var.c
+--- php-5.2.17/ext/standard/var.c.bug-55082 2010-09-14 03:14:18.000000000 +0700
++++ php-5.2.17/ext/standard/var.c 2011-08-28 15:18:52.000000000 +0700
+@@ -401,7 +401,7 @@ static int php_object_element_export(zva
+ {
+ int level;
+ smart_str *buf;
+- char *prop_name, *class_name;
++
+ TSRMLS_FETCH();
+
+ level = va_arg(args, int);
+@@ -409,11 +409,20 @@ static int php_object_element_export(zva
+
+ buffer_append_spaces(buf, level + 2);
+ if (hash_key->nKeyLength != 0) {
+- zend_unmangle_property_name(hash_key->arKey, hash_key->nKeyLength - 1, &class_name, &prop_name);
++ char *class_name, /* ignored, but must be passed to unmangle */
++ *pname,
++ *pname_esc;
++ int pname_esc_len;
++
++ zend_unmangle_property_name(hash_key->arKey, hash_key->nKeyLength - 1,
++ &class_name, &pname);
++ pname_esc = php_addcslashes(pname, strlen(pname), &pname_esc_len, 0,
++ "'\\", 2 TSRMLS_CC);
+
+ smart_str_appendc(buf, '\'');
+- smart_str_appends(buf, prop_name);
++ smart_str_appendl(buf, pname_esc, pname_esc_len);
+ smart_str_appendc(buf, '\'');
++ efree(pname_esc);
+ } else {
+ smart_str_append_long(buf, hash_key->h);
+ }
--- /dev/null
+--- PHP_5_3/ext/pdo_oci/oci_statement.c 2010/12/10 00:30:23 306148
++++ PHP_5_3/ext/pdo_oci/oci_statement.c 2010/12/10 00:33:48 306149
+@@ -31,6 +31,8 @@
+ #include "php_pdo_oci_int.h"
+ #include "Zend/zend_extensions.h"
+
++#define PDO_OCI_LOBMAXSIZE (4294967295UL) /* OCI_LOBMAXSIZE */
++
+ #define STMT_CALL(name, params) \
+ do { \
+ S->last_err = name params; \
+@@ -634,11 +636,14 @@
+ &amt, self->offset, buf, count,
+ NULL, NULL, 0, SQLCS_IMPLICIT);
+
+- if (r != OCI_SUCCESS) {
++ if (r != OCI_SUCCESS && r != OCI_NEED_DATA) {
+ return (size_t)-1;
+ }
+
+ self->offset += amt;
++ if (amt < count) {
++ stream->eof = 1;
++ }
+ return amt;
+ }
+
+@@ -664,14 +669,17 @@
+ return 0;
+ }
+
+-/* TODO: implement
+ static int oci_blob_seek(php_stream *stream, off_t offset, int whence, off_t *newoffset TSRMLS_DC)
+ {
+ struct oci_lob_self *self = (struct oci_lob_self*)stream->abstract;
+
+- return -1;
++ if (offset >= PDO_OCI_LOBMAXSIZE) {
++ return -1;
++ } else {
++ self->offset = offset + 1; /* Oracle LOBS are 1-based, but PHP is 0-based */
++ return 0;
++ }
+ }
+-*/
+
+ static php_stream_ops oci_blob_stream_ops = {
+ oci_blob_write,
+@@ -679,7 +687,7 @@
+ oci_blob_close,
+ oci_blob_flush,
+ "pdo_oci blob stream",
+- NULL, /*oci_blob_seek,*/
++ oci_blob_seek,
+ NULL,
+ NULL,
+ NULL
--- /dev/null
+--- PHP_5_3/ext/filter/logical_filters.c 2010/12/12 19:35:11 306289
++++ PHP_5_3/ext/filter/logical_filters.c 2010/12/12 19:54:21 306290
+@@ -735,8 +735,40 @@
+ RETURN_VALIDATION_FAILED
+ }
+ }
+- if (flags & FILTER_FLAG_NO_RES_RANGE && Z_STRLEN_P(value) == 3 && !strcmp("::1", Z_STRVAL_P(value))) {
+- RETURN_VALIDATION_FAILED
++ if (flags & FILTER_FLAG_NO_RES_RANGE) {
++ switch (Z_STRLEN_P(value)) {
++ case 1: case 0:
++ break;
++ case 2:
++ if (!strcmp("::", Z_STRVAL_P(value))) {
++ RETURN_VALIDATION_FAILED
++ }
++ break;
++ case 3:
++ if (!strcmp("::1", Z_STRVAL_P(value)) || !strcmp("5f:", Z_STRVAL_P(value))) {
++ RETURN_VALIDATION_FAILED
++ }
++ break;
++ default:
++ if (Z_STRLEN_P(value) >= 5) {
++ if (
++ !strncasecmp("fe8", Z_STRVAL_P(value), 3) ||
++ !strncasecmp("fe9", Z_STRVAL_P(value), 3) ||
++ !strncasecmp("fea", Z_STRVAL_P(value), 3) ||
++ !strncasecmp("feb", Z_STRVAL_P(value), 3)
++ ) {
++ RETURN_VALIDATION_FAILED
++ }
++ }
++ if (
++ (Z_STRLEN_P(value) >= 9 && !strncasecmp("2001:0db8", Z_STRVAL_P(value), 9)) ||
++ (Z_STRLEN_P(value) >= 2 && !strncasecmp("5f", Z_STRVAL_P(value), 2)) ||
++ (Z_STRLEN_P(value) >= 4 && !strncasecmp("3ff3", Z_STRVAL_P(value), 4)) ||
++ (Z_STRLEN_P(value) >= 8 && !strncasecmp("2001:001", Z_STRVAL_P(value), 8))
++ ) {
++ RETURN_VALIDATION_FAILED
++ }
++ }
+ }
+ }
+ break;
--- /dev/null
+--- PHP_5_3/ext/standard/ftp_fopen_wrapper.c 2010/12/13 14:29:42 306341
++++ PHP_5_3/ext/standard/ftp_fopen_wrapper.c 2010/12/13 16:53:26 306342
+@@ -98,13 +98,33 @@
+ static int php_stream_ftp_stream_close(php_stream_wrapper *wrapper, php_stream *stream TSRMLS_DC)
+ {
+ php_stream *controlstream = (php_stream *)stream->wrapperdata;
++ int ret = 0;
+
+ if (controlstream) {
++ if (strpbrk(stream->mode, "wa+")) {
++ char tmp_line[512];
++ int result;
++
++ /* For write modes close data stream first to signal EOF to server */
++ stream->wrapperdata = NULL;
++ php_stream_close(stream);
++ stream = NULL;
++
++ result = GET_FTP_RESULT(controlstream);
++ if (result != 226 && result != 250) {
++ php_error_docref(NULL TSRMLS_CC, E_WARNING, "FTP server error %d:%s", result, tmp_line);
++ ret = EOF;
++ }
++ }
++
+ php_stream_write_string(controlstream, "QUIT\r\n");
+ php_stream_close(controlstream);
+- stream->wrapperdata = NULL;
++ if (stream) {
++ stream->wrapperdata = NULL;
++ }
+ }
+- return 0;
++
++ return ret;
+ }
+ /* }}} */
+
--- /dev/null
+--- PHP_5_2/ext/snmp/snmp.c 2011/01/31 11:17:22 307875
++++ PHP_5_2/ext/snmp/snmp.c 2011/01/31 11:34:12 307876
+@@ -502,7 +502,7 @@
+ }
+ }
+ } else {
+- if (st != SNMP_CMD_WALK || response->errstat != SNMP_ERR_NOSUCHNAME) {
++ if ((st != SNMP_CMD_WALK && st != SNMP_CMD_REALWALK) || response->errstat != SNMP_ERR_NOSUCHNAME) {
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "Error in packet: %s", snmp_errstring(response->errstat));
+ if (response->errstat == SNMP_ERR_NOSUCHNAME) {
+ for (count=1, vars = response->variables; vars && count != response->errindex;
--- /dev/null
+--- PHP_5_3/ext/filter/filter.c 2010/12/22 16:03:43 306574
++++ PHP_5_3/ext/filter/filter.c 2010/12/22 16:18:59 306575
+@@ -559,7 +559,7 @@
+ if (jit_initialization) {
+ zend_is_auto_global("_ENV", sizeof("_ENV")-1 TSRMLS_CC);
+ }
+- array_ptr = IF_G(env_array);
++ array_ptr = IF_G(env_array) ? IF_G(env_array) : PG(http_globals)[TRACK_VARS_ENV];
+ break;
+ case PARSE_SESSION:
+ /* FIXME: Implement session source */
--- /dev/null
+--- PHP_5_3/ext/date/php_date.c 2011/01/30 09:28:54 307852
++++ PHP_5_3/ext/date/php_date.c 2011/01/30 10:18:12 307853
+@@ -3090,6 +3090,7 @@
+ dateobj->time->y = y;
+ dateobj->time->m = 1;
+ dateobj->time->d = 1;
++ memset(&dateobj->time->relative, 0, sizeof(dateobj->time->relative));
+ dateobj->time->relative.d = timelib_daynr_from_weeknr(y, w, d);
+ dateobj->time->have_relative = 1;
+
--- /dev/null
+--- PHP_5_3/ext/filter/logical_filters.c 2010/12/12 18:27:59 306281
++++ PHP_5_3/ext/filter/logical_filters.c 2010/12/12 18:36:21 306282
+@@ -710,8 +710,11 @@
+ if (flags & FILTER_FLAG_NO_RES_RANGE) {
+ if (
+ (ip[0] == 0) ||
++ (ip[0] == 128 && ip[1] == 0) ||
++ (ip[0] == 191 && ip[1] == 255) ||
+ (ip[0] == 169 && ip[1] == 254) ||
+ (ip[0] == 192 && ip[1] == 0 && ip[2] == 2) ||
++ (ip[0] == 127 && ip[1] == 0 && ip[2] == 0 && ip[3] == 1) ||
+ (ip[0] >= 224 && ip[0] <= 255)
+ ) {
+ RETURN_VALIDATION_FAILED
+@@ -731,6 +734,9 @@
+ if (Z_STRLEN_P(value) >=2 && (!strncasecmp("FC", Z_STRVAL_P(value), 2) || !strncasecmp("FD", Z_STRVAL_P(value), 2))) {
+ RETURN_VALIDATION_FAILED
+ }
++ }
++ if (flags & FILTER_FLAG_NO_RES_RANGE && Z_STRLEN_P(value) == 3 && !strcmp("::1", Z_STRVAL_P(value))) {
++ RETURN_VALIDATION_FAILED
+ }
+ }
+ break;
--- /dev/null
+--- PHP_5_3/ext/imap/php_imap.c 2010/11/23 10:22:34 305685
++++ PHP_5_3/ext/imap/php_imap.c 2010/11/23 10:34:44 305686
+@@ -4235,7 +4235,7 @@
+ }
+
+ offset = end_token+2;
+- for (i = 0; (string[offset + i] == ' ') || (string[offset + i] == 0x0a) || (string[offset + i] == 0x0d); i++);
++ for (i = 0; (string[offset + i] == ' ') || (string[offset + i] == 0x0a) || (string[offset + i] == 0x0d) || (string[offset + i] == '\t'); i++);
+ if ((string[offset + i] == '=') && (string[offset + i + 1] == '?') && (offset + i < end)) {
+ offset += i;
+ }
--- /dev/null
+--- PHP_5_3/ext/spl/spl_array.c 2010/12/10 22:51:08 306212
++++ PHP_5_3/ext/spl/spl_array.c 2010/12/10 23:58:33 306213
+@@ -579,8 +579,15 @@
+ switch(Z_TYPE_P(offset)) {
+ case IS_STRING:
+ if (check_empty) {
+- if (zend_symtable_find(spl_array_get_hash_table(intern, 0 TSRMLS_CC), Z_STRVAL_P(offset), Z_STRLEN_P(offset)+1, (void **) &tmp) != FAILURE && zend_is_true(*tmp)) {
+- return 1;
++ if (zend_symtable_find(spl_array_get_hash_table(intern, 0 TSRMLS_CC), Z_STRVAL_P(offset), Z_STRLEN_P(offset)+1, (void **) &tmp) != FAILURE) {
++ switch (check_empty) {
++ case 0:
++ return Z_TYPE_PP(tmp) != IS_NULL;
++ case 2:
++ return 1;
++ default:
++ return zend_is_true(*tmp);
++ }
+ }
+ return 0;
+ } else {
+@@ -597,8 +604,15 @@
+ }
+ if (check_empty) {
+ HashTable *ht = spl_array_get_hash_table(intern, 0 TSRMLS_CC);
+- if (zend_hash_index_find(ht, index, (void **)&tmp) != FAILURE && zend_is_true(*tmp)) {
+- return 1;
++ if (zend_hash_index_find(ht, index, (void **)&tmp) != FAILURE) {
++ switch (check_empty) {
++ case 0:
++ return Z_TYPE_PP(tmp) != IS_NULL;
++ case 2:
++ return 1;
++ default:
++ return zend_is_true(*tmp);
++ }
+ }
+ return 0;
+ } else {
--- /dev/null
+--- PHP_5_3/ext/zip/lib/zip_dirent.c 2010/12/17 21:21:06 306415
++++ PHP_5_3/ext/zip/lib/zip_dirent.c 2010/12/17 23:05:26 306416
+@@ -473,10 +473,8 @@
+ static time_t
+ _zip_d2u_time(int dtime, int ddate)
+ {
+- struct tm tm;
++ struct tm tm = {0};
+
+- memset(&tm, sizeof(tm), 0);
+-
+ /* let mktime decide if DST is in effect */
+ tm.tm_isdst = -1;
+
--- /dev/null
+--- PHP_5_3/ext/calendar/julian.c 2010/12/19 23:46:27 306474
++++ PHP_5_3/ext/calendar/julian.c 2010/12/19 23:47:00 306475
+@@ -146,6 +146,7 @@
+ **************************************************************************/
+
+ #include "sdncal.h"
++#include <limits.h>
+
+ #define JULIAN_SDN_OFFSET 32083
+ #define DAYS_PER_5_MONTHS 153
+@@ -164,15 +165,22 @@
+ int dayOfYear;
+
+ if (sdn <= 0) {
+- *pYear = 0;
+- *pMonth = 0;
+- *pDay = 0;
+- return;
++ goto fail;
+ }
+- temp = (sdn + JULIAN_SDN_OFFSET) * 4 - 1;
++ /* Check for overflow */
++ if (sdn > (LONG_MAX - JULIAN_SDN_OFFSET * 4 + 1) / 4 || sdn < LONG_MIN / 4) {
++ goto fail;
++ }
++ temp = sdn * 4 + (JULIAN_SDN_OFFSET * 4 - 1);
+
+ /* Calculate the year and day of year (1 <= dayOfYear <= 366). */
+- year = temp / DAYS_PER_4_YEARS;
++ {
++ long yearl = temp / DAYS_PER_4_YEARS;
++ if (yearl > INT_MAX || yearl < INT_MIN) {
++ goto fail;
++ }
++ year = (int) yearl;
++ }
+ dayOfYear = (temp % DAYS_PER_4_YEARS) / 4 + 1;
+
+ /* Calculate the month and day of month. */
+@@ -196,6 +204,12 @@
+ *pYear = year;
+ *pMonth = month;
+ *pDay = day;
++ return;
++
++fail:
++ *pYear = 0;
++ *pMonth = 0;
++ *pDay = 0;
+ }
+
+ long int JulianToSdn(
--- /dev/null
+--- PHP_5_3/main/fopen_wrappers.c.orig Mon Dec 20 16:53:43 2010
++++ PHP_5_3/main/fopen_wrappers.c Mon Dec 20 17:27:43 2010
+***************
+*** 229,235 ****
+--- 229,239 ----
+ if (expand_filepath(local_open_basedir, resolved_basedir TSRMLS_CC) != NULL) {
+ /* Handler for basedirs that end with a / */
+ resolved_basedir_len = strlen(resolved_basedir);
++ #if defined(PHP_WIN32) || defined(NETWARE)
++ if (basedir[strlen(basedir) - 1] == PHP_DIR_SEPARATOR || basedir[strlen(basedir) - 1] == '/') {
++ #else
+ if (basedir[strlen(basedir) - 1] == PHP_DIR_SEPARATOR) {
++ #endif
+ if (resolved_basedir[resolved_basedir_len - 1] != PHP_DIR_SEPARATOR) {
+ resolved_basedir[resolved_basedir_len] = PHP_DIR_SEPARATOR;
+ resolved_basedir[++resolved_basedir_len] = '\0';
--- /dev/null
+--- PHP_5_3/ext/zip/zip_stream.c 2010/12/20 10:50:59 306492
++++ PHP_5_3/ext/zip/zip_stream.c 2010/12/20 11:00:27 306493
+@@ -216,6 +216,7 @@
+ self->stream = NULL;
+ self->cursor = 0;
+ stream = php_stream_alloc(&php_stream_zipio_ops, self, NULL, mode);
++ stream->orig_path = estrdup(path);
+ } else {
+ zip_close(stream_za);
+ }
--- /dev/null
+--- PHP_5_3/ext/zip/php_zip.c 2010/12/24 19:31:38 306626
++++ PHP_5_3/ext/zip/php_zip.c 2010/12/24 22:38:36 306627
+@@ -196,7 +196,7 @@
+ }
+
+ /* let see if the path already exists */
+- if (php_stream_stat_path(file_dirname_fullpath, &ssb) < 0) {
++ if (php_stream_stat_path_ex(file_dirname_fullpath, PHP_STREAM_URL_STAT_QUIET, &ssb, NULL) < 0) {
+
+ #if defined(PHP_WIN32) && (PHP_MAJOR_VERSION == 5 && PHP_MINOR_VERSION == 1)
+ char *e;
+@@ -2378,7 +2378,7 @@
+ RETURN_FALSE;
+ }
+
+- if (php_stream_stat_path(pathto, &ssb) < 0) {
++ if (php_stream_stat_path_ex(pathto, PHP_STREAM_URL_STAT_QUIET, &ssb, NULL) < 0) {
+ ret = php_stream_mkdir(pathto, 0777, PHP_STREAM_MKDIR_RECURSIVE, NULL);
+ if (!ret) {
+ RETURN_FALSE;
--- /dev/null
+--- PHP_5_3/ext/readline/readline.c 2011/01/10 17:34:26 307342
++++ PHP_5_3/ext/readline/readline.c 2011/01/10 18:19:02 307343
+@@ -196,7 +196,7 @@
+ int prompt_len;
+ char *result;
+
+- if (FAILURE == zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s!", &prompt, &prompt_len)) {
++ if (FAILURE == zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "|s!", &prompt, &prompt_len)) {
+ RETURN_FALSE;
+ }
+
--- /dev/null
+--- PHP_5_3/ext/zip/php_zip.c 2011/01/28 04:17:08 307806
++++ PHP_5_3/ext/zip/php_zip.c 2011/01/28 04:19:40 307807
+@@ -2754,6 +2754,12 @@
+ REGISTER_ZIP_CLASS_CONST_LONG("CM_DEFLATE", ZIP_CM_DEFLATE);
+ REGISTER_ZIP_CLASS_CONST_LONG("CM_DEFLATE64", ZIP_CM_DEFLATE64);
+ REGISTER_ZIP_CLASS_CONST_LONG("CM_PKWARE_IMPLODE", ZIP_CM_PKWARE_IMPLODE);
++ REGISTER_ZIP_CLASS_CONST_LONG("CM_BZIP2", ZIP_CM_BZIP2);
++ REGISTER_ZIP_CLASS_CONST_LONG("CM_LZMA", ZIP_CM_LZMA);
++ REGISTER_ZIP_CLASS_CONST_LONG("CM_TERSE", ZIP_CM_TERSE);
++ REGISTER_ZIP_CLASS_CONST_LONG("CM_LZ77", ZIP_CM_LZ77);
++ REGISTER_ZIP_CLASS_CONST_LONG("CM_WAVPACK", ZIP_CM_WAVPACK);
++ REGISTER_ZIP_CLASS_CONST_LONG("CM_PPMD", ZIP_CM_PPMD);
+
+ /* Error code */
+ REGISTER_ZIP_CLASS_CONST_LONG("ER_OK", ZIP_ER_OK); /* N No error */
--- /dev/null
+--- PHP_5_3/main/streams/userspace.c 2011/02/01 20:59:25 307933
++++ PHP_5_3/main/streams/userspace.c 2011/02/01 22:55:17 307934
+@@ -856,6 +856,7 @@
+
+ #define STAT_PROP_ENTRY_EX(name, name2) \
+ if (SUCCESS == zend_hash_find(Z_ARRVAL_P(array), #name, sizeof(#name), (void**)&elem)) { \
++ SEPARATE_ZVAL(elem); \
+ convert_to_long(*elem); \
+ ssb->sb.st_##name2 = Z_LVAL_PP(elem); \
+ }
--- /dev/null
+--- PHP_5_3/ext/standard/url.c 2011/02/04 19:22:43 308034
++++ PHP_5_3/ext/standard/url.c 2011/02/04 21:41:15 308035
+@@ -180,15 +180,20 @@
+ parse_port:
+ p = e + 1;
+ pp = p;
+-
++
+ while (pp-p < 6 && isdigit(*pp)) {
+ pp++;
+ }
+-
++
+ if (pp-p < 6 && (*pp == '/' || *pp == '\0')) {
+ memcpy(port_buf, p, (pp-p));
+ port_buf[pp-p] = '\0';
+ ret->port = atoi(port_buf);
++ if (!ret->port && (pp - p) > 0) {
++ STR_FREE(ret->scheme);
++ efree(ret);
++ return NULL;
++ }
+ } else {
+ goto just_path;
+ }
+@@ -267,6 +272,13 @@
+ memcpy(port_buf, p, (e-p));
+ port_buf[e-p] = '\0';
+ ret->port = atoi(port_buf);
++ if (!ret->port && (e - p)) {
++ STR_FREE(ret->scheme);
++ STR_FREE(ret->user);
++ STR_FREE(ret->pass);
++ efree(ret);
++ return NULL;
++ }
+ }
+ p--;
+ }
--- /dev/null
+--- PHP_5_3/main/snprintf.c 2011/02/21 06:22:00 308524
++++ PHP_5_3/main/snprintf.c 2011/02/21 06:53:24 308525
+@@ -677,10 +677,6 @@
+
+ /*
+ * Check if a precision was specified
+- *
+- * XXX: an unreasonable amount of precision may be specified
+- * resulting in overflow of num_buf. Currently we
+- * ignore this possibility.
+ */
+ if (*fmt == '.') {
+ adjust_precision = YES;
+@@ -694,6 +690,10 @@
+ precision = 0;
+ } else
+ precision = 0;
++
++ if (precision > FORMAT_CONV_MAX_PRECISION) {
++ precision = FORMAT_CONV_MAX_PRECISION;
++ }
+ } else
+ adjust_precision = NO;
+ } else
+--- PHP_5_3/main/snprintf.h 2011/02/21 06:22:00 308524
++++ PHP_5_3/main/snprintf.h 2011/02/21 06:53:24 308525
+@@ -12,7 +12,7 @@
+ | obtain it through the world-wide-web, please send a note to |
+ | license@php.net so we can mail you a copy immediately. |
+ +----------------------------------------------------------------------+
+- | Author: Stig Sæther Bakken <ssb@php.net> |
++ | Author: Stig Sæther Bakken <ssb@php.net> |
+ | Marcus Boerger <helly@php.net> |
+ +----------------------------------------------------------------------+
+ */
+@@ -157,6 +157,17 @@
+
+ extern char * ap_php_conv_p2(register u_wide_int num, register int nbits,
+ char format, char *buf_end, register int *len);
++
++/* The maximum precision that's allowed for float conversion. Does not include
++ * decimal separator, exponent, sign, terminator. Currently does not affect
++ * the modes e/f, only g/k/H, as those have a different limit enforced at
++ * another level (see NDIG in php_conv_fp()).
++ * Applies to the formatting functions of both spprintf.c and snprintf.c, which
++ * use equally sized buffers of MAX_BUF_SIZE = 512 to hold the result of the
++ * call to php_gcvt().
++ * This should be reasonably smaller than MAX_BUF_SIZE (I think MAX_BUF_SIZE - 9
++ * should be enough, but let's give some more space) */
++#define FORMAT_CONV_MAX_PRECISION 500
+
+ #endif /* SNPRINTF_H */
+
+--- PHP_5_3/main/spprintf.c 2011/02/21 06:22:00 308524
++++ PHP_5_3/main/spprintf.c 2011/02/21 06:53:24 308525
+@@ -285,10 +285,6 @@
+
+ /*
+ * Check if a precision was specified
+- *
+- * XXX: an unreasonable amount of precision may be specified
+- * resulting in overflow of num_buf. Currently we
+- * ignore this possibility.
+ */
+ if (*fmt == '.') {
+ adjust_precision = YES;
+@@ -302,6 +298,10 @@
+ precision = 0;
+ } else
+ precision = 0;
++
++ if (precision > FORMAT_CONV_MAX_PRECISION) {
++ precision = FORMAT_CONV_MAX_PRECISION;
++ }
+ } else
+ adjust_precision = NO;
+ } else
--- /dev/null
+--- PHP_5_3/ext/tokenizer/tokenizer.c 2011/02/28 14:16:00 308760
++++ PHP_5_3/ext/tokenizer/tokenizer.c 2011/02/28 15:18:27 308761
+@@ -151,6 +151,10 @@
+ ZVAL_NULL(&token);
+
+ token_line = CG(zend_lineno);
++
++ if (token_type == T_HALT_COMPILER) {
++ break;
++ }
+ }
+ }
+
--- /dev/null
+--- PHP_5_3/ext/standard/ftp_fopen_wrapper.c 2011/02/27 20:10:08 308733
++++ PHP_5_3/ext/standard/ftp_fopen_wrapper.c 2011/02/27 20:23:54 308734
+@@ -72,6 +72,12 @@
+ #define FTPS_ENCRYPT_DATA 1
+ #define GET_FTP_RESULT(stream) get_ftp_result((stream), tmp_line, sizeof(tmp_line) TSRMLS_CC)
+
++typedef struct _php_ftp_dirstream_data {
++ php_stream *datastream;
++ php_stream *controlstream;
++ php_stream *dirstream;
++} php_ftp_dirstream_data;
++
+ /* {{{ get_ftp_result
+ */
+ static inline int get_ftp_result(php_stream *stream, char *buffer, size_t buffer_size TSRMLS_DC)
+@@ -97,7 +103,7 @@
+ */
+ static int php_stream_ftp_stream_close(php_stream_wrapper *wrapper, php_stream *stream TSRMLS_DC)
+ {
+- php_stream *controlstream = (php_stream *)stream->wrapperdata;
++ php_stream *controlstream = stream->wrapperthis;
+ int ret = 0;
+
+ if (controlstream) {
+@@ -106,10 +112,6 @@
+ int result;
+
+ /* For write modes close data stream first to signal EOF to server */
+- stream->wrapperdata = NULL;
+- php_stream_close(stream);
+- stream = NULL;
+-
+ result = GET_FTP_RESULT(controlstream);
+ if (result != 226 && result != 250) {
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "FTP server error %d:%s", result, tmp_line);
+@@ -119,9 +121,7 @@
+
+ php_stream_write_string(controlstream, "QUIT\r\n");
+ php_stream_close(controlstream);
+- if (stream) {
+- stream->wrapperdata = NULL;
+- }
++ stream->wrapperthis = NULL;
+ }
+
+ return ret;
+@@ -584,7 +584,7 @@
+ }
+
+ /* remember control stream */
+- datastream->wrapperdata = (zval *)stream;
++ datastream->wrapperthis = stream;
+
+ php_url_free(resource);
+ return datastream;
+@@ -608,11 +608,13 @@
+ static size_t php_ftp_dirstream_read(php_stream *stream, char *buf, size_t count TSRMLS_DC)
+ {
+ php_stream_dirent *ent = (php_stream_dirent *)buf;
+- php_stream *innerstream = (php_stream *)stream->abstract;
++ php_stream *innerstream;
+ size_t tmp_len;
+ char *basename;
+ size_t basename_len;
+
++ innerstream = ((php_ftp_dirstream_data *)stream->abstract)->datastream;
++
+ if (count != sizeof(php_stream_dirent)) {
+ return 0;
+ }
+@@ -656,13 +658,18 @@
+ */
+ static int php_ftp_dirstream_close(php_stream *stream, int close_handle TSRMLS_DC)
+ {
+- php_stream *innerstream = (php_stream *)stream->abstract;
++ php_ftp_dirstream_data *data = stream->abstract;
+
+- if (innerstream->wrapperdata) {
+- php_stream_close((php_stream *)innerstream->wrapperdata);
+- innerstream->wrapperdata = NULL;
+- }
+- php_stream_close((php_stream *)stream->abstract);
++ /* close control connection */
++ if (data->controlstream) {
++ php_stream_close(data->controlstream);
++ data->controlstream = NULL;
++ }
++ /* close data connection */
++ php_stream_close(data->datastream);
++ data->datastream = NULL;
++
++ efree(data);
+ stream->abstract = NULL;
+
+ return 0;
+@@ -688,6 +695,7 @@
+ php_stream * php_stream_ftp_opendir(php_stream_wrapper *wrapper, char *path, char *mode, int options, char **opened_path, php_stream_context *context STREAMS_DC TSRMLS_DC)
+ {
+ php_stream *stream, *reuseid, *datastream = NULL;
++ php_ftp_dirstream_data *dirsdata;
+ php_url *resource = NULL;
+ int result = 0, use_ssl, use_ssl_on_data = 0;
+ char *hoststart = NULL, tmp_line[512];
+@@ -747,11 +755,14 @@
+ goto opendir_errexit;
+ }
+
+- /* remember control stream */
+- datastream->wrapperdata = (zval *)stream;
+-
+ php_url_free(resource);
+- return php_stream_alloc(&php_ftp_dirstream_ops, datastream, 0, mode);
++
++ dirsdata = emalloc(sizeof *dirsdata);
++ dirsdata->datastream = datastream;
++ dirsdata->controlstream = stream;
++ dirsdata->dirstream = php_stream_alloc(&php_ftp_dirstream_ops, dirsdata, 0, mode);
++
++ return dirsdata->dirstream;
+
+ opendir_errexit:
+ if (resource) {
--- /dev/null
+--- PHP_5_3/main/php_open_temporary_file.c 2011/03/28 16:34:07 309791
++++ PHP_5_3/main/php_open_temporary_file.c 2011/03/28 16:43:49 309792
+@@ -204,9 +204,13 @@
+ */
+ {
+ char sTemp[MAX_PATH];
+- DWORD n = GetTempPath(sizeof(sTemp),sTemp);
+- assert(0 < n); /* should *never* fail! */
+- temporary_directory = strdup(sTemp);
++ DWORD len = GetTempPath(sizeof(sTemp),sTemp);
++ assert(0 < len); /* should *never* fail! */
++ if (sTemp[len - 1] == DEFAULT_SLASH) {
++ temporary_directory = zend_strndup(sTemp, len - 1);
++ } else {
++ temporary_directory = zend_strndup(sTemp, len);
++ }
+ return temporary_directory;
+ }
+ #else
--- /dev/null
+--- PHP_5_3/ext/standard/filters.c 2011/05/24 23:49:04 311406
++++ PHP_5_3/ext/standard/filters.c 2011/05/24 23:49:26 311407
+@@ -1050,20 +1050,16 @@
+ }
+ } /* break is missing intentionally */
+
+- case 2: {
+- unsigned int nbl;
+-
++ case 2: {
+ if (icnt <= 0) {
+ goto out;
+ }
+- nbl = (*ps >= 'A' ? *ps - 0x37 : *ps - 0x30);
+
+- if (nbl > 15) {
++ if (!isxdigit((int) *ps)) {
+ err = PHP_CONV_ERR_INVALID_SEQ;
+ goto out;
+ }
+- next_char = (next_char << 4) | nbl;
+-
++ next_char = (next_char << 4) | (*ps >= 'A' ? *ps - 0x37 : *ps - 0x30);
+ scan_stat++;
+ ps++, icnt--;
+ if (scan_stat != 3) {
--- /dev/null
+--- PHP_5_3/ext/sockets/sockets.c 2011/03/14 22:27:40 309237
++++ PHP_5_3/ext/sockets/sockets.c 2011/03/14 22:59:05 309238
+@@ -402,16 +402,13 @@
+ }
+ /* }}} */
+
+-static int php_accept_connect(php_socket *in_sock, php_socket **new_sock, struct sockaddr *la TSRMLS_DC) /* {{{ */
++static int php_accept_connect(php_socket *in_sock, php_socket **new_sock, struct sockaddr *la, socklen_t *la_len TSRMLS_DC) /* {{{ */
+ {
+- socklen_t salen;
+ php_socket *out_sock = (php_socket*)emalloc(sizeof(php_socket));
+
+ *new_sock = out_sock;
+- salen = sizeof(*la);
+- out_sock->blocking = 1;
+
+- out_sock->bsd_socket = accept(in_sock->bsd_socket, la, &salen);
++ out_sock->bsd_socket = accept(in_sock->bsd_socket, la, la_len);
+
+ if (IS_INVALID_SOCKET(out_sock)) {
+ PHP_SOCKET_ERROR(out_sock, "unable to accept incoming connection", errno);
+@@ -419,6 +416,10 @@
+ return 0;
+ }
+
++ out_sock->error = 0;
++ out_sock->blocking = 1;
++ out_sock->type = la->sa_family;
++
+ return 1;
+ }
+ /* }}} */
+@@ -1023,9 +1024,10 @@
+ Accepts a connection on the listening socket fd */
+ PHP_FUNCTION(socket_accept)
+ {
+- zval *arg1;
+- php_socket *php_sock, *new_sock;
+- struct sockaddr_in sa;
++ zval *arg1;
++ php_socket *php_sock, *new_sock;
++ php_sockaddr_storage sa;
++ socklen_t sa_len = sizeof(sa);
+
+ if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "r", &arg1) == FAILURE) {
+ return;
+@@ -1033,12 +1035,9 @@
+
+ ZEND_FETCH_RESOURCE(php_sock, php_socket *, &arg1, -1, le_socket_name, le_socket);
+
+- if (!php_accept_connect(php_sock, &new_sock, (struct sockaddr *) &sa TSRMLS_CC)) {
++ if (!php_accept_connect(php_sock, &new_sock, (struct sockaddr*)&sa, &sa_len TSRMLS_CC)) {
+ RETURN_FALSE;
+ }
+-
+- new_sock->error = 0;
+- new_sock->blocking = 1;
+
+ ZEND_REGISTER_RESOURCE(return_value, new_sock, le_socket);
+ }
--- /dev/null
+--- PHP_5_3/main/streams/streams.c 2011/06/05 21:44:34 311848
++++ PHP_5_3/main/streams/streams.c 2011/06/05 21:57:01 311849
+@@ -1184,7 +1184,7 @@
+ }
+
+ /* emulate forward moving seeks with reads */
+- if (whence == SEEK_CUR && offset > 0) {
++ if (whence == SEEK_CUR && offset >= 0) {
+ char tmp[1024];
+ size_t didread;
+ while(offset > 0) {
--- /dev/null
+--- PHP_5_3/ext/pdo/pdo_stmt.c 2011/06/01 12:53:07 311710
++++ PHP_5_3/ext/pdo/pdo_stmt.c 2011/06/01 13:23:25 311711
+@@ -349,7 +349,10 @@
+ /* if you prepare and then execute passing an array of params keyed by names,
+ * then this will trigger, and we don't want that */
+ if (param->paramno == -1) {
+- php_error_docref(NULL TSRMLS_CC, E_WARNING, "Did not found column name '%s' in the defined columns; it will not be bound", param->name);
++ char *tmp;
++ spprintf(&tmp, 0, "Did not find column name '%s' in the defined columns; it will not be bound", param->name);
++ pdo_raise_impl_error(stmt->dbh, stmt, "HY000", tmp TSRMLS_CC);
++ efree(tmp);
+ }
+ }
+
--- /dev/null
+--- PHP_5_3/sapi/cli/php_cli.c 2011/05/30 15:55:32 311599
++++ PHP_5_3/sapi/cli/php_cli.c 2011/05/30 15:57:50 311600
+@@ -799,7 +799,7 @@
+ request_started = 1;
+ php_cli_usage(argv[0]);
+ php_end_ob_buffers(1 TSRMLS_CC);
+- exit_status=0;
++ exit_status = (c == '?' && argc > 1 && !strchr(argv[1], c));
+ goto out;
+
+ case 'i': /* php info & quit */
--- /dev/null
+--- PHP_5_3/main/streams/streams.c 2011/07/05 14:12:01 312936
++++ PHP_5_3/main/streams/streams.c 2011/07/05 16:09:06 312937
+@@ -154,6 +154,7 @@
+ char *tmp = estrdup(path);
+ char *msg;
+ int free_msg = 0;
++ php_stream_wrapper orig_wrapper;
+
+ if (wrapper) {
+ if (wrapper->err_count > 0) {
+@@ -198,7 +199,16 @@
+ }
+
+ php_strip_url_passwd(tmp);
++ if (wrapper) {
++ /* see bug #52935 */
++ orig_wrapper = *wrapper;
++ wrapper->err_stack = NULL;
++ wrapper->err_count = 0;
++ }
+ php_error_docref1(NULL TSRMLS_CC, tmp, E_WARNING, "%s: %s", caption, msg);
++ if (wrapper) {
++ *wrapper = orig_wrapper;
++ }
+ efree(tmp);
+ if (free_msg) {
+ efree(msg);
--- /dev/null
+--- PHP_5_3/ext/filter/sanitizing_filters.c 2011/04/03 12:25:43 309919
++++ PHP_5_3/ext/filter/sanitizing_filters.c 2011/04/03 16:30:31 309920
+@@ -205,7 +205,11 @@
+
+ if (new_len == 0) {
+ zval_dtor(value);
+- ZVAL_EMPTY_STRING(value);
++ if (flags & FILTER_FLAG_EMPTY_STRING_NULL) {
++ ZVAL_NULL(value);
++ } else {
++ ZVAL_EMPTY_STRING(value);
++ }
+ return;
+ }
+ }
+@@ -280,6 +284,9 @@
+ }
+
+ php_filter_encode_html(value, enc);
++ } else if (flags & FILTER_FLAG_EMPTY_STRING_NULL && Z_STRLEN_P(value) == 0) {
++ zval_dtor(value);
++ ZVAL_NULL(value);
+ }
+ }
+ /* }}} */
--- /dev/null
+--- PHP_5_3/ext/pdo_mysql/mysql_statement.c 2011/05/16 15:36:12 311087
++++ PHP_5_3/ext/pdo_mysql/mysql_statement.c 2011/05/16 15:37:39 311088
+@@ -656,7 +656,11 @@
+ #endif /* PDO_USE_MYSQLND */
+
+ if ((S->current_data = mysql_fetch_row(S->result)) == NULL) {
+- if (mysql_errno(S->H->server)) {
++#if PDO_USE_MYSQLND
++ if (S->result->unbuf && !S->result->unbuf->eof_reached && mysql_errno(S->H->server)) {
++#else
++ if (!S->result->eof && mysql_errno(S->H->server)) {
++#endif
+ pdo_mysql_error_stmt(stmt);
+ }
+ PDO_DBG_RETURN(0);
--- /dev/null
+--- PHP_5_3/ext/standard/file.c 2011/05/29 09:23:08 311542
++++ PHP_5_3/ext/standard/file.c 2011/05/29 10:23:06 311543
+@@ -2196,30 +2196,17 @@
+ char *comp_end, *hunk_begin;
+
+ tptr = temp;
+-
+- /* 1. Strip any leading space */
+- for (;;) {
+- inc_len = (bptr < limit ? (*bptr == '\0' ? 1: php_mblen(bptr, limit - bptr)): 0);
+- switch (inc_len) {
+- case -2:
+- case -1:
+- inc_len = 1;
+- php_mblen(NULL, 0);
+- break;
+- case 0:
+- goto quit_loop_1;
+- case 1:
+- if (!isspace((int)*(unsigned char *)bptr) || *bptr == delimiter) {
+- goto quit_loop_1;
+- }
+- break;
+- default:
+- goto quit_loop_1;
++ inc_len = (bptr < limit ? (*bptr == '\0' ? 1: php_mblen(bptr, limit - bptr)): 0);
++ if (inc_len == 1) {
++ char *tmp = bptr;
++ while (isspace((int)*(unsigned char *)tmp)) {
++ tmp++;
++ }
++ if (*tmp == enclosure) {
++ bptr = tmp;
+ }
+- bptr += inc_len;
+ }
+
+- quit_loop_1:
+ if (first_field && bptr == line_end) {
+ add_next_index_null(return_value);
+ break;
--- /dev/null
+--- PHP_5_3/ext/exif/exif.c 2011/04/12 17:30:42 310166
++++ PHP_5_3/ext/exif/exif.c 2011/04/12 18:33:08 310167
+@@ -2909,7 +2909,7 @@
+ fgot = php_stream_tell(ImageInfo->infile);
+ if (fgot!=offset_val) {
+ EFREE_IF(outside);
+- exif_error_docref(NULL EXIFERR_CC, ImageInfo, E_WARNING, "Wrong file pointer: 0x%08X != 0x08X", fgot, offset_val);
++ exif_error_docref(NULL EXIFERR_CC, ImageInfo, E_WARNING, "Wrong file pointer: 0x%08X != 0x%08X", fgot, offset_val);
+ return FALSE;
+ }
+ fgot = php_stream_read(ImageInfo->infile, value_ptr, byte_count);
--- /dev/null
+--- PHP_5_3/ext/standard/http_fopen_wrapper.c 2011/05/29 07:35:10 311541
++++ PHP_5_3/ext/standard/http_fopen_wrapper.c 2011/05/29 09:23:08 311542
+@@ -631,7 +631,6 @@
+ }
+ php_stream_write(stream, "\r\n", sizeof("\r\n")-1);
+ php_stream_write(stream, Z_STRVAL_PP(tmpzval), Z_STRLEN_PP(tmpzval));
+- php_stream_write(stream, "\r\n\r\n", sizeof("\r\n\r\n")-1);
+ } else {
+ php_stream_write(stream, "\r\n", sizeof("\r\n")-1);
+ }
--- /dev/null
+--- PHP_5_3/ext/standard/url.c 2011/03/17 16:20:19 309351
++++ PHP_5_3/ext/standard/url.c 2011/03/17 18:02:58 309352
+@@ -316,6 +316,10 @@
+ pp = strchr(s, '#');
+
+ if (pp && pp < p) {
++ if (pp - s) {
++ ret->path = estrndup(s, (pp-s));
++ php_replace_controlchars_ex(ret->path, (pp - s));
++ }
+ p = pp;
+ goto label_parse;
+ }
--- /dev/null
+--- PHP_5_3/ext/mysqli/mysqli_warning.c 2011/03/17 10:13:20 309338
++++ PHP_5_3/ext/mysqli/mysqli_warning.c 2011/03/17 10:28:53 309339
+@@ -197,7 +197,7 @@
+
+ MYSQLI_FETCH_RESOURCE(w, MYSQLI_WARNING *, &mysqli_warning, "mysqli_warning", MYSQLI_STATUS_VALID);
+
+- if (w->next) {
++ if (w && w->next) {
+ w = w->next;
+ ((MYSQLI_RESOURCE *)(obj->ptr))->ptr = w;
+ RETURN_TRUE;
--- /dev/null
+--- PHP_5_3/ext/dba/dba_flatfile.c 2011/03/13 14:19:31 309171
++++ PHP_5_3/ext/dba/dba_flatfile.c 2011/03/13 14:21:58 309172
+@@ -96,7 +96,7 @@
+ return SUCCESS;
+ case 1:
+ php_error_docref1(NULL TSRMLS_CC, key, E_WARNING, "Key already exists");
+- return SUCCESS;
++ return FAILURE;
+ }
+ }
+
--- /dev/null
+--- PHP_5_3/ext/interbase/php_ibase_includes.h 2011/05/22 17:19:40 311340
++++ PHP_5_3/ext/interbase/php_ibase_includes.h 2011/05/22 19:06:21 311341
+@@ -51,7 +51,7 @@
+ #define LE_PLINK "Firebird/InterBase persistent link"
+ #define LE_TRANS "Firebird/InterBase transaction"
+
+-#define IBASE_MSGSIZE 256
++#define IBASE_MSGSIZE 512
+ #define MAX_ERRMSG (IBASE_MSGSIZE*2)
+
+ #define IB_DEF_DATE_FMT "%Y-%m-%d"
--- /dev/null
+--- PHP_5_3/ext/soap/soap.c 2011/03/19 17:14:28 309432
++++ PHP_5_3/ext/soap/soap.c 2011/03/19 17:36:01 309433
+@@ -1213,9 +1213,11 @@
+ zval **tmp;
+
+ if (zend_hash_find(ht, "soap_version", sizeof("soap_version"), (void**)&tmp) == SUCCESS) {
+- if (Z_TYPE_PP(tmp) == IS_LONG ||
+- (Z_LVAL_PP(tmp) == SOAP_1_1 && Z_LVAL_PP(tmp) == SOAP_1_2)) {
++ if (Z_TYPE_PP(tmp) == IS_LONG &&
++ (Z_LVAL_PP(tmp) == SOAP_1_1 || Z_LVAL_PP(tmp) == SOAP_1_2)) {
+ version = Z_LVAL_PP(tmp);
++ } else {
++ php_error_docref(NULL TSRMLS_CC, E_ERROR, "'soap_version' option must be SOAP_1_1 or SOAP_1_2");
+ }
+ }
+
--- /dev/null
+--- PHP_5_3/ext/pdo_pgsql/config.m4 2011/03/22 09:08:00 309544
++++ PHP_5_3/ext/pdo_pgsql/config.m4 2011/03/22 09:12:01 309545
+@@ -69,7 +69,8 @@
+ AC_DEFINE(HAVE_PDO_PGSQL,1,[Whether to build PostgreSQL for PDO support or not])
+
+ AC_MSG_CHECKING([for openssl dependencies])
+- if grep -q openssl $PGSQL_INCLUDE/libpq-fe.h ; then
++ grep openssl $PGSQL_INCLUDE/libpq-fe.h >/dev/null 2>&1
++ if test $? -eq 0 ; then
+ AC_MSG_RESULT([yes])
+ dnl First try to find pkg-config
+ AC_PATH_PROG(PKG_CONFIG, pkg-config, no)
--- /dev/null
+--- PHP_5_3/ext/pdo_dblib/dblib_stmt.c 2011/07/03 18:01:36 312859
++++ PHP_5_3/ext/pdo_dblib/dblib_stmt.c 2011/07/03 19:01:42 312860
+@@ -39,7 +39,7 @@
+
+ for (i = 0; i < S->nrows; i++) {
+ for (j = 0; j < S->ncols; j++) {
+- pdo_dblib_colval *val = &S->rows[i] + j;
++ pdo_dblib_colval *val = &S->rows[i*S->ncols] + j;
+ if (val->data) {
+ efree(val->data);
+ val->data = NULL;
--- /dev/null
+--- PHP_5_3/ext/libxml/libxml.c 2011/04/09 16:59:36 310108
++++ PHP_5_3/ext/libxml/libxml.c 2011/04/09 18:32:55 310109
+@@ -310,9 +310,7 @@
+ }
+ }
+
+- if (LIBXML(stream_context)) {
+- context = zend_fetch_resource(&LIBXML(stream_context) TSRMLS_CC, -1, "Stream-Context", NULL, 1, php_le_stream_context());
+- }
++ context = php_stream_context_from_zval(LIBXML(stream_context), 0);
+
+ ret_val = php_stream_open_wrapper_ex(path_to_open, (char *)mode, ENFORCE_SAFE_MODE|REPORT_ERRORS, NULL, context);
+ if (isescaped) {
--- /dev/null
+--- PHP_5_3/ext/mbstring/libmbfl/mbfl/mbfilter.c 2011/04/09 16:02:40 310107
++++ PHP_5_3/ext/mbstring/libmbfl/mbfl/mbfilter.c 2011/04/09 16:59:36 310108
+@@ -1202,10 +1202,10 @@
+ len = string->len;
+ start = from;
+ end = from + length;
+- if (encoding->flag & (MBFL_ENCTYPE_WCS2BE | MBFL_ENCTYPE_MWC2LE)) {
++ if (encoding->flag & (MBFL_ENCTYPE_WCS2BE | MBFL_ENCTYPE_WCS2LE)) {
+ start *= 2;
+ end = start + length*2;
+- } else if (encoding->flag & (MBFL_ENCTYPE_WCS4BE | MBFL_ENCTYPE_MWC4LE)) {
++ } else if (encoding->flag & (MBFL_ENCTYPE_WCS4BE | MBFL_ENCTYPE_WCS4LE)) {
+ start *= 4;
+ end = start + length*4;
+ } else if (encoding->mblen_table != NULL) {
--- /dev/null
+--- PHP_5_3/sapi/apache2handler/apache_config.c 2011/05/22 19:06:21 311341
++++ PHP_5_3/sapi/apache2handler/apache_config.c 2011/05/23 01:47:06 311342
+@@ -192,11 +192,12 @@
+ zend_hash_get_current_key_ex(&d->config, &str, &str_len, NULL, 0,
+ NULL) == HASH_KEY_IS_STRING;
+ zend_hash_move_forward(&d->config)) {
+- zend_hash_get_current_data(&d->config, (void **) &data);
+- phpapdebug((stderr, "APPLYING (%s)(%s)\n", str, data->value));
+- if (zend_alter_ini_entry(str, str_len, data->value, data->value_len, data->status, data->htaccess?PHP_INI_STAGE_HTACCESS:PHP_INI_STAGE_ACTIVATE) == FAILURE) {
+- phpapdebug((stderr, "..FAILED\n"));
+- }
++ if (zend_hash_get_current_data(&d->config, (void **) &data) == SUCCESS) {
++ phpapdebug((stderr, "APPLYING (%s)(%s)\n", str, data->value));
++ if (zend_alter_ini_entry(str, str_len, data->value, data->value_len, data->status, data->htaccess?PHP_INI_STAGE_HTACCESS:PHP_INI_STAGE_ACTIVATE) == FAILURE) {
++ phpapdebug((stderr, "..FAILED\n"));
++ }
++ }
+ }
+ }
+
--- /dev/null
+--- PHP_5_3/ext/libxml/libxml.c 2011/05/29 10:23:06 311543
++++ PHP_5_3/ext/libxml/libxml.c 2011/05/29 11:39:49 311544
+@@ -222,6 +222,7 @@
+ switch (node->type) {
+ /* Skip property freeing for the following types */
+ case XML_NOTATION_NODE:
++ case XML_ENTITY_DECL:
+ break;
+ case XML_ENTITY_REF_NODE:
+ php_libxml_node_free_list((xmlNodePtr) node->properties TSRMLS_CC);
+@@ -233,7 +234,6 @@
+ case XML_ATTRIBUTE_DECL:
+ case XML_DTD_NODE:
+ case XML_DOCUMENT_TYPE_NODE:
+- case XML_ENTITY_DECL:
+ case XML_NAMESPACE_DECL:
+ case XML_TEXT_NODE:
+ php_libxml_node_free_list(node->children TSRMLS_CC);
--- /dev/null
+--- PHP_5_3/main/streams/streams.c 2011/05/29 11:39:49 311544
++++ PHP_5_3/main/streams/streams.c 2011/05/29 12:29:19 311545
+@@ -1291,6 +1291,9 @@
+ ptr = *buf = pemalloc_rel_orig(maxlen + 1, persistent);
+ while ((len < maxlen) && !php_stream_eof(src)) {
+ ret = php_stream_read(src, ptr, maxlen - len);
++ if (!ret) {
++ break;
++ }
+ len += ret;
+ ptr += ret;
+ }
--- /dev/null
+--- PHP_5_3/main/reentrancy.c 2011/07/11 17:00:04 313143
++++ PHP_5_3/main/reentrancy.c 2011/07/11 17:01:23 313144
+@@ -60,14 +60,14 @@
+
+ PHPAPI char *php_ctime_r(const time_t *clock, char *buf)
+ {
+- if (ctime_r(clock, buf, 26) == buf)
++ if (ctime_r(clock, buf) == buf)
+ return (buf);
+ return (NULL);
+ }
+
+ PHPAPI char *php_asctime_r(const struct tm *tm, char *buf)
+ {
+- if (asctime_r(tm, buf, 26) == buf)
++ if (asctime_r(tm, buf) == buf)
+ return (buf);
+ return (NULL);
+ }
--- /dev/null
+--- PHP_5_3/ext/soap/php_encoding.c 2011/08/10 13:30:20 314736
++++ PHP_5_3/ext/soap/php_encoding.c 2011/08/10 13:44:48 314737
+@@ -114,6 +114,26 @@
+ } \
+ }
+
++#define CHECK_XML_NULL(xml) \
++ { \
++ xmlAttrPtr null; \
++ if (!xml) { \
++ zval *ret; \
++ ALLOC_INIT_ZVAL(ret); \
++ ZVAL_NULL(ret); \
++ return ret; \
++ } \
++ if (xml->properties) { \
++ null = get_attribute(xml->properties, "nil"); \
++ if (null) { \
++ zval *ret; \
++ ALLOC_INIT_ZVAL(ret); \
++ ZVAL_NULL(ret); \
++ return ret; \
++ } \
++ } \
++ }
++
+ #define FIND_ZVAL_NULL(zval, xml, style) \
+ { \
+ if (!zval || Z_TYPE_P(zval) == IS_NULL) { \
+@@ -338,6 +358,19 @@
+ return 0;
+ }
+
++static zval* soap_find_xml_ref(xmlNodePtr node TSRMLS_DC)
++{
++ zval **data_ptr;
++
++ if (SOAP_GLOBAL(ref_map) &&
++ zend_hash_index_find(SOAP_GLOBAL(ref_map), (ulong)node, (void**)&data_ptr) == SUCCESS) {
++ Z_SET_ISREF_PP(data_ptr);
++ Z_ADDREF_PP(data_ptr);
++ return *data_ptr;
++ }
++ return NULL;
++}
++
+ static zend_bool soap_check_xml_ref(zval **data, xmlNodePtr node TSRMLS_DC)
+ {
+ zval **data_ptr;
+@@ -1513,6 +1546,11 @@
+ sdlType->encode->details.sdl_type->kind != XSD_TYPEKIND_LIST &&
+ sdlType->encode->details.sdl_type->kind != XSD_TYPEKIND_UNION) {
+
++ CHECK_XML_NULL(data);
++ if ((ret = soap_find_xml_ref(data TSRMLS_CC)) != NULL) {
++ return ret;
++ }
++
+ if (ce != ZEND_STANDARD_CLASS_DEF_PTR &&
+ sdlType->encode->to_zval == sdl_guess_convert_zval &&
+ sdlType->encode->details.sdl_type != NULL &&
+@@ -1526,7 +1564,6 @@
+ } else {
+ ret = master_to_zval_int(sdlType->encode, data);
+ }
+- FIND_XML_NULL(data, ret);
+ if (soap_check_xml_ref(&ret, data TSRMLS_CC)) {
+ return ret;
+ }
--- /dev/null
+--- PHP_5_3/ext/standard/url.c 2011/08/11 12:34:51 314782
++++ PHP_5_3/ext/standard/url.c 2011/08/11 13:01:52 314783
+@@ -197,6 +197,10 @@
+ efree(ret);
+ return NULL;
+ }
++ } else if (p == pp && *pp == '\0') {
++ STR_FREE(ret->scheme);
++ efree(ret);
++ return NULL;
+ } else {
+ goto just_path;
+ }
Summary(uk.UTF-8): PHP Версії 5 - мова препроцесування HTML-файлів, виконувана на сервері
Name: php
Version: 5.2.17
-Release: 6
+Release: 7
Epoch: 4
License: PHP
Group: Libraries
Patch57: php-php_dl.patch
# http://spot.fedorapeople.org/php-5.3.6-libzip.patch
Patch65: system-libzip.patch
+# CENTALT patches
+# CVE
+Patch201: php-5.2.17-CVE-2011-2202.patch
+Patch202: php-5.2.17-CVE-2011-1938.patch
+Patch203: php-5.2.17-CVE-2011-1148.patch
+Patch204: php-5.2.17-CVE-2011-0708.patch
+Patch205: php-5.2.17-CVE-2011-1092.patch
+# Backport from 5.3.6
+Patch301: php-5.3.6-bug-54055.patch
+Patch302: php-5.3.6-bug-53577.patch
+Patch303: php-5.2.17-bug-48484.patch
+Patch304: php-5.3.6-bug-48607.patch
+Patch305: php-5.3.6-bug-53574.patch
+Patch306: php-5.3.6-bug-52290.patch
+Patch307: php-5.2.17-bug-52063.patch
+Patch308: php-5.3.6-bug-53924.patch
+Patch309: php-5.3.6-bug-53150.patch
+Patch310: php-5.3.6-bug-52209.patch
+Patch311: php-5.3.6-bug-47435.patch
+Patch312: php-5.3.6-bug-53377.patch
+Patch313: php-5.2.17-bug-39847.patch
+Patch314: php-5.3.6-39199.patch
+Patch315: php-5.3.6-bug-53630.patch
+Patch316: php-5.3.6-bug-51336.patch
+Patch317: php-5.3.6-bug-53515.patch
+Patch318: php-5.3.6-bug-54092.patch
+Patch319: php-5.3.6-bug-53903.patch
+Patch320: php-5.3.6-bug-54089.patch
+Patch321: php-5.3.6-bug-53603.patch
+Patch322: php-5.3.6-bug-53854.patch
+Patch323: php-5.3.6-bug-53579.patch
+Patch324: php-5.3.6-bug-53568.patch
+Patch325: php-5.2.17-bug-49072.patch
+# 5.3.7
+Patch330: php-5.3.7-bug-55399.patch
+Patch331: php-5.2.17-bug-55082.patch
+Patch332: php-5.3.7-bug-55014.patch
+#Patch333: php-5.3.7-bug-54924.patch
+Patch334: php-5.3.7-bug-54180.patch
+Patch335: php-5.3.7-bug-54137.patch
+Patch336: php-5.3.7-bug-53848.patch
+Patch337: php-5.3.7-bug-52935.patch
+Patch338: php-5.3.7-bug-51997.patch
+Patch339: php-5.3.7-bug-50363.patch
+Patch340: php-5.3.7-bug-48465.patch
+Patch341: php-5.3.7-bug-54529.patch
+Patch342: php-5.3.7-bug-52496.patch
+Patch343: php-5.3.7-bug-54242.patch
+Patch344: php-5.3.7-bug-54121.patch
+Patch345: php-5.3.7-bug-53037.patch
+Patch346: php-5.3.7-bug-54269.patch
+Patch347: php-5.3.7-bug-54601.patch
+Patch348: php-5.3.7-bug-54440.patch
+Patch349: php-5.3.7-bug-54494.patch
+Patch350: php-5.3.7-bug-54221.patch
+Patch351: php-5.3.7-bug-52104.patch
+Patch352: php-5.3.7-bug-54329.patch
+Patch353: php-5.3.7-bug-53782.patch
+Patch354: php-5.3.7-bug-54318.patch
+Patch355: php-5.3.7-bug-55323.patch
+Patch356: php-5.3.7-bug-54312.patch
+Patch357: php-5.3.7-bug-51958.patch
+Patch358: php-5.3.7-bug-54946.patch
URL: http://www.php.net/
%{?with_interbase:%{!?with_interbase_inst:BuildRequires: Firebird-devel >= 1.0.2.908-2}}
%{?with_pspell:BuildRequires: aspell-devel >= 2:0.50.0}
%patch57 -p1
%patch65 -p1
+%patch201 -p1 -b .CVE-2011-2202
+%patch202 -p1 -b .CVE-2011-1938
+%patch203 -p1 -b .CVE-2011-1148
+%patch204 -p1 -b .CVE-2011-0708
+%patch205 -p1 -b .CVE-2011-1092
+
+# Bugfix backport from 5.3.6
+%patch301 -p1 -b .bug-54055
+%patch302 -p1 -b .bug-53577
+%patch303 -p1 -b .bug-48484
+%patch304 -p1 -b .bug-48607
+%patch305 -p1 -b .bug-53574
+%patch306 -p1 -b .bug-52290
+%patch307 -p1 -b .bug-52063
+%patch308 -p1 -b .bug-53924
+%patch309 -p1 -b .bug-53150
+%patch310 -p1 -b .bug-52209
+%patch311 -p1 -b .bug-47435
+%patch312 -p1 -b .bug-53377
+%patch313 -p1 -b .bug-39847
+%patch314 -p1 -b .bug-39199
+%patch315 -p1 -b .bug-53630
+%patch316 -p1 -b .bug-51336
+%patch317 -p1 -b .bug-53515
+%patch318 -p1 -b .bug-54092
+%patch319 -p1 -b .bug-53903
+%patch320 -p1 -b .bug-54089
+%patch321 -p1 -b .bug-53603
+%patch322 -p1 -b .bug-53854
+%patch323 -p1 -b .bug-53579
+%patch324 -p1 -b .bug-53568
+%patch325 -p1 -b .bug-49072
+# Bugfix backport from 5.3.7
+%patch330 -p1 -b .bug-55399
+%patch331 -p1 -b .bug-55082
+%patch332 -p1 -b .bug-55014
+#accert %patch333 -p1 -b .bug-54924
+%patch334 -p1 -b .bug-54180
+%patch335 -p1 -b .bug-54137
+%patch336 -p1 -b .bug-53848
+%patch337 -p1 -b .bug-52935
+%patch338 -p1 -b .bug-51997
+%patch339 -p1 -b .bug-50363
+%patch340 -p1 -b .bug-48465
+%patch341 -p1 -b .bug-54529
+%patch342 -p1 -b .bug-52496
+%patch343 -p1 -b .bug-54242
+%patch344 -p1 -b .bug-54121
+%patch345 -p1 -b .bug-53037
+%patch346 -p1 -b .bug-54269
+%patch347 -p1 -b .bug-54601
+%patch348 -p1 -b .bug-54440
+%patch349 -p1 -b .bug-54494
+%patch350 -p1 -b .bug-54221
+%patch351 -p1 -b .bug-52104
+%patch352 -p1 -b .bug-54329
+%patch353 -p1 -b .bug-53782
+%patch354 -p1 -b .bug-54318
+#soap %patch355 -p1 -b .bug-55323
+%patch356 -p1 -b .bug-54312
+%patch357 -p1 -b .bug-51958
+%patch358 -p1 -b .bug-54946
+
# conflict seems to be resolved by recode patches
rm -f ext/recode/config9.m4