From 17463f0034c1c8412c25760d9d6481e3f2e9384a Mon Sep 17 00:00:00 2001 From: =?utf8?q?Elan=20Ruusam=C3=A4e?= Date: Wed, 20 Aug 2014 12:39:04 +0300 Subject: [PATCH] up to 5.3.29, PHP_5_3 EOL, this is last official planned release --- fix-test-run.patch | 15 ++++++------ fpm-conf-split.patch | 8 +++---- php-secbug-67498.patch | 52 ------------------------------------------ php.spec | 8 +++---- suhosin.patch | 24 +++++++++---------- 5 files changed, 26 insertions(+), 81 deletions(-) delete mode 100644 php-secbug-67498.patch diff --git a/fix-test-run.patch b/fix-test-run.patch index aa13506..12dd192 100644 --- a/fix-test-run.patch +++ b/fix-test-run.patch @@ -12,8 +12,8 @@ PHP_SUBST(PHP_MODULES) PHP_SUBST(PHP_ZEND_EX) ---- php-5.3.8/Makefile.global~ 2011-10-14 08:58:00.288329595 +0300 -+++ php-5.3.8/Makefile.global 2011-10-14 08:50:16.670234576 +0300 +--- php-5.3.29/Makefile.global~ 2014-08-19 16:59:48.000000000 +0300 ++++ php-5.3.29/Makefile.global 2014-08-19 17:47:47.112627301 +0300 @@ -77,8 +77,15 @@ done; \ fi @@ -31,15 +31,14 @@ if test "x$(PHP_MODULES)" != "x"; then \ for i in $(PHP_MODULES)""; do \ . $$i; $(top_srcdir)/build/shtool echo -n -- " -d extension=$$dlname"; \ -@@ -107,7 +114,10 @@ +@@ -114,7 +114,9 @@ TEST_PHP_EXECUTABLE=$(PHP_EXECUTABLE) \ TEST_PHP_SRCDIR=$(top_srcdir) \ CC="$(CC)" \ - $(PHP_EXECUTABLE) -n -c $(top_builddir)/tmp-php.ini $(PHP_TEST_SETTINGS) $(top_srcdir)/run-tests.php -n -c $(top_builddir)/tmp-php.ini -d extension_dir=$(top_builddir)/modules/ $(PHP_TEST_SHARED_EXTENSIONS) $(TESTS); \ -+ $(PHP_EXECUTABLE) -n -c $(top_builddir)/tmp-php.ini \ + -d extension_dir=$(top_builddir)/modules/ -d 'extension=$(EXTENSION_DIR)/pcre.$(SHLIB_DL_SUFFIX_NAME)' \ -+ $(PHP_TEST_SETTINGS) $(top_srcdir)/run-tests.php -n -c $(top_builddir)/tmp-php.ini \ -+ -d extension_dir=$(top_builddir)/modules/ $(PHP_TEST_SHARED_EXTENSIONS) $(RUN_TESTS_SETTINGS) $(TESTS); \ ++ $(PHP_TEST_SETTINGS) $(top_srcdir)/run-tests.php -n -c $(top_builddir)/tmp-php.ini -d extension_dir=$(top_builddir)/modules/ $(PHP_TEST_SHARED_EXTENSIONS) \ ++ $(RUN_TESTS_SETTINGS) $(TESTS); \ + TEST_RESULT_EXIT_CODE=$$?; \ rm $(top_builddir)/tmp-php.ini; \ - else \ - echo "ERROR: Cannot run tests without CLI sapi."; \ + exit $$TEST_RESULT_EXIT_CODE; \ diff --git a/fpm-conf-split.patch b/fpm-conf-split.patch index 4d67d76..cfd3b8b 100644 --- a/fpm-conf-split.patch +++ b/fpm-conf-split.patch @@ -62,10 +62,10 @@ -; permissions must be set in order to allow connections from a web server. Many -; BSD-derived systems allow connections regardless of permissions. -; Default Values: user and group are set as the running user --; mode is set to 0666 +-; mode is set to 0660 -;listen.owner = @php_fpm_user@ -;listen.group = @php_fpm_group@ --;listen.mode = 0666 +-;listen.mode = 0660 - -; List of ipv4 addresses of FastCGI clients which are allowed to connect. -; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original @@ -464,10 +464,10 @@ +; permissions must be set in order to allow connections from a web server. Many +; BSD-derived systems allow connections regardless of permissions. +; Default Values: user and group are set as the running user -+; mode is set to 0666 ++; mode is set to 0660 +;listen.owner = @php_fpm_user@ +;listen.group = @php_fpm_group@ -+;listen.mode = 0666 ++;listen.mode = 0660 + +; List of ipv4 addresses of FastCGI clients which are allowed to connect. +; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original diff --git a/php-secbug-67498.patch b/php-secbug-67498.patch deleted file mode 100644 index 2ee2721..0000000 --- a/php-secbug-67498.patch +++ /dev/null @@ -1,52 +0,0 @@ -commit fb0128af2a95ec0d1a0360be49776c5b056d1f33 -Author: Stanislav Malyshev -Date: Mon Jun 23 00:19:37 2014 -0700 - - Fix bug #67498 - phpinfo() Type Confusion Information Leak Vulnerability - -diff --git a/ext/standard/info.c b/ext/standard/info.c -index 70b2e2f..0f15bbe 100644 ---- a/ext/standard/info.c -+++ b/ext/standard/info.c -@@ -875,16 +875,16 @@ PHPAPI void php_print_info(int flag TSRMLS_DC) - - php_info_print_table_start(); - php_info_print_table_header(2, "Variable", "Value"); -- if (zend_hash_find(&EG(symbol_table), "PHP_SELF", sizeof("PHP_SELF"), (void **) &data) != FAILURE) { -+ if (zend_hash_find(&EG(symbol_table), "PHP_SELF", sizeof("PHP_SELF"), (void **) &data) != FAILURE && Z_TYPE_PP(data) == IS_STRING) { - php_info_print_table_row(2, "PHP_SELF", Z_STRVAL_PP(data)); - } -- if (zend_hash_find(&EG(symbol_table), "PHP_AUTH_TYPE", sizeof("PHP_AUTH_TYPE"), (void **) &data) != FAILURE) { -+ if (zend_hash_find(&EG(symbol_table), "PHP_AUTH_TYPE", sizeof("PHP_AUTH_TYPE"), (void **) &data) != FAILURE && Z_TYPE_PP(data) == IS_STRING) { - php_info_print_table_row(2, "PHP_AUTH_TYPE", Z_STRVAL_PP(data)); - } -- if (zend_hash_find(&EG(symbol_table), "PHP_AUTH_USER", sizeof("PHP_AUTH_USER"), (void **) &data) != FAILURE) { -+ if (zend_hash_find(&EG(symbol_table), "PHP_AUTH_USER", sizeof("PHP_AUTH_USER"), (void **) &data) != FAILURE && Z_TYPE_PP(data) == IS_STRING) { - php_info_print_table_row(2, "PHP_AUTH_USER", Z_STRVAL_PP(data)); - } -- if (zend_hash_find(&EG(symbol_table), "PHP_AUTH_PW", sizeof("PHP_AUTH_PW"), (void **) &data) != FAILURE) { -+ if (zend_hash_find(&EG(symbol_table), "PHP_AUTH_PW", sizeof("PHP_AUTH_PW"), (void **) &data) != FAILURE && Z_TYPE_PP(data) == IS_STRING) { - php_info_print_table_row(2, "PHP_AUTH_PW", Z_STRVAL_PP(data)); - } - php_print_gpcse_array(ZEND_STRL("_REQUEST") TSRMLS_CC); -diff --git a/ext/standard/tests/general_functions/bug67498.phpt b/ext/standard/tests/general_functions/bug67498.phpt -new file mode 100644 -index 0000000..5b5951b ---- /dev/null -+++ b/ext/standard/tests/general_functions/bug67498.phpt -@@ -0,0 +1,15 @@ -+--TEST-- -+phpinfo() Type Confusion Information Leak Vulnerability -+--FILE-- -+ -+==DONE== -+--EXPECTF-- -+phpinfo() -+ -+PHP Variables -+%A -+==DONE== diff --git a/php.spec b/php.spec index 9bf7312..ded2bd3 100644 --- a/php.spec +++ b/php.spec @@ -119,7 +119,7 @@ ERROR: You need to select at least one Apache SAPI to build shared modules. %endif %endif -%define rel 12 +%define rel 1 %define orgname php %define ver_suffix 53 %define php_suffix %{!?with_default_php:%{ver_suffix}} @@ -130,13 +130,13 @@ Summary(pt_BR.UTF-8): A linguagem de script PHP Summary(ru.UTF-8): PHP Версии 5 - язык препроцессирования HTML-файлов, выполняемый на сервере Summary(uk.UTF-8): PHP Версії 5 - мова препроцесування HTML-файлів, виконувана на сервері Name: %{orgname}%{php_suffix} -Version: 5.3.28 +Version: 5.3.29 Release: %{rel}%{?with_type_hints:.th}%{?with_oci8:.oci} Epoch: 4 License: PHP Group: Libraries Source0: http://www.php.net/distributions/%{orgname}-%{version}.tar.bz2 -# Source0-md5: 56ff88934e068d142d6c0deefd1f396b +# Source0-md5: 9469e240cbe6ac865aeaec89b253dd30 Source2: %{orgname}-mod_%{orgname}.conf Source3: %{orgname}-cgi-fcgi.ini Source4: %{orgname}-apache.ini @@ -165,7 +165,6 @@ Patch11: embed.patch %if %{with type_hints} Patch12: http://ilia.ws/patch/type_hint_53_v2.txt %endif -Patch13: php-secbug-67498.patch Patch14: %{orgname}-no_pear_install.patch Patch15: %{orgname}-zlib.patch Patch17: %{orgname}-readline.patch @@ -2000,7 +1999,6 @@ cp -p php.ini-production php.ini %if %{with type_hints} %patch12 -p0 %endif -%patch13 -p1 %patch14 -p1 %patch15 -p1 %patch17 -p1 diff --git a/suhosin.patch b/suhosin.patch index 2a22f75..f132c0d 100644 --- a/suhosin.patch +++ b/suhosin.patch @@ -5675,15 +5675,15 @@ diff -Nura php-5.3.9/sapi/cgi/cgi_main.c suhosin-patch-5.3.9-0.9.10/sapi/cgi/cgi } +#if SUHOSIN_PATCH +#if ZEND_DEBUG -+ php_printf("PHP %s with Suhosin-Patch (%s) (built: %s %s) (DEBUG)\nCopyright (c) 1997-2013 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version()); ++ php_printf("PHP %s with Suhosin-Patch (%s) (built: %s %s) (DEBUG)\nCopyright (c) 1997-2014 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version()); +#else -+ php_printf("PHP %s with Suhosin-Patch (%s) (built: %s %s)\nCopyright (c) 1997-2013 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version()); ++ php_printf("PHP %s with Suhosin-Patch (%s) (built: %s %s)\nCopyright (c) 1997-2014 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version()); +#endif +#else #if ZEND_DEBUG - php_printf("PHP %s (%s) (built: %s %s) (DEBUG)\nCopyright (c) 1997-2013 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version()); + php_printf("PHP %s (%s) (built: %s %s) (DEBUG)\nCopyright (c) 1997-2014 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version()); #else - php_printf("PHP %s (%s) (built: %s %s)\nCopyright (c) 1997-2013 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version()); + php_printf("PHP %s (%s) (built: %s %s)\nCopyright (c) 1997-2014 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version()); #endif +#endif php_request_shutdown((void *) 0); @@ -5696,12 +5696,12 @@ diff -Nura php-5.3.9/sapi/cli/php_cli.c suhosin-patch-5.3.9-0.9.10/sapi/cli/php_ } request_started = 1; -- php_printf("PHP %s (%s) (built: %s %s) %s\nCopyright (c) 1997-2013 The PHP Group\n%s", +- php_printf("PHP %s (%s) (built: %s %s) %s\nCopyright (c) 1997-2014 The PHP Group\n%s", + php_printf("PHP %s " +#if SUHOSIN_PATCH + "with Suhosin-Patch " +#endif -+ "(%s) (built: %s %s) %s\nCopyright (c) 1997-2013 The PHP Group\n%s", ++ "(%s) (built: %s %s) %s\nCopyright (c) 1997-2014 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, #if ZEND_DEBUG && defined(HAVE_GCOV) "(DEBUG GCOV)", @@ -5714,15 +5714,15 @@ diff -Nura php-5.3.9/sapi/litespeed/lsapi_main.c suhosin-patch-5.3.9-0.9.10/sapi if (php_request_startup(TSRMLS_C) != FAILURE) { +#if SUHOSIN_PATCH + #if ZEND_DEBUG -+ php_printf("PHP %s with Suhosin-Patch (%s) (built: %s %s) (DEBUG)\nCopyright (c) 1997-2013 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version()); ++ php_printf("PHP %s with Suhosin-Patch (%s) (built: %s %s) (DEBUG)\nCopyright (c) 1997-2014 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version()); + #else -+ php_printf("PHP %s with Suhosin-Patch (%s) (built: %s %s)\nCopyright (c) 1997-2013 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version()); ++ php_printf("PHP %s with Suhosin-Patch (%s) (built: %s %s)\nCopyright (c) 1997-2014 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version()); + #endif +#else #if ZEND_DEBUG - php_printf("PHP %s (%s) (built: %s %s) (DEBUG)\nCopyright (c) 1997-2013 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version()); + php_printf("PHP %s (%s) (built: %s %s) (DEBUG)\nCopyright (c) 1997-2014 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version()); #else - php_printf("PHP %s (%s) (built: %s %s)\nCopyright (c) 1997-2013 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version()); + php_printf("PHP %s (%s) (built: %s %s)\nCopyright (c) 1997-2014 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version()); #endif +#endif #ifdef PHP_OUTPUT_NEWAPI @@ -5736,9 +5736,9 @@ diff -Nura php-5.3.9/sapi/milter/php_milter.c suhosin-patch-5.3.9-0.9.10/sapi/mi SG(headers_sent) = 1; SG(request_info).no_headers = 1; +#if SUHOSIN_PATCH -+ php_printf("PHP %s with Suhosin-Patch (%s) (built: %s %s)\nCopyright (c) 1997-2013 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version()); ++ php_printf("PHP %s with Suhosin-Patch (%s) (built: %s %s)\nCopyright (c) 1997-2014 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version()); +#else - php_printf("PHP %s (%s) (built: %s %s)\nCopyright (c) 1997-2013 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version()); + php_printf("PHP %s (%s) (built: %s %s)\nCopyright (c) 1997-2014 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version()); +#endif php_end_ob_buffers(1 TSRMLS_CC); exit(1); -- 2.44.0