From 7efacaf8ed1de5632244d6e3abade14fa319f5bf Mon Sep 17 00:00:00 2001 From: =?utf8?q?Elan=20Ruusam=C3=A4e?= Date: Fri, 27 Apr 2012 23:26:43 +0000 Subject: [PATCH] - up to 5.3.11 (CVE-2012-1172, CVE-2012-0831), should compile with apache 2.4 Changed files: bug-52078-fileinode.patch -> 1.6 bug-60986.patch -> 1.2 php.spec -> 1.981 --- bug-52078-fileinode.patch | 391 -------------------------------------- bug-60986.patch | 44 ----- php.spec | 10 +- 3 files changed, 3 insertions(+), 442 deletions(-) delete mode 100644 bug-52078-fileinode.patch delete mode 100644 bug-60986.patch diff --git a/bug-52078-fileinode.patch b/bug-52078-fileinode.patch deleted file mode 100644 index 151f4ed..0000000 --- a/bug-52078-fileinode.patch +++ /dev/null @@ -1,391 +0,0 @@ ---- php-5.2.13/ext/standard/tests/file/fileinode_variation3.phpt~ 2008-11-25 13:33:41.000000000 +0200 -+++ php-5.2.13/ext/standard/tests/file/fileinode_variation3.phpt 2010-06-14 00:23:51.340272864 +0300 -@@ -57,15 +57,15 @@ - --EXPECTF-- - *** Testing fileinode() with different notations of file names *** - - Iteration 1 - --int(%d) -+int(%i) - - Iteration 2 - - - Warning: fileinode(): stat failed for %s//fileinode_variation3/fileinode_variation3.tmp/ in %s on line %d - bool(false) - - Iteration 3 - --int(%d) -+int(%i) - - Iteration 4 - --int(%d) -+int(%i) - - Iteration 5 - - - Warning: fileinode(): stat failed for %s//fileinode_variation3/*.tmp in %s on line %d ---- php-5.3.3/ext/standard/tests/file/fileinode_basic.phpt~ 2007-11-05 19:43:21.000000000 +0200 -+++ php-5.3.3/ext/standard/tests/file/fileinode_basic.phpt 2010-07-26 19:31:43.613553760 +0300 -@@ -28,9 +28,9 @@ - ?> - --EXPECTF-- - *** Testing fileinode() with file, directory *** --%d --%d --%d --%d -+%i -+%i -+%i -+%i - - *** Done *** ---- php-5.3.3/ext/standard/tests/file/fileinode_variation.phpt~ 2007-11-05 19:43:21.000000000 +0200 -+++ php-5.3.3/ext/standard/tests/file/fileinode_variation.phpt 2010-07-26 19:34:01.610414378 +0300 -@@ -89,24 +89,24 @@ - --EXPECTF-- - *** Testing fileinode() with files, links and directories *** - -- Testing with files -- --%d --%d -+%i -+%i - -- Testing with links: hard link -- --%d --%d -+%i -+%i - -- Testing with links: soft link -- --%d --%d -+%i -+%i - -- Testing after copying a file -- --%d --%d -+%i -+%i - -- Testing after renaming the file -- --%d --%d -+%i -+%i - -- Testing with directories -- --%d --%d -+%i -+%i - -- Testing with binary input -- --%d --%d -+%i -+%i - *** Done *** ---- php-5.3.3/ext/standard/tests/file/fileinode_variation1.phpt~ 2008-11-26 12:10:19.000000000 +0200 -+++ php-5.3.3/ext/standard/tests/file/fileinode_variation1.phpt 2010-07-26 19:35:31.216291870 +0300 -@@ -42,7 +42,7 @@ - - --EXPECTF-- - *** Testing fileinode() with links *** --int(%d) --int(%d) -+int(%i) -+int(%i) - - *** Done *** ---- php-5.3.3/ext/standard/tests/file/filestat.phpt~ 2006-11-15 19:27:03.000000000 +0200 -+++ php-5.3.3/ext/standard/tests/file/filestat.phpt 2010-07-26 19:37:10.367060798 +0300 -@@ -30,17 +30,17 @@ - echo "Done\n"; - ?> - --EXPECTF-- -+int(%i) - int(%d) - int(%d) - int(%d) - int(%d) -+int(%i) - int(%d) - int(%d) - int(%d) - int(%d) --int(%d) --int(%d) --int(%d) -+int(%i) - int(%d) - int(%d) - int(%d) ---- php-5.3.3/ext/standard/tests/file/lstat_stat_variation18.phpt~ 2010-07-26 19:43:12.000000000 +0300 -+++ php-5.3.3/ext/standard/tests/file/lstat_stat_variation18.phpt 2010-07-26 19:43:14.470984630 +0300 -@@ -66,7 +66,7 @@ - [0]=> - int(%d) - [1]=> -- int(%d) -+ int(%i) - [2]=> - int(%d) - [3]=> -@@ -92,7 +92,7 @@ - ["dev"]=> - int(%d) - ["ino"]=> -- int(%d) -+ int(%i) - ["mode"]=> - int(%d) - ["nlink"]=> -@@ -122,7 +122,7 @@ - [0]=> - int(%d) - [1]=> -- int(%d) -+ int(%i) - [2]=> - int(%d) - [3]=> -@@ -148,7 +148,7 @@ - ["dev"]=> - int(%d) - ["ino"]=> -- int(%d) -+ int(%i) - ["mode"]=> - int(%d) - ["nlink"]=> ---- php-5.3.3/ext/standard/tests/file/lstat_stat_variation19.phpt~ 2007-11-05 19:43:21.000000000 +0200 -+++ php-5.3.3/ext/standard/tests/file/lstat_stat_variation19.phpt 2010-07-26 19:44:58.320079730 +0300 -@@ -67,7 +67,7 @@ - [0]=> - int(%d) - [1]=> -- int(%d) -+ int(%i) - [2]=> - int(%d) - [3]=> -@@ -93,7 +93,7 @@ - ["dev"]=> - int(%d) - ["ino"]=> -- int(%d) -+ int(%i) - ["mode"]=> - int(%d) - ["nlink"]=> -@@ -121,7 +121,7 @@ - [0]=> - int(%d) - [1]=> -- int(%d) -+ int(%i) - [2]=> - int(%d) - [3]=> -@@ -147,7 +147,7 @@ - ["dev"]=> - int(%d) - ["ino"]=> -- int(%d) -+ int(%i) - ["mode"]=> - int(%d) - ["nlink"]=> -@@ -177,7 +177,7 @@ - [0]=> - int(%d) - [1]=> -- int(%d) -+ int(%i) - [2]=> - int(%d) - [3]=> -@@ -203,7 +203,7 @@ - ["dev"]=> - int(%d) - ["ino"]=> -- int(%d) -+ int(%i) - ["mode"]=> - int(%d) - ["nlink"]=> -@@ -231,7 +231,7 @@ - [0]=> - int(%d) - [1]=> -- int(%d) -+ int(%i) - [2]=> - int(%d) - [3]=> -@@ -257,7 +257,7 @@ - ["dev"]=> - int(%d) - ["ino"]=> -- int(%d) -+ int(%i) - ["mode"]=> - int(%d) - ["nlink"]=> ---- php-5.3.3/ext/standard/tests/file/lstat_stat_variation20.phpt~ 2007-07-26 16:38:24.000000000 +0300 -+++ php-5.3.3/ext/standard/tests/file/lstat_stat_variation20.phpt 2010-07-26 19:46:33.907004377 +0300 -@@ -69,7 +69,7 @@ - [0]=> - int(%d) - [1]=> -- int(%d) -+ int(%i) - [2]=> - int(%d) - [3]=> -@@ -95,7 +95,7 @@ - ["dev"]=> - int(%d) - ["ino"]=> -- int(%d) -+ int(%i) - ["mode"]=> - int(%d) - ["nlink"]=> -@@ -125,7 +125,7 @@ - [0]=> - int(%d) - [1]=> -- int(%d) -+ int(%i) - [2]=> - int(%d) - [3]=> -@@ -151,7 +151,7 @@ - ["dev"]=> - int(%d) - ["ino"]=> -- int(%d) -+ int(%i) - ["mode"]=> - int(%d) - ["nlink"]=> -@@ -179,7 +179,7 @@ - [0]=> - int(%d) - [1]=> -- int(%d) -+ int(%i) - [2]=> - int(%d) - [3]=> -@@ -205,7 +205,7 @@ - ["dev"]=> - int(%d) - ["ino"]=> -- int(%d) -+ int(%i) - ["mode"]=> - int(%d) - ["nlink"]=> -@@ -233,7 +233,7 @@ - [0]=> - int(%d) - [1]=> -- int(%d) -+ int(%i) - [2]=> - int(%d) - [3]=> -@@ -259,7 +259,7 @@ - ["dev"]=> - int(%d) - ["ino"]=> -- int(%d) -+ int(%i) - ["mode"]=> - int(%d) - ["nlink"]=> ---- php-5.3.3/ext/standard/tests/file/tempnam_variation1.phpt~ 2008-11-26 12:10:19.000000000 +0200 -+++ php-5.3.3/ext/standard/tests/file/tempnam_variation1.phpt 2010-07-26 20:24:46.505943227 +0300 -@@ -66,51 +66,51 @@ - -- Iteration 1 -- - File name is => %s%etempnam_variation1.tmp%s - File permissions are => 100600 --File inode is => %d -+File inode is => %i - File created in => directory specified - -- Iteration 2 -- - File name is => %s%etempnam_variation1.tmp%s - File permissions are => 100600 --File inode is => %d -+File inode is => %i - File created in => directory specified - -- Iteration 3 -- - File name is => %s%etempnam_variation1.tmp%s - File permissions are => 100600 --File inode is => %d -+File inode is => %i - File created in => directory specified - -- Iteration 4 -- - File name is => %s%etempnam_variation1.tmp%s - File permissions are => 100600 --File inode is => %d -+File inode is => %i - File created in => directory specified - -- Iteration 5 -- - File name is => %s%etempnam_variation1.tmp%s - File permissions are => 100600 --File inode is => %d -+File inode is => %i - File created in => directory specified - -- Iteration 6 -- - File name is => %s%etempnam_variation1.tmp%s - File permissions are => 100600 --File inode is => %d -+File inode is => %i - File created in => directory specified - -- Iteration 7 -- - File name is => %s%etempnam_variation1.tmp%s - File permissions are => 100600 --File inode is => %d -+File inode is => %i - File created in => directory specified - -- Iteration 8 -- - File name is => %s%etempnam_variation1.tmp%s - File permissions are => 100600 --File inode is => %d -+File inode is => %i - File created in => directory specified - -- Iteration 9 -- - File name is => %s%etempnam_variation1.tmp%s - File permissions are => 100600 --File inode is => %d -+File inode is => %i - File created in => directory specified - -- Iteration 10 -- - File name is => %s%etempnam_variation1.tmp%s - File permissions are => 100600 --File inode is => %d -+File inode is => %i - File created in => directory specified - *** Done *** ---- php-5.3.3/tests/security/open_basedir_fileinode.phpt~ 2008-05-09 11:39:44.000000000 +0300 -+++ php-5.3.3/tests/security/open_basedir_fileinode.phpt 2010-07-27 22:51:29.603089549 +0300 -@@ -46,10 +46,10 @@ - - Warning: fileinode(): open_basedir restriction in effect. File(./../.) is not within the allowed path(s): (.) in %s on line %d - bool(false) --int(%d) --int(%d) --int(%d) --int(%d) --int(%d) -+int(%i) -+int(%i) -+int(%i) -+int(%i) -+int(%i) - *** Finished testing open_basedir configuration [fileinode] *** - ---- php-5.3.3/ext/spl/tests/SplFileInfo_getInode_basic.phpt~ 2010-08-04 16:25:21.000000000 +0300 -+++ php-5.3.3/ext/spl/tests/SplFileInfo_getInode_basic.phpt 2010-08-04 16:28:32.722932851 +0300 -@@ -11,6 +11,7 @@ - --SKIPIF-- - 32bit platform only (inodes overflow there)"); - ?> - --FILE-- - re, NULL, NULL) == PCRE_ERROR_BADMAGIC) { -+ if (pcre_fullinfo(pce->re, NULL, NULL, NULL) == PCRE_ERROR_BADMAGIC) { - zend_hash_clean(&PCRE_G(pcre_cache)); - } else { - #if HAVE_SETLOCALE ---- php/php-src/branches/PHP_5_3/ext/pcre/php_pcre.def 2012/02/06 17:57:47 323095 -+++ php/php-src/branches/PHP_5_3/ext/pcre/php_pcre.def 2012/02/06 18:11:56 323096 -@@ -4,7 +4,6 @@ - php_pcre_exec - php_pcre_get_substring - php_pcre_get_substring_list --php_pcre_info - php_pcre_maketables - php_pcre_study - php_pcre_version ---- php/php-src/branches/PHP_5_3/ext/pcre/php_pcre.c 2012/02/06 18:11:56 323096 -+++ php/php-src/branches/PHP_5_3/ext/pcre/php_pcre.c 2012/02/06 18:18:53 323097 -@@ -241,6 +241,7 @@ - char *pattern; - int do_study = 0; - int poptions = 0; -+ int count = 0; - unsigned const char *tables = NULL; - #if HAVE_SETLOCALE - char *locale = setlocale(LC_CTYPE, NULL); -@@ -255,7 +256,7 @@ - * We use a quick pcre_fullinfo() check to see whether cache is corrupted, and if it - * is, we flush it and compile the pattern from scratch. - */ -- if (pcre_fullinfo(pce->re, NULL, NULL, NULL) == PCRE_ERROR_BADMAGIC) { -+ if (pcre_fullinfo(pce->re, NULL, PCRE_INFO_CAPTURECOUNT, &count) == PCRE_ERROR_BADMAGIC) { - zend_hash_clean(&PCRE_G(pcre_cache)); - } else { - #if HAVE_SETLOCALE diff --git a/php.spec b/php.spec index 0f0eea9..23922cb 100644 --- a/php.spec +++ b/php.spec @@ -110,7 +110,7 @@ ERROR: You need to select at least one Apache SAPI to build shared modules. %undefine with_filter %endif -%define rel 7 +%define rel 1 Summary: PHP: Hypertext Preprocessor Summary(fr.UTF-8): Le langage de script embarque-HTML PHP Summary(pl.UTF-8): Język skryptowy PHP @@ -118,13 +118,13 @@ Summary(pt_BR.UTF-8): A linguagem de script PHP Summary(ru.UTF-8): PHP Версии 5 - язык препроцессирования HTML-файлов, выполняемый на сервере Summary(uk.UTF-8): PHP Версії 5 - мова препроцесування HTML-файлів, виконувана на сервері Name: php -Version: 5.3.10 +Version: 5.3.11 Release: %{rel}%{?with_type_hints:.th}%{?with_oci8:.oci} Epoch: 4 License: PHP Group: Libraries Source0: http://www.php.net/distributions/%{name}-%{version}.tar.bz2 -# Source0-md5: 816259e5ca7d0a7e943e56a3bb32b17f +# Source0-md5: 94709f6e7c920cbe26e19fa991d9975d Source2: %{name}-mod_%{name}.conf Source3: %{name}-cgi-fcgi.ini Source4: %{name}-apache.ini @@ -186,7 +186,6 @@ Patch50: extension-shared-optional-dep.patch Patch51: spl-shared.patch Patch52: pcre-shared.patch Patch53: fix-test-run.patch -Patch55: bug-52078-fileinode.patch Patch59: %{name}-systzdata.patch Patch60: %{name}-oracle-instantclient.patch Patch62: mcrypt-libs.patch @@ -194,7 +193,6 @@ Patch63: %{name}-mysql-nowarning.patch Patch64: %{name}-m4.patch # http://spot.fedorapeople.org/php-5.3.6-libzip.patch Patch65: system-libzip.patch -Patch66: bug-60986.patch URL: http://www.php.net/ %{?with_interbase:%{!?with_interbase_inst:BuildRequires: Firebird-devel >= 1.0.2.908-2}} %{?with_pspell:BuildRequires: aspell-devel >= 2:0.50.0} @@ -1929,13 +1927,11 @@ cp -p php.ini-production php.ini %patch52 -p1 %patch53 -p1 %undos ext/spl/tests/SplFileInfo_getInode_basic.phpt -%patch55 -p1 %patch59 -p1 %patch60 -p1 %patch62 -p1 %patch63 -p1 %patch64 -p1 -%patch66 -p4 %{?with_system_libzip:%patch65 -p1} %{__rm} -r sapi/litespeed gzip -dc %{SOURCE15} | tar xf - -C sapi/ -- 2.44.0