+++ /dev/null
---- PHP_5_3/ext/zip/lib/zip_name_locate.c 2011/01/30 22:16:39 307866
-+++ PHP_5_3/ext/zip/lib/zip_name_locate.c 2011/01/30 22:28:57 307867
-@@ -60,6 +60,10 @@
- return -1;
- }
-
-+ if((flags & ZIP_FL_UNCHANGED) && !za->cdir) {
-+ return -1;
-+ }
-+
- cmp = (flags & ZIP_FL_NOCASE) ? strcmpi : strcmp;
-
- n = (flags & ZIP_FL_UNCHANGED) ? za->cdir->nentry : za->nentry;
+++ /dev/null
---- PHP_5_3/ext/exif/exif.c 2011/02/14 08:46:53 308315
-+++ PHP_5_3/ext/exif/exif.c 2011/02/14 09:08:44 308316
-@@ -40,6 +40,10 @@
- #include "php.h"
- #include "ext/standard/file.h"
-
-+#ifdef PHP_WIN32
-+include "win32/php_stdint.h"
-+#endif
-+
- #if HAVE_EXIF
-
- /* When EXIF_DEBUG is defined the module generates a lot of debug messages
-@@ -2821,6 +2825,7 @@
- int tag, format, components;
- char *value_ptr, tagname[64], cbuf[32], *outside=NULL;
- size_t byte_count, offset_val, fpos, fgot;
-+ int64_t byte_count_signed;
- xp_field_type *tmp_xp;
- #ifdef EXIF_DEBUG
- char *dump_data;
-@@ -2845,13 +2850,20 @@
- /*return TRUE;*/
- }
-
-- byte_count = components * php_tiff_bytes_per_format[format];
-+ if (components < 0) {
-+ exif_error_docref("exif_read_data#error_ifd" EXIFERR_CC, ImageInfo, E_WARNING, "Process tag(x%04X=%s): Illegal byte_count(%ld)", tag, exif_get_tagname(tag, tagname, -12, tag_table TSRMLS_CC), byte_count);
-+ return FALSE;
-+ }
-+
-+ byte_count_signed = (int64_t)components * php_tiff_bytes_per_format[format];
-
-- if ((ssize_t)byte_count < 0) {
-+ if (byte_count_signed < 0 || (byte_count_signed > 2147483648)) {
- exif_error_docref("exif_read_data#error_ifd" EXIFERR_CC, ImageInfo, E_WARNING, "Process tag(x%04X=%s): Illegal byte_count(%ld)", tag, exif_get_tagname(tag, tagname, -12, tag_table TSRMLS_CC), byte_count);
- return FALSE;
- }
-
-+ byte_count = (size_t)byte_count_signed;
-+
- if (byte_count > 4) {
- offset_val = php_ifd_get32u(dir_entry+8, ImageInfo->motorola_intel);
- /* If its bigger than 4 bytes, the dir entry contains an offset. */
-@@ -2916,6 +2928,7 @@
- efree(dump_data);
- }
- #endif
-+
- if (section_index==SECTION_THUMBNAIL) {
- if (!ImageInfo->Thumbnail.data) {
- switch(tag) {
+++ /dev/null
---- PHP_5_3/ext/shmop/shmop.c 2011/01/01 02:19:59 306939
-+++ PHP_5_3/ext/shmop/shmop.c 2011/03/08 13:11:14 309018
-@@ -256,7 +256,7 @@
- RETURN_FALSE;
- }
-
-- if (start + count > shmop->size || count < 0) {
-+ if (count < 0 || start > (INT_MAX - count) || start + count > shmop->size) {
- php_error_docref(NULL TSRMLS_CC, E_WARNING, "count is out of range");
- RETURN_FALSE;
- }
+++ /dev/null
---- PHP_5_3/ext/standard/string.c 2011/04/13 03:32:19 310193
-+++ PHP_5_3/ext/standard/string.c 2011/04/13 06:32:41 310194
-@@ -2352,20 +2352,35 @@
-
- zend_hash_internal_pointer_reset_ex(Z_ARRVAL_PP(str), &pos_str);
- while (zend_hash_get_current_data_ex(Z_ARRVAL_PP(str), (void **) &tmp_str, &pos_str) == SUCCESS) {
-- convert_to_string_ex(tmp_str);
-+ zval *orig_str;
-+ zval dummy;
-+ if(Z_TYPE_PP(tmp_str) != IS_STRING) {
-+ dummy = **tmp_str;
-+ orig_str = &dummy;
-+ zval_copy_ctor(orig_str);
-+ convert_to_string(orig_str);
-+ } else {
-+ orig_str = *tmp_str;
-+ }
-
- if (Z_TYPE_PP(from) == IS_ARRAY) {
- if (SUCCESS == zend_hash_get_current_data_ex(Z_ARRVAL_PP(from), (void **) &tmp_from, &pos_from)) {
-- convert_to_long_ex(tmp_from);
-+ if(Z_TYPE_PP(tmp_from) != IS_LONG) {
-+ zval dummy = **tmp_from;
-+ zval_copy_ctor(&dummy);
-+ convert_to_long(&dummy);
-+ f = Z_LVAL(dummy);
-+ } else {
-+ f = Z_LVAL_PP(tmp_from);
-+ }
-
-- f = Z_LVAL_PP(tmp_from);
- if (f < 0) {
-- f = Z_STRLEN_PP(tmp_str) + f;
-+ f = Z_STRLEN_P(orig_str) + f;
- if (f < 0) {
- f = 0;
- }
-- } else if (f > Z_STRLEN_PP(tmp_str)) {
-- f = Z_STRLEN_PP(tmp_str);
-+ } else if (f > Z_STRLEN_P(orig_str)) {
-+ f = Z_STRLEN_P(orig_str);
- }
- zend_hash_move_forward_ex(Z_ARRVAL_PP(from), &pos_from);
- } else {
-@@ -2374,72 +2389,94 @@
- } else {
- f = Z_LVAL_PP(from);
- if (f < 0) {
-- f = Z_STRLEN_PP(tmp_str) + f;
-+ f = Z_STRLEN_P(orig_str) + f;
- if (f < 0) {
- f = 0;
- }
-- } else if (f > Z_STRLEN_PP(tmp_str)) {
-- f = Z_STRLEN_PP(tmp_str);
-+ } else if (f > Z_STRLEN_P(orig_str)) {
-+ f = Z_STRLEN_P(orig_str);
- }
- }
-
- if (argc > 3 && Z_TYPE_PP(len) == IS_ARRAY) {
- if (SUCCESS == zend_hash_get_current_data_ex(Z_ARRVAL_PP(len), (void **) &tmp_len, &pos_len)) {
-- convert_to_long_ex(tmp_len);
-+ if(Z_TYPE_PP(tmp_len) != IS_LONG) {
-+ zval dummy = **tmp_len;
-+ zval_copy_ctor(&dummy);
-+ convert_to_long(&dummy);
-+ l = Z_LVAL(dummy);
-+ } else {
-+ l = Z_LVAL_PP(tmp_len);
-+ }
-
- l = Z_LVAL_PP(tmp_len);
- zend_hash_move_forward_ex(Z_ARRVAL_PP(len), &pos_len);
- } else {
-- l = Z_STRLEN_PP(tmp_str);
-+ l = Z_STRLEN_P(orig_str);
- }
- } else if (argc > 3) {
- l = Z_LVAL_PP(len);
- } else {
-- l = Z_STRLEN_PP(tmp_str);
-+ l = Z_STRLEN_P(orig_str);
- }
-
- if (l < 0) {
-- l = (Z_STRLEN_PP(tmp_str) - f) + l;
-+ l = (Z_STRLEN_P(orig_str) - f) + l;
- if (l < 0) {
- l = 0;
- }
- }
-
-- if ((f + l) > Z_STRLEN_PP(tmp_str)) {
-- l = Z_STRLEN_PP(tmp_str) - f;
-+ if ((f + l) > Z_STRLEN_P(orig_str)) {
-+ l = Z_STRLEN_P(orig_str) - f;
- }
-
-- result_len = Z_STRLEN_PP(tmp_str) - l;
-+ result_len = Z_STRLEN_P(orig_str) - l;
-
- if (Z_TYPE_PP(repl) == IS_ARRAY) {
- if (SUCCESS == zend_hash_get_current_data_ex(Z_ARRVAL_PP(repl), (void **) &tmp_repl, &pos_repl)) {
-- convert_to_string_ex(tmp_repl);
-- result_len += Z_STRLEN_PP(tmp_repl);
-+ zval *repl_str;
-+ zval zrepl;
-+ if(Z_TYPE_PP(tmp_repl) != IS_STRING) {
-+ zrepl = **tmp_repl;
-+ repl_str = &zrepl;
-+ zval_copy_ctor(repl_str);
-+ convert_to_string(repl_str);
-+ } else {
-+ repl_str = *tmp_repl;
-+ }
-+
-+ result_len += Z_STRLEN_P(repl_str);
- zend_hash_move_forward_ex(Z_ARRVAL_PP(repl), &pos_repl);
- result = emalloc(result_len + 1);
-
-- memcpy(result, Z_STRVAL_PP(tmp_str), f);
-- memcpy((result + f), Z_STRVAL_PP(tmp_repl), Z_STRLEN_PP(tmp_repl));
-- memcpy((result + f + Z_STRLEN_PP(tmp_repl)), Z_STRVAL_PP(tmp_str) + f + l, Z_STRLEN_PP(tmp_str) - f - l);
-+ memcpy(result, Z_STRVAL_P(orig_str), f);
-+ memcpy((result + f), Z_STRVAL_P(repl_str), Z_STRLEN_P(repl_str));
-+ memcpy((result + f + Z_STRLEN_P(repl_str)), Z_STRVAL_P(orig_str) + f + l, Z_STRLEN_P(orig_str) - f - l);
-+ if(Z_TYPE_PP(tmp_repl) != IS_STRING) {
-+ zval_dtor(repl_str);
-+ }
- } else {
- result = emalloc(result_len + 1);
-
-- memcpy(result, Z_STRVAL_PP(tmp_str), f);
-- memcpy((result + f), Z_STRVAL_PP(tmp_str) + f + l, Z_STRLEN_PP(tmp_str) - f - l);
-+ memcpy(result, Z_STRVAL_P(orig_str), f);
-+ memcpy((result + f), Z_STRVAL_P(orig_str) + f + l, Z_STRLEN_P(orig_str) - f - l);
- }
- } else {
- result_len += Z_STRLEN_PP(repl);
-
- result = emalloc(result_len + 1);
-
-- memcpy(result, Z_STRVAL_PP(tmp_str), f);
-+ memcpy(result, Z_STRVAL_P(orig_str), f);
- memcpy((result + f), Z_STRVAL_PP(repl), Z_STRLEN_PP(repl));
-- memcpy((result + f + Z_STRLEN_PP(repl)), Z_STRVAL_PP(tmp_str) + f + l, Z_STRLEN_PP(tmp_str) - f - l);
-+ memcpy((result + f + Z_STRLEN_PP(repl)), Z_STRVAL_P(orig_str) + f + l, Z_STRLEN_P(orig_str) - f - l);
- }
-
- result[result_len] = '\0';
- add_next_index_stringl(return_value, result, result_len, 0);
--
-+ if(Z_TYPE_PP(tmp_str) != IS_STRING) {
-+ zval_dtor(orig_str);
-+ }
- zend_hash_move_forward_ex(Z_ARRVAL_PP(str), &pos_str);
- } /*while*/
- } /* if */
+++ /dev/null
-diff -up php-5.2.17/ext/sockets/sockets.c.CVE-2011-1938 php-5.2.17/ext/sockets/sockets.c
---- php-5.2.17/ext/sockets/sockets.c.CVE-2011-1938 2011-08-19 08:40:08.000000000 +0700
-+++ php-5.2.17/ext/sockets/sockets.c 2011-08-19 08:41:11.000000000 +0700
-@@ -1176,6 +1176,10 @@ PHP_FUNCTION(socket_connect)
- break;
-
- case AF_UNIX:
-+ if (addr_len >= sizeof(s_un.sun_path)) {
-+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "Path too long", php_sock->type);
-+ RETURN_FALSE;
-+ }
- memset(&s_un, 0, sizeof(struct sockaddr_un));
-
- s_un.sun_family = AF_UNIX;
+++ /dev/null
-diff -up php-5.2.17/main/rfc1867.c.orig php-5.2.17/main/rfc1867.c
---- php-5.2.17/main/rfc1867.c.orig 2011-08-19 08:33:09.000000000 +0700
-+++ php-5.2.17/main/rfc1867.c 2011-08-19 08:34:29.000000000 +0700
-@@ -1215,7 +1215,7 @@ filedone:
- #endif
-
- if (!is_anonymous) {
-- if (s && s > filename) {
-+ if (s && s >= filename) {
- safe_php_register_variable(lbuf, s+1, strlen(s+1), NULL, 0 TSRMLS_CC);
- } else {
- safe_php_register_variable(lbuf, filename, strlen(filename), NULL, 0 TSRMLS_CC);
-@@ -1228,7 +1228,7 @@ filedone:
- } else {
- snprintf(lbuf, llen, "%s[name]", param);
- }
-- if (s && s > filename) {
-+ if (s && s >= filename) {
- register_http_post_files_variable(lbuf, s+1, http_post_files, 0 TSRMLS_CC);
- } else {
- register_http_post_files_variable(lbuf, filename, http_post_files, 0 TSRMLS_CC);
+++ /dev/null
-diff -up php-5.2.17/ext/exif/exif.c.CVE-2011-4566 php-5.2.17/ext/exif/exif.c
---- php-5.2.17/ext/exif/exif.c.CVE-2011-4566 2012-01-11 15:00:23.000000000 +0700
-+++ php-5.2.17/ext/exif/exif.c 2012-01-11 15:02:25.000000000 +0700
-@@ -2873,11 +2873,11 @@ static int exif_process_IFD_TAG(image_in
- offset_val = php_ifd_get32u(dir_entry+8, ImageInfo->motorola_intel);
- /* If its bigger than 4 bytes, the dir entry contains an offset. */
- value_ptr = offset_base+offset_val;
-- if (offset_val+byte_count > IFDlength || value_ptr < dir_entry) {
-+ if (byte_count > IFDlength || offset_val > IFDlength-byte_count || value_ptr < dir_entry) {
- /* It is important to check for IMAGE_FILETYPE_TIFF
- * JPEG does not use absolute pointers instead its pointers are
- * relative to the start of the TIFF header in APP1 section. */
-- if (offset_val+byte_count>ImageInfo->FileSize || (ImageInfo->FileType!=IMAGE_FILETYPE_TIFF_II && ImageInfo->FileType!=IMAGE_FILETYPE_TIFF_MM && ImageInfo->FileType!=IMAGE_FILETYPE_JPEG)) {
-+ if (byte_count > ImageInfo->FileSize || offset_val>ImageInfo->FileSize-byte_count || (ImageInfo->FileType!=IMAGE_FILETYPE_TIFF_II && ImageInfo->FileType!=IMAGE_FILETYPE_TIFF_MM && ImageInfo->FileType!=IMAGE_FILETYPE_JPEG)) {
- if (value_ptr < dir_entry) {
- /* we can read this if offset_val > 0 */
- /* some files have their values in other parts of the file */
+++ /dev/null
-diff -up php-5.2.17/ext/oci8/oci8.c.bug-319457 php-5.2.17/ext/oci8/oci8.c
---- php-5.2.17/ext/oci8/oci8.c.bug-319457 2012-02-16 08:25:41.000000000 +0700
-+++ php-5.2.17/ext/oci8/oci8.c 2012-02-16 08:26:55.000000000 +0700
-@@ -1187,7 +1187,14 @@ open:
- connection->is_persistent = 0;
- } else {
- connection = (php_oci_connection *) calloc(1, sizeof(php_oci_connection));
-+ if (connection == NULL) {
-+ return NULL;
-+ }
- connection->hash_key = zend_strndup(hashed_details.c, hashed_details.len);
-+ if (connection->hash_key == NULL) {
-+ free(connection);
-+ return NULL;
-+ }
- connection->is_persistent = 1;
- }
- } else {
+++ /dev/null
-this refers to svn commit: http://svn.php.net/viewvc?view=revision&revision=323007
-aka CVE-2012-0830
-
-link: https://bugzilla.redhat.com/show_bug.cgi?id=786686
-
-diff -up php-5.2.17/main/php_variables.c.bug-323007 php-5.2.17/main/php_variables.c
---- php-5.2.17/main/php_variables.c.bug-323007 2012-02-03 12:12:09.000000000 +0700
-+++ php-5.2.17/main/php_variables.c 2012-02-03 13:17:16.000000000 +0700
-@@ -187,12 +187,17 @@ PHPAPI void php_register_variable_ex(cha
- }
- if (zend_symtable_find(symtable1, escaped_index, index_len + 1, (void **) &gpc_element_p) == FAILURE
- || Z_TYPE_PP(gpc_element_p) != IS_ARRAY) {
-- if (zend_hash_num_elements(symtable1) >= PG(max_input_vars)) {
-- php_error_docref(NULL TSRMLS_CC, E_ERROR, "Input variables exceeded %ld. To increase the limit change max_input_vars in php.ini.", PG(max_input_vars));
-- }
-+ if (zend_hash_num_elements(symtable1) <= PG(max_input_vars)) {
-+ if (zend_hash_num_elements(symtable1) == PG(max_input_vars)) {
-+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "Input variables exceeded %ld. To increase the limit change max_input_vars in php.ini.", PG(max_input_vars));
-+ }
- MAKE_STD_ZVAL(gpc_element);
- array_init(gpc_element);
- zend_symtable_update(symtable1, escaped_index, index_len + 1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p);
-+ } else {
-+ efree(var_orig);
-+ return;
-+ }
- }
- if (index != escaped_index) {
- efree(escaped_index);
+++ /dev/null
-diff -up php-5.2.17/ext/mysqli/mysqli_api.c.bug-39847 php-5.2.17/ext/mysqli/mysqli_api.c
---- php-5.2.17/ext/mysqli/mysqli_api.c.bug-39847 2010-04-21 19:52:24.000000000 +0700
-+++ php-5.2.17/ext/mysqli/mysqli_api.c 2011-08-28 11:33:15.000000000 +0700
-@@ -795,6 +795,8 @@ PHP_FUNCTION(mysqli_fetch_field)
- add_property_string(return_value, "orgname",(field->org_name ? field->org_name : ""), 1);
- add_property_string(return_value, "table",(field->table ? field->table : ""), 1);
- add_property_string(return_value, "orgtable",(field->org_table ? field->org_table : ""), 1);
-+ add_property_string(return_value, "db",(field->db ? field->db : ""), 1);
-+ add_property_string(return_value, "catalog",(field->catalog ? field->catalog : ""), 1);
- add_property_string(return_value, "def",(field->def ? field->def : ""), 1);
- add_property_long(return_value, "max_length", field->max_length);
- add_property_long(return_value, "length", field->length);
-@@ -878,6 +880,8 @@ PHP_FUNCTION(mysqli_fetch_field_direct)
- add_property_string(return_value, "orgname",(field->org_name ? field->org_name : ""), 1);
- add_property_string(return_value, "table",(field->table ? field->table : ""), 1);
- add_property_string(return_value, "orgtable",(field->org_table ? field->org_table : ""), 1);
-+ add_property_string(return_value, "db",(field->db ? field->db : ""), 1);
-+ add_property_string(return_value, "catalog",(field->catalog ? field->catalog : ""), 1);
- add_property_string(return_value, "def",(field->def ? field->def : ""), 1);
- add_property_long(return_value, "max_length", field->max_length);
- add_property_long(return_value, "length", field->length);
+++ /dev/null
-diff -up php-5.2.17/Zend/zend_compile.c.bug-43200 php-5.2.17/Zend/zend_compile.c
---- php-5.2.17/Zend/zend_compile.c.bug-43200 2012-01-12 11:26:42.000000000 +0700
-+++ php-5.2.17/Zend/zend_compile.c 2012-01-12 11:26:51.000000000 +0700
-@@ -2080,7 +2080,8 @@ static zend_bool do_inherit_method_check
- return 1; /* method doesn't exist in child, copy from parent */
- }
-
-- if (parent->common.fn_flags & ZEND_ACC_ABSTRACT
-+ if ((parent->common.scope->ce_flags & ZEND_ACC_INTERFACE) == 0
-+ && parent->common.fn_flags & ZEND_ACC_ABSTRACT
- && parent->common.scope != (child->common.prototype ? child->common.prototype->common.scope : child->common.scope)
- && child->common.fn_flags & (ZEND_ACC_ABSTRACT|ZEND_ACC_IMPLEMENTED_ABSTRACT)) {
- zend_error(E_COMPILE_ERROR, "Can't inherit abstract function %s::%s() (previously declared abstract in %s)",
+++ /dev/null
-diff -up php-5.2.17/ext/standard/array.c.bug-48484 php-5.2.17/ext/standard/array.c
---- php-5.2.17/ext/standard/array.c.bug-48484 2010-11-20 04:06:44.000000000 +0600
-+++ php-5.2.17/ext/standard/array.c 2011-08-28 00:21:52.000000000 +0700
-@@ -4368,11 +4368,11 @@ PHP_FUNCTION(array_product)
- php_error_docref(NULL TSRMLS_CC, E_WARNING, "The argument should be an array");
- return;
- }
--
-+
-+ ZVAL_LONG(return_value, 1);
- if (!zend_hash_num_elements(Z_ARRVAL_PP(input))) {
-- RETURN_LONG(0);
-+ return;
- }
-- ZVAL_LONG(return_value, 1);
-
- for (zend_hash_internal_pointer_reset_ex(Z_ARRVAL_PP(input), &pos);
- zend_hash_get_current_data_ex(Z_ARRVAL_PP(input), (void **)&entry, &pos) == SUCCESS;
+++ /dev/null
-diff -up php-5.2.17/ext/zip/zip_stream.c.bug-49072 php-5.2.17/ext/zip/zip_stream.c
---- php-5.2.17/ext/zip/zip_stream.c.bug-49072 2011-08-28 14:06:52.000000000 +0700
-+++ php-5.2.17/ext/zip/zip_stream.c 2011-08-28 14:09:41.000000000 +0700
-@@ -34,7 +34,7 @@ static size_t php_zip_ops_read(php_strea
- STREAM_DATA_FROM_STREAM();
-
- if (self->za && self->zf) {
-- n = (size_t)zip_fread(self->zf, buf, (int)count);
-+ n = zip_fread(self->zf, buf, count);
- if (n < 0) {
- int ze, se;
- zip_file_error_get(self->zf, &ze, &se);
-@@ -42,13 +42,13 @@ static size_t php_zip_ops_read(php_strea
- php_error_docref(NULL TSRMLS_CC, E_WARNING, "Zip stream error: %s", zip_file_strerror(self->zf));
- return 0;
- }
-- if (n == 0 || n < count) {
-+ if (n == 0 || n < (ssize_t)count) {
- stream->eof = 1;
- } else {
- self->cursor += n;
- }
- }
-- return n<1 ? 0 : n;
-+ return (n < 1 ? 0 : (size_t)n);
- }
- /* }}} */
-
+++ /dev/null
-diff -up php-5.2.17/ext/date/php_date.c.bug-52063 php-5.2.17/ext/date/php_date.c
---- php-5.2.17/ext/date/php_date.c.bug-52063 2011-08-28 09:44:11.000000000 +0700
-+++ php-5.2.17/ext/date/php_date.c 2011-08-28 09:45:09.000000000 +0700
-@@ -1778,7 +1778,7 @@ PHP_FUNCTION(date_create)
- char *time_str = NULL;
- int time_str_len = 0;
-
-- if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "|sO", &time_str, &time_str_len, &timezone_object, date_ce_timezone) == FAILURE) {
-+ if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "|sO!", &time_str, &time_str_len, &timezone_object, date_ce_timezone) == FAILURE) {
- RETURN_FALSE;
- }
-
-@@ -1799,7 +1799,7 @@ PHP_METHOD(DateTime, __construct)
- int time_str_len = 0;
-
- php_set_error_handling(EH_THROW, NULL TSRMLS_CC);
-- if (SUCCESS == zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "|sO", &time_str, &time_str_len, &timezone_object, date_ce_timezone)) {
-+ if (SUCCESS == zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "|sO!", &time_str, &time_str_len, &timezone_object, date_ce_timezone)) {
- date_initialize(zend_object_store_get_object(getThis() TSRMLS_CC), time_str, time_str_len, timezone_object, 1 TSRMLS_CC);
- }
- php_set_error_handling(EH_NORMAL, NULL TSRMLS_CC);
+++ /dev/null
-diff -up php-5.2.17/ext/standard/info.c.bug-52461 php-5.2.17/ext/standard/info.c
---- php-5.2.17/ext/standard/info.c.bug-52461 2012-01-12 10:23:00.000000000 +0700
-+++ php-5.2.17/ext/standard/info.c 2012-01-12 10:23:27.000000000 +0700
-@@ -415,7 +415,7 @@ PHPAPI void php_print_info_htmlhead(TSRM
-
-
- PUTS("<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\" \"DTD/xhtml1-transitional.dtd\">\n");
-- PUTS("<html>");
-+ PUTS("<html xmlns=\"http://www.w3.org/1999/xhtml\">");
- PUTS("<head>\n");
- php_info_print_style(TSRMLS_C);
- PUTS("<title>phpinfo()</title>");
+++ /dev/null
-diff -up php-5.2.17/ext/standard/file.c.bug-52624 php-5.2.17/ext/standard/file.c
---- php-5.2.17/ext/standard/file.c.bug-52624 2012-01-12 11:20:05.000000000 +0700
-+++ php-5.2.17/ext/standard/file.c 2012-01-12 11:21:32.000000000 +0700
-@@ -842,7 +842,7 @@ PHP_FUNCTION(tempnam)
- p[63] = '\0';
- }
-
-- if ((fd = php_open_temporary_fd(d, p, &opened_path TSRMLS_CC)) >= 0) {
-+ if ((fd = php_open_temporary_fd_ex(d, p, &opened_path,1 TSRMLS_CC)) >= 0) {
- close(fd);
- RETVAL_STRING(opened_path, 0);
- } else {
+++ /dev/null
-diff -up php-5.2.17/ext/tidy/tidy.c.bug-54682 php-5.2.17/ext/tidy/tidy.c
---- php-5.2.17/ext/tidy/tidy.c.bug-54682 2012-01-12 11:42:01.000000000 +0700
-+++ php-5.2.17/ext/tidy/tidy.c 2012-01-12 11:42:17.000000000 +0700
-@@ -1178,7 +1178,7 @@ static PHP_FUNCTION(tidy_diagnose)
- {
- TIDY_FETCH_OBJECT;
-
-- if (tidyRunDiagnostics(obj->ptdoc->doc) >= 0) {
-+ if (tidyStatus(obj->ptdoc->doc) != 0 && tidyRunDiagnostics(obj->ptdoc->doc) >= 0) {
- tidy_doc_update_properties(obj TSRMLS_CC);
- RETURN_TRUE;
- }
+++ /dev/null
-diff -up php-5.2.17/ext/standard/var.c.bug-55082 php-5.2.17/ext/standard/var.c
---- php-5.2.17/ext/standard/var.c.bug-55082 2010-09-14 03:14:18.000000000 +0700
-+++ php-5.2.17/ext/standard/var.c 2011-08-28 15:18:52.000000000 +0700
-@@ -401,7 +401,7 @@ static int php_object_element_export(zva
- {
- int level;
- smart_str *buf;
-- char *prop_name, *class_name;
-+
- TSRMLS_FETCH();
-
- level = va_arg(args, int);
-@@ -409,11 +409,20 @@ static int php_object_element_export(zva
-
- buffer_append_spaces(buf, level + 2);
- if (hash_key->nKeyLength != 0) {
-- zend_unmangle_property_name(hash_key->arKey, hash_key->nKeyLength - 1, &class_name, &prop_name);
-+ char *class_name, /* ignored, but must be passed to unmangle */
-+ *pname,
-+ *pname_esc;
-+ int pname_esc_len;
-+
-+ zend_unmangle_property_name(hash_key->arKey, hash_key->nKeyLength - 1,
-+ &class_name, &pname);
-+ pname_esc = php_addcslashes(pname, strlen(pname), &pname_esc_len, 0,
-+ "'\\", 2 TSRMLS_CC);
-
- smart_str_appendc(buf, '\'');
-- smart_str_appends(buf, prop_name);
-+ smart_str_appendl(buf, pname_esc, pname_esc_len);
- smart_str_appendc(buf, '\'');
-+ efree(pname_esc);
- } else {
- smart_str_append_long(buf, hash_key->h);
- }
+++ /dev/null
-diff -up php-5.2.17/ext/standard/base64.c.bug-55273 php-5.2.17/ext/standard/base64.c
---- php-5.2.17/ext/standard/base64.c.bug-55273 2012-01-12 10:45:40.000000000 +0700
-+++ php-5.2.17/ext/standard/base64.c 2012-01-12 10:47:32.000000000 +0700
-@@ -154,7 +154,15 @@ PHPAPI unsigned char *php_base64_decode_
- /* run through the whole string, converting as we go */
- while ((ch = *current++) != '\0' && length-- > 0) {
- if (ch == base64_pad) {
-- if (*current != '=' && (i % 4) == 1) {
-+ if (*current != '=' && ((i % 4) == 1 || (strict && length > 0))) {
-+ if ((i % 4) != 1) {
-+ while (isspace(*(++current))) {
-+ continue;
-+ }
-+ if (*current == '\0') {
-+ continue;
-+ }
-+ }
- efree(result);
- return NULL;
- }
+++ /dev/null
-diff -up php-5.2.17/ext/standard/string.c.bug-55366 php-5.2.17/ext/standard/string.c
---- php-5.2.17/ext/standard/string.c.bug-55366 2012-01-12 10:35:09.000000000 +0700
-+++ php-5.2.17/ext/standard/string.c 2012-01-12 10:36:38.000000000 +0700
-@@ -2462,6 +2462,10 @@ PHP_FUNCTION(substr_replace)
- RETURN_STRINGL(Z_STRVAL_PP(str), Z_STRLEN_PP(str), 1);
- }
- } else { /* str is array of strings */
-+ char *str_index = NULL;
-+ uint str_index_len;
-+ ulong num_index;
-+
- array_init(return_value);
-
- if (Z_TYPE_PP(from) == IS_ARRAY) {
-@@ -2599,7 +2603,13 @@ PHP_FUNCTION(substr_replace)
- }
-
- result[result_len] = '\0';
-- add_next_index_stringl(return_value, result, result_len, 0);
-+
-+ if (zend_hash_get_current_key_ex(Z_ARRVAL_PP(str), &str_index, &str_index_len, &num_index, 0, &pos_str) == HASH_KEY_IS_STRING) {
-+ add_assoc_stringl_ex(return_value, str_index, str_index_len, result, result_len, 0);
-+ } else {
-+ add_index_stringl(return_value, num_index, result, result_len, 0);
-+ }
-+
- if(Z_TYPE_PP(tmp_str) != IS_STRING) {
- zval_dtor(orig_str);
- }
+++ /dev/null
-diff -up php-5.2.17/ext/filter/logical_filters.c.bug-55478 php-5.2.17/ext/filter/logical_filters.c
---- php-5.2.17/ext/filter/logical_filters.c.bug-55478 2012-01-12 12:35:32.000000000 +0700
-+++ php-5.2.17/ext/filter/logical_filters.c 2012-01-12 12:36:11.000000000 +0700
-@@ -522,7 +522,7 @@ void php_filter_validate_email(PHP_INPUT
- * Feel free to use and redistribute this code. But please keep this copyright notice.
- *
- */
-- const char regexp[] = "/^(?!(?:(?:\\x22?\\x5C[\\x00-\\x7E]\\x22?)|(?:\\x22?[^\\x5C\\x22]\\x22?)){255,})(?!(?:(?:\\x22?\\x5C[\\x00-\\x7E]\\x22?)|(?:\\x22?[^\\x5C\\x22]\\x22?)){65,}@)(?:(?:[\\x21\\x23-\\x27\\x2A\\x2B\\x2D\\x2F-\\x39\\x3D\\x3F\\x5E-\\x7E]+)|(?:\\x22(?:[\\x01-\\x08\\x0B\\x0C\\x0E-\\x1F\\x21\\x23-\\x5B\\x5D-\\x7F]|(?:\\x5C[\\x00-\\x7F]))*\\x22))(?:\\.(?:(?:[\\x21\\x23-\\x27\\x2A\\x2B\\x2D\\x2F-\\x39\\x3D\\x3F\\x5E-\\x7E]+)|(?:\\x22(?:[\\x01-\\x08\\x0B\\x0C\\x0E-\\x1F\\x21\\x23-\\x5B\\x5D-\\x7F]|(?:\\x5C[\\x00-\\x7F]))*\\x22)))*@(?:(?:(?!.*[^.]{64,})(?:(?:(?:xn--)?[a-z0-9]+(?:-[a-z0-9]+)*\\.){1,126}){1,}(?:(?:[a-z][a-z0-9]*)|(?:(?:xn--)[a-z0-9]+))(?:-[a-z0-9]+)*)|(?:\\[(?:(?:IPv6:(?:(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){7})|(?:(?!(?:.*[a-f0-9][:\\]]){7,})(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){0,5})?::(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){0,5})?)))|(?:(?:IPv6:(?:(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){5}:)|(?:(?!(?:.*[a-f0-9]:){5,})(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){0,3})?::(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){0,3}:)?)))?(?:(?:25[0-5])|(?:2[0-4][0-9])|(?:1[0-9]{2})|(?:[1-9]?[0-9]))(?:\\.(?:(?:25[0-5])|(?:2[0-4][0-9])|(?:1[0-9]{2})|(?:[1-9]?[0-9]))){3}))\\]))$/iD";
-+ const char regexp[] = "/^(?!(?:(?:\\x22?\\x5C[\\x00-\\x7E]\\x22?)|(?:\\x22?[^\\x5C\\x22]\\x22?)){255,})(?!(?:(?:\\x22?\\x5C[\\x00-\\x7E]\\x22?)|(?:\\x22?[^\\x5C\\x22]\\x22?)){65,}@)(?:(?:[\\x21\\x23-\\x27\\x2A\\x2B\\x2D\\x2F-\\x39\\x3D\\x3F\\x5E-\\x7E]+)|(?:\\x22(?:[\\x01-\\x08\\x0B\\x0C\\x0E-\\x1F\\x21\\x23-\\x5B\\x5D-\\x7F]|(?:\\x5C[\\x00-\\x7F]))*\\x22))(?:\\.(?:(?:[\\x21\\x23-\\x27\\x2A\\x2B\\x2D\\x2F-\\x39\\x3D\\x3F\\x5E-\\x7E]+)|(?:\\x22(?:[\\x01-\\x08\\x0B\\x0C\\x0E-\\x1F\\x21\\x23-\\x5B\\x5D-\\x7F]|(?:\\x5C[\\x00-\\x7F]))*\\x22)))*@(?:(?:(?!.*[^.]{64,})(?:(?:(?:xn--)?[a-z0-9]+(?:-+[a-z0-9]+)*\\.){1,126}){1,}(?:(?:[a-z][a-z0-9]*)|(?:(?:xn--)[a-z0-9]+))(?:-+[a-z0-9]+)*)|(?:\\[(?:(?:IPv6:(?:(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){7})|(?:(?!(?:.*[a-f0-9][:\\]]){7,})(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){0,5})?::(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){0,5})?)))|(?:(?:IPv6:(?:(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){5}:)|(?:(?!(?:.*[a-f0-9]:){5,})(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){0,3})?::(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){0,3}:)?)))?(?:(?:25[0-5])|(?:2[0-4][0-9])|(?:1[0-9]{2})|(?:[1-9]?[0-9]))(?:\\.(?:(?:25[0-5])|(?:2[0-4][0-9])|(?:1[0-9]{2})|(?:[1-9]?[0-9]))){3}))\\]))$/iD";
-
- pcre *re = NULL;
- pcre_extra *pcre_extra = NULL;
+++ /dev/null
-diff -up php-5.2.17/main/rfc1867.c.bug-55504 php-5.2.17/main/rfc1867.c
---- php-5.2.17/main/rfc1867.c.bug-55504 2012-01-12 10:13:38.000000000 +0700
-+++ php-5.2.17/main/rfc1867.c 2012-01-12 10:14:14.000000000 +0700
-@@ -817,7 +817,7 @@ SAPI_API SAPI_POST_HANDLER_FUNC(rfc1867_
- }
- } else {
- /* search for the end of the boundary */
-- boundary_end = strchr(boundary, ',');
-+ boundary_end = strpbrk(boundary, ",;");
- }
- if (boundary_end) {
- boundary_end[0] = '\0';
+++ /dev/null
-diff -up php-5.2.17/Zend/zend_alloc.c.bug-55509 php-5.2.17/Zend/zend_alloc.c
---- php-5.2.17/Zend/zend_alloc.c.bug-55509 2012-01-12 09:58:25.000000000 +0700
-+++ php-5.2.17/Zend/zend_alloc.c 2012-01-12 09:59:26.000000000 +0700
-@@ -491,7 +491,7 @@ static unsigned int _zend_mm_cookie = 0;
- #define ZEND_MM_IS_GUARD_BLOCK(b) (((b)->info._size & ZEND_MM_TYPE_MASK) == ZEND_MM_GUARD_BLOCK)
-
- #define ZEND_MM_NEXT_BLOCK(b) ZEND_MM_BLOCK_AT(b, ZEND_MM_BLOCK_SIZE(b))
--#define ZEND_MM_PREV_BLOCK(b) ZEND_MM_BLOCK_AT(b, -(int)((b)->info._prev & ~ZEND_MM_TYPE_MASK))
-+#define ZEND_MM_PREV_BLOCK(b) ZEND_MM_BLOCK_AT(b, -(ssize_t)((b)->info._prev & ~ZEND_MM_TYPE_MASK))
-
- #define ZEND_MM_PREV_BLOCK_IS_FREE(b) (!((b)->info._prev & ZEND_MM_USED_BLOCK))
-
+++ /dev/null
-diff -up php-5.2.17/ext/standard/file.c.bug-55674 php-5.2.17/ext/standard/file.c
---- php-5.2.17/ext/standard/file.c.bug-55674 2012-01-12 09:39:13.000000000 +0700
-+++ php-5.2.17/ext/standard/file.c 2012-01-12 09:39:28.000000000 +0700
-@@ -2156,7 +2156,7 @@ PHPAPI void php_fgetcsv(php_stream *stre
- inc_len = (bptr < limit ? (*bptr == '\0' ? 1: php_mblen(bptr, limit - bptr)): 0);
- if (inc_len == 1) {
- char *tmp = bptr;
-- while (isspace((int)*(unsigned char *)tmp)) {
-+ while ((*tmp != delimiter) && isspace((int)*(unsigned char *)tmp)) {
- tmp++;
- }
- if (*tmp == enclosure) {
+++ /dev/null
-diff -up php-5.2.17/ext/pdo/pdo_stmt.c.bug-55776 php-5.2.17/ext/pdo/pdo_stmt.c
---- php-5.2.17/ext/pdo/pdo_stmt.c.bug-55776 2012-02-16 08:41:58.000000000 +0700
-+++ php-5.2.17/ext/pdo/pdo_stmt.c 2012-02-16 08:43:19.000000000 +0700
-@@ -2353,6 +2353,7 @@ static zend_object_value dbstmt_clone_ob
- }
-
- zend_object_handlers pdo_dbstmt_object_handlers;
-+static int pdo_row_serialize(zval *object, unsigned char **buffer, zend_uint *buf_len, zend_serialize_data *data TSRMLS_DC);
-
- void pdo_stmt_init(TSRMLS_D)
- {
-@@ -2376,6 +2377,7 @@ void pdo_stmt_init(TSRMLS_D)
- pdo_row_ce = zend_register_internal_class(&ce TSRMLS_CC);
- pdo_row_ce->ce_flags |= ZEND_ACC_FINAL_CLASS; /* when removing this a lot of handlers need to be redone */
- pdo_row_ce->create_object = pdo_row_new;
-+ pdo_row_ce->serialize = pdo_row_serialize;
- }
-
- static void free_statement(pdo_stmt_t *stmt TSRMLS_DC)
-@@ -2795,6 +2797,12 @@ zend_object_value pdo_row_new(zend_class
-
- return retval;
- }
-+
-+static int pdo_row_serialize(zval *object, unsigned char **buffer, zend_uint *buf_len, zend_serialize_data *data TSRMLS_DC)
-+{
-+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "PDORow instances may not be serialized");
-+ return FAILURE;
-+}
- /* }}} */
-
- /*
+++ /dev/null
-diff -up php-5.2.17/ext/standard/proc_open.c.bug-60120 php-5.2.17/ext/standard/proc_open.c
---- php-5.2.17/ext/standard/proc_open.c.bug-60120 2012-01-12 09:22:27.000000000 +0700
-+++ php-5.2.17/ext/standard/proc_open.c 2012-01-12 09:22:47.000000000 +0700
-@@ -453,7 +453,7 @@ PHP_FUNCTION(proc_get_status)
-
- /* {{{ handy definitions for portability/readability */
- #ifdef PHP_WIN32
--# define pipe(pair) (CreatePipe(&pair[0], &pair[1], &security, 2048L) ? 0 : -1)
-+# define pipe(pair) (CreatePipe(&pair[0], &pair[1], &security, 0) ? 0 : -1)
-
- # define COMSPEC_NT "cmd.exe"
- # define COMSPEC_9X "command.com"
+++ /dev/null
-diff -up php-5.2.17/Zend/zend_execute_API.c.bug-60138 php-5.2.17/Zend/zend_execute_API.c
---- php-5.2.17/Zend/zend_execute_API.c.bug-60138 2012-01-12 09:18:41.000000000 +0700
-+++ php-5.2.17/Zend/zend_execute_API.c 2012-01-12 09:19:13.000000000 +0700
-@@ -935,10 +935,11 @@ int zend_call_function(zend_fcall_info *
- && (EX(function_state).function->common.fn_flags & ZEND_ACC_CALL_VIA_HANDLER) == 0
- && !ARG_SHOULD_BE_SENT_BY_REF(EX(function_state).function, i + 1)
- && PZVAL_IS_REF(*fci->params[i])) {
-- SEPARATE_ZVAL(fci->params[i]);
-- }
--
-- if (ARG_SHOULD_BE_SENT_BY_REF(EX(function_state).function, i+1)
-+ ALLOC_ZVAL(param);
-+ *param = **(fci->params[i]);
-+ INIT_PZVAL(param);
-+ zval_copy_ctor(param);
-+ } else if (ARG_SHOULD_BE_SENT_BY_REF(EX(function_state).function, i + 1)
- && !PZVAL_IS_REF(*fci->params[i])) {
- if ((*fci->params[i])->refcount>1) {
- zval *new_zval;
+++ /dev/null
-diff -up php-5.2.17/ext/ftp/ftp.c.bug-60183 php-5.2.17/ext/ftp/ftp.c
---- php-5.2.17/ext/ftp/ftp.c.bug-60183 2012-01-12 12:04:18.000000000 +0700
-+++ php-5.2.17/ext/ftp/ftp.c 2012-01-12 12:04:40.000000000 +0700
-@@ -1122,6 +1122,9 @@ ftp_putcmd(ftpbuf_t *ftp, const char *cm
-
- data = ftp->outbuf;
-
-+ /* Clear the extra-lines buffer */
-+ ftp->extra = NULL;
-+
- if (my_send(ftp, ftp->fd, data, size) != size) {
- return 0;
- }
+++ /dev/null
-diff -up php-5.2.17/sapi/apache2filter/sapi_apache2.c.bug-60206 php-5.2.17/sapi/apache2filter/sapi_apache2.c
---- php-5.2.17/sapi/apache2filter/sapi_apache2.c.bug-60206 2012-01-12 09:06:47.000000000 +0700
-+++ php-5.2.17/sapi/apache2filter/sapi_apache2.c 2012-01-12 09:06:59.000000000 +0700
-@@ -404,7 +404,7 @@ static void php_apache_request_ctor(ap_f
- efree(content_type);
-
- content_length = (char *) apr_table_get(f->r->headers_in, "Content-Length");
-- SG(request_info).content_length = (content_length ? atoi(content_length) : 0);
-+ SG(request_info).content_length = (content_length ? atol(content_length) : 0);
-
- apr_table_unset(f->r->headers_out, "Content-Length");
- apr_table_unset(f->r->headers_out, "Last-Modified");
-diff -up php-5.2.17/sapi/apache2handler/sapi_apache2.c.bug-60206 php-5.2.17/sapi/apache2handler/sapi_apache2.c
---- php-5.2.17/sapi/apache2handler/sapi_apache2.c.bug-60206 2012-01-12 09:07:37.000000000 +0700
-+++ php-5.2.17/sapi/apache2handler/sapi_apache2.c 2012-01-12 09:07:46.000000000 +0700
-@@ -454,7 +454,7 @@ static int php_apache_request_ctor(reque
- r->no_local_copy = 1;
-
- content_length = (char *) apr_table_get(r->headers_in, "Content-Length");
-- SG(request_info).content_length = (content_length ? atoi(content_length) : 0);
-+ SG(request_info).content_length = (content_length ? atol(content_length) : 0);
-
- apr_table_unset(r->headers_out, "Content-Length");
- apr_table_unset(r->headers_out, "Last-Modified");
-diff -up php-5.2.17/sapi/apache_hooks/mod_php5.c.bug-60206 php-5.2.17/sapi/apache_hooks/mod_php5.c
---- php-5.2.17/sapi/apache_hooks/mod_php5.c.bug-60206 2012-01-12 09:08:19.000000000 +0700
-+++ php-5.2.17/sapi/apache_hooks/mod_php5.c 2012-01-12 09:08:26.000000000 +0700
-@@ -571,7 +571,7 @@ static void init_request_info(TSRMLS_D)
- SG(request_info).request_method = (char *)r->method;
- SG(request_info).proto_num = r->proto_num;
- SG(request_info).content_type = (char *) table_get(r->subprocess_env, "CONTENT_TYPE");
-- SG(request_info).content_length = (content_length ? atoi(content_length) : 0);
-+ SG(request_info).content_length = (content_length ? atol(content_length) : 0);
- SG(sapi_headers).http_response_code = r->status;
-
- if (r->headers_in) {
-diff -up php-5.2.17/sapi/apache/mod_php5.c.bug-60206 php-5.2.17/sapi/apache/mod_php5.c
---- php-5.2.17/sapi/apache/mod_php5.c.bug-60206 2012-01-12 09:05:59.000000000 +0700
-+++ php-5.2.17/sapi/apache/mod_php5.c 2012-01-12 09:06:19.000000000 +0700
-@@ -513,7 +513,7 @@ static void init_request_info(TSRMLS_D)
- SG(request_info).request_uri = r->uri;
- SG(request_info).request_method = (char *)r->method;
- SG(request_info).content_type = (char *) table_get(r->subprocess_env, "CONTENT_TYPE");
-- SG(request_info).content_length = (content_length ? atoi(content_length) : 0);
-+ SG(request_info).content_length = (content_length ? atol(content_length) : 0);
- SG(sapi_headers).http_response_code = r->status;
- SG(request_info).proto_num = r->proto_num;
-
+++ /dev/null
-diff -up php-5.2.17/main/streams/streams.c.bug-60455 php-5.2.17/main/streams/streams.c
---- php-5.2.17/main/streams/streams.c.bug-60455 2012-01-12 11:50:11.000000000 +0700
-+++ php-5.2.17/main/streams/streams.c 2012-01-12 11:50:55.000000000 +0700
-@@ -879,7 +879,7 @@ PHPAPI char *php_stream_get_record(php_s
- just_read = (stream->writepos - stream->readpos) - len;
- len += just_read;
-
-- if (just_read < toread) {
-+ if (just_read == 0) {
- break;
- }
- }
+++ /dev/null
-diff -u -r php-5.2.17/main/main.c php-5.2.17-patched/main/main.c
---- php-5.2.17/main/main.c 2010-06-20 04:47:24.000000000 +0800
-+++ php-5.2.17-patched/main/main.c 2011-12-31 09:59:05.000000000 +0800
-@@ -457,6 +457,7 @@
-
- STD_PHP_INI_BOOLEAN("allow_url_fopen", "1", PHP_INI_SYSTEM, OnUpdateBool, allow_url_fopen, php_core_globals, core_globals)
- STD_PHP_INI_BOOLEAN("allow_url_include", "0", PHP_INI_SYSTEM, OnUpdateBool, allow_url_include, php_core_globals, core_globals)
-+ STD_PHP_INI_ENTRY("max_input_vars", "1000", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateLongGEZero, max_input_vars, php_core_globals, core_globals)
- STD_PHP_INI_BOOLEAN("always_populate_raw_post_data", "0", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateBool, always_populate_raw_post_data, php_core_globals, core_globals)
-
- STD_PHP_INI_ENTRY("realpath_cache_size", "16K", PHP_INI_SYSTEM, OnUpdateLong, realpath_cache_size_limit, virtual_cwd_globals, cwd_globals)
-diff -u -r php-5.2.17/main/php_globals.h php-5.2.17-patched/main/php_globals.h
---- php-5.2.17/main/php_globals.h 2010-01-03 17:23:27.000000000 +0800
-+++ php-5.2.17-patched/main/php_globals.h 2011-12-31 09:59:05.000000000 +0800
-@@ -160,6 +160,7 @@
- zend_bool com_initialized;
- #endif
- long max_input_nesting_level;
-+ long max_input_vars;
- zend_bool in_user_include;
- zend_bool in_error_log;
- };
-diff -u -r php-5.2.17/main/php_variables.c php-5.2.17-patched/main/php_variables.c
---- php-5.2.17/main/php_variables.c 2010-01-03 17:23:27.000000000 +0800
-+++ php-5.2.17-patched/main/php_variables.c 2011-12-31 09:59:05.000000000 +0800
-@@ -187,6 +187,9 @@
- }
- if (zend_symtable_find(symtable1, escaped_index, index_len + 1, (void **) &gpc_element_p) == FAILURE
- || Z_TYPE_PP(gpc_element_p) != IS_ARRAY) {
-+ if (zend_hash_num_elements(symtable1) >= PG(max_input_vars)) {
-+ php_error_docref(NULL TSRMLS_CC, E_ERROR, "Input variables exceeded %ld. To increase the limit change max_input_vars in php.ini.", PG(max_input_vars));
-+ }
- MAKE_STD_ZVAL(gpc_element);
- array_init(gpc_element);
- zend_symtable_update(symtable1, escaped_index, index_len + 1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p);
-@@ -232,6 +235,9 @@
- zend_symtable_exists(symtable1, escaped_index, index_len + 1)) {
- zval_ptr_dtor(&gpc_element);
- } else {
-+ if (zend_hash_num_elements(symtable1) >= PG(max_input_vars)) {
-+ php_error_docref(NULL TSRMLS_CC, E_ERROR, "Input variables exceeded %ld. To increase the limit change max_input_vars in php.ini.", PG(max_input_vars));
-+ }
- zend_symtable_update(symtable1, escaped_index, index_len + 1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p);
- }
- if (escaped_index != index) {
+++ /dev/null
---- PHP_5_3/ext/standard/ftp_fopen_wrapper.c 2010/12/13 14:29:42 306341
-+++ PHP_5_3/ext/standard/ftp_fopen_wrapper.c 2010/12/13 16:53:26 306342
-@@ -98,13 +98,33 @@
- static int php_stream_ftp_stream_close(php_stream_wrapper *wrapper, php_stream *stream TSRMLS_DC)
- {
- php_stream *controlstream = (php_stream *)stream->wrapperdata;
-+ int ret = 0;
-
- if (controlstream) {
-+ if (strpbrk(stream->mode, "wa+")) {
-+ char tmp_line[512];
-+ int result;
-+
-+ /* For write modes close data stream first to signal EOF to server */
-+ stream->wrapperdata = NULL;
-+ php_stream_close(stream);
-+ stream = NULL;
-+
-+ result = GET_FTP_RESULT(controlstream);
-+ if (result != 226 && result != 250) {
-+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "FTP server error %d:%s", result, tmp_line);
-+ ret = EOF;
-+ }
-+ }
-+
- php_stream_write_string(controlstream, "QUIT\r\n");
- php_stream_close(controlstream);
-- stream->wrapperdata = NULL;
-+ if (stream) {
-+ stream->wrapperdata = NULL;
-+ }
- }
-- return 0;
-+
-+ return ret;
- }
- /* }}} */
-
+++ /dev/null
---- PHP_5_2/ext/snmp/snmp.c 2011/01/31 11:17:22 307875
-+++ PHP_5_2/ext/snmp/snmp.c 2011/01/31 11:34:12 307876
-@@ -502,7 +502,7 @@
- }
- }
- } else {
-- if (st != SNMP_CMD_WALK || response->errstat != SNMP_ERR_NOSUCHNAME) {
-+ if ((st != SNMP_CMD_WALK && st != SNMP_CMD_REALWALK) || response->errstat != SNMP_ERR_NOSUCHNAME) {
- php_error_docref(NULL TSRMLS_CC, E_WARNING, "Error in packet: %s", snmp_errstring(response->errstat));
- if (response->errstat == SNMP_ERR_NOSUCHNAME) {
- for (count=1, vars = response->variables; vars && count != response->errindex;
+++ /dev/null
---- PHP_5_3/ext/filter/filter.c 2010/12/22 16:03:43 306574
-+++ PHP_5_3/ext/filter/filter.c 2010/12/22 16:18:59 306575
-@@ -559,7 +559,7 @@
- if (jit_initialization) {
- zend_is_auto_global("_ENV", sizeof("_ENV")-1 TSRMLS_CC);
- }
-- array_ptr = IF_G(env_array);
-+ array_ptr = IF_G(env_array) ? IF_G(env_array) : PG(http_globals)[TRACK_VARS_ENV];
- break;
- case PARSE_SESSION:
- /* FIXME: Implement session source */
+++ /dev/null
---- PHP_5_3/ext/date/php_date.c 2011/01/30 09:28:54 307852
-+++ PHP_5_3/ext/date/php_date.c 2011/01/30 10:18:12 307853
-@@ -3090,6 +3090,7 @@
- dateobj->time->y = y;
- dateobj->time->m = 1;
- dateobj->time->d = 1;
-+ memset(&dateobj->time->relative, 0, sizeof(dateobj->time->relative));
- dateobj->time->relative.d = timelib_daynr_from_weeknr(y, w, d);
- dateobj->time->have_relative = 1;
-
+++ /dev/null
---- PHP_5_3/ext/filter/logical_filters.c 2010/12/12 18:27:59 306281
-+++ PHP_5_3/ext/filter/logical_filters.c 2010/12/12 18:36:21 306282
-@@ -710,8 +710,11 @@
- if (flags & FILTER_FLAG_NO_RES_RANGE) {
- if (
- (ip[0] == 0) ||
-+ (ip[0] == 128 && ip[1] == 0) ||
-+ (ip[0] == 191 && ip[1] == 255) ||
- (ip[0] == 169 && ip[1] == 254) ||
- (ip[0] == 192 && ip[1] == 0 && ip[2] == 2) ||
-+ (ip[0] == 127 && ip[1] == 0 && ip[2] == 0 && ip[3] == 1) ||
- (ip[0] >= 224 && ip[0] <= 255)
- ) {
- RETURN_VALIDATION_FAILED
-@@ -731,6 +734,9 @@
- if (Z_STRLEN_P(value) >=2 && (!strncasecmp("FC", Z_STRVAL_P(value), 2) || !strncasecmp("FD", Z_STRVAL_P(value), 2))) {
- RETURN_VALIDATION_FAILED
- }
-+ }
-+ if (flags & FILTER_FLAG_NO_RES_RANGE && Z_STRLEN_P(value) == 3 && !strcmp("::1", Z_STRVAL_P(value))) {
-+ RETURN_VALIDATION_FAILED
- }
- }
- break;
+++ /dev/null
---- PHP_5_3/ext/imap/php_imap.c 2010/11/23 10:22:34 305685
-+++ PHP_5_3/ext/imap/php_imap.c 2010/11/23 10:34:44 305686
-@@ -4235,7 +4235,7 @@
- }
-
- offset = end_token+2;
-- for (i = 0; (string[offset + i] == ' ') || (string[offset + i] == 0x0a) || (string[offset + i] == 0x0d); i++);
-+ for (i = 0; (string[offset + i] == ' ') || (string[offset + i] == 0x0a) || (string[offset + i] == 0x0d) || (string[offset + i] == '\t'); i++);
- if ((string[offset + i] == '=') && (string[offset + i + 1] == '?') && (offset + i < end)) {
- offset += i;
- }
+++ /dev/null
---- PHP_5_3/ext/spl/spl_array.c 2010/12/10 22:51:08 306212
-+++ PHP_5_3/ext/spl/spl_array.c 2010/12/10 23:58:33 306213
-@@ -579,8 +579,15 @@
- switch(Z_TYPE_P(offset)) {
- case IS_STRING:
- if (check_empty) {
-- if (zend_symtable_find(spl_array_get_hash_table(intern, 0 TSRMLS_CC), Z_STRVAL_P(offset), Z_STRLEN_P(offset)+1, (void **) &tmp) != FAILURE && zend_is_true(*tmp)) {
-- return 1;
-+ if (zend_symtable_find(spl_array_get_hash_table(intern, 0 TSRMLS_CC), Z_STRVAL_P(offset), Z_STRLEN_P(offset)+1, (void **) &tmp) != FAILURE) {
-+ switch (check_empty) {
-+ case 0:
-+ return Z_TYPE_PP(tmp) != IS_NULL;
-+ case 2:
-+ return 1;
-+ default:
-+ return zend_is_true(*tmp);
-+ }
- }
- return 0;
- } else {
-@@ -597,8 +604,15 @@
- }
- if (check_empty) {
- HashTable *ht = spl_array_get_hash_table(intern, 0 TSRMLS_CC);
-- if (zend_hash_index_find(ht, index, (void **)&tmp) != FAILURE && zend_is_true(*tmp)) {
-- return 1;
-+ if (zend_hash_index_find(ht, index, (void **)&tmp) != FAILURE) {
-+ switch (check_empty) {
-+ case 0:
-+ return Z_TYPE_PP(tmp) != IS_NULL;
-+ case 2:
-+ return 1;
-+ default:
-+ return zend_is_true(*tmp);
-+ }
- }
- return 0;
- } else {
+++ /dev/null
---- PHP_5_3/ext/zip/lib/zip_dirent.c 2010/12/17 21:21:06 306415
-+++ PHP_5_3/ext/zip/lib/zip_dirent.c 2010/12/17 23:05:26 306416
-@@ -473,10 +473,8 @@
- static time_t
- _zip_d2u_time(int dtime, int ddate)
- {
-- struct tm tm;
-+ struct tm tm = {0};
-
-- memset(&tm, sizeof(tm), 0);
--
- /* let mktime decide if DST is in effect */
- tm.tm_isdst = -1;
-
+++ /dev/null
---- PHP_5_3/ext/calendar/julian.c 2010/12/19 23:46:27 306474
-+++ PHP_5_3/ext/calendar/julian.c 2010/12/19 23:47:00 306475
-@@ -146,6 +146,7 @@
- **************************************************************************/
-
- #include "sdncal.h"
-+#include <limits.h>
-
- #define JULIAN_SDN_OFFSET 32083
- #define DAYS_PER_5_MONTHS 153
-@@ -164,15 +165,22 @@
- int dayOfYear;
-
- if (sdn <= 0) {
-- *pYear = 0;
-- *pMonth = 0;
-- *pDay = 0;
-- return;
-+ goto fail;
- }
-- temp = (sdn + JULIAN_SDN_OFFSET) * 4 - 1;
-+ /* Check for overflow */
-+ if (sdn > (LONG_MAX - JULIAN_SDN_OFFSET * 4 + 1) / 4 || sdn < LONG_MIN / 4) {
-+ goto fail;
-+ }
-+ temp = sdn * 4 + (JULIAN_SDN_OFFSET * 4 - 1);
-
- /* Calculate the year and day of year (1 <= dayOfYear <= 366). */
-- year = temp / DAYS_PER_4_YEARS;
-+ {
-+ long yearl = temp / DAYS_PER_4_YEARS;
-+ if (yearl > INT_MAX || yearl < INT_MIN) {
-+ goto fail;
-+ }
-+ year = (int) yearl;
-+ }
- dayOfYear = (temp % DAYS_PER_4_YEARS) / 4 + 1;
-
- /* Calculate the month and day of month. */
-@@ -196,6 +204,12 @@
- *pYear = year;
- *pMonth = month;
- *pDay = day;
-+ return;
-+
-+fail:
-+ *pYear = 0;
-+ *pMonth = 0;
-+ *pDay = 0;
- }
-
- long int JulianToSdn(
+++ /dev/null
---- PHP_5_3/main/fopen_wrappers.c.orig Mon Dec 20 16:53:43 2010
-+++ PHP_5_3/main/fopen_wrappers.c Mon Dec 20 17:27:43 2010
-***************
-*** 229,235 ****
---- 229,239 ----
- if (expand_filepath(local_open_basedir, resolved_basedir TSRMLS_CC) != NULL) {
- /* Handler for basedirs that end with a / */
- resolved_basedir_len = strlen(resolved_basedir);
-+ #if defined(PHP_WIN32) || defined(NETWARE)
-+ if (basedir[strlen(basedir) - 1] == PHP_DIR_SEPARATOR || basedir[strlen(basedir) - 1] == '/') {
-+ #else
- if (basedir[strlen(basedir) - 1] == PHP_DIR_SEPARATOR) {
-+ #endif
- if (resolved_basedir[resolved_basedir_len - 1] != PHP_DIR_SEPARATOR) {
- resolved_basedir[resolved_basedir_len] = PHP_DIR_SEPARATOR;
- resolved_basedir[++resolved_basedir_len] = '\0';
+++ /dev/null
---- PHP_5_3/ext/zip/zip_stream.c 2010/12/20 10:50:59 306492
-+++ PHP_5_3/ext/zip/zip_stream.c 2010/12/20 11:00:27 306493
-@@ -216,6 +216,7 @@
- self->stream = NULL;
- self->cursor = 0;
- stream = php_stream_alloc(&php_stream_zipio_ops, self, NULL, mode);
-+ stream->orig_path = estrdup(path);
- } else {
- zip_close(stream_za);
- }
+++ /dev/null
---- PHP_5_3/ext/zip/php_zip.c 2010/12/24 19:31:38 306626
-+++ PHP_5_3/ext/zip/php_zip.c 2010/12/24 22:38:36 306627
-@@ -196,7 +196,7 @@
- }
-
- /* let see if the path already exists */
-- if (php_stream_stat_path(file_dirname_fullpath, &ssb) < 0) {
-+ if (php_stream_stat_path_ex(file_dirname_fullpath, PHP_STREAM_URL_STAT_QUIET, &ssb, NULL) < 0) {
-
- #if defined(PHP_WIN32) && (PHP_MAJOR_VERSION == 5 && PHP_MINOR_VERSION == 1)
- char *e;
-@@ -2378,7 +2378,7 @@
- RETURN_FALSE;
- }
-
-- if (php_stream_stat_path(pathto, &ssb) < 0) {
-+ if (php_stream_stat_path_ex(pathto, PHP_STREAM_URL_STAT_QUIET, &ssb, NULL) < 0) {
- ret = php_stream_mkdir(pathto, 0777, PHP_STREAM_MKDIR_RECURSIVE, NULL);
- if (!ret) {
- RETURN_FALSE;
+++ /dev/null
---- PHP_5_3/ext/readline/readline.c 2011/01/10 17:34:26 307342
-+++ PHP_5_3/ext/readline/readline.c 2011/01/10 18:19:02 307343
-@@ -196,7 +196,7 @@
- int prompt_len;
- char *result;
-
-- if (FAILURE == zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s!", &prompt, &prompt_len)) {
-+ if (FAILURE == zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "|s!", &prompt, &prompt_len)) {
- RETURN_FALSE;
- }
-
+++ /dev/null
---- PHP_5_3/ext/zip/php_zip.c 2011/01/28 04:17:08 307806
-+++ PHP_5_3/ext/zip/php_zip.c 2011/01/28 04:19:40 307807
-@@ -2754,6 +2754,12 @@
- REGISTER_ZIP_CLASS_CONST_LONG("CM_DEFLATE", ZIP_CM_DEFLATE);
- REGISTER_ZIP_CLASS_CONST_LONG("CM_DEFLATE64", ZIP_CM_DEFLATE64);
- REGISTER_ZIP_CLASS_CONST_LONG("CM_PKWARE_IMPLODE", ZIP_CM_PKWARE_IMPLODE);
-+ REGISTER_ZIP_CLASS_CONST_LONG("CM_BZIP2", ZIP_CM_BZIP2);
-+ REGISTER_ZIP_CLASS_CONST_LONG("CM_LZMA", ZIP_CM_LZMA);
-+ REGISTER_ZIP_CLASS_CONST_LONG("CM_TERSE", ZIP_CM_TERSE);
-+ REGISTER_ZIP_CLASS_CONST_LONG("CM_LZ77", ZIP_CM_LZ77);
-+ REGISTER_ZIP_CLASS_CONST_LONG("CM_WAVPACK", ZIP_CM_WAVPACK);
-+ REGISTER_ZIP_CLASS_CONST_LONG("CM_PPMD", ZIP_CM_PPMD);
-
- /* Error code */
- REGISTER_ZIP_CLASS_CONST_LONG("ER_OK", ZIP_ER_OK); /* N No error */
+++ /dev/null
---- PHP_5_3/main/streams/userspace.c 2011/02/01 20:59:25 307933
-+++ PHP_5_3/main/streams/userspace.c 2011/02/01 22:55:17 307934
-@@ -856,6 +856,7 @@
-
- #define STAT_PROP_ENTRY_EX(name, name2) \
- if (SUCCESS == zend_hash_find(Z_ARRVAL_P(array), #name, sizeof(#name), (void**)&elem)) { \
-+ SEPARATE_ZVAL(elem); \
- convert_to_long(*elem); \
- ssb->sb.st_##name2 = Z_LVAL_PP(elem); \
- }
+++ /dev/null
---- PHP_5_3/ext/standard/url.c 2011/02/04 19:22:43 308034
-+++ PHP_5_3/ext/standard/url.c 2011/02/04 21:41:15 308035
-@@ -180,15 +180,20 @@
- parse_port:
- p = e + 1;
- pp = p;
--
-+
- while (pp-p < 6 && isdigit(*pp)) {
- pp++;
- }
--
-+
- if (pp-p < 6 && (*pp == '/' || *pp == '\0')) {
- memcpy(port_buf, p, (pp-p));
- port_buf[pp-p] = '\0';
- ret->port = atoi(port_buf);
-+ if (!ret->port && (pp - p) > 0) {
-+ STR_FREE(ret->scheme);
-+ efree(ret);
-+ return NULL;
-+ }
- } else {
- goto just_path;
- }
-@@ -267,6 +272,13 @@
- memcpy(port_buf, p, (e-p));
- port_buf[e-p] = '\0';
- ret->port = atoi(port_buf);
-+ if (!ret->port && (e - p)) {
-+ STR_FREE(ret->scheme);
-+ STR_FREE(ret->user);
-+ STR_FREE(ret->pass);
-+ efree(ret);
-+ return NULL;
-+ }
- }
- p--;
- }
+++ /dev/null
---- PHP_5_3/main/snprintf.c 2011/02/21 06:22:00 308524
-+++ PHP_5_3/main/snprintf.c 2011/02/21 06:53:24 308525
-@@ -677,10 +677,6 @@
-
- /*
- * Check if a precision was specified
-- *
-- * XXX: an unreasonable amount of precision may be specified
-- * resulting in overflow of num_buf. Currently we
-- * ignore this possibility.
- */
- if (*fmt == '.') {
- adjust_precision = YES;
-@@ -694,6 +690,10 @@
- precision = 0;
- } else
- precision = 0;
-+
-+ if (precision > FORMAT_CONV_MAX_PRECISION) {
-+ precision = FORMAT_CONV_MAX_PRECISION;
-+ }
- } else
- adjust_precision = NO;
- } else
---- PHP_5_3/main/snprintf.h 2011/02/21 06:22:00 308524
-+++ PHP_5_3/main/snprintf.h 2011/02/21 06:53:24 308525
-@@ -12,7 +12,7 @@
- | obtain it through the world-wide-web, please send a note to |
- | license@php.net so we can mail you a copy immediately. |
- +----------------------------------------------------------------------+
-- | Author: Stig Sæther Bakken <ssb@php.net> |
-+ | Author: Stig Sæther Bakken <ssb@php.net> |
- | Marcus Boerger <helly@php.net> |
- +----------------------------------------------------------------------+
- */
-@@ -157,6 +157,17 @@
-
- extern char * ap_php_conv_p2(register u_wide_int num, register int nbits,
- char format, char *buf_end, register int *len);
-+
-+/* The maximum precision that's allowed for float conversion. Does not include
-+ * decimal separator, exponent, sign, terminator. Currently does not affect
-+ * the modes e/f, only g/k/H, as those have a different limit enforced at
-+ * another level (see NDIG in php_conv_fp()).
-+ * Applies to the formatting functions of both spprintf.c and snprintf.c, which
-+ * use equally sized buffers of MAX_BUF_SIZE = 512 to hold the result of the
-+ * call to php_gcvt().
-+ * This should be reasonably smaller than MAX_BUF_SIZE (I think MAX_BUF_SIZE - 9
-+ * should be enough, but let's give some more space) */
-+#define FORMAT_CONV_MAX_PRECISION 500
-
- #endif /* SNPRINTF_H */
-
---- PHP_5_3/main/spprintf.c 2011/02/21 06:22:00 308524
-+++ PHP_5_3/main/spprintf.c 2011/02/21 06:53:24 308525
-@@ -285,10 +285,6 @@
-
- /*
- * Check if a precision was specified
-- *
-- * XXX: an unreasonable amount of precision may be specified
-- * resulting in overflow of num_buf. Currently we
-- * ignore this possibility.
- */
- if (*fmt == '.') {
- adjust_precision = YES;
-@@ -302,6 +298,10 @@
- precision = 0;
- } else
- precision = 0;
-+
-+ if (precision > FORMAT_CONV_MAX_PRECISION) {
-+ precision = FORMAT_CONV_MAX_PRECISION;
-+ }
- } else
- adjust_precision = NO;
- } else
+++ /dev/null
---- PHP_5_3/ext/tokenizer/tokenizer.c 2011/02/28 14:16:00 308760
-+++ PHP_5_3/ext/tokenizer/tokenizer.c 2011/02/28 15:18:27 308761
-@@ -151,6 +151,10 @@
- ZVAL_NULL(&token);
-
- token_line = CG(zend_lineno);
-+
-+ if (token_type == T_HALT_COMPILER) {
-+ break;
-+ }
- }
- }
-
+++ /dev/null
---- PHP_5_3/ext/standard/ftp_fopen_wrapper.c 2011/02/27 20:10:08 308733
-+++ PHP_5_3/ext/standard/ftp_fopen_wrapper.c 2011/02/27 20:23:54 308734
-@@ -72,6 +72,12 @@
- #define FTPS_ENCRYPT_DATA 1
- #define GET_FTP_RESULT(stream) get_ftp_result((stream), tmp_line, sizeof(tmp_line) TSRMLS_CC)
-
-+typedef struct _php_ftp_dirstream_data {
-+ php_stream *datastream;
-+ php_stream *controlstream;
-+ php_stream *dirstream;
-+} php_ftp_dirstream_data;
-+
- /* {{{ get_ftp_result
- */
- static inline int get_ftp_result(php_stream *stream, char *buffer, size_t buffer_size TSRMLS_DC)
-@@ -97,7 +103,7 @@
- */
- static int php_stream_ftp_stream_close(php_stream_wrapper *wrapper, php_stream *stream TSRMLS_DC)
- {
-- php_stream *controlstream = (php_stream *)stream->wrapperdata;
-+ php_stream *controlstream = stream->wrapperthis;
- int ret = 0;
-
- if (controlstream) {
-@@ -106,10 +112,6 @@
- int result;
-
- /* For write modes close data stream first to signal EOF to server */
-- stream->wrapperdata = NULL;
-- php_stream_close(stream);
-- stream = NULL;
--
- result = GET_FTP_RESULT(controlstream);
- if (result != 226 && result != 250) {
- php_error_docref(NULL TSRMLS_CC, E_WARNING, "FTP server error %d:%s", result, tmp_line);
-@@ -119,9 +121,7 @@
-
- php_stream_write_string(controlstream, "QUIT\r\n");
- php_stream_close(controlstream);
-- if (stream) {
-- stream->wrapperdata = NULL;
-- }
-+ stream->wrapperthis = NULL;
- }
-
- return ret;
-@@ -584,7 +584,7 @@
- }
-
- /* remember control stream */
-- datastream->wrapperdata = (zval *)stream;
-+ datastream->wrapperthis = stream;
-
- php_url_free(resource);
- return datastream;
-@@ -608,11 +608,13 @@
- static size_t php_ftp_dirstream_read(php_stream *stream, char *buf, size_t count TSRMLS_DC)
- {
- php_stream_dirent *ent = (php_stream_dirent *)buf;
-- php_stream *innerstream = (php_stream *)stream->abstract;
-+ php_stream *innerstream;
- size_t tmp_len;
- char *basename;
- size_t basename_len;
-
-+ innerstream = ((php_ftp_dirstream_data *)stream->abstract)->datastream;
-+
- if (count != sizeof(php_stream_dirent)) {
- return 0;
- }
-@@ -656,13 +658,18 @@
- */
- static int php_ftp_dirstream_close(php_stream *stream, int close_handle TSRMLS_DC)
- {
-- php_stream *innerstream = (php_stream *)stream->abstract;
-+ php_ftp_dirstream_data *data = stream->abstract;
-
-- if (innerstream->wrapperdata) {
-- php_stream_close((php_stream *)innerstream->wrapperdata);
-- innerstream->wrapperdata = NULL;
-- }
-- php_stream_close((php_stream *)stream->abstract);
-+ /* close control connection */
-+ if (data->controlstream) {
-+ php_stream_close(data->controlstream);
-+ data->controlstream = NULL;
-+ }
-+ /* close data connection */
-+ php_stream_close(data->datastream);
-+ data->datastream = NULL;
-+
-+ efree(data);
- stream->abstract = NULL;
-
- return 0;
-@@ -688,6 +695,7 @@
- php_stream * php_stream_ftp_opendir(php_stream_wrapper *wrapper, char *path, char *mode, int options, char **opened_path, php_stream_context *context STREAMS_DC TSRMLS_DC)
- {
- php_stream *stream, *reuseid, *datastream = NULL;
-+ php_ftp_dirstream_data *dirsdata;
- php_url *resource = NULL;
- int result = 0, use_ssl, use_ssl_on_data = 0;
- char *hoststart = NULL, tmp_line[512];
-@@ -747,11 +755,14 @@
- goto opendir_errexit;
- }
-
-- /* remember control stream */
-- datastream->wrapperdata = (zval *)stream;
--
- php_url_free(resource);
-- return php_stream_alloc(&php_ftp_dirstream_ops, datastream, 0, mode);
-+
-+ dirsdata = emalloc(sizeof *dirsdata);
-+ dirsdata->datastream = datastream;
-+ dirsdata->controlstream = stream;
-+ dirsdata->dirstream = php_stream_alloc(&php_ftp_dirstream_ops, dirsdata, 0, mode);
-+
-+ return dirsdata->dirstream;
-
- opendir_errexit:
- if (resource) {
+++ /dev/null
---- PHP_5_3/main/php_open_temporary_file.c 2011/03/28 16:34:07 309791
-+++ PHP_5_3/main/php_open_temporary_file.c 2011/03/28 16:43:49 309792
-@@ -204,9 +204,13 @@
- */
- {
- char sTemp[MAX_PATH];
-- DWORD n = GetTempPath(sizeof(sTemp),sTemp);
-- assert(0 < n); /* should *never* fail! */
-- temporary_directory = strdup(sTemp);
-+ DWORD len = GetTempPath(sizeof(sTemp),sTemp);
-+ assert(0 < len); /* should *never* fail! */
-+ if (sTemp[len - 1] == DEFAULT_SLASH) {
-+ temporary_directory = zend_strndup(sTemp, len - 1);
-+ } else {
-+ temporary_directory = zend_strndup(sTemp, len);
-+ }
- return temporary_directory;
- }
- #else
+++ /dev/null
---- PHP_5_3/ext/standard/filters.c 2011/05/24 23:49:04 311406
-+++ PHP_5_3/ext/standard/filters.c 2011/05/24 23:49:26 311407
-@@ -1050,20 +1050,16 @@
- }
- } /* break is missing intentionally */
-
-- case 2: {
-- unsigned int nbl;
--
-+ case 2: {
- if (icnt <= 0) {
- goto out;
- }
-- nbl = (*ps >= 'A' ? *ps - 0x37 : *ps - 0x30);
-
-- if (nbl > 15) {
-+ if (!isxdigit((int) *ps)) {
- err = PHP_CONV_ERR_INVALID_SEQ;
- goto out;
- }
-- next_char = (next_char << 4) | nbl;
--
-+ next_char = (next_char << 4) | (*ps >= 'A' ? *ps - 0x37 : *ps - 0x30);
- scan_stat++;
- ps++, icnt--;
- if (scan_stat != 3) {
+++ /dev/null
---- PHP_5_3/ext/sockets/sockets.c 2011/03/14 22:27:40 309237
-+++ PHP_5_3/ext/sockets/sockets.c 2011/03/14 22:59:05 309238
-@@ -402,16 +402,13 @@
- }
- /* }}} */
-
--static int php_accept_connect(php_socket *in_sock, php_socket **new_sock, struct sockaddr *la TSRMLS_DC) /* {{{ */
-+static int php_accept_connect(php_socket *in_sock, php_socket **new_sock, struct sockaddr *la, socklen_t *la_len TSRMLS_DC) /* {{{ */
- {
-- socklen_t salen;
- php_socket *out_sock = (php_socket*)emalloc(sizeof(php_socket));
-
- *new_sock = out_sock;
-- salen = sizeof(*la);
-- out_sock->blocking = 1;
-
-- out_sock->bsd_socket = accept(in_sock->bsd_socket, la, &salen);
-+ out_sock->bsd_socket = accept(in_sock->bsd_socket, la, la_len);
-
- if (IS_INVALID_SOCKET(out_sock)) {
- PHP_SOCKET_ERROR(out_sock, "unable to accept incoming connection", errno);
-@@ -419,6 +416,10 @@
- return 0;
- }
-
-+ out_sock->error = 0;
-+ out_sock->blocking = 1;
-+ out_sock->type = la->sa_family;
-+
- return 1;
- }
- /* }}} */
-@@ -1023,9 +1024,10 @@
- Accepts a connection on the listening socket fd */
- PHP_FUNCTION(socket_accept)
- {
-- zval *arg1;
-- php_socket *php_sock, *new_sock;
-- struct sockaddr_in sa;
-+ zval *arg1;
-+ php_socket *php_sock, *new_sock;
-+ php_sockaddr_storage sa;
-+ socklen_t sa_len = sizeof(sa);
-
- if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "r", &arg1) == FAILURE) {
- return;
-@@ -1033,12 +1035,9 @@
-
- ZEND_FETCH_RESOURCE(php_sock, php_socket *, &arg1, -1, le_socket_name, le_socket);
-
-- if (!php_accept_connect(php_sock, &new_sock, (struct sockaddr *) &sa TSRMLS_CC)) {
-+ if (!php_accept_connect(php_sock, &new_sock, (struct sockaddr*)&sa, &sa_len TSRMLS_CC)) {
- RETURN_FALSE;
- }
--
-- new_sock->error = 0;
-- new_sock->blocking = 1;
-
- ZEND_REGISTER_RESOURCE(return_value, new_sock, le_socket);
- }
+++ /dev/null
---- PHP_5_3/main/streams/streams.c 2011/06/05 21:44:34 311848
-+++ PHP_5_3/main/streams/streams.c 2011/06/05 21:57:01 311849
-@@ -1184,7 +1184,7 @@
- }
-
- /* emulate forward moving seeks with reads */
-- if (whence == SEEK_CUR && offset > 0) {
-+ if (whence == SEEK_CUR && offset >= 0) {
- char tmp[1024];
- size_t didread;
- while(offset > 0) {
+++ /dev/null
---- PHP_5_3/ext/pdo/pdo_stmt.c 2011/06/01 12:53:07 311710
-+++ PHP_5_3/ext/pdo/pdo_stmt.c 2011/06/01 13:23:25 311711
-@@ -349,7 +349,10 @@
- /* if you prepare and then execute passing an array of params keyed by names,
- * then this will trigger, and we don't want that */
- if (param->paramno == -1) {
-- php_error_docref(NULL TSRMLS_CC, E_WARNING, "Did not found column name '%s' in the defined columns; it will not be bound", param->name);
-+ char *tmp;
-+ spprintf(&tmp, 0, "Did not find column name '%s' in the defined columns; it will not be bound", param->name);
-+ pdo_raise_impl_error(stmt->dbh, stmt, "HY000", tmp TSRMLS_CC);
-+ efree(tmp);
- }
- }
-
+++ /dev/null
---- PHP_5_3/sapi/cli/php_cli.c 2011/05/30 15:55:32 311599
-+++ PHP_5_3/sapi/cli/php_cli.c 2011/05/30 15:57:50 311600
-@@ -799,7 +799,7 @@
- request_started = 1;
- php_cli_usage(argv[0]);
- php_end_ob_buffers(1 TSRMLS_CC);
-- exit_status=0;
-+ exit_status = (c == '?' && argc > 1 && !strchr(argv[1], c));
- goto out;
-
- case 'i': /* php info & quit */
+++ /dev/null
---- PHP_5_3/main/streams/streams.c 2011/07/05 14:12:01 312936
-+++ PHP_5_3/main/streams/streams.c 2011/07/05 16:09:06 312937
-@@ -154,6 +154,7 @@
- char *tmp = estrdup(path);
- char *msg;
- int free_msg = 0;
-+ php_stream_wrapper orig_wrapper;
-
- if (wrapper) {
- if (wrapper->err_count > 0) {
-@@ -198,7 +199,16 @@
- }
-
- php_strip_url_passwd(tmp);
-+ if (wrapper) {
-+ /* see bug #52935 */
-+ orig_wrapper = *wrapper;
-+ wrapper->err_stack = NULL;
-+ wrapper->err_count = 0;
-+ }
- php_error_docref1(NULL TSRMLS_CC, tmp, E_WARNING, "%s: %s", caption, msg);
-+ if (wrapper) {
-+ *wrapper = orig_wrapper;
-+ }
- efree(tmp);
- if (free_msg) {
- efree(msg);
+++ /dev/null
---- PHP_5_3/ext/filter/sanitizing_filters.c 2011/04/03 12:25:43 309919
-+++ PHP_5_3/ext/filter/sanitizing_filters.c 2011/04/03 16:30:31 309920
-@@ -205,7 +205,11 @@
-
- if (new_len == 0) {
- zval_dtor(value);
-- ZVAL_EMPTY_STRING(value);
-+ if (flags & FILTER_FLAG_EMPTY_STRING_NULL) {
-+ ZVAL_NULL(value);
-+ } else {
-+ ZVAL_EMPTY_STRING(value);
-+ }
- return;
- }
- }
-@@ -280,6 +284,9 @@
- }
-
- php_filter_encode_html(value, enc);
-+ } else if (flags & FILTER_FLAG_EMPTY_STRING_NULL && Z_STRLEN_P(value) == 0) {
-+ zval_dtor(value);
-+ ZVAL_NULL(value);
- }
- }
- /* }}} */
+++ /dev/null
---- PHP_5_3/ext/pdo_mysql/mysql_statement.c 2011/05/16 15:36:12 311087
-+++ PHP_5_3/ext/pdo_mysql/mysql_statement.c 2011/05/16 15:37:39 311088
-@@ -656,7 +656,11 @@
- #endif /* PDO_USE_MYSQLND */
-
- if ((S->current_data = mysql_fetch_row(S->result)) == NULL) {
-- if (mysql_errno(S->H->server)) {
-+#if PDO_USE_MYSQLND
-+ if (S->result->unbuf && !S->result->unbuf->eof_reached && mysql_errno(S->H->server)) {
-+#else
-+ if (!S->result->eof && mysql_errno(S->H->server)) {
-+#endif
- pdo_mysql_error_stmt(stmt);
- }
- PDO_DBG_RETURN(0);
+++ /dev/null
---- PHP_5_3/ext/standard/file.c 2011/05/29 09:23:08 311542
-+++ PHP_5_3/ext/standard/file.c 2011/05/29 10:23:06 311543
-@@ -2196,30 +2196,17 @@
- char *comp_end, *hunk_begin;
-
- tptr = temp;
--
-- /* 1. Strip any leading space */
-- for (;;) {
-- inc_len = (bptr < limit ? (*bptr == '\0' ? 1: php_mblen(bptr, limit - bptr)): 0);
-- switch (inc_len) {
-- case -2:
-- case -1:
-- inc_len = 1;
-- php_mblen(NULL, 0);
-- break;
-- case 0:
-- goto quit_loop_1;
-- case 1:
-- if (!isspace((int)*(unsigned char *)bptr) || *bptr == delimiter) {
-- goto quit_loop_1;
-- }
-- break;
-- default:
-- goto quit_loop_1;
-+ inc_len = (bptr < limit ? (*bptr == '\0' ? 1: php_mblen(bptr, limit - bptr)): 0);
-+ if (inc_len == 1) {
-+ char *tmp = bptr;
-+ while (isspace((int)*(unsigned char *)tmp)) {
-+ tmp++;
-+ }
-+ if (*tmp == enclosure) {
-+ bptr = tmp;
- }
-- bptr += inc_len;
- }
-
-- quit_loop_1:
- if (first_field && bptr == line_end) {
- add_next_index_null(return_value);
- break;
+++ /dev/null
---- PHP_5_3/ext/exif/exif.c 2011/04/12 17:30:42 310166
-+++ PHP_5_3/ext/exif/exif.c 2011/04/12 18:33:08 310167
-@@ -2909,7 +2909,7 @@
- fgot = php_stream_tell(ImageInfo->infile);
- if (fgot!=offset_val) {
- EFREE_IF(outside);
-- exif_error_docref(NULL EXIFERR_CC, ImageInfo, E_WARNING, "Wrong file pointer: 0x%08X != 0x08X", fgot, offset_val);
-+ exif_error_docref(NULL EXIFERR_CC, ImageInfo, E_WARNING, "Wrong file pointer: 0x%08X != 0x%08X", fgot, offset_val);
- return FALSE;
- }
- fgot = php_stream_read(ImageInfo->infile, value_ptr, byte_count);
+++ /dev/null
---- PHP_5_3/ext/standard/http_fopen_wrapper.c 2011/05/29 07:35:10 311541
-+++ PHP_5_3/ext/standard/http_fopen_wrapper.c 2011/05/29 09:23:08 311542
-@@ -631,7 +631,6 @@
- }
- php_stream_write(stream, "\r\n", sizeof("\r\n")-1);
- php_stream_write(stream, Z_STRVAL_PP(tmpzval), Z_STRLEN_PP(tmpzval));
-- php_stream_write(stream, "\r\n\r\n", sizeof("\r\n\r\n")-1);
- } else {
- php_stream_write(stream, "\r\n", sizeof("\r\n")-1);
- }
+++ /dev/null
---- PHP_5_3/ext/standard/url.c 2011/03/17 16:20:19 309351
-+++ PHP_5_3/ext/standard/url.c 2011/03/17 18:02:58 309352
-@@ -316,6 +316,10 @@
- pp = strchr(s, '#');
-
- if (pp && pp < p) {
-+ if (pp - s) {
-+ ret->path = estrndup(s, (pp-s));
-+ php_replace_controlchars_ex(ret->path, (pp - s));
-+ }
- p = pp;
- goto label_parse;
- }
+++ /dev/null
---- PHP_5_3/ext/mysqli/mysqli_warning.c 2011/03/17 10:13:20 309338
-+++ PHP_5_3/ext/mysqli/mysqli_warning.c 2011/03/17 10:28:53 309339
-@@ -197,7 +197,7 @@
-
- MYSQLI_FETCH_RESOURCE(w, MYSQLI_WARNING *, &mysqli_warning, "mysqli_warning", MYSQLI_STATUS_VALID);
-
-- if (w->next) {
-+ if (w && w->next) {
- w = w->next;
- ((MYSQLI_RESOURCE *)(obj->ptr))->ptr = w;
- RETURN_TRUE;
+++ /dev/null
---- PHP_5_3/ext/dba/dba_flatfile.c 2011/03/13 14:19:31 309171
-+++ PHP_5_3/ext/dba/dba_flatfile.c 2011/03/13 14:21:58 309172
-@@ -96,7 +96,7 @@
- return SUCCESS;
- case 1:
- php_error_docref1(NULL TSRMLS_CC, key, E_WARNING, "Key already exists");
-- return SUCCESS;
-+ return FAILURE;
- }
- }
-
+++ /dev/null
---- PHP_5_3/ext/interbase/php_ibase_includes.h 2011/05/22 17:19:40 311340
-+++ PHP_5_3/ext/interbase/php_ibase_includes.h 2011/05/22 19:06:21 311341
-@@ -51,7 +51,7 @@
- #define LE_PLINK "Firebird/InterBase persistent link"
- #define LE_TRANS "Firebird/InterBase transaction"
-
--#define IBASE_MSGSIZE 256
-+#define IBASE_MSGSIZE 512
- #define MAX_ERRMSG (IBASE_MSGSIZE*2)
-
- #define IB_DEF_DATE_FMT "%Y-%m-%d"
+++ /dev/null
---- PHP_5_3/ext/soap/soap.c 2011/03/19 17:14:28 309432
-+++ PHP_5_3/ext/soap/soap.c 2011/03/19 17:36:01 309433
-@@ -1213,9 +1213,11 @@
- zval **tmp;
-
- if (zend_hash_find(ht, "soap_version", sizeof("soap_version"), (void**)&tmp) == SUCCESS) {
-- if (Z_TYPE_PP(tmp) == IS_LONG ||
-- (Z_LVAL_PP(tmp) == SOAP_1_1 && Z_LVAL_PP(tmp) == SOAP_1_2)) {
-+ if (Z_TYPE_PP(tmp) == IS_LONG &&
-+ (Z_LVAL_PP(tmp) == SOAP_1_1 || Z_LVAL_PP(tmp) == SOAP_1_2)) {
- version = Z_LVAL_PP(tmp);
-+ } else {
-+ php_error_docref(NULL TSRMLS_CC, E_ERROR, "'soap_version' option must be SOAP_1_1 or SOAP_1_2");
- }
- }
-
+++ /dev/null
---- PHP_5_3/ext/pdo_pgsql/config.m4 2011/03/22 09:08:00 309544
-+++ PHP_5_3/ext/pdo_pgsql/config.m4 2011/03/22 09:12:01 309545
-@@ -69,7 +69,8 @@
- AC_DEFINE(HAVE_PDO_PGSQL,1,[Whether to build PostgreSQL for PDO support or not])
-
- AC_MSG_CHECKING([for openssl dependencies])
-- if grep -q openssl $PGSQL_INCLUDE/libpq-fe.h ; then
-+ grep openssl $PGSQL_INCLUDE/libpq-fe.h >/dev/null 2>&1
-+ if test $? -eq 0 ; then
- AC_MSG_RESULT([yes])
- dnl First try to find pkg-config
- AC_PATH_PROG(PKG_CONFIG, pkg-config, no)
+++ /dev/null
---- PHP_5_3/ext/pdo_dblib/dblib_stmt.c 2011/07/03 18:01:36 312859
-+++ PHP_5_3/ext/pdo_dblib/dblib_stmt.c 2011/07/03 19:01:42 312860
-@@ -39,7 +39,7 @@
-
- for (i = 0; i < S->nrows; i++) {
- for (j = 0; j < S->ncols; j++) {
-- pdo_dblib_colval *val = &S->rows[i] + j;
-+ pdo_dblib_colval *val = &S->rows[i*S->ncols] + j;
- if (val->data) {
- efree(val->data);
- val->data = NULL;
+++ /dev/null
---- PHP_5_3/ext/libxml/libxml.c 2011/04/09 16:59:36 310108
-+++ PHP_5_3/ext/libxml/libxml.c 2011/04/09 18:32:55 310109
-@@ -310,9 +310,7 @@
- }
- }
-
-- if (LIBXML(stream_context)) {
-- context = zend_fetch_resource(&LIBXML(stream_context) TSRMLS_CC, -1, "Stream-Context", NULL, 1, php_le_stream_context());
-- }
-+ context = php_stream_context_from_zval(LIBXML(stream_context), 0);
-
- ret_val = php_stream_open_wrapper_ex(path_to_open, (char *)mode, ENFORCE_SAFE_MODE|REPORT_ERRORS, NULL, context);
- if (isescaped) {
+++ /dev/null
---- PHP_5_3/ext/mbstring/libmbfl/mbfl/mbfilter.c 2011/04/09 16:02:40 310107
-+++ PHP_5_3/ext/mbstring/libmbfl/mbfl/mbfilter.c 2011/04/09 16:59:36 310108
-@@ -1202,10 +1202,10 @@
- len = string->len;
- start = from;
- end = from + length;
-- if (encoding->flag & (MBFL_ENCTYPE_WCS2BE | MBFL_ENCTYPE_MWC2LE)) {
-+ if (encoding->flag & (MBFL_ENCTYPE_WCS2BE | MBFL_ENCTYPE_WCS2LE)) {
- start *= 2;
- end = start + length*2;
-- } else if (encoding->flag & (MBFL_ENCTYPE_WCS4BE | MBFL_ENCTYPE_MWC4LE)) {
-+ } else if (encoding->flag & (MBFL_ENCTYPE_WCS4BE | MBFL_ENCTYPE_WCS4LE)) {
- start *= 4;
- end = start + length*4;
- } else if (encoding->mblen_table != NULL) {
+++ /dev/null
---- PHP_5_3/sapi/apache2handler/apache_config.c 2011/05/22 19:06:21 311341
-+++ PHP_5_3/sapi/apache2handler/apache_config.c 2011/05/23 01:47:06 311342
-@@ -192,11 +192,12 @@
- zend_hash_get_current_key_ex(&d->config, &str, &str_len, NULL, 0,
- NULL) == HASH_KEY_IS_STRING;
- zend_hash_move_forward(&d->config)) {
-- zend_hash_get_current_data(&d->config, (void **) &data);
-- phpapdebug((stderr, "APPLYING (%s)(%s)\n", str, data->value));
-- if (zend_alter_ini_entry(str, str_len, data->value, data->value_len, data->status, data->htaccess?PHP_INI_STAGE_HTACCESS:PHP_INI_STAGE_ACTIVATE) == FAILURE) {
-- phpapdebug((stderr, "..FAILED\n"));
-- }
-+ if (zend_hash_get_current_data(&d->config, (void **) &data) == SUCCESS) {
-+ phpapdebug((stderr, "APPLYING (%s)(%s)\n", str, data->value));
-+ if (zend_alter_ini_entry(str, str_len, data->value, data->value_len, data->status, data->htaccess?PHP_INI_STAGE_HTACCESS:PHP_INI_STAGE_ACTIVATE) == FAILURE) {
-+ phpapdebug((stderr, "..FAILED\n"));
-+ }
-+ }
- }
- }
-
+++ /dev/null
---- PHP_5_3/ext/libxml/libxml.c 2011/05/29 10:23:06 311543
-+++ PHP_5_3/ext/libxml/libxml.c 2011/05/29 11:39:49 311544
-@@ -222,6 +222,7 @@
- switch (node->type) {
- /* Skip property freeing for the following types */
- case XML_NOTATION_NODE:
-+ case XML_ENTITY_DECL:
- break;
- case XML_ENTITY_REF_NODE:
- php_libxml_node_free_list((xmlNodePtr) node->properties TSRMLS_CC);
-@@ -233,7 +234,6 @@
- case XML_ATTRIBUTE_DECL:
- case XML_DTD_NODE:
- case XML_DOCUMENT_TYPE_NODE:
-- case XML_ENTITY_DECL:
- case XML_NAMESPACE_DECL:
- case XML_TEXT_NODE:
- php_libxml_node_free_list(node->children TSRMLS_CC);
+++ /dev/null
---- PHP_5_3/main/streams/streams.c 2011/05/29 11:39:49 311544
-+++ PHP_5_3/main/streams/streams.c 2011/05/29 12:29:19 311545
-@@ -1291,6 +1291,9 @@
- ptr = *buf = pemalloc_rel_orig(maxlen + 1, persistent);
- while ((len < maxlen) && !php_stream_eof(src)) {
- ret = php_stream_read(src, ptr, maxlen - len);
-+ if (!ret) {
-+ break;
-+ }
- len += ret;
- ptr += ret;
- }
+++ /dev/null
---- PHP_5_3/main/reentrancy.c 2011/07/11 17:00:04 313143
-+++ PHP_5_3/main/reentrancy.c 2011/07/11 17:01:23 313144
-@@ -60,14 +60,14 @@
-
- PHPAPI char *php_ctime_r(const time_t *clock, char *buf)
- {
-- if (ctime_r(clock, buf, 26) == buf)
-+ if (ctime_r(clock, buf) == buf)
- return (buf);
- return (NULL);
- }
-
- PHPAPI char *php_asctime_r(const struct tm *tm, char *buf)
- {
-- if (asctime_r(tm, buf, 26) == buf)
-+ if (asctime_r(tm, buf) == buf)
- return (buf);
- return (NULL);
- }
+++ /dev/null
---- PHP_5_3/ext/standard/url.c 2011/08/11 12:34:51 314782
-+++ PHP_5_3/ext/standard/url.c 2011/08/11 13:01:52 314783
-@@ -197,6 +197,10 @@
- efree(ret);
- return NULL;
- }
-+ } else if (p == pp && *pp == '\0') {
-+ STR_FREE(ret->scheme);
-+ efree(ret);
-+ return NULL;
- } else {
- goto just_path;
- }
Summary(uk.UTF-8): PHP Версії 5 - мова препроцесування HTML-файлів, виконувана на сервері
Name: %{orgname}%{php_suffix}
Version: 5.2.17
-Release: 31
+Release: 31.1
Epoch: 4
License: PHP
Group: Libraries
Source12: %{orgname}-branch.sh
Source13: dep-tests.sh
Source14: skip-tests.sh
+Patch100: https://php52-backports.googlecode.com/files/php52-backports-20130320.patch
+# Patch100-md5: 8428acfb94d5804e00333db01f7cd8dd
Patch0: %{orgname}-shared.patch
Patch1: %{orgname}-pldlogo.patch
Patch2: %{orgname}-mail.patch
Patch67: php-db.patch
Patch68: php-libxml.patch
Patch69: bug-50563.patch
+Patch70: php-crypt-null.patch
# CENTALT patches
-# CVE
-Patch201: php-5.2.17-CVE-2011-2202.patch
-Patch202: php-5.2.17-CVE-2011-1938.patch
-Patch203: php-5.2.17-CVE-2011-1148.patch
-Patch204: php-5.2.17-CVE-2011-0708.patch
-Patch205: php-5.2.17-CVE-2011-1092.patch
-Patch206: php-5.2.17-CVE-2011-0421.patch
-
# Backport from 5.3.6
-Patch301: php-5.3.6-bug-54055.patch
-Patch302: php-5.3.6-bug-53577.patch
-Patch303: php-5.2.17-bug-48484.patch
-Patch304: php-5.3.6-bug-48607.patch
-Patch305: php-5.3.6-bug-53574.patch
-Patch306: php-5.3.6-bug-52290.patch
-Patch307: php-5.2.17-bug-52063.patch
-Patch308: php-5.3.6-bug-53924.patch
-Patch309: php-5.3.6-bug-53150.patch
-Patch310: php-5.3.6-bug-52209.patch
Patch311: php-5.3.6-bug-47435.patch
-Patch312: php-5.3.6-bug-53377.patch
-Patch313: php-5.2.17-bug-39847.patch
Patch314: php-5.3.6-39199.patch
-Patch315: php-5.3.6-bug-53630.patch
-Patch316: php-5.3.6-bug-51336.patch
-Patch317: php-5.3.6-bug-53515.patch
-Patch318: php-5.3.6-bug-54092.patch
-Patch319: php-5.3.6-bug-53903.patch
-Patch320: php-5.3.6-bug-54089.patch
-Patch321: php-5.3.6-bug-53603.patch
-Patch322: php-5.3.6-bug-53854.patch
-Patch323: php-5.3.6-bug-53579.patch
-Patch324: php-5.3.6-bug-53568.patch
-Patch325: php-5.2.17-bug-49072.patch
# 5.3.7
-Patch330: php-5.3.7-bug-55399.patch
-Patch331: php-5.2.17-bug-55082.patch
-Patch332: php-5.3.7-bug-55014.patch
#Patch333: php-5.3.7-bug-54924.patch
-Patch334: php-5.3.7-bug-54180.patch
-Patch335: php-5.3.7-bug-54137.patch
-Patch336: php-5.3.7-bug-53848.patch
-Patch337: php-5.3.7-bug-52935.patch
-Patch338: php-5.3.7-bug-51997.patch
-Patch339: php-5.3.7-bug-50363.patch
-Patch340: php-5.3.7-bug-48465.patch
-Patch341: php-5.3.7-bug-54529.patch
-Patch342: php-5.3.7-bug-52496.patch
-Patch343: php-5.3.7-bug-54242.patch
-Patch344: php-5.3.7-bug-54121.patch
-Patch345: php-5.3.7-bug-53037.patch
-Patch346: php-5.3.7-bug-54269.patch
-Patch347: php-5.3.7-bug-54601.patch
-Patch348: php-5.3.7-bug-54440.patch
-Patch349: php-5.3.7-bug-54494.patch
-Patch350: php-5.3.7-bug-54221.patch
-Patch351: php-5.3.7-bug-52104.patch
-Patch352: php-5.3.7-bug-54329.patch
-Patch353: php-5.3.7-bug-53782.patch
-Patch354: php-5.3.7-bug-54318.patch
Patch355: php-5.3.7-bug-55323.patch
-Patch356: php-5.3.7-bug-54312.patch
-Patch357: php-5.3.7-bug-51958.patch
-Patch358: php-5.3.7-bug-54946.patch
-# 5.3.9 backport
-Patch359: php-5.2.17-CVE-2011-4566.patch
-Patch360: php-5.2.17-bug-60206.patch
-Patch361: php-5.2.17-bug-60138.patch
-Patch362: php-5.2.17-bug-60120.patch
-Patch363: php-5.2.17-bug-55674.patch
-Patch364: php-5.2.17-bug-55509.patch
-Patch365: php-5.2.17-bug-55504.patch
-Patch366: php-5.2.17-bug-52461.patch
-Patch367: php-5.2.17-bug-55366.patch
-Patch368: php-5.2.17-bug-55273.patch
-Patch369: php-5.2.17-bug-52624.patch
-Patch370: php-5.2.17-bug-43200.patch
-Patch371: php-5.2.17-bug-54682.patch
-Patch372: php-5.2.17-bug-60455.patch
-Patch373: php-5.2.17-bug-60183.patch
-Patch374: php-5.2.17-bug-55478.patch
-# Bug-319457 CVE-2011-4153
-Patch375: php-5.2.17-bug-319457.patch
-# Bug-55776 CVE-2012-0788
-Patch376: php-5.2.17-bug-55776.patch
-Patch377: php-crypt-null.patch
-
-#php-5.2-max-input-vars patch
-Patch400: php-5.2.17-max-input-vars.patch
-Patch401: php-5.2.17-bug-323007-2.patch
# Bug-323016 CVE-2012-0831
Patch402: php-5.2.17-bug-323016.patch
URL: https://code.google.com/p/php52-backports/
%prep
%setup -q -n %{orgname}-%{version}
+%patch100 -p1
# for suhosin patch
%{__sed} -i -e 's,\r$,,' Zend/Zend.dsp Zend/ZendTS.dsp
%patch67 -p1
%patch68 -p1
%patch69 -p4
-
-%patch201 -p1 -b .CVE-2011-2202
-%patch202 -p1 -b .CVE-2011-1938
-%patch203 -p1 -b .CVE-2011-1148
-%patch204 -p1 -b .CVE-2011-0708
-%patch205 -p1 -b .CVE-2011-1092
-%patch206 -p1 -b .CVE-2011-0421
+%patch70 -p1
# Bugfix backport from 5.3.6
-%patch301 -p1 -b .bug-54055
-%patch302 -p1 -b .bug-53577
-%patch303 -p1 -b .bug-48484
-%patch304 -p1 -b .bug-48607
-%patch305 -p1 -b .bug-53574
-%patch306 -p1 -b .bug-52290
-%patch307 -p1 -b .bug-52063
-%patch308 -p1 -b .bug-53924
-%patch309 -p1 -b .bug-53150
-%patch310 -p1 -b .bug-52209
%patch311 -p1 -b .bug-47435
-%patch312 -p1 -b .bug-53377
-%patch313 -p1 -b .bug-39847
%patch314 -p1 -b .bug-39199
-%patch315 -p1 -b .bug-53630
-%patch316 -p1 -b .bug-51336
-%patch317 -p1 -b .bug-53515
-%patch318 -p1 -b .bug-54092
-%patch319 -p1 -b .bug-53903
-%patch320 -p1 -b .bug-54089
-%patch321 -p1 -b .bug-53603
-%patch322 -p1 -b .bug-53854
-%patch323 -p1 -b .bug-53579
-%patch324 -p1 -b .bug-53568
-%patch325 -p1 -b .bug-49072
# Bugfix backport from 5.3.7
-%patch330 -p1 -b .bug-55399
-%patch331 -p1 -b .bug-55082
-%patch332 -p1 -b .bug-55014
#accert %patch333 -p1 -b .bug-54924
-%patch334 -p1 -b .bug-54180
-%patch335 -p1 -b .bug-54137
-%patch336 -p1 -b .bug-53848
-%patch337 -p1 -b .bug-52935
-%patch338 -p1 -b .bug-51997
-%patch339 -p1 -b .bug-50363
-%patch340 -p1 -b .bug-48465
-%patch341 -p1 -b .bug-54529
-%patch342 -p1 -b .bug-52496
-%patch343 -p1 -b .bug-54242
-%patch344 -p1 -b .bug-54121
-%patch345 -p1 -b .bug-53037
-%patch346 -p1 -b .bug-54269
-%patch347 -p1 -b .bug-54601
-%patch348 -p1 -b .bug-54440
-%patch349 -p1 -b .bug-54494
-%patch350 -p1 -b .bug-54221
-%patch351 -p1 -b .bug-52104
-%patch352 -p1 -b .bug-54329
-%patch353 -p1 -b .bug-53782
-%patch354 -p1 -b .bug-54318
#soap %patch355 -p1 -b .bug-55323
-%patch356 -p1 -b .bug-54312
-%patch357 -p1 -b .bug-51958
-%patch358 -p1 -b .bug-54946
-%patch359 -p1 -b .CVE-2011-4566
-%patch360 -p1 -b .bug-60206
-%patch361 -p1 -b .bug-60138
-%patch362 -p1 -b .bug-60120
-%patch363 -p1 -b .bug-55674
-%patch364 -p1 -b .bug-55509
-%patch365 -p1 -b .bug-55504
-%patch366 -p1 -b .bug-52461
-%patch367 -p1 -b .bug-55366
-%patch368 -p1 -b .bug-55273
-%patch369 -p1 -b .bug-52624
-%patch370 -p1 -b .bug-43200
-%patch371 -p1 -b .bug-54682
-%patch372 -p1 -b .bug-60455
-%patch373 -p1 -b .bug-60183
-%patch374 -p1 -b .bug-55478
-%patch375 -p1 -b .bug-319457
-%patch376 -p1 -b .bug-55776
-%patch377 -p1
-
-%patch400 -p1 -b .php-5.2-max-input-vars
-%patch401 -p1 -b .bug-323007
# causes regression -> magic_quotes_gpc setting cannot be changed
#%%patch402 -p1 -b .bug-323016
projects / packages / php.git / commitdiff