--- php-imap-5.2.6.orig/php_imap.c +++ php-imap-5.2.6/php_imap.c @@ -70,6 +70,7 @@ static void _php_imap_add_body(zval *arg, BODY *body TSRMLS_DC); static void _php_imap_parse_address(ADDRESS *addresslist, char **fulladdress, zval *paddress TSRMLS_DC); static int _php_imap_address_size(ADDRESS *addresslist); +static void _php_rfc822_write_address_len (char *dest, ADDRESS *adr, int len); /* the gets we use */ static char *php_mail_gets(readfn_t f, void *stream, unsigned long size, GETS_DATA *md); @@ -2142,7 +2143,7 @@ } string[0]='\0'; - rfc822_write_address(string, addr); + _php_rfc822_write_address_len(string, addr, sizeof(string)); RETVAL_STRING(string, 1); } /* }}} */ @@ -2911,13 +2912,13 @@ if (env->from && _php_imap_address_size(env->from) < MAILTMPLEN) { env->from->next=NULL; address[0] = '\0'; - rfc822_write_address(address, env->from); + _php_rfc822_write_address_len(address, env->from, sizeof(address)); add_property_string(myoverview, "from", address, 1); } if (env->to && _php_imap_address_size(env->to) < MAILTMPLEN) { env->to->next = NULL; address[0] = '\0'; - rfc822_write_address(address, env->to); + _php_rfc822_write_address_len(address, env->to, sizeof(address)); add_property_string(myoverview, "to", address, 1); } if (env->date) { @@ -3888,6 +3889,34 @@ /* }}} */ +/* {{{ _php_rfc822_soutr + */ +static long _php_rfc822_soutr (void *stream,char *string) +{ + return NIL; +} + +/* }}} */ + + +/* {{{ _php_rfc822_write_address_len + */ +static void _php_rfc822_write_address_len ( char *dest, ADDRESS *adr, int len) +{ + RFC822BUFFER buf; + + buf.beg = dest; + buf.cur = buf.beg; + buf.end = buf.beg + len - 1; + buf.s = NIL; + buf.f = _php_rfc822_soutr; + rfc822_output_address_list (&buf, adr, 0, NIL); + *buf.cur = '\0'; +} + +/* }}} */ + + /* {{{ _php_imap_parse_address */ static void _php_imap_parse_address (ADDRESS *addresslist, char **fulladdress, zval *paddress TSRMLS_DC) @@ -3902,7 +3931,7 @@ if ((len = _php_imap_address_size(addresstmp))) { tmpstr = (char *) pemalloc(len + 1, 1); tmpstr[0] = '\0'; - rfc822_write_address(tmpstr, addresstmp); + _php_rfc822_write_address_len(tmpstr, addresstmp, len); *fulladdress = tmpstr; } else { *fulladdress = NULL; --- php-imap-5.2.6.orig/debian/compat +++ php-imap-5.2.6/debian/compat @@ -0,0 +1 @@ +5 --- php-imap-5.2.6.orig/debian/control +++ php-imap-5.2.6/debian/control @@ -0,0 +1,19 @@ +Source: php-imap +Section: web +Priority: optional +Maintainer: Ubuntu MOTU Developers +XSBC-Original-Maintainer: Debian PHP Maintainers +Build-Depends: debhelper (>= 5), libc-client2007b-dev, php5-dev (>= 5.2.6) +Standards-Version: 3.8.0 + +Package: php5-imap +Architecture: any +Depends: ${shlibs:Depends}, ${php:Depends}, ${misc:Depends} +Description: IMAP module for php5 + This package provides a module for IMAP functions in PHP scripts. + . + PHP5 is an HTML-embedded scripting language. Much of its syntax is borrowed + from C, Java and Perl with a couple of unique PHP-specific features thrown + in. The goal of the language is to allow web developers to write + dynamically generated pages quickly. + --- php-imap-5.2.6.orig/debian/copyright +++ php-imap-5.2.6/debian/copyright @@ -0,0 +1,78 @@ +This package was debianized by Adam Conrad on +Fri, 29 Jul 2005 15:19:18 +1000 + +It was downloaded from http://www.php.net/downloads.php + +Upstream Authors: The PHP group at www.php.net + +This extension is distributed under the terms of the PHP License, +version 3.0, as follows below. + +-------------------------------------------------------------------- + The PHP License, Version 3.0 +Copyright (c) 1999 - 2008 The PHP Group. All rights reserved. +-------------------------------------------------------------------- + +Redistribution and use in source and binary forms, with or without +modification, is permitted provided that the following conditions +are met: + + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in + the documentation and/or other materials provided with the + distribution. + + 3. The name "PHP" must not be used to endorse or promote products + derived from this software without prior written permission. For + written permission, please contact group@php.net. + + 4. Products derived from this software may not be called "PHP", nor + may "PHP" appear in their name, without prior written permission + from group@php.net. You may indicate that your software works in + conjunction with PHP by saying "Foo for PHP" instead of calling + it "PHP Foo" or "phpfoo" + + 5. The PHP Group may publish revised and/or new versions of the + license from time to time. Each version will be given a + distinguishing version number. + Once covered code has been published under a particular version + of the license, you may always continue to use it under the terms + of that version. You may also choose to use such covered code + under the terms of any subsequent version of the license + published by the PHP Group. No one other than the PHP Group has + the right to modify the terms applicable to covered code created + under this License. + + 6. Redistributions of any form whatsoever must retain the following + acknowledgment: + "This product includes PHP, freely available from + ". + +THIS SOFTWARE IS PROVIDED BY THE PHP DEVELOPMENT TEAM ``AS IS'' AND +ANY EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, +THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A +PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE PHP +DEVELOPMENT TEAM OR ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, +INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES +(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR +SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +OF THE POSSIBILITY OF SUCH DAMAGE. + +-------------------------------------------------------------------- + +This software consists of voluntary contributions made by many +individuals on behalf of the PHP Group. + +The PHP Group can be contacted via Email at group@php.net. + +For more information on the PHP Group and the PHP project, +please see . + +This product includes the Zend Engine, freely available at +. --- php-imap-5.2.6.orig/debian/php5-imap.preinst +++ php-imap-5.2.6/debian/php5-imap.preinst @@ -0,0 +1,13 @@ +#!/bin/sh + +set -e + +#DEBHELPER# + +if [ -L /usr/share/doc/php5-imap ]; then + # We must be upgrading from a version that was previously + # built from the php5 source package + rm -f /usr/share/doc/php5-imap +fi + +exit 0 --- php-imap-5.2.6.orig/debian/changelog +++ php-imap-5.2.6/debian/changelog @@ -0,0 +1,123 @@ +php-imap (5.2.6-0ubuntu5.1) jaunty-security; urgency=low + + * SECURITY UPDATE: unsafe usage of deprecated imap functions (LP: #485973) + - php_imap.c: apply patch taken from Debian + - CVE-2008-2829 + + -- Devid Antonio Filoni Wed, 06 Jan 2010 18:58:48 +0100 + +php-imap (5.2.6-0ubuntu5) jaunty; urgency=low + + * Build-depend against libc-client2007b-dev. + + -- Luca Falavigna Mon, 22 Dec 2008 10:12:06 +0000 + +php-imap (5.2.6-0ubuntu4) jaunty; urgency=low + + * Switch to libc-client2007d-dev build-dependency. + + -- Luca Falavigna Fri, 14 Nov 2008 20:41:54 +0100 + +php-imap (5.2.6-0ubuntu3) intrepid; urgency=low + + * Switch to libc-client2007b-dev build-dependency. + * Bump Standards-Version to 3.8.0. + + -- Luca Falavigna Wed, 20 Aug 2008 18:53:30 +0200 + +php-imap (5.2.6-0ubuntu2) intrepid; urgency=low + + * debian/rules: Fix FTBFS due to libtool changes (LP: #259006) + + -- Chuck Short Mon, 18 Aug 2008 13:38:57 -0400 + +php-imap (5.2.6-0ubuntu1) intrepid; urgency=low + + * New upstream release against php 5.2.6 (LP: #237031). + * debian/compat: + - Bump compatibility to 5. + * debian/control: + - Build depend on debhelper (>= 5) and php5-dev (>= 5.2.6). + - Remove Uploaders field. + - Bump Standards-Version to 3.7.3. + * debian/rules: + - Install imap.ini into /etc/php5/conf.d (LP: #157379). + * debian/copyright: + - Update copyright details. + * debian/po, php5-imap.{config,prerm,postinst,templates}: + - Remove them, no longer needed since PHP 5.1.6. + + -- Luca Falavigna Thu, 05 Jun 2008 18:33:32 +0200 + +php-imap (5.2.3-0ubuntu3) hardy; urgency=low + + * Rebuild for libc-client2006j2 -> libc-client2007 transition (LP: #192415). + * debian/control: change Build-Dep on libc-client-dev to libc-client2007-dev + + -- Andrea Colangelo Sat, 16 Feb 2008 18:17:04 +0100 + +php-imap (5.2.3-0ubuntu2) hardy; urgency=low + + * Rebuild against new libc-client + + -- Luca Falavigna Sat, 05 Jan 2008 18:54:24 +0100 + +php-imap (5.2.3-0ubuntu1) gutsy; urgency=low + + * New upstream version. + * Removed obsolete php4 files + + -- Rick Clark Tue, 26 Jun 2007 11:51:25 -0400 + +php-imap (5.1.2-1ubuntu1) feisty; urgency=low + + * Don't build a php4 module anymore. + * debian/control: Change Maintainer/XSBC-Original-Maintainer field. + + -- Michael Bienia Tue, 13 Mar 2007 19:21:52 +0100 + +php-imap (5.1.2-1build1) feisty; urgency=low + + * Rebuild to depend against phpapi-20060613 + + -- Vassilis Pandis Mon, 25 Dec 2006 16:44:31 +0200 + +php-imap (5.1.2-1) unstable; urgency=low + + * New upstream release, fixing ANOTHER crash in imap_mail_compose(), + this time when composing multipart, multiboundary, emails. + + -- Adam Conrad Wed, 18 Jan 2006 16:47:34 +1100 + +php-imap (5.1.1-2) unstable; urgency=low + + * Include Daniel Nylander's Swedish debconf translation (closes: #330757) + * Make lintian shut up about bashisms, by replacing "-a" with "] && [" + + -- Adam Conrad Sun, 8 Jan 2006 15:30:56 +1100 + +php-imap (5.1.1-1) unstable; urgency=low + + * New upstream release, fixing yet another crash in imap_mail_compose(). + * Bump php5-dev build-dep to (>= 5.1.1) to ensure we get the new phpapi. + + -- Adam Conrad Sun, 8 Jan 2006 02:46:00 +1100 + +php-imap (5.0.5-1) unstable; urgency=low + + * New upstream release, fixing a possible crash in imap_mail_compose(). + + -- Adam Conrad Mon, 12 Sep 2005 19:19:30 +1000 + +php-imap (5.0.4-1) unstable; urgency=low + + * Initial release, making up for removing imap from the php[45] sources. + * Use the config.m4 from the php4 version of the imap extension, because + the php4 "phpize" can't cope with one of the tests in the php5 version. + * Use a dirty dpkg-gencontrol hack to make sure php4-imap has an epoch. + * Make sure we get our docs in our own doc directory, instead of dumping + them in /usr/share/doc/php[45]-common, in case we're upgrading. + * Use the new php-config[45] --phpapi option, and build-depend on new + enough versions of php[45]-dev to make sure we have it available to us. + + -- Adam Conrad Fri, 29 Jul 2005 14:47:11 +1000 --- php-imap-5.2.6.orig/debian/imap.ini +++ php-imap-5.2.6/debian/imap.ini @@ -0,0 +1,2 @@ +# configuration for php Imap module +extension=imap.so --- php-imap-5.2.6.orig/debian/watch +++ php-imap-5.2.6/debian/watch @@ -0,0 +1,2 @@ +version=2 +http://www.php.net/downloads.php /get/php-(5\.[0-9\.]*)\.tar\.gz/from/a/mirror --- php-imap-5.2.6.orig/debian/rules +++ php-imap-5.2.6/debian/rules @@ -0,0 +1,108 @@ +#!/usr/bin/make -f +# Uncomment this to turn on verbose mode. +#export DH_VERBOSE=1 + +# This has to be exported to make some magic below work. +export DH_OPTIONS + +DEB_HOST_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_HOST_GNU_TYPE) +DEB_BUILD_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_BUILD_GNU_TYPE) +SOURCE_VERSION = $(shell dpkg-parsechangelog | grep ^Version | sed "s/Version: //") + +CFLAGS = -O2 -Wall -fno-strict-aliasing + +# Enable IEEE-conformant floating point math on alphas (not the default) +ifeq (alpha-linux-gnu,$(DEB_HOST_GNU_TYPE)) + CFLAGS += -mieee +endif + +ifeq ($(DEB_HOST_GNU_TYPE), $(findstring $(DEB_HOST_GNU_TYPE), ia64-linux-gnu powerpc64-linux-gnu)) + CFLAGS += -g +else + CFLAGS += -gstabs +endif + +build: build-php5-stamp +build-php5-stamp: configure-php5-stamp + dh_testdir + # Add here commands to compile the package. + cd build-php5 && $(MAKE) CFLAGS="$(CFLAGS)" + + touch build-php5-stamp + +configure: configure-php5-stamp +configure-php5-stamp: + dh_testdir + rm -rf build-php5 && mkdir build-php5 + cp config.m4 imap.dsp php_imap.c php_imap.h build-php5/ + #libtool fix + cat /usr/share/aclocal/ltsugar.m4 >> build-php5/config.m4 + cat /usr/share/aclocal/ltversion.m4 >> build-php5/config.m4 + cat /usr/share/aclocal/lt~obsolete.m4 >> build-php5/config.m4 + cat /usr/share/aclocal/ltoptions.m4 >> build-php5/config.m4 + cat /usr/share/aclocal/libtool.m4 >> build-php5/config.m4 + -cd build-php5 && phpize5 + cd build-php5 && ./configure --build=$(DEB_BUILD_GNU_TYPE) --host=$(DEB_HOST_GNU_TYPE) \ + --prefix=/usr \ + --with-php-config=/usr/bin/php-config5 \ + --disable-rpath \ + --disable-static \ + --with-imap=shared,/usr \ + --with-kerberos=/usr \ + --with-imap-ssl PHP_OPENSSL="yes" + + touch configure-php5-stamp + +clean: + dh_testdir + dh_testroot + rm -f configure-php5-stamp + rm -f build-php5-stamp + rm -f install-stamp + + # Add here commands to clean up after the build process. + rm -rf build-php5 + + dh_clean + +install: DH_OPTIONS= +install: build + dh_testdir + dh_testroot + dh_clean -k + dh_installdirs + + # Add here commands to install the package into debian/php5-imap. + (ext=`/usr/bin/php-config5 --extension-dir`;mkdir -p debian/php5-imap/$${ext};install -m 644 -o root -g root build-php5/modules/imap.so debian/php5-imap/$${ext}/imap.so;) + mkdir -p debian/php5-imap/etc/php5/conf.d + install -m 644 debian/imap.ini debian/php5-imap/etc/php5/conf.d/imap.ini + + touch install-stamp + +# Build architecture-independent files here. +binary-indep: + +# Build architecture-dependent files here. +binary-arch: DH_OPTIONS= +binary-arch: build install + # Need this version of debhelper for DH_OPTIONS to work. + dh_testdir + dh_testroot + dh_installdebconf + dh_installdocs + + dh_installchangelogs + dh_strip + dh_link + dh_compress + dh_fixperms + dh_installdeb + dh_shlibdeps + echo "php:Depends=phpapi-`php-config5 --phpapi`" >> debian/php5-imap.substvars + + dh_gencontrol + dh_md5sums + dh_builddeb + +binary: binary-arch binary-indep +.PHONY: build clean binary-indep binary-arch binary install configure