--- php5-5.1.2.orig/Zend/zend_strtod.c +++ php5-5.1.2/Zend/zend_strtod.c @@ -932,9 +932,9 @@ (double _x) #endif { - _double x; + volatile _double x; register Long L; - _double a; + volatile _double a; value(x) = _x; L = (word0(x) & Exp_mask) - (P-1)*Exp_msk1; @@ -974,7 +974,7 @@ { ULong *xa, *xa0, w, y, z; int k; - _double d; + volatile _double d; #ifdef VAX ULong d0, d1; #else @@ -1045,7 +1045,7 @@ Bigint *b; int de, i, k; ULong *x, y, z; - _double d; + volatile _double d; #ifdef VAX ULong d0, d1; #endif @@ -1176,7 +1176,7 @@ (Bigint *a, Bigint *b) #endif { - _double da, db; + volatile _double da, db; int k, ka, kb; value(da) = b2d(a, &ka); @@ -1246,8 +1246,8 @@ int bb2, bb5, bbe, bd2, bd5, bbbits, bs2, c, dsign, e, e1, esign, i, j, k, nd, nd0, nf, nz, nz0, sign; CONST char *s, *s0, *s1; - double aadj, aadj1, adj; - _double rv, rv0; + volatile double aadj, aadj1, adj; + volatile _double rv, rv0; Long L; ULong y, z; Bigint *bb, *bb1, *bd, *bd0, *bs, *delta; --- php5-5.1.2.orig/main/fopen_wrappers.c +++ php5-5.1.2/main/fopen_wrappers.c @@ -128,8 +128,13 @@ #else if (strncmp(resolved_basedir, resolved_name, resolved_basedir_len) == 0) { #endif - /* File is in the right directory */ - return 0; + if (resolved_name_len > resolved_basedir_len && + resolved_name[resolved_basedir_len] != PHP_DIR_SEPARATOR) { + return -1; + } else { + /* File is in the right directory */ + return 0; + } } else { return -1; } --- php5-5.1.2.orig/debian/php5-dev.files +++ php5-5.1.2/debian/php5-dev.files @@ -0,0 +1,6 @@ +usr/bin/php-config +usr/bin/phpize +usr/share/man/man1/php-config.1 +usr/share/man/man1/phpize.1 +usr/include +usr/lib/php5/build --- php5-5.1.2.orig/debian/libapache2-mod-php5.postinst +++ php5-5.1.2/debian/libapache2-mod-php5.postinst @@ -0,0 +1,42 @@ +#!/bin/sh + +set -e + +#DEBHELPER# + +if [ "$1" != "configure" ]; then + exit 0 +fi + +phpini="/etc/php5/apache2/php.ini" + +if ! [ -f $phpini ]; then + mkdir -p /etc/php5/apache2 + cp /usr/share/php5/php.ini-dist $phpini +fi + +reload_apache() +{ + if apache2ctl configtest 2>/dev/null; then + invoke-rc.d apache2 force-reload || true + else + echo "Your apache2 configuration is broken, so we're not restarting it for you." + fi +} + +if [ -n "$2" ]; then +# we're upgrading. test if we're enabled, and if so, restart to reload the module. + if [ -e /etc/apache2/mods-enabled/php5.load ]; then + reload_apache + fi + exit 0 +fi + +if [ -e /etc/apache2/apache2.conf ]; then +# Enable the module, but hide a2enmod's misleading message about apachectl +# and force-reload the thing ourselves. + a2enmod php5 >/dev/null || true + reload_apache +fi + +exit 0 --- php5-5.1.2.orig/debian/php5-dev.dirs +++ php5-5.1.2/debian/php5-dev.dirs @@ -0,0 +1 @@ +/usr/bin --- php5-5.1.2.orig/debian/libapache2-mod-php5.dirs +++ php5-5.1.2/debian/libapache2-mod-php5.dirs @@ -0,0 +1,3 @@ +/etc/apache2/mods-available +/etc/php5/apache2 +/usr/lib/apache2/modules --- php5-5.1.2.orig/debian/php5-module.config +++ php5-5.1.2/debian/php5-module.config @@ -0,0 +1,32 @@ +#!/bin/sh -e + +# Source debconf library. +. /usr/share/debconf/confmodule + +db_title "PHP" + +for SAPI in apache apache2 cgi cli +do + # Skip this loop if the config file isn't there (yet). + if [ -f "/etc/php5/$SAPI/php.ini" ]; then + db_register php5/add_extension php5/extension_@dsoname@_$SAPI + + # FIXME: this is the wrong answer if the SAPI package was + # installed after the module was. + if [ -n "$2" ] && dpkg --compare-versions "$2" ge 4:4.3.2+rc3-2 + then + if grep -q "^[[:space:]]*extension[[:space:]]*=[[:space:]]*@dsoname@\.so" "/etc/php5/$SAPI/php.ini" + then + db_set php5/extension_@dsoname@_$SAPI true + else + db_set php5/extension_@dsoname@_$SAPI false + fi + fi + + db_subst php5/extension_@dsoname@_$SAPI extname @extname@ + db_subst php5/extension_@dsoname@_$SAPI sapiconfig $SAPI + db_input low php5/extension_@dsoname@_$SAPI || true + fi +done + +db_go --- php5-5.1.2.orig/debian/php5-common.docs +++ php5-5.1.2/debian/php5-common.docs @@ -0,0 +1,9 @@ +CREDITS +EXTENSIONS +TODO +CODING_STANDARDS +README.CVS-RULES +README.EXT_SKEL +README.SELF-CONTAINED-EXTENSIONS +README.Zeus +README.PHP4-TO-PHP5-THIN-CHANGES --- php5-5.1.2.orig/debian/libapache-mod-php5.postinst +++ php5-5.1.2/debian/libapache-mod-php5.postinst @@ -0,0 +1,30 @@ +#!/bin/sh + +set -e + +#DEBHELPER# + + +if [ "$1" != "configure" ]; then + exit 0 +fi + +phpini="/etc/php5/apache/php.ini" + +if ! [ -f $phpini ]; then + mkdir -p /etc/php5/apache + cp /usr/share/php5/php.ini-dist $phpini +fi + +if [ -n "$2" ]; then +# we're upgrading. don't ask again + exit 0 +fi + +for i in apache apache-ssl apache-perl; do + if [ -e /etc/$i/httpd.conf ]; then + apache-modconf $i enable mod_php5 + fi +done + +exit 0 --- php5-5.1.2.orig/debian/php5-common.dirs +++ php5-5.1.2/debian/php5-common.dirs @@ -0,0 +1,6 @@ +/usr/lib/php5/libexec +/usr/share/doc/php5-common/examples +/usr/share/doc/php5-common/PEAR +/usr/share/php5 +/var/lib/php5 +/usr/lib/php5 --- php5-5.1.2.orig/debian/php5-module.templates +++ php5-5.1.2/debian/php5-module.templates @@ -0,0 +1,15 @@ +Template: php5/add_extension +Type: boolean +Default: true +_Description: Should ${extname} be added to /etc/php5/${sapiconfig}/php.ini? + You are installing ${extname} support for php5, and it is not yet + enabled in the configuration for the ${sapiconfig} SAPI. Do you want + this extension to be enabled now? + +Template: php5/remove_extension +Type: boolean +Default: true +_Description: Should ${extname} be removed from /etc/php5/${sapiconfig}/php.ini? + You are removing ${extname} support for php5, but it is still enabled + in the configuration for the ${sapiconfig} SAPI. Leaving this in place + will probably cause problems when trying to use PHP. --- php5-5.1.2.orig/debian/rules +++ php5-5.1.2/debian/rules @@ -0,0 +1,519 @@ +#!/usr/bin/make -f +# Sample debian/rules that uses debhelper. +# GNU copyright 1997 by Joey Hess. +# +# This version is for a hypothetical package that builds an +# architecture-dependant package, as well as an architecture-independent +# package. + +# Uncomment this to turn on verbose mode. +#export DH_VERBOSE=1 + +# This is the debhelper compatability version to use. +export DH_COMPAT=3 + +# This has to be exported to make some magic below work. +export DH_OPTIONS + +DEB_HOST_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_HOST_GNU_TYPE) +DEB_BUILD_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_BUILD_GNU_TYPE) + +PHP5_HOST_GNU_TYPE = $(shell echo $(DEB_HOST_GNU_TYPE) | sed 's/-gnu$$//') +PHP5_BUILD_GNU_TYPE = $(shell echo $(DEB_BUILD_GNU_TYPE) | sed 's/-gnu$$//') + +PHP5_SOURCE_VERSION = $(shell dpkg-parsechangelog | grep ^Version | sed "s/Version: //") +PHP5_UPSTREAM_VERSION = $(shell echo $(PHP5_SOURCE_VERSION) | sed -e "s/-.*//" -e "s/.*://") +PHP5_DEBIAN_REVISION = $(shell echo $(PHP5_SOURCE_VERSION) | sed "s/.*-//") + +#APACHE_VERSION = $(shell dpkg -s apache-dev | grep ^Version | cut -d\ -f2 | cut -d- -f1) + +PROG_SENDMAIL = /usr/sbin/sendmail +CFLAGS = -O2 -Wall -fsigned-char -fno-strict-aliasing +LFSFLAGS = -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 + +# Enable IEEE-conformant floating point math on alphas (not the default) +ifeq (alpha-linux,$(PHP5_HOST_GNU_TYPE)) + CFLAGS += -mieee +endif + +ifeq ($(PHP5_HOST_GNU_TYPE), $(findstring $(PHP5_HOST_GNU_TYPE), ia64-linux powerpc64-linux)) + CFLAGS += -g +else + CFLAGS += -gstabs +endif + +# Old magic.mime location: +ifeq ($(wildcard /usr/share/misc/file/magic.mime), /usr/share/misc/file/magic.mime) +MAGIC_MIME = /usr/share/misc/file/magic.mime +endif +# New magic.mime location: +ifeq ($(wildcard /usr/share/file/magic.mime), /usr/share/file/magic.mime) +MAGIC_MIME = /usr/share/file/magic.mime +endif + +COMMON_CONFIG= --build=$(PHP5_BUILD_GNU_TYPE)-gnu --host=$(PHP5_HOST_GNU_TYPE)-gnu \ + --mandir=/usr/share/man \ + --enable-memory-limit \ + --disable-debug \ + --with-regex=php \ + --disable-rpath \ + --disable-static \ + --with-pic \ + --with-layout=GNU \ + --with-pear=/usr/share/php \ + --enable-calendar \ + --enable-sysvsem \ + --enable-sysvshm \ + --enable-sysvmsg \ + --enable-track-vars \ + --enable-trans-sid \ + --enable-bcmath \ + --with-bz2 \ + --enable-ctype \ + --with-db4 \ + --with-gdbm=/usr \ + --with-iconv \ + --enable-exif \ + --enable-filepro \ + --enable-ftp \ + --with-gettext \ + --enable-mbstring \ + --with-pcre-regex=/usr \ + --enable-shmop \ + --enable-sockets \ + --enable-wddx \ + --with-libxml-dir=/usr \ + --enable-yp \ + --with-zlib \ + --with-kerberos=/usr \ + --with-openssl=/usr \ + --enable-dbx \ + --disable-pdo \ + --enable-soap \ + --with-mime-magic=$(MAGIC_MIME) \ + --with-exec-dir=/usr/lib/php5/libexec + +BUILTIN_EXTENSION_CHECK=$$e=get_loaded_extensions(); natcasesort($$e); \ + $$s="The following extensions are built in:"; \ + foreach($$e as $$i) { $$s .= " $$i"; } \ + echo("php:Extensions=" . wordwrap($$s . ".\n", 75, "\$${Newline} ")); + +patch: patch-stamp +patch-stamp: + dh_testdir + for patch in debian/patches/*.patch; do \ + echo '->'`basename $$patch`:; \ + if ! patch -p1 --ignore-whitespace --dry-run < $$patch; \ + then \ + exit 1; \ + fi; \ + patch -p1 --ignore-whitespace < $$patch; \ + done + # sed -i -e 's/EXTRA_VERSION=""/EXTRA_VERSION="-$(PHP5_DEBIAN_REVISION)"/' configure.in + rm -f aclocal.m4 config.sub config.guess ltmain.sh + ./buildconf --force + touch patch-stamp + +unpatch: + dh_testdir + # sed -i -e 's/EXTRA_VERSION="-$(PHP5_DEBIAN_REVISION)"/EXTRA_VERSION=""/' configure.in + if [ -f patch-stamp ]; then \ + for patch in `ls debian/patches/*.patch | sort -r`; do \ + patch -p1 -R --ignore-whitespace < $$patch; \ + done; \ + rm -f aclocal.m4 config.sub config.guess ltmain.sh; \ + ./buildconf --force; \ + fi + rm -f patch-stamp + +build: build-apache2-stamp build-cgi-stamp build-cli-stamp build-pear-stamp +build-apache-stamp: configure-apache-stamp + dh_testdir + # Add here commands to compile the package. + cd apache-build && $(MAKE) + + touch build-apache-stamp + +build-apache2-stamp: configure-apache2-stamp + dh_testdir + cd apache2-build && $(MAKE) + + touch build-apache2-stamp + +build-cli-stamp: configure-cli-stamp + dh_testdir + cd cli-build && $(MAKE) + + touch build-cli-stamp + + +build-cgi-stamp: configure-cgi-stamp + dh_testdir + cd cgi-build && $(MAKE) && mv sapi/cgi/php sapi/cgi/cgi-bin.php5 + + # Dirty hack to not rebuild everything twice + cd cgi-build/main && \ + sed -i -e 's/FORCE_CGI_REDIRECT 1/FORCE_CGI_REDIRECT 0/' \ + -e 's/DISCARD_PATH 0/DISCARD_PATH 1/' php_config.h && \ + sed -i -e 's/--enable-force-cgi-redirect/--enable-discard-path/' build-defs.h && \ + touch ../../ext/standard/info.c && \ + touch ../../sapi/cgi/cgi_main.c + + cd cgi-build && $(MAKE) && mv sapi/cgi/php sapi/cgi/usr.bin.php5-cgi + + touch build-cgi-stamp + +build-pear-stamp: build-cgi-stamp + dh_testdir + -mkdir pear-build + cd cgi-build && make install-pear PHP_PEAR_PHP_BIN=/usr/bin/php PHP_PEAR_INSTALL_DIR=/usr/share/php PHP_PEAR_SYSCONF_DIR=/etc/pear PHP_PEAR_SIG_BIN=/usr/bin/gpg INSTALL_ROOT=$(CURDIR)/pear-build + for patch in debian/patches/pear/*.patch; do \ + (cd $(CURDIR)/pear-build/usr/share/php && patch -p1 < $(CURDIR)/$$patch); \ + done + find $(CURDIR)/pear-build -name '*.orig' | xargs rm -f + touch build-pear-stamp + +configure: configure-apache2-stamp configure-cli-stamp configure-cgi-stamp +configure-apache-stamp: patch-stamp + dh_testdir + if [ -d apache-build ]; then rm -rf apache-build; fi + -mkdir apache-build + cd apache-build && \ + CFLAGS="$(CFLAGS)" PROG_SENDMAIL="$(PROG_SENDMAIL)" ../configure \ + --prefix=/usr --with-apxs=/usr/bin/apxs \ + --with-config-file-path=/etc/php5/apache \ + $(COMMON_CONFIG) \ + --without-mm \ + --without-mysql --without-sybase-ct --without-sqlite + cd apache-build && \ + cp ../Zend/zend_ini_scanner.c ../Zend/zend_language_scanner.c \ + ../Zend/zend_ini_parser.h ../Zend/zend_language_parser.h \ + ../Zend/zend_ini_parser.c ../Zend/zend_language_parser.c \ + Zend/ + + touch configure-apache-stamp + +configure-apache2-stamp: patch-stamp + dh_testdir + if [ -d apache2-build ]; then rm -rf apache2-build; fi + -mkdir apache2-build + cd apache2-build && \ + CFLAGS="$(CFLAGS)" PROG_SENDMAIL="$(PROG_SENDMAIL)" ../configure \ + --prefix=/usr --with-apxs2=/usr/bin/apxs2 \ + --with-config-file-path=/etc/php5/apache2 \ + $(COMMON_CONFIG) \ + --without-mm \ + --with-curl=shared,/usr \ + --with-zlib-dir=/usr \ + --with-gd=shared,/usr --enable-gd-native-ttf \ + --with-jpeg-dir=shared,/usr \ + --with-xpm-dir=shared,/usr/X11R6 \ + --with-png-dir=shared,/usr \ + --with-freetype-dir=shared,/usr \ + --with-ttf=shared,/usr \ + --with-t1lib=shared,/usr \ + --with-ldap=shared,/usr \ + --with-mhash=shared,/usr \ + --with-mysql=shared,/usr \ + --with-mysqli=shared,/usr/bin/mysql_config \ + --with-unixODBC=shared,/usr \ + --with-recode=shared,/usr \ + --with-xsl=shared,/usr \ + --with-snmp=shared,/usr \ + --with-sqlite=shared,/usr \ + --with-sybase-ct=shared,/usr \ + --with-xmlrpc=shared \ + --with-pgsql=shared,/usr PGSQL_INCLUDE=`pg_config --includedir` + cd apache2-build && \ + cp ../Zend/zend_ini_scanner.c ../Zend/zend_language_scanner.c \ + ../Zend/zend_ini_parser.h ../Zend/zend_language_parser.h \ + ../Zend/zend_ini_parser.c ../Zend/zend_language_parser.c \ + Zend/ + touch configure-apache2-stamp + +configure-cgi-stamp: patch-stamp + dh_testdir + if [ -d cgi-build ]; then rm -rf cgi-build; fi + -mkdir cgi-build + cd cgi-build && \ + CFLAGS="$(CFLAGS)" PROG_SENDMAIL="$(PROG_SENDMAIL)" ../configure \ + --prefix=/usr --enable-force-cgi-redirect --enable-fastcgi \ + --with-config-file-path=/etc/php5/cgi \ + $(COMMON_CONFIG) \ + --without-mm \ + --without-mysql --without-sybase-ct --without-sqlite + cd cgi-build && \ + cp ../Zend/zend_ini_scanner.c ../Zend/zend_language_scanner.c \ + ../Zend/zend_ini_parser.h ../Zend/zend_language_parser.h \ + ../Zend/zend_ini_parser.c ../Zend/zend_language_parser.c \ + Zend/ + touch configure-cgi-stamp + +configure-cli-stamp: patch-stamp + dh_testdir + if [ -d cli-build ]; then rm -rf cli-build; fi + -mkdir cli-build + cd cli-build && \ + CFLAGS="$(CFLAGS)" PROG_SENDMAIL="$(PROG_SENDMAIL)" ../configure \ + --prefix=/usr --disable-cgi \ + --with-config-file-path=/etc/php5/cli \ + $(COMMON_CONFIG) \ + --without-mm \ + --without-mysql --without-sybase-ct --without-sqlite \ + --enable-pcntl \ + --with-ncurses=/usr + cd cli-build && \ + cp ../Zend/zend_ini_scanner.c ../Zend/zend_language_scanner.c \ + ../Zend/zend_ini_parser.h ../Zend/zend_language_parser.h \ + ../Zend/zend_ini_parser.c ../Zend/zend_language_parser.c \ + Zend/ + touch configure-cli-stamp + +clean: unpatch + dh_testdir + dh_testroot + rm -f configure-apache-stamp build-apache-stamp + rm -f configure-apache2-stamp build-apache2-stamp + rm -f configure-cgi-stamp build-cgi-stamp + rm -f configure-cli-stamp build-cli-stamp + rm -f build-pear-stamp + rm -f install-stamp + + # Add here commands to clean up after the build process. + #-$(MAKE) distclean + rm -rf apache-build + rm -rf apache2-build + rm -rf cgi-build + rm -rf cli-build + rm -rf pear-build + echo . > debian/copyright + + dh_clean + cat debian/modulelist | while read package extname dsoname; do \ + rm -f debian/php5-$$package.postinst \ + debian/php5-$$package.prerm \ + debian/php5-$$package.config \ + debian/php5-$$package.templates; \ + done + +install: DH_OPTIONS= +install: build + dh_testdir + dh_testroot + dh_clean -k + dh_installdirs + + chmod 01733 debian/php5-common/var/lib/php5 + + # Add here commands to install the package into debian/php5. + # install apache DSO module + #cp apache-build/.libs/libphp5.so debian/libapache-mod-php5/`apxs -q LIBEXECDIR` + #cp debian/libapache-mod-php5.500mod_php5.info \ + # debian/libapache-mod-php5/`apxs -q LIBEXECDIR`/500mod_php5.info + #cp debian/libapache-mod-php5.conf \ + # debian/libapache-mod-php5/etc/apache/conf.d/php5.conf + + # install apache2 DSO module + cp apache2-build/.libs/libphp5.so \ + debian/libapache2-mod-php5/`apxs2 -q LIBEXECDIR`/ + cp debian/libapache2-mod-php5.load \ + debian/libapache2-mod-php5/etc/apache2/mods-available/php5.load + cp debian/libapache2-mod-php5.conf \ + debian/libapache2-mod-php5/etc/apache2/mods-available/php5.conf + + # sanitize php.ini file + cat php.ini-dist | tr "\t" " " > debian/php5-common/usr/share/php5/php.ini-dist + ln -s ../../../php5/php.ini-dist debian/php5-common/usr/share/doc/php5-common/examples/php.ini-dist + cat php.ini-recommended | tr "\t" " " > debian/php5-common/usr/share/doc/php5-common/examples/php.ini-recommended + cat php.ini-paranoid | tr "\t" " " > debian/php5-common/usr/share/doc/php5-common/examples/php.ini-paranoid + + # install the apache modules' files + cd apache2-build && make install-headers install-build install-modules install-programs INSTALL_ROOT=$(CURDIR)/debian/libapache2-mod-php5 + # remove netware and win32 headers that we don't want + cd debian/libapache2-mod-php5/usr/include/php5/ && \ + rm -f TSRM/readdir.h \ + TSRM/tsrm_config.{nw,w32}.h \ + TSRM/tsrm_{nw,win32}.h \ + Zend/zend_config.{nw,w32}.h \ + main/config.{nw,w32}.h \ + main/win95nt.h + + # install PEAR + cp -r pear-build/* debian/php-pear/ + + # install extensions + ext=`./debian/libapache2-mod-php5/usr/bin/php-config --extension-dir`;\ + for i in libapache-mod-php5 libapache2-mod-php5 php5-cgi php5-cli; do \ + mkdir -p debian/$$i/$${ext}; \ + done; \ + cat debian/modulelist | while read package extname dsoname; do \ + if [ -z "$$dsoname" ]; then dsoname=$$package; fi; \ + mkdir -p debian/php5-$$package$${ext}; \ + chrpath debian/libapache2-mod-php5/$${ext}/$$dsoname.so; \ + chrpath -d debian/libapache2-mod-php5/$${ext}/$$dsoname.so; \ + install -s -m 644 -o root -g root \ + debian/libapache2-mod-php5/$${ext}/$$dsoname.so \ + debian/php5-$$package$${ext}/$$dsoname.so; \ + rm debian/libapache2-mod-php5/$${ext}/$$dsoname.so; \ + done + + # install CGI + cp cgi-build/sapi/cgi/cgi-bin.php5 debian/php5-cgi/usr/lib/cgi-bin/php5 + cp cgi-build/sapi/cgi/usr.bin.php5-cgi debian/php5-cgi/usr/bin/php5-cgi + cp cli-build/sapi/cli/php.1 debian/php5-cgi/usr/share/man/man1/php5-cgi.1 + + # install CLI + cp cli-build/sapi/cli/php debian/php5-cli/usr/bin/php5 + cp cli-build/sapi/cli/php.1 debian/php5-cli/usr/share/man/man1/php5.1 + + # move and install -dev files + dh_movefiles --sourcedir=debian/libapache2-mod-php5 + rm -rf debian/libapache2-mod-php5/usr/lib/php5/build/ \ + debian/libapache2-mod-php5/usr/include/ \ + debian/libapache2-mod-php5/usr/bin/ + for i in Makefile.global acinclude.m4 mkdep.awk phpize.m4 scan_makefile_in.awk; do \ + chmod 644 debian/php5-dev/usr/lib/php5/build/$$i; \ + done + # shipping duplicate files from other packages is hell for security audits + rm debian/php5-dev/usr/lib/php5/build/config.guess && \ + ln -s ../../../share/misc/config.guess debian/php5-dev/usr/lib/php5/build/config.guess + rm debian/php5-dev/usr/lib/php5/build/config.sub && \ + ln -s ../../../share/misc/config.sub debian/php5-dev/usr/lib/php5/build/config.sub + rm debian/php5-dev/usr/lib/php5/build/libtool.m4 && \ + ln -s ../../../share/libtool/libtool.m4 debian/php5-dev/usr/lib/php5/build/libtool.m4 + rm debian/php5-dev/usr/lib/php5/build/ltmain.sh && \ + ln -s ../../../share/libtool/ltmain.sh debian/php5-dev/usr/lib/php5/build/ltmain.sh + rm debian/php5-dev/usr/lib/php5/build/shtool && \ + ln -s ../../../bin/shtool debian/php5-dev/usr/lib/php5/build/shtool + # make php-dev stuff versioned + for i in php-config phpize; do \ + mv debian/php5-dev/usr/bin/$$i debian/php5-dev/usr/bin/"$$i"5; \ + mv debian/php5-dev/usr/share/man/man1/"$$i".1 debian/php5-dev/usr/share/man/man1/"$$i"5.1; \ + done + + # install common files + install -m755 debian/maxlifetime debian/php5-common/usr/lib/php5 + + touch install-stamp + +# Build architecture-independent files here. +# Pass -i to all debhelper commands in this target to reduce clutter. +binary-indep: DH_OPTIONS=-i +binary-indep: build install + # Need this version of debhelper for DH_OPTIONS to work. + dh_testdir + dh_testroot + dh_installdebconf + cat debian/copyright.header LICENSE Zend/LICENSE > debian/copyright + + dh_installdocs +# dh_installexamples + + for package in php5 php-pear; do \ + rm -rf debian/$$package/usr/share/doc/$$package; \ + ln -s php5-common debian/$$package/usr/share/doc/$$package; \ + done + +# dh_installmenu +# dh_installemacsen +# dh_installpam +# dh_installinit +# dh_installcron +# dh_installmanpages +# dh_installinfo +# dh_undocumented +# dh_installchangelogs + dh_link + dh_compress -Xphp.ini + dh_fixperms +# # You may want to make some executables suid here. +# dh_suidregister + dh_installdeb +# dh_perl + dh_gencontrol + dh_md5sums + dh_builddeb + +# Build architecture-dependent files here. +# Pass -a to all debhelper commands in this target to reduce clutter. +#binary-arch: DH_OPTIONS=-a +binary-arch: build install + # Need this version of debhelper for DH_OPTIONS to work. + dh_testdir + dh_testroot + # Do this first so we don't overwrite any debhelper-generated files + cat debian/modulelist | while read package extname dsoname; do \ + if [ -z "$$dsoname" ]; then dsoname=$$package; fi; \ + sed -e"s/@extname@/$$extname/g; s/@dsoname@/$$dsoname/g" \ + < debian/php5-module.postinst > debian/php5-$$package.postinst; \ + sed -e"s/@extname@/$$extname/g; s/@dsoname@/$$dsoname/g" \ + < debian/php5-module.prerm > debian/php5-$$package.prerm; \ + sed -e"s/@extname@/$$extname/g; s/@dsoname@/$$dsoname/g" \ + < debian/php5-module.config > debian/php5-$$package.config; \ + cp debian/php5-module.templates debian/php5-$$package.templates; \ + done + dh_installdebconf -a + cat debian/copyright.header LICENSE Zend/LICENSE > debian/copyright + dh_installdocs -a + + cat debian/modulelist | while read package extname dsoname; do \ + rm -rf debian/php5-$$package/usr/share/doc/php5-$$package; \ + ln -s php5-common debian/php5-$$package/usr/share/doc/php5-$$package; \ + done + + for package in php5-dev php5-cgi php5-cli libapache-mod-php5 libapache2-mod-php5; do \ + rm -rf debian/$$package/usr/share/doc/$$package; \ + ln -s php5-common debian/$$package/usr/share/doc/$$package; \ + done + +# dh_installexamples +# dh_installmenu +# dh_installemacsen +# dh_installpam +# dh_installinit + dh_installcron -pphp5-common --name=php5 +# dh_installmanpages +# dh_installinfo +# dh_undocumented + dh_installchangelogs -pphp5-common NEWS + dh_strip -a + dh_link -a + dh_compress -a -Xphp.ini + dh_fixperms -a -X /var/lib/php5 + mkdir -p debian/php5-common/usr/share/lintian/overrides + echo "php5-common: non-standard-dir-perm var/lib/php5/ 1733 != 0755" >> debian/php5-common/usr/share/lintian/overrides/php5-common + mkdir -p debian/php5-common/usr/share/linda/overrides + echo "Tag: non-standard-dir-perm" >> debian/php5-common/usr/share/linda/overrides/php5-common + echo "Data: /var/lib/php5.*" >> debian/php5-common/usr/share/linda/overrides/php5-common +# # You may want to make some executables suid here. +# dh_suidregister + dh_installdeb -a +# dh_makeshlibs +# dh_perl + dh_shlibdeps -a + + phpapi=`./debian/php5-dev/usr/bin/php-config5 --phpapi`; \ + for i in libapache2-mod-php5 php5-cgi php5-cli; do \ + echo "php:Provides=phpapi-$${phpapi}" >> debian/$$i.substvars; \ + done; \ + cat debian/modulelist | while read package extname dsoname; do \ + echo "php:Depends=phpapi-$${phpapi}" >> debian/php5-$$package.substvars; \ + done + + for i in cgi cli; do \ + "$$i"-build/sapi/cli/php -n -r '$(BUILTIN_EXTENSION_CHECK)' \ + >> debian/php5-"$$i".substvars; \ + done + for i in apache2; do \ + "$$i"-build/sapi/cli/php -n -r '$(BUILTIN_EXTENSION_CHECK)' \ + >> debian/lib"$$i"-mod-php5.substvars; \ + done + +# echo "apache:Depends=apache-common (>= $(APACHE_VERSION))" >>debian/libapache-mod-php5.substvars + echo "apache2:Depends=apache2-mpm-prefork (>> 2.0.52)" >>debian/libapache2-mod-php5.substvars + dh_gencontrol -a + dh_md5sums -a + dh_builddeb -a + +binary: binary-arch binary-indep +.PHONY: build clean binary-indep binary-arch binary install configure --- php5-5.1.2.orig/debian/php5-cli.postinst +++ php5-5.1.2/debian/php5-cli.postinst @@ -0,0 +1,22 @@ +#!/bin/sh + +set -e + +#DEBHELPER# + +if [ "$1" != "configure" ]; then + exit 0 +fi + +phpini="/etc/php5/cli/php.ini" + +if ! [ -f $phpini ]; then + mkdir -p /etc/php5/cli + cp /usr/share/php5/php.ini-dist $phpini +fi + +update-alternatives \ + --install /usr/bin/php php /usr/bin/php5 50 \ + --slave /usr/share/man/man1/php.1.gz php.1.gz /usr/share/man/man1/php5.1.gz + +exit 0 --- php5-5.1.2.orig/debian/php5-cgi.postrm +++ php5-5.1.2/debian/php5-cgi.postrm @@ -0,0 +1,42 @@ +#! /bin/sh +# postrm script for #PACKAGE# +# +# see: dh_installdeb(1) + +set -e + +# summary of how this script can be called: +# * `remove' +# * `purge' +# * `upgrade' +# * `failed-upgrade' +# * `abort-install' +# * `abort-install' +# * `abort-upgrade' +# * `disappear' overwrit>r> +# for details, see /usr/share/doc/packaging-manual/ + +case "$1" in + remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear) + + + ;; + + purge) + rm -rf /etc/php5/cgi + if [ -d /etc/php5 ]; then + rmdir --ignore-fail-on-non-empty /etc/php5 + fi + ;; + *) + echo "postrm called with unknown argument \`$1'" >&2 + exit 0 + +esac + +# dh_installdeb will replace this with shell code automatically +# generated by other debhelper scripts. + +#DEBHELPER# + +exit 0 --- php5-5.1.2.orig/debian/php5-dev.prerm +++ php5-5.1.2/debian/php5-dev.prerm @@ -0,0 +1,15 @@ +#!/bin/sh + +set -e + +#DEBHELPER# + +if [ "$1" != "remove" -a "$1" != "purge" ]; then + exit 0 +fi + +for i in php-config phpize; do + update-alternatives --remove $i /usr/bin/"$i"5 +done + +exit 0 --- php5-5.1.2.orig/debian/php5-cgi.dirs +++ php5-5.1.2/debian/php5-cgi.dirs @@ -0,0 +1,4 @@ +/etc/php5/cgi +/usr/lib/cgi-bin +/usr/bin +/usr/share/man/man1 --- php5-5.1.2.orig/debian/copyright +++ php5-5.1.2/debian/copyright @@ -0,0 +1 @@ +. --- php5-5.1.2.orig/debian/php5-cli.postrm +++ php5-5.1.2/debian/php5-cli.postrm @@ -0,0 +1,42 @@ +#! /bin/sh +# postrm script for #PACKAGE# +# +# see: dh_installdeb(1) + +set -e + +# summary of how this script can be called: +# * `remove' +# * `purge' +# * `upgrade' +# * `failed-upgrade' +# * `abort-install' +# * `abort-install' +# * `abort-upgrade' +# * `disappear' overwrit>r> +# for details, see /usr/share/doc/packaging-manual/ + +case "$1" in + remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear) + + + ;; + + purge) + rm -rf /etc/php5/cli + if [ -d /etc/php5 ]; then + rmdir --ignore-fail-on-non-empty /etc/php5 + fi + ;; + *) + echo "postrm called with unknown argument \`$1'" >&2 + exit 0 + +esac + +# dh_installdeb will replace this with shell code automatically +# generated by other debhelper scripts. + +#DEBHELPER# + +exit 0 --- php5-5.1.2.orig/debian/php5-cli.prerm +++ php5-5.1.2/debian/php5-cli.prerm @@ -0,0 +1,11 @@ +#!/bin/sh + +set -e + +#DEBHELPER# + +if [ "$1" = "remove" -o "$1" = "deconfigure" ]; then + update-alternatives --remove php /usr/bin/php5 +fi + +exit 0 --- php5-5.1.2.orig/debian/php5-cli.dirs +++ php5-5.1.2/debian/php5-cli.dirs @@ -0,0 +1,3 @@ +/etc/php5/cli +/usr/bin +/usr/share/man/man1 --- php5-5.1.2.orig/debian/maxlifetime +++ php5-5.1.2/debian/maxlifetime @@ -0,0 +1,13 @@ +#!/bin/sh -e + +max=1440 + +for ini in /etc/php5/*/php.ini; do + cur=$(sed -n -e 's/^[[:space:]]*session.gc_maxlifetime[[:space:]]*=[[:space:]]*\([0-9]\+\).*$/\1/p' $ini 2>/dev/null || true); + [ -z "$cur" ] && cur=0 + [ "$cur" -gt "$max" ] && max=$cur +done + +echo $(($max/60)) + +exit 0 --- php5-5.1.2.orig/debian/libapache-mod-php5.conf +++ php5-5.1.2/debian/libapache-mod-php5.conf @@ -0,0 +1,4 @@ + + AddType application/x-httpd-php .php .phtml .php3 + AddType application/x-httpd-php-source .phps + --- php5-5.1.2.orig/debian/libapache-mod-php5.dirs +++ php5-5.1.2/debian/libapache-mod-php5.dirs @@ -0,0 +1,3 @@ +/etc/php5/apache +/etc/apache/conf.d +/usr/lib/apache/1.3 --- php5-5.1.2.orig/debian/libapache2-mod-php5.load +++ php5-5.1.2/debian/libapache2-mod-php5.load @@ -0,0 +1 @@ +LoadModule php5_module /usr/lib/apache2/modules/libphp5.so --- php5-5.1.2.orig/debian/changelog +++ php5-5.1.2/debian/changelog @@ -0,0 +1,2657 @@ +php5 (5.1.2-1ubuntu3.20) dapper-security; urgency=low + + * SECURITY UPDATE: overflow leading to xml decode bypass + - ext/xml/xml.c: convert short to int to prevent overflow in + bit operations + - http://svn.php.net/viewvc/?view=revision&revision=287790 + - CVE-2009-5016 + * SECURITY UPDATE: xml decode bypass + - ext/xml/xml.c: improve utf8 decoding + - ext/xml/tests/bug49687.phpt: add testcase + - http://svn.php.net/viewvc/?view=revision&revision=304959 + - CVE-2010-3780 + * SECURITY UPDATE: open_basedir bypass + - main/fopen_wrappers.c: more strict checking in + php_check_specific_open_basedir() + - http://svn.php.net/viewvc?view=revision&revision=303824 + - CVE-2010-3436 + * SECURITY UPDATE: infinite loop/denial of service when dealing with + certain textual forms of MAX_FLOAT (LP: #697181) + - Zend/zend_strtod.c: treat local doubles as volatile to avoid + x87 registers in zend_strtod() + - http://svn.php.net/viewvc?view=revision&revision=263637 + - http://svn.php.net/viewvc?view=revision&revision=307095 + - CVE-2010-4645 + + -- Steve Beattie Mon, 10 Jan 2011 04:34:48 -0800 + +php5 (5.1.2-1ubuntu3.19) dapper-security; urgency=low + + * SECURITY UPDATE: denial of service via xmlrpc crafted argument + - debian/patches/CVE-2010-0397.patch: make sure method_name isn't empty + in ext/xmlrpc/xmlrpc-epi-php.c, add test to + ext/xmlrpc/tests/bug51288.phpt. + - CVE-2010-0397 + * SECURITY UPDATE: weak entropy in Linear Congruential Generator (LCG) + - debian/patches/CVE-2010-1128.patch: add more entropy in + ext/standard/lcg.c. + - CVE-2010-1128 + * SECURITY UPDATE: safe_mode bypass via trailing slash in dir pathnames + - debian/patches/CVE-2010-1129.patch: properly validate pathname in + ext/standard/file.c. + - CVE-2010-1129 + * SECURITY UPDATE: arbitrary code execution via empty SQL query + - debian/patches/CVE-2010-1868.patch: use ecalloc instead of emalloc in + ext/sqlite/sqlite.c. + - CVE-2010-1868 + * SECURITY UPDATE: denial of service via fnmatch stack consumption + - debian/patches/CVE-2010-1917.patch: limit size of pattern in + ext/standard/file.c. + - CVE-2010-1917 + * SECURITY UPDATE: sensitive information disclosure via error messages + - debian/patches/CVE-2010-2531.patch: don't display data when flushing + output buffer in ext/standard/{var.c,php_var.h}. + - CVE-2010-2531 + * SECURITY UPDATE: arbitrary session variable modification via crafted + session variable name + - debian/patches/CVE-2010-3065.patch: handle PS_UNDEF_MARKER marker in + ext/session/session.c. + - CVE-2010-3065 + + -- Marc Deslauriers Thu, 16 Sep 2010 10:24:44 -0400 + +php5 (5.1.2-1ubuntu3.18) dapper-security; urgency=low + + * SECURITY UPDATE: information disclosure and denial of service via + zend_restore_ini_entry_cb function. + - debian/patches/CVE-2009-2626.patch: gracefully handle failure in + Zend/zend_ini.c. + - CVE-2009-2626 + * SECURITY UPDATE: Cross-site scripting via incomplete htmlspecialchars + filtering + - debian/patches/CVE-2009-4142.patch: rewrite handling logic in + ext/standard/html.c, add ext/standard/tests/strings/bug49785.phpt + test script. + - CVE-2009-4142 + * SECURITY UPDATE: restrictions bypass via incorrect session data + handling + - debian/patches/CVE-2009-4143.patch: protect from interrupt + corruption in ext/session/session.c. + - CVE-2009-4143 + + -- Marc Deslauriers Wed, 06 Jan 2010 12:58:52 -0500 + +php5 (5.1.2-1ubuntu3.17) dapper-security; urgency=low + + * SECURITY UPDATE: file truncation via key with null byte + - debian/patches/CVE-2008-7068.patch: make sure key and value are sane + in ext/dba/libinifile/inifile.c. + - CVE-2008-7068 + * SECURITY UPDATE: certificate spoofing via null-byte certs (LP: #446313) + - debian/patches/CVE-2009-3291.patch: validate certificate's CN length + in ext/openssl/openssl.c. + - CVE-2009-3291 + * SECURITY UPDATE: denial of service via malformed exif images + (LP: #446313) + - debian/patches/CVE-2009-3292.patch: check length, return codes, and + nesting level in ext/exif/exif.c. + - CVE-2009-3292 + * SECURITY UPDATE: safe_mode bypass via tempam function + - debian/patches/CVE-2009-3557.patch: check for safe_mode in + ext/standard/file.c. + - CVE-2009-3557 + * SECURITY UPDATE: open_basedir restrictions bypass via posix_mkfifo + - debian/patches/CVE-2009-3558.patch: check for open_basedir in + ext/posix/posix.c. + - CVE-2009-3558 + * SECURITY UPDATE: denial of service via large number of files in + form-data POST request. + - debian/patches/CVE-2009-4017.patch: introduce new "max_file_uploads" + directive and enforce in main/main.c, main/rfc1867.c. + - ATTENTION: this update changes previous php5 behaviour by limiting + the number of files in a POST request to 50. This may be increased + by adding a "max_file_uploads" directive to the php.ini configuration + file. + - CVE-2009-4017 + * SECURITY UPDATE: safe_mode_protected_env_vars bypass via proc_open() + - debian/patches/CVE-2009-4018.patch: add safe_mode check in + ext/standard/proc_open.c + - CVE-2009-4018 + + -- Marc Deslauriers Thu, 26 Nov 2009 08:08:40 -0500 + +php5 (5.1.2-1ubuntu3.15) dapper-security; urgency=low + + * SECURITY UPDATE: denial of service via malformed JPEG image with + invalid offset fields + - debian/patches/229_SECURITY_CVE-2009-2687.patch: validate + offset_of_ifd in ext/exif/exif.c. + - CVE-2009-2687 + + -- Marc Deslauriers Fri, 21 Aug 2009 10:51:02 -0400 + +php5 (5.1.2-1ubuntu3.14) dapper-security; urgency=low + + * SECURITY UPDATE: cross-site scripting vulnerability when display_errors + is enabled. + - debian/patches/227_SECURITY_CVE-2008-5814.patch: don't print back + cookie names or values in ext/standard/head.c. + - CVE-2008-5814 + * SECURITY UPDATE: mbstring.func_overload setting in .htaccess affects + other virtual hosts. + - debian/patches/228_SECURITY_CVE-2009-0754.patch: don't terminate on + the first function that is not overloaded in ext/mbstring/mbstring.c. + - CVE-2009-0754 + + -- Marc Deslauriers Wed, 15 Apr 2009 14:21:45 -0400 + +php5 (5.1.2-1ubuntu3.13) dapper-security; urgency=low + + * SECURITY UPDATE: denial of service and possible code execution from + integer overflow in libgd. Although the system libgd was fixed in USN-557-1, + php5 would not gracefully handle the error return code, resulting in a + denial of service. + - debian/patches/219_SECURITY_CVE-2007-3996.patch: check return codes when + calling libgd in ext/gd/gd.c. + - CVE-2007-3996 + * SECURITY UPDATE: php_admin_value and php_admin_flag restrictions bypass via + ini_set. (LP: #228095) + - debian/patches/220_SECURITY_CVE-2007-5900.patch: add new + zend_alter_ini_entry_ex() function that extends zend_alter_ini_entry() by + making sure the entry can be modified in Zend/zend_ini.{c,h}, + Zend/zend_vm_def.h, and Zend/zend_vm_execute.h. Use the new function for + bacporting reasons in sapi/cgi/cgi_main.c and sapi/cli/php_cli.c. + - CVE-2007-5900 + * SECURITY UPDATE: denial of service and possible arbitrary code execution + via crafted font file. (LP: #286851) + - debian/patches/221_SECURITY_CVE-2008-3658.patch: make sure font->nchars, + font->h, and font->w don't cause overflows in ext/gd/gd.c. Also, add + test script ext/gd/tests/imageloadfont_invalid.phpt. + - CVE-2008-3658 + * SECURITY UPDATE: denial of service and possible arbitrary code execution + via the delimiter argument to the explode function. (LP: #286851) + - debian/patches/222_SECURITY_CVE-2008-3659.patch: make sure needle_length + is sane in ext/standard/tests/strings/explode_bug.phpt. Also, add test + script ext/standard/tests/strings/explode_bug.phpt. + - CVE-2008-3659 + * SECURITY UPDATE: denial of service via a request with multiple dots + preceding the extension. (ex: foo..php) (LP: #286851) + - debian/patches/223_SECURITY_CVE-2008-3660.patch: improve .. cleaning with + a new is_valid_path() function in sapi/cgi/cgi_main.c. + - CVE-2008-3660 + * SECURITY UPDATE: mbstring extension arbitrary code execution via crafted + string containing HTML entity. (LP: #317672) + - debian/patches/224_SECURITY_CVE-2008-5557.patch: improve + mbfl_filt_conv_html_dec_flush() error handling in + ext/mbstring/libmbfl/filters/mbfilter_htmlent.c. + - CVE-2008-5557 + * SECURITY UPDATE: safe_mode restriction bypass via unrestricted variable + settings. + - debian/patches/225_SECURITY_CVE-2008-5624.patch: make sure the page_uid + and page_gid get initialized properly in ext/standard/basic_functions.c. + Also, init server_context before processing config variables in + sapi/apache/mod_php5.c. + - CVE-2008-5624 + * SECURITY UPDATE: arbitrary file write by placing a "php_value error_log" + entry in a .htaccess file. + - debian/patches/226_SECURITY_CVE-2008-5625.patch: enforce restrictions + when merging in dir entry in sapi/apache/mod_php5.c and + sapi/apache2handler/apache_config.c. + - CVE-2008-5625 + + -- Marc Deslauriers Thu, 29 Jan 2009 19:29:49 -0500 + +php5 (5.1.2-1ubuntu3.12) dapper-security; urgency=low + + * debian/patches/209-CVE-2008-2051.patch: properly address incomplete + multibyte chars inside escapeshellcmd() + * Add debian/patches/210-CVE-2008-2829.patch: unsafe usage of deprecated + imap functions (patch from Debian) + * Add debian/patches/211-CVE-2008-1384.patch: integer overflow in printf() + (patch from Debian) + * Add debian/patches/212-CVE-2008-2107+2108.patch: weak random number seed. + * Add debian/patches/213-SECURITY_CVE-2007-4782.patch: DoS via long string + in the fnmatch functions + * debian/patches/214-SECURITY-pcre_compile.patch: avoid stack overflow (fix + from pcre 7.6) + * Update debian/patches/207-htmlentity-utf8-fix.patch: fail on improperly + finished UTF sequence + * References + CVE-2008-2051 + CVE-2008-2829 + CVE-2008-1384 + CVE-2008-2107 + CVE-2008-2108 + CVE-2007-4782 + CVE-2007-5898 + LP: #227464 + + -- Jamie Strandboge Wed, 23 Jul 2008 12:08:11 -0400 + +php5 (5.1.2-1ubuntu3.11) dapper-proposed; urgency=low + + * debian/patches/209-array-soap-response.patch: Fix SOAP response for + associative array (LP: #52866). + * debian/rules: don't package an empty debian/copyright file as it would be + rejected by launchpad. The copyright file is generated at build time. + + -- Mathias Gug Thu, 24 Jan 2008 19:10:18 -0500 + +php5 (5.1.2-1ubuntu3.10) dapper-security; urgency=low + + * SECURITY UPDATE: multiple vulnerabilities. Thanks to Sean Finney for + help locating upstream fixes. + * Add 200-string-wordwrap.patch: wordwrap function can be made to crash. + Backported upstream fixes (CVE-2007-3998). + * Add 201-strspn-oob-read.patch: memory reading, possible crash via strspn. + chunk_split. Backported upstream fixes (CVE-2007-4657). + * Add 202-money-format-abuse.patch: money_format format string vulnerable. + Backported upstream fixes (CVE-2007-4658). + * Add 203-openssl_make_REQ-overflow.patch: overflow in openssl_make_REQ. + Applied and corrected upstream fixes (CVE-2007-4662). + * Add 204-start-session-cookies.patch: overwrite cookie values. + Applied upstream fixes (CVE-2007-3799). + * Add 206-chunk_split-fixes.patch: memory reading, possible crash via + chunk_split. Merged various upstream fixes (CVE-2007-2872, CVE-2007-4660, + CVE-2007-4661). + * Add 206-cookie-nesting-fix.patch: corruption/crashes via deeply nested + variables. Backported upstream fixes (CVE-2007-1285, CVE-2007-4670). + * Add 207-htmlentity-utf8-fix.patch: don't accept partial utf8 sequences. + Backported upstream fixes (CVE-2007-5898). + * Add 208-session-id-leak.patch: don't send session id to remote forms. + Backported upstream fixes (CVE-2007-5899). + * References + http://www.php.net/releases/5_2_4.php + http://www.php.net/releases/5_2_5.php + + -- Kees Cook Fri, 19 Oct 2007 12:58:34 -0700 + +php5 (5.1.2-1ubuntu3.9) dapper-security; urgency=low + + * SECURITY UPDATE: arbitrary code execution via heap overflow. + * Add debian/patches/122-CVE-2007-1864-xmlrpc.patch: upstream fix + (CVE-2007-1864). + + -- Kees Cook Mon, 09 Jul 2007 03:29:49 -0700 + +php5 (5.1.2-1ubuntu3.8) dapper-security; urgency=low + + * SECURITY UPDATE: FTP command injection, code execution in SOAP requests, + user filter code execution, PEAR installer path traversal. + * 121-CVE-2007-2509_ftp.patch: ported from upstream and Debian + (CVE-2007-2509) + * 121-CVE-2007-2510_soap.patch: ported from upstream and Debian + (CVE-2007-2510) + * 121-CVE-2007-2511_userfilters.patch: ported from upstream and Debian + (CVE-2007-2511) + * pear/121-pear-installer.patch: extracted from upstream changes + (CVE-2007-2519) + + -- Kees Cook Mon, 21 May 2007 11:00:42 -0700 + +php5 (5.1.2-1ubuntu3.7) dapper-security; urgency=low + + * SECURITY UPDATE: multiple security vulnerabilities fixed. Thanks to + Moritz Muehlenhoff and Sean Finney. + * MOPB-10.patch: php_binary Session Deserialization Information Leak + (CVE-2007-1380) + * MOPB-14.patch: substr_compare() Information Leak (CVE-2007-1375) + * MOPB-15.patch: shmop Functions Resource Verification (CVE-2007-1376) + * MOPB-22.patch: session_regenerate_id() Double Free (CVE-2007-1521) + * MOPB-24.patch: array_user_key_compare() Double DTOR (CVE-2007-1484) + * MOPB-26.patch: mb_parse_str() register_globals Activation + (CVE-2007-1583) + * MOPB-30.patch: _SESSION unset() (CVE-2007-1700) + * MOPB-34.patch: mail() Header Injection (CVE-2007-1718) + * MOPB-41.patch: sqlite_udf_decode_binary() Buffer Overflow + (CVE-2007-1887 CVE-2007-1888) + * MOPB-42.patch: php_stream_filter_create() Off By One (CVE-2007-1824) + + -- Kees Cook Mon, 23 Apr 2007 16:38:58 -0700 + +php5 (5.1.2-1ubuntu3.6) dapper-security; urgency=low + + * debian/patches/CVE-2007-0906_streams.patch: + - Extend streams string variables to accomodate null byte. (LP: #87481) + - Fix backported from upstream CVS: + http://cvs.php.net/viewvc.cgi/php-src/main/streams/streams.c?r1=1.82.2.6.2.9&r2=1.82.2.6.2.10 + + -- Martin Pitt Wed, 7 Mar 2007 11:22:25 +0100 + +php5 (5.1.2-1ubuntu3.5) dapper-security; urgency=low + + * SECURITY UPDATE: Remote code execution. + * Add debian/patches/CVE-2007-0906_imap.patch: + - Buffer overflows in the imap extension. + - http://cvs.php.net/viewvc.cgi/php-src/ext/imap/php_imap.c?r1=1.208.2.7.2.11&r2=1.208.2.7.2.12 + - http://cvs.php.net/viewvc.cgi/php-src/ext/imap/php_imap.c?r1=1.208.2.7.2.15&r2=1.208.2.7.2.16 + * Add debian/patches/CVE-2007-0906_session.patch: + - Buffer overflow in the session extension. + - http://cvs.php.net/viewvc.cgi/php-src/ext/session/session.c?r1=1.417.2.8.2.22&r2=1.417.2.8.2.23 + * Add debian/patches/CVE-2007-0906_streams.patch: + - Buffer overflows in the stream filters functions. + - http://cvs.php.net/viewvc.cgi/php-src/ext/standard/streamsfuncs.c?r1=1.58.2.6.2.12&r2=1.58.2.6.2.13 + - http://cvs.php.net/viewvc.cgi/php-src/ext/standard/streamsfuncs.c?r1=1.98&r2=1.99 + * Add debian/patches/CVE-2007-0906_string.patch: + - Buffer overflow in the string extension. + - http://cvs.php.net/viewvc.cgi/php-src/ext/standard/string.c?r1=1.629&r2=1.631 + * Add debian/patches/CVE-2007-0907.patch: + - Buffer underflow in sapi_header_op() that can be exploited to crash the + PHP interpreter. + - http://cvs.php.net/viewvc.cgi/php-src/main/SAPI.c?r1=1.202.2.7.2.3&r2=1.202.2.7.2.4 + * Add debian/patches/CVE-2007-0908.patch: + - Fix forgotten initialization of key_length and buffer overflow in the + wddx extension that could be exploited to reveal memory that is not + supposed to be accessible (potential information disclosure). + - http://cvs.php.net/viewvc.cgi/php-src/ext/wddx/wddx.c?r1=1.119.2.10.2.8&r2=1.119.2.10.2.10 + * Add debian/patches/CVE-2007-0909_print.patch: + - Fix format string vulnerability on 64 bit systems in the *print() + functions. + - http://cvs.php.net/viewvc.cgi/php-src/ext/standard/formatted_print.c?r1=1.82.2.1.2.11&r2=1.82.2.1.2.12 + * Add debian/patches/CVE-2007-0909_odbc.patch: + - Fix format string vulnerability on 64 bit systems in odbc_result_all(). + - http://cvs.php.net/viewvc.cgi/php-src/ext/odbc/php_odbc.c?r1=1.189.2.4.2.1&r2=1.189.2.4.2.2 + - http://cvs.php.net/viewvc.cgi/php-src/ext/odbc/php_odbc.c?r1=1.189.2.4.2.3&r2=1.189.2.4.2.4 + * Add debian/patches/CVE-2007-0910.patch: + - Fix clobbering of superglobal variables during session variable + unserialization. + - http://cvs.php.net/viewvc.cgi/php-src/ext/session/session.c?r1=1.458&r2=1.459 + - http://cvs.php.net/viewvc.cgi/php-src/ext/session/session.c?r1=1.417.2.8.2.24&r2=1.417.2.8.2.26 + - http://cvs.php.net/viewvc.cgi/php-src/main/php_variables.c?r1=1.104.2.10.2.3&r2=1.104.2.10.2.4 + * Add debian/patches/CVE-2007-0988.patch: + - Fix infinite loop in zend_hash_init() when unserializing untrusted data + on 64 bit systems. + - http://cvs.php.net/viewvc.cgi/ZendEngine2/zend_hash.c?r1=1.121.2.4.2.5&r2=1.121.2.4.2.6 + + -- Martin Pitt Wed, 21 Feb 2007 09:25:41 +0100 + +php5 (5.1.2-1ubuntu3.4) dapper-security; urgency=low + + * SECURITY UPDATE: Remote code execution. + * Add debian/patches/CVE-2006-5465.patch: + - Fix buffer overflows in htmlentities() and htmlspecialchars(). + - Ported from upstream CVS: + http://cvs.php.net/viewvc.cgi/php-src/ext/standard/html.c?r1=1.111.2.2.2.2&r2=1.111.2.2.2.3 + * Add debian/patches/200-chdir_openbasedir_bypass.patch: + - Fix open_basedir bypass in chdir(). + - Ported from upstream CVS: + http://cvs.php.net/viewvc.cgi/php-src/ext/standard/dir.c?r1=1.147.2.3&r2=1.147.2.3.2.1 + * Add debian/patches/201-tempnam_openbasedir_bypass.patch: + - Fix open_basedir bypass in tempnam(). + - Ported from upstream CVS: + http://cvs.php.net/viewvc.cgi/php-src/main/php_open_temporary_file.c?r1=1.34.2.1.2.1&r2=1.34.2.1.2.3 + + -- Martin Pitt Thu, 2 Nov 2006 10:16:28 +0000 + +php5 (5.1.2-1ubuntu3.3) dapper-security; urgency=low + + * SECURITY UPDATE: Multiple vulnerabilities. + * Fix CVE number in 5.1.2-1ubuntu3.1 changelog: The curl open_basedir + bypass is actually CVE-2006-4483, not -2563. + * Add debian/patches/CVE-2006-4485.patch: + - Fix buffer overread in stripos(). + - Ported from upstream CVS: + http://cvs.php.net/viewvc.cgi/php-src/ext/standard/string.c?view=diff&r1=1.547&r2=1.548 + * Add debian/patches/CVE-2006-4486.patch: + - Fix integer overflow and memory_limit bypass on 64 bit platforms. + - Patch stolen from RedHat security update, not fixed upstream yet. + * Add debian/patches/CVE-2006-4625.patch: + - Fix open_basedir/safe_mode bypass with ini_restore(). + - Ported from upstream CVS: + http://cvs.php.net/viewvc.cgi/ZendEngine2/zend_ini.c?r1=1.39.2.2&r2=1.39.2.3 + * Add debian/patches/CVE-2006-4812.patch: + - Fix integer overflow in Zend's ecalloc(). + - Ported from upstream CVS: + http://cvs.php.net/viewvc.cgi/ZendEngine2/zend_alloc.c?r1=1.161&r2=1.162 + + -- Martin Pitt Tue, 10 Oct 2006 13:12:34 +0000 + +php5 (5.1.2-1ubuntu3.2) dapper-security; urgency=low + + * SECURITY UPDATE: Multiple vulnerabilities. + * debian/patches/CVE-2006-4020.patch: + - sscanf buffer overflow + - http://bugs.php.net/bug.php?id=38322 + - http://cvs.php.net/viewvc.cgi/php-src/ext/standard/scanf.c?r1=1.31.2.2&r2=1.31.2.3 + * debian/patches/CVE-2006-4481.patch: + - safe_mode/open_basedir bypass with file_exists() and imap_reopen() + - http://cvs.php.net/viewvc.cgi/php-src/ext/imap/php_imap.c?r1=1.208.2.8&r2=1.208.2.9 + (imap_reopen()) + - http://cvs.php.net/viewvc.cgi/php-src/ext/standard/filestat.c?r1=1.136.2.8&r2=1.136.2.9 + (file_exists()) + * debian/patches/CVE-2006-4482.patch: + - str_repeat() and wordwrap() buffer overflow on 64 bit systems + - http://cvs.php.net/viewvc.cgi/php-src/ext/standard/string.c?r1=1.445.2.14.2.10&r2=1.445.2.14.2.11 + * debian/patches/CVE-2006-4484.patch: + - GIF parser overflow + - http://cvs.php.net/viewvc.cgi/php-src/ext/gd/libgd/gd_gif_in.c?r1=1.5.4.4&r2=1.5.4.5 + + -- Martin Pitt Wed, 6 Sep 2006 19:01:27 +0000 + +php5 (5.1.2-1ubuntu3.1) dapper-security; urgency=low + + * SECURITY UPDATE: Multiple vulnerabilities. + * debian/patches/CVE-2006-0996.patch: + - XSS in phpinfo() [CVE-2006-0996] + - http://cvs.php.net/viewcvs.cgi/php-src/ext/standard/info.c?r1=1.260&r2=1.261 + * debian/patches/CVE-2006-1490.patch: + - Memory disclosure in html_entity_decode() [CVE-2006-1490] + - http://cvs.php.net/viewcvs.cgi/php-src/ext/standard/html.c?r1=1.112&r2=1.113 + * debian/patches/CVE-2006-1494.patch: + - Bypassing open_basedir restrictions with tempnam() + [CVE-2006-1494, CVE-2006-2660] + - http://cvs.php.net/viewcvs.cgi/php-src/ext/standard/file.c?r1=1.279.2.70.2.4&r2=1.279.2.70.2.5 + * debian/patches/CVE-2006-1608.patch: + - Bypassing open_basedir restrictions with copy() via a source argument + containing a compress.zlib:// URI [CVE-2006-1494] + - http://cvs.php.net/viewcvs.cgi/php-src/ext/standard/file.c?r1=1.382.2.10&r2=1.382.2.11 + * debian/patches/CVE-2006-1990.patch: + - Integer overflow in wordwrap function (usually not triggerable from + outside). [CVE-2006-1990] + - Zend/zend_alloc.c: Fix variable declaration to work on 64-bit systems to + plug this vulnerability on amd64/ia64, too. (not yet fixed upstream) + * debian/patches/CVE-2006-1991.patch: + - DoS with out-of-bounds offset argument to substr_compare() + [CVE-2006-1991] + * debian/patches/CVE-2006-4483.patch: + - Bypassing safe mode/open_basedir restrictions with curl module + [CVE-2006-4483] + - Patch taken from Mandriva, not fixed upstream. + * debian/patches/CVE-2006-3011.patch: + - Bypassing safe mode/open_basedir restrictions with error_log() with + 'php://' or other schema in the third argument. [CVE-2006-3011] + - http://cvs.php.net/viewvc.cgi/php-src/ext/standard/basic_functions.c?r1=1.543.2.51.2.9&r2=1.543.2.51.2.10 + * debian/patches/CVE-2006-3016.patch: + - Check session name for invalid characters to prevent CRLF and other + malicious injections. [CVE-2006-3016] + - http://cvs.php.net/viewcvs.cgi/php-src/ext/session/session.c?r1=1.425&r2=1.426 + * debian/patches/CVE-2006-3017.patch: + - Fix zend_hash_del() (previously could delete the wrong element, which + prevented a variable from being unset even when the PHP unset function + was called, which might cause the variable's value to be used in + security-relevant operations). [CVE-2006-3017] + - http://cvs.php.net/viewcvs.cgi/Zend/zend_hash.c?r1=1.87.4.8.2.1&r2=1.87.4.8.2.3 + * debian/patches/CVE-2006-3018.patch: + - Heap corruption in session extension. [CVE-2006-3018] + - http://cvs.php.net/viewcvs.cgi/php-src/ext/session/mod_files.c?r1=1.102&r2=1.103 + + -- Martin Pitt Tue, 18 Jul 2006 17:22:30 +0000 + +php5 (5.1.2-1ubuntu3) dapper; urgency=low + + * Enable the mysqli extension, which is required for full functionality + of the ubuntu-server LAMP stack for dapper (launchpad.net/27904) + * Make php5-{mysql,mysqli} depend on each other to ease the pain of the + planned transition for Etch/Edgy where both will be packaged together. + * Comment out the EXTRA_VERSION hack, since it served its purpose when + we were providing CVS snapshots, but is now just a cause of complaints. + + -- Adam Conrad Thu, 18 May 2006 12:12:27 +1000 + +php5 (5.1.2-1ubuntu2) dapper; urgency=low + + * Rebuild against the new libmysqlclient15off with correct symbols. + + -- Adam Conrad Thu, 6 Apr 2006 12:48:51 +1000 + +php5 (5.1.2-1ubuntu1) dapper; urgency=low + + * Resynchronise with Debian, bringing in security fixes and PEAR fix. + + -- Adam Conrad Wed, 18 Jan 2006 18:09:55 +1100 + +php5 (5.1.2-1) unstable; urgency=low + + * New upstream bugfix and security update release (closes: #347894) + - Fixes multiple cross-site-scripting vulnerabilities; CVE-2006-0208 + - Resolves multiple HTTP response splitting vulnerabilities, allowing + arbitrary header injection via Set-Cookie headers; see CVE-2006-0207 + - While we don't currently build it, this release also fixes a format + string vulnerability in the mysqli extension; see CVE-2006-0200 + - Includes a new version of the PEAR installer that seems to have a + slightly better clue about the difference between INSTALL_ROOT and + PHP_PEAR_INSTALL_DIR, fixing pear.conf (closes: #346479, #346501) + * While the above is partially true, the PEAR installer is still a bit + broken (it won't install correctly under fakeroot anymore, YAY), so + shuffle debian/rules to have a build-pear-stamp target, as a stopgap. + * Add 106-strptime_xopen.patch, moving the _XOPEN_SOURCE definition down + in ext/standard/datetime.c, below the php.h include (closes: #346550) + * Add 107-reflection_is_ext.patch, munging ext/reflection/config.m4 to + properly call the PHP_ARG_ENABLE macro for an extension, not built-in. + * Stop php-pear from Replacing and Conflicting with php-html-template-it, + as we only now ship the bare essential to make the pear installer go. + + -- Adam Conrad Mon, 16 Jan 2006 16:12:31 +1100 + +php5 (5.1.1-1ubuntu1) dapper; urgency=low + + * Resynchronise with Debian, bringing in a myriad of security fixes. + + -- Adam Conrad Sun, 8 Jan 2006 02:07:20 +1100 + +php5 (5.1.1-1) unstable; urgency=low + + * New upstream bugfix release, skipping the problematic 5.1.0 release: + - Fixes a zend.ze1_compatibility_mode segfault (closes: #333374) + - Remove libtool patch from acinclude.m4, now integrated upstream. + - Remove 038-round_test_fix.patch, now integrated upstream. + - Remove 049-exported-headers.patch, as upstream's build system has + gotten more clever about what they should and shouldn't export. + - Remove 054-open_basedir_slash.patch, now integrated upstream. + - Remove 055-gd_safe_mode_checks.patch, fixed differently upstream. + - Mangle 101-sqlite_is_shared.patch, to deal with upstream changes. + - Remove 104-64_bit_serialize.patch, now integrated upstream. + - Remove 105-64_bit_imagettftext.patch, now integrated upstream. + * Many security vulnerabilities fixed (closes: #341368, #336005, #336654): + - Resolves a local denial of service in the apache2 SAPI, which can + be triggered by using session.save_path in .htaccess; CVE-2005-3319 + - Resolves an infinite loop in the exif_read_data function which can + be triggered with a specially-crafted JPEG image; CVE-2005-3353 + - Resolves a vulnerability in the parse_str function whereby a remote + attacker can fool PHP into turning on register_globals, thus making + applications vulnerable to global variable injections; CVE-2005-3389 + - Resolves a vulnerability in the RFC1867 file upload feature where, if + register_globals is enabled, a remote attacker can modify the GLOBALS + array with a multipart/form-data POST request; see CVE-2005-3390 + - Resolves numerous safe_mode and open_basedir bypasses; CVE-2005-3391 + - Resolves INI settings leaks in the apache2 SAPI, leading to safe_mode + and open_basedir bypasses between virtual hosts; CVE-2005-3392 + - Resolves a CRLF injection vulnerability in the mb_send_mail function, + allowing injection of arbitrary mail headers; see CVE-2005-3883 + - Includes PEAR 1.4.5, resolving a vulnerability in the pear installer + which could lead to arbitrary code execution; see CVE-2005-4154 + * Bump libdb build-dep from libdb4.2 to libdb4.3, to match with apache. + * Bump our MySQL build-dep to 5.0's libmysqlclient15-dev (closes: #343793) + * Automate the process of getting the list of built-in modules into the + package descriptions, so it stays fresh in the future (closes: #341867) + * Intentionally disable PDO support until I've sorted out the best way to + deal with shipping this shiny new feature that won't break the world. + * The new PEAR happens to fix the Command.php greedy match bug filed in + Debian as part of the fix for the wider security issue (closes: #334969) + * Create 056-mime_magic_strings.patch, making the mime_magic extension + more liberal about what mime-types is accepts, as well as making it skip + over ones it dislikes, rather than disabling itself (closes: #335674) + * Add 057-no_apache_installed.patch, to stop spewing a mess of errors in + configure because we don't have the apache binaries in the build chroot. + * Fix small typo in the php5-xsl package description (closes: #344816) + + -- Adam Conrad Thu, 15 Dec 2005 14:46:56 +1100 + +php5 (5.0.5-3) unstable; urgency=low + + * Build-Depend on libcurl3-openssl-dev, since libcurl3-dev is going away + soon. Keep libcurl3-dev as an alternate for backporting (see: #334367) + * Switch from libmysqlclient12 to libmysqlclient14; this puts us on the + *other* side of the line regarding which combinations of DSOs cause + segfaults, so hopefully the others catch up with us soon (closes: #332453) + * Look for magic.mime in /usr/share/file now instead of /usr/share/misc/file, + as the path has been changed to comply with the FHS (see: #334510) + * Make the above backportable as well, by searching for both files, and + picking the one that's currently installed on the user's system. + * Include swedish debconf translation from Daniel Nylander (closes: #330763) + * Make pear use '/usr/bin/php' instead of just 'php' to make sure we don't + get some random binary on $PATH that won't work right (closes: #329415) + * Set PHP_PEAR_SIG_BIN to /usr/bin/gpg, and have php-pear Recommends: gnupg + + -- Adam Conrad Fri, 21 Oct 2005 02:30:19 +1000 + +php5 (5.0.5-2ubuntu1) breezy; urgency=low + + * Resync with Debian, bringing in two security fixes, a file conflict fix, + and two 64-bit memory corruption and segfault fixes (no other changes). + + -- Adam Conrad Sun, 9 Oct 2005 03:14:32 +1000 + +php5 (5.0.5-2) unstable; urgency=medium + + * Remove Andres Salomon from the Uploaders field, at his request. Thanks + for all your work on the PHP packages, Andres, now fix our kernel bugs. + * Add 054-open_basedir_slash.patch, which fixes a bug where if open_basedir + is set to "/foo/", users can access files in "/foobar/", which is not the + documented behaviour; this addresses CAN-2005-3054 (see: #323585) + * Add 104-64_bit_serialize.patch from Joe Orton, resolving a segfault when + serializing objects on all 64-bit architectures (closes: #329768) + * Add 105-64_bit_imagettftext.patch, fixing a type mismatch in the GD + extension, causing memory corruption on 64-bit arches (closes: #331001) + * Add 055-gd_safe_mode_checks.patch from PHP CVS, adding missing safe_mode + checks to the _php_image_output and _php_image_output_ctx GD functions. + * Make php-pear Provide, Replace, and Conflict php-html-template-it, which + we appear to have absorbed into the main PEAR packaging (closes: #332393) + + -- Adam Conrad Tue, 27 Sep 2005 16:09:29 +1000 + +php5 (5.0.5-1ubuntu1) breezy; urgency=low + + * Resync with Debian, lowering libsnmp-dev build-dep to libsnmp5-dev. + * This new upstream includes a fixed XML_RPC class in php-pear, which + addresses CAN-2005-2498 and closes Ubuntu bug #13701. + + -- Adam Conrad Tue, 13 Sep 2005 14:52:10 +1000 + +php5 (5.0.5-1) unstable; urgency=low + + * New upstream release, adjust patch offsets and fuzz, and drop patches: + - Drop 009-snmp-int-sizes.patch, finally fixed upstream. + - Drop 051-gcc-4.0.patch, fixed differently upstream. + - Drop 102-php_streams.patch, fixed upstream. + - Drop 103-catch_segv.patch, also fixed upstream. + - Includes PEAR XML_RPC fix for CAN-2005-2498. + - Includes phpinfo() XSS fix for CVE-2005-3388. + * Distribute the shiny new manpages for php-config and phpize. + + -- Adam Conrad Mon, 12 Sep 2005 02:29:24 +1000 + +php5 (5.0.4-4) unstable; urgency=low + + * Ondřej Surý : + - Add patch from CVS to fix regression in PHP 5.0.4, where file related + functions all stop reading at 2,000,000 bytes (closes: #321930) + * Adam Conrad : + - Enable support for gdbm files in the dba handler; half the base system + already appears to depend on libgdm, so we can't make things worse. + - Add another patch from CVS to fix a segfault in the catch/throw + handler under interesting nesting cases (closes: #322507) + - Rebuild against libsnmp9-dev for new libsnmp SOVER (closes: #327107) + + -- Adam Conrad Thu, 8 Sep 2005 00:36:36 +1000 + +php5 (5.0.4-3ubuntu1) breezy; urgency=low + + * Resync with Debian, bringing in important changes to php5-dev and the + dependency relationships between php5 SAPIs and php5 extensions, as + well as making sure that php5 is backportable to hoary without changes. + + -- Adam Conrad Mon, 1 Aug 2005 09:54:24 +1000 + +php5 (5.0.4-3) unstable; urgency=low + + * And fix the module/extension API situation one last time, this time + we read ZEND_EXTENSION_API_NO, ZEND_MODULE_API_NO, and PHP_API_VERSION, + pick the most recent of the three, assume things broke in ways we're + not willing to cope with, and both change the extension directory to + use that value, as well as setting it to the provides/depends for the + various SAPI and extension packages. + * Add a new option to php-config, 'php-config --phpapi', which extension + packagers should now be using to get the current phpapi they're building + against and set their dependencies accordingly. + * Strip the -gnu off the end of the DEB_*_* variables and drop the + versioned dpkg-dev build-dep to ease backporting to sarge and hoary; + doing so in such a way as to still allow for easy cross-compiling. + * Add postgresql-dev build-dep alternate for easy hoary/sarge backports. + * Make libapache2-mod-php5 the default alternate dependency for the php5 + metapackage, since we really do want to encourage the apache upgrade. + * Make php5-dev stop shipping copies of files from autotools-dev, shtool, + and libtool, and instead symlink to them and depend on those packages, + thus avoiding the shtool issues from CAN-2005-1751 and CAN-2005-1759. + + -- Adam Conrad Sun, 31 Jul 2005 03:05:08 +1000 + +php5 (5.0.4-2) unstable; urgency=low + + * We now have a mailing list. Set the maintainer to the list, and move + myself to Uploaders where, apparently, I belong. + * Use ZEND_MODULE_API_NO rather than PHP_API_VERSION for extension deps, + as recent upstream ABI breakage in 4.4.0 leads me to believe this is + the only constant they actually bother to update on ABI changes. + * Bring back some concflicts that went missing (libapache-mod-php5 needs + to conflict with libapache-mod-php4 and older versions of php4, while + the two libapache2-mod-php[45] modules also need to conflict). + * Adjust debian/watch to not match on upstream's alpha/beta/rc releases. + + -- Adam Conrad Wed, 27 Jul 2005 22:30:42 +1000 + +php5 (5.0.4-1ubuntu2) breezy; urgency=low + + * libapache2-mod-php5 needs to conflict with libapache2-mod-php4 to + prevent people from shooting their own feet and breaking apache2. + + -- Adam Conrad Wed, 27 Jul 2005 22:29:14 +1000 + +php5 (5.0.4-1ubuntu1) breezy; urgency=low + + * Upload to breezy, disabling the libapache-mod-php5 build. + + -- Adam Conrad Wed, 27 Jul 2005 02:22:23 +1000 + +php5 (5.0.4-1) unstable; urgency=low + + * Initial PHP5 release; packaging forked from php4 4:4.3.11-1. + - Closes: #262977, #293832 + * Ondrej Sury : + - Removed some obsolete cruft, since there wasn't any previous php5 + packages there is no need, to check /usr/share/doc/*, etc. + - Removed apache2 IfModule hack, it's been fixed in php5. + - Updated patches to php5, removing those which are obsolete. + - Changes xslt extension to xsl (using libxslt). + - Updated debian/* including changelog. + - Raised update-alternatives priority to 50. + * Adam Conrad : + - Merged with php4 4:4.4.0-1 packaging. + - Re-roll upstream tarball to include PEAR::XML_RPC 1.3.3, which + includes a security fix for CVE CAN-2005-1921. + - Bump to Standards-Version 3.6.2, with no source changes. + - Stop distributing the phpextdist binary, as upstream has stopped. + - Drop the ext_skel binary and skeleton dir from php5-dev, as it has + been deemed obsolete upstream and the version in the tarball is not + considered useful anymore. PEAR::PECL_Gen upstream will replace it. + - Fix longstanding broken shebang lines in debconf config scripts. + - Remove lintian overrides for modules; lintian no longer complains + about missing shlibs for libraries outside the linker path. + - Add a linda override for the non-standard directory permissions on + /var/lib/php5 in php5-common. + - Rename php5-pear to php-pear, have it replace php4-pear, and depend + on php5-cli OR php4-cli; make sure it works with both. + - Compile in SOAP extension (closes: #307580) + - Enable SQLite extension as shared, make the xmlrpc extension shared. + - Enabled the pgsql extension, and disabled the imap extension (which + will be moving to another source package and become the example + package for out-of-tree builds). + + -- Adam Conrad Sat, 16 Jul 2005 23:42:36 +1000 + +php4 (4:4.3.11-1) unstable; urgency=low + + * New upstream release (closes: #304052) + - Drop CVS patches, we're back in step with upstream versions. + - Remove 048-x509_multiple_orgUnits.patch, incorporated in 4.3.11. + - Remove 050-4.3.11_file_copy_fix.patch, incorporated in 4.3.11. + - Remove 040-curl_open_basedir.patch, as upstream has solved this + in a different fashion. + - Adjust patches for offset and fuzz. + - Remove bits from debian/rules dealing with the DB PEAR extension, + since it's no longer shipped in the php4-pear package. + * Rebuild against newer version of freetds library (closes: #317369) + * Add 052-phpinfo_no_configure.patch, which disables the display of our + "Configure Command" in phpinfo(), which was the source of many bogus + bug reports over the years, due to people misinterpreting its meaning. + * New translations to Vietnamese and Russian (closes: #316821, #310199) + - vi.po contributed by Clytie Siddall + - ru.po contributed by Yuriy Talakan' + * Mention FastCGI in the description of php4-cgi (closes: #310810) + + -- Adam Conrad Mon, 4 Jul 2005 17:47:32 +1000 + +php4 (4:4.3.10-15) unstable; urgency=low + + * Bring back the shipping of /usr/share/doc symlinks in our packages, + as this, in concert with moving the migration detection from preinst + to postinst (which was done in the last upload), seems to give us the + sanest upgrade path. Thanks to Steve Langasek for smacking me around + with unpack/upgrade scenarios for a while to convince me of this. + + -- Adam Conrad Mon, 9 May 2005 02:13:19 -0600 + +php4 (4:4.3.10-14) unstable; urgency=high + + * Revert the directory->symlink magic to work how it used to, since the + new behaviour broke hideously on upgrades from Woody, causing certain + files (like the changelog) to mysteriously go missing (closes: #307591) + * Move our template php.ini to /usr/share/php4, so we stop violating + policy by using files from /usr/share/doc (as seen in #307591) + * Remove 'readline' from the php4-cli package description, since we don't + actually build with readline support enabled anymore (closes: #306571) + + -- Adam Conrad Wed, 4 May 2005 01:48:19 -0600 + +php4 (4:4.3.10-13) unstable; urgency=low + + * Update email address for Andres Salomon + * Add Portuguese translation from Miguel Figueiredo (closes: #305038) + * Include 051-gcc-4.0.patch, which resolves a build failure in + libxmlrpc (from the xmlrpc extension) with gcc-4.0 (closes: #287956) + + -- Adam Conrad Mon, 18 Apr 2005 00:29:54 -0600 + +php4 (4:4.3.10-12) unstable; urgency=low + + * Add 050-4.3.11_file_copy_fix.patch, which reverts a broken 'fix' + made to the copy() function, causing it to fail in particularly + spectacular ways when used on remote files (closes: #304601) + * Use -g instead of -gstabs on powerpc64-linux (closes: #301571) + + -- Adam Conrad Thu, 14 Apr 2005 03:53:27 -0600 + +php4 (4:4.3.10-11) unstable; urgency=medium + + * Address an FTBFS waiting to happen in the php4-dev package: + - Remove Win32 and Netware specific headers. + - Stop shipping php4-pgsql headers. + - Stop shipping the expat headers, since we don't even + use the bundled expat library. + - Make php4-dev depend on libssl-dev, since it wants to include + ssl.h when you use it to build network-using extensions. + * Stop building extensions twice; we don't need two copies. + + -- Adam Conrad Tue, 12 Apr 2005 03:14:03 -0600 + +php4 (4:4.3.10-10) unstable; urgency=low + + * Update to 200503131325 CVS (AKA: 4.3.11RC1), fixing several bugs + including a segfault in mysql_fetch_field() (closes: #299608) + * Remove 042-remove_windows_paths.patch, incorporated upstream. + * Add 048-x509_multiple_orgUnits.patch to bring the openssl extension + in line with the upcoming 4.3.11 behaviour of listing multiple + Organisational Units in an x509 cert as an array, rather than only + listing the last in the list. + * After much talk with upstream, revert the ZTS changes. We are no + longer building a thread-safe PHP. (closes: #299820, #297223, #297679) + * ZTS was breaking file search paths, leading to errors loading files + from the cwd (closes: #298282, #298518, #299089, #299356) + * Stop building caudium-php4 (closes: #294718, #297702, #295100) + - We can't link against the GPL pike7.2, which we've been doing. Oops. + - Even if the above weren't true, upstream has insisted that ZTS is a + horribly broken solution, slated for eventual removal, and should + never, ever be used. In light of that, caudium users should instead + use php4-cgi, either as a plain CGI, or as a FastCGI backend. + - Not even attempting to provide an upgrade path, as it would be + needlessly complex, and caudium-php4 in previous stable releases + was nothing more than a useless toy, given that it had nearly no + useful extensions built-in or supported. + * Rewrite 041-shut_up_snmp.patch to take a different approach, this time + regrettably reverting a fix for a memory leak, in the name of making + things work properly, including squashing the putenv() intecaction + bug between PHP and other apache modules (closes: #298511, #300628) + * On sidegrades from distributions where different modules may be built + from their own source, and thus have their own doc directories, bad + things happen when we try to replace those with symlinks, so now we + check for this in preinst, and fix stuff up magically to Just Work. + * Add Jeroen van Wolffelaar to Uploaders. + * Fix up modules regexes to use "\.so" instead of ".so" (cf: #300998) + + -- Adam Conrad Wed, 16 Mar 2005 22:46:05 -0700 + +php4 (4:4.3.10-9) unstable; urgency=low + + * Update 040-curl_open_basedir.patch once more to make sure it doesn't + segfault when fed a null or uninitialised URL (closes: #295447) + * Add 047-zts_with_dl.patch, courtest of Steve Langasek to re-enable the + dl() function in our builds, despite upstream's claim that it "might + not be threadsafe on all platforms"; it is on ours (closes: #297839) + * Make the php4-dev binaries versioned with alternatives (closes: #295903) + * Update build-deps to libmysqlclient12-dev (closes: #290989, #227549) + + -- Adam Conrad Sun, 6 Mar 2005 07:30:35 -0700 + +php4 (4:4.3.10-8) unstable; urgency=high + + * Add 046-zend_plist_buggery.patch which unrolls the changes made to + zend.c in CVS post-4.3.10. The memory leaks fixed by these changes + seem to not have been hurting us terribly so far, while the "fix" + (breaking persistent lists) was, uhm, bad (closes: #295998, #296694) + * Revise 041-shut_up_snmp.patch to call init_snmp with 'snmpapp' as the + appname, rather than 'php', to maintain backward compatibility, and to + wrap our setenv/unsetenv magic only around snmp_shutdown, which seems to + solve a segfault when php4-snmp is loaded with mod_perl (closes: #296282) + * Fix 042-remove_windows_paths.patch to catch both cases where windows + path stripping should occur (closes: #296406) + + -- Adam Conrad Tue, 22 Feb 2005 07:49:32 -0700 + +php4 (4:4.3.10-7) unstable; urgency=high + + * Rewrite 040-curl_open_basedir.patch, so it now does what it's supposed + to (addressing CAN-2004-1392) and no longer segfaults (closes: #295447) + + -- Adam Conrad Thu, 17 Feb 2005 00:06:36 -0700 + +php4 (4:4.3.10-6) unstable; urgency=high + + * Add 044-strtod_arm_fix.patch to fix the FPU confusion FTBFS on arm. + * Add 045-exif_nesting_level.patch to bump the exif header parsing max + nesting level to something that actually works with most JPEG images. + + -- Adam Conrad Mon, 14 Feb 2005 16:04:28 -0700 + +php4 (4:4.3.10-5) unstable; urgency=low + + * Add 043-recode_size_t.patch to fix 32/64-bit issues causing the recode + extension to segfault on alpha/amd64/ia64 (closes: #294986) + * Move the ./buildconf stuff in the unpatch target inside the test + for patch-stamp, as it's uselss unless we're unpatching. + + -- Adam Conrad Sun, 13 Feb 2005 19:09:39 -0700 + +php4 (4:4.3.10-4) unstable; urgency=medium + + * Make php4-dev arch:any, as it contains some arch-specific defines. + * Add 042-remove_windows_paths.patch, a patch to rfc1867.c to strip Windows + paths from uploaded filenames, like it used to. (closes: #294305) + * Fix up caudium description to reflect the fact that caudium it is no + longer restricted from sharing extensions with other SAPIs. + * Build-dep on apache2-threaded-dev (>= 2.0.53-3) to make sure we + get a version with non-broken headers. + + -- Adam Conrad Wed, 9 Feb 2005 11:52:10 -0700 + +php4 (4:4.3.10-3) unstable; urgency=medium + + * Update to CVS, as of 200502060530 (closes: #288672) + - Fixes two vulnerabilities in exif.c, CAN-2005-1042 and CAN-2005-1043 + - Fixes two vulnerabilities in image.c, CAN-2005-0524 and CAN-2005-0525 + - File uploads with "'" in them aren't cut off anymore (closes: #288679) + - unserialize() is no longer ridiculously slow (closes: #291392) + - Add 000-200502060530_CVS.patch + - Adapt debian/rules to the realities of upstream's new buildconf + - Add 033-we_WANT_libtool.patch, to force relibtoolizing with Debian's + libtool, rather than using upstream's broken bundled libtool + - Drop 031_zend_strtod_1.1.2.10.patch and 032_zend_strtod_debian.patch + - Adjust patches for offsets and fuzz + - Force --with-pic, as policy demands it, and the build system doesn't + * Added several patches, yanked from the Fedora PHP sources: + - 034-apache2_umask_fix.patch, fixes umask not being properly reset + after each request (closes: #286225) + - 036-fd_setsize_fix.patch, fixes misuse of FD_SET() + - 038-round_test_fix.patch, makes the rounding test work on gcc-3.3 + * Removed --with-libedit, as being able to background php is more useful, + in my opinion, than using readline functions (see #286356) + * Include zip support in all SAPIs (closes: #288534, #288909) + * Enable Zend Thread Safety for all SAPIs, meaning that our modules + are now compiled for ZTS APIs as well. (closes: #278212, #264015) + - Make sure caudium-php4 now provides phpapi-$(ver), and modules can + be configured with the caudium SAPI. + - Add 039-reentrant_libs.patch to link to the reentrant versions of + libldap and libmysqlclient + * Stop suggesting phpdoc, as it's undistributable anyway. + * Add 040-curl_open_basedir.patch, to make php4-curl respect the value + of open_basedir, thanks to Martin Pitt (closes: #291410) + * Add 041-shut_up_snmp.patch, to prevent libsnmp5 from attempting (and + failing) to write persistent data every time it shuts down. Ugh. + + -- Adam Conrad Sun, 6 Feb 2005 05:32:11 -0700 + +php4 (4:4.3.10-2) unstable; urgency=high + + * Patch Zend/zend_strtod.c twice: + - Patch from upstream CVS to fix FTBFS on Sparc/Linux systems + - Patch from me to fix FTBFS on __mc68000__, __ia64__, and __s390__ + + -- Adam Conrad Sat, 18 Dec 2004 19:35:30 -0700 + +php4 (4:4.3.10-1) unstable; urgency=high + + * New upstream release, including the following security fixes: + - CAN-2004-1018 - shmop_write() out of bounds memory write access. + - CAN-2004-1018 - integer overflow/underflow in pack() and unpack() + functions. + - CAN-2004-1019 - possible information disclosure, double free and + negative reference index array underflow in deserialization code. + - CAN-2004-1020 - addslashes() not escaping \0 correctly. + - CAN-2004-1063 - safe_mode execution directory bypass. + - CAN-2004-1064 - arbitrary file access through path truncation. + - CAN-2004-1065 - exif_read_data() overflow on long sectionname. + - magic_quotes_gpc could lead to one level directory traversal with + file uploads. + * Adjust patch offsets for new upstream, fix 013-force_getaddrinfo.patch + to match with new configure.in and drop 026-4.3.10_session_fixes.patch + which is included in 4.3.10. + + -- Adam Conrad Wed, 15 Dec 2004 17:17:40 -0700 + +php4 (4:4.3.9-2) unstable; urgency=low + + * Adam Conrad : + - Add -fno-strict-aliasing to CFLAGS, as the (several thousand) + warnings I'm getting from GCC are frightening me a tad. + - Remove the php-cgi alternative in php4-cgi's prerm, to avoid + leaving dangling symlinks (closes: #275962, #282315) + - Include 030-imap_getacl.patch, adding the imap_getacl() function + required by the GOsa project (closes: #282484) + - Include php.ini-paranoid in doc/examples, provided and maintained + by Javier Fernández-Sanguino Peña (closes: #274374) + - Make /cgi-bin/php4 an alternative for /cgi-bin/php (closes: #282464) + - Remove obsolete info from README.Debian relating to session_mm, + since we stopped building with libmm a while back. + - Reintroduce /usr/lib/php4/libexec that went missing in a previous + upload, since the build uses it as the default safe_mode exec dir. + * Andres Salomon : + - Add patch to include gd headers in php4-dev, as some PECL modules + (notably, pdflib) expect it; 028-export_gd_headers.patch. + - Lintian fix: Add missing #DEBHELPER# token to php4-common.postrm. + + -- Adam Conrad Wed, 01 Dec 2004 18:48:13 -0700 + +php4 (4:4.3.9-1) unstable; urgency=high + + * New upstream release, removed the following patches fixed upstream: + 014-apache2handler_CVS_fixes.patch, 015-gdNewDynamicCtx_Add_Ex.patch, + 018-unix_socket_fd_leak.patch, 020-4.3.9_overflow_fixes.patch, + 021-4.3.9_sybase_ct_fixes.patch, 022-4.3.9_sprintf_fixes.patch, + 023-4.3.9_array_fixes.patch, 024-4.3.9_glob_fix.patch, + and 025-4.3.9_domxml_segfaults.patch + * Resolves undiscolsed vulnerabilities in GPC processing and rfc1867 + handling of file uploads via the $_FILES array; these have since + been assigned CVE CAN-2004-0958 and CAN-2004-0959 (closes: #274206) + * After some fairly heavy testing from several users and developers, + finally update php4-snmp to use libsnmp5 (closes: #195929) + * Add 026-4.3.10_session_fixes.patch from CVS, which prevents PHP + from segfaulting when a nonexistant or unsupported save_handler or + serialize_handler is specified in php.ini. + * Add /etc/apache/conf.d/php4.conf, setting up our mime-types, on the + off chance that the user's /etc/mime.types is broken (closes: #271171) + * Reintroduce a CGI binary at /usr/bin/php4-cgi, so people who can't + make use of the --force-cgi-redirect CGI binary in /usr/lib/cgi-bin + can instead use #!/usr/bin/php4-cgi scripts (closes: #273143) + * Enable FastCGI for both CGI binaries, now that it no longer conflicts + with, but rather complements, the CGI SAPI (closes: #233849) + * Bump libgd2 build-dep a notch to make sure we build against a version + that actually has XPM support built in (closes: #270435) + * Finally drop the bogus libapache-mod-ssl dependency from the apache1.3 + php4 module, as glibc (>= 2.3.2.ds1-17) has fixed the dlopen refcount + bug that we were hacking around (closes: #205553, #230956, #271000) + * Remove the mm session handler from the apache1.3 build. Since the + files handler now works on all arches, and is configured to be secure + by default, mm seems to have outlived its usefulness. + (closes: #119902, #149430, #166811, #272463, #232840) + * Rename sapi/apache2handler/sapi_apache2.c to mod_php4.c so that + directives aren't ambiguous between php4 and php5. + * Add Czech translation, thanks to Miroslav Kure (closes: #274038) + * Configure CLI with --with-libedit for readline support, and add + 027-readline_is_editline.patch, since Debian's libedit headers are + not installed in /usr/include/readline (closes: #274031) + * libcurl grew a new SONAME somewhere along the way, and upgrading + doesn't seem to cause regressions in php4-curl, so upgrade we shall, + changing build-deps accordingly (closes: #260389) + + -- Adam Conrad Mon, 4 Oct 2004 22:57:37 -0600 + +php4 (4:4.3.8-12) unstable; urgency=high + + * On new php4-cli installations, if php4-cgi is installed, we copy its + php.ini as a starting reference, so that command line scripts that + used to work don't start mysteriously failing (closes: #270153) + * php4-common has grown a postrm script to make sure we completely + clean out and remove /var/lib/php4 during the purge phase. + * Optimize garbage collection cronjob to use 'xargs -r -0 rm', so we + aren't forking for every session file we delete (closes: #268918) + + -- Adam Conrad Sun, 5 Sep 2004 19:17:42 -0600 + +php4 (4:4.3.8-11) unstable; urgency=high + + * Andres Salomon : + - Fix bashism in maxlifetime script (closes: #270015) + * Adam Conrad : + - Clarify setup instructions in README.Debian for using php4-cgi + with the apache and apache2 packages (closes: #228342, #228343) + + -- Adam Conrad Sat, 04 Sep 2004 23:21:21 -0600 + +php4 (4:4.3.8-10) unstable; urgency=high + + * Andres Salomon : + - Change frequency of session file cleansing, based on the maximum value + of session.gc_maxlifetime from all php.ini files (closes: #269688). + - Update README.Debian to mention session cleaning cron job. + * Adam Conrad : + - Drop php4-cgi from the list of alternate dependencies for the php4 + metpackage to smooth upgrades for woody users who have both php4 and + php4-cgi installed (closes: #269628, #269348, #269377) + - Fix cut-n-paste issue in php4-cli postinst (closes: #269466) + - Add 023-4.3.9_array_fixes.patch, which fixes problems with the + extract() function misbehaving with multiple element references. + - Add 024-4.3.9_glob_fix.patch to fix broken return values from glob() + when it succeeds with no matches (closes: #269287) + - Add 025-4.3.9_domxml_segfaults.patch, fixing segfaults in the domxml + extension when it shares memory space with other libxml2-using libs. + - Update the comments in php.ini to point out that, due to dilinger's + changes above, session.gc_maxlifetime is honoured by the gc cronjob. + + -- Adam Conrad Fri, 03 Sep 2004 20:42:56 -0600 + +php4 (4:4.3.8-9) unstable; urgency=high + + * Re-introduce the changelog.Debian that went missing in the last + upload due to the php4-common move from arch:all to arch:any + * Clean up lintian warnings regarding scripts that weren't executable + and executables that weren't scripts. + * Add a lintian override for the non-standard-dir-perm of /var/lib/php4 + * Update to Standards-Version 3.6.1 (no changes, other than the above) + + -- Adam Conrad Thu, 26 Aug 2004 21:53:27 -0600 + +php4 (4:4.3.8-8) unstable; urgency=low + + * Default session.save_path is now compiled in to php4, allowing + us to, again, comment out the value in php.ini. + * Comment out session.gc_probability in the default php.ini, as we've + now compiled in a default of 0, allowing the cronjob to do the + garbage collection for us instead. (closes: #267720) + * Make the 5 SAPI postinsts smarter, allowing them to poke around in + people's configs and make sure that sessions won't be broken + after we upgraded them from a perfectly functional system. + * Add 022-4.3.9_sprintf_fixes.patch, fixing incorrect formatting of + floats with padding by sprintf(). + * Make php4-common arch:any, and loosen up some of the other any->all + package dependencies to make sure binNMUs won't break. + + -- Adam Conrad Tue, 24 Aug 2004 03:09:43 -0600 + +php4 (4:4.3.8-7) unstable; urgency=high + + * Back out LFS support AGAIN, as we're disabling LFS in apache2 for + the Sarge release. (closes: #266869) + * Add 021-4.3.9_sybase_ct_fixes.patch, backporting several fixes + for the sybase_ct extension from 4.3.9rc1. + * Tidy up descriptions a fair bit: + - Disambiguate short descriptions of SAPIs. (closes: #244571) + - Refresh the (now much longer) lists of built-in modules for each SAPI. + - Explain why caudium-php4 can't use any loadable extensions. + - Remove silly advertising blurb for Zend, since very few people are + still using php3, and those who are can't be convinced to upgrade + just by telling them "Hey, it's faster!". + - Add Homepage URI to each SAPI description. + - Fix typo in php4-domxml description. (closes: #146124) + * Make caudium-php4 provide php4-mysql and php4-pgsql, so it can be used + with packages that depend on something like "php4, php4-mysql". + * Enable --with-mime-magic and make sure all SAPIs depend on libmagic1 + to pull in /usr/share/misc/file/magic.mime (closes: #175136) + + -- Adam Conrad Thu, 19 Aug 2004 18:27:17 -0600 + +php4 (4:4.3.8-6) unstable; urgency=high + + * Add libgcrypt11-dev to the build-depends, as something seems to be + pulling it in and causing an FTBFS (closes: #265952) + * Add 020-4.3.9_overflow_fixes, backporting fix for integer overflows + in array_slice(), array_splice(), substr(), substr_replace(), + strspn() and strcspn(). + * Bump the apache2 build-dep to (>= 2.0.50-9) to ensure we're building + against the new ABI-incompatble libapr0, which brings in proper + large file support. Bump the apache2 binary dependency as well. + (closes: #266210, #266192) + * Enable large file support on all SAPIs except for caudium, as I'm not + sure how caudium will react to the change, and I don't want to + destabilise anything just before release. This change has been + heavily tested with apache2/apache/cgi/cli, and all is well there. + * Re-enable 019-z_off_t_as_long.patch, which is needed to make sure + that LFS-enabled SAPIs can still use zlib file functions correctly. + * Rework the apache2 restarting logic to only restart apache2 if + apache2ctl configtest succeeds, otherwise kick out a warning to + the user. Even then, we run force-reload with ||true, in case + apache2 fails to start for other reasons (closes: #264958) + * Make php4-gd Provide php4-gd2, so packages which still depend on + php4-gd2 are installable (and so packaging frontends can take the + provides/conflicts/replaces hint and DTRT with it) + * Split php4-cgi to php4-cgi and php4-cli (closes: #227915) + - Add php4-cli to debian/control, replaces older php4-cgi versions + - php4-cgi depends on php4-cli for smooth transitions + - php4-pear now depends on php4-cli (closes: #243214, #221434) + - Add php4-cli to list of SAPIs configurable for modules + - Munge php.1 manpage to include -cli info + - Enable pcntl and ncurses in -cli (closes: #135861, #190947, #241806) + * Move all of php4's files to libapache-mod-php4, and make php4 a + metapackage that depends on libapache-mod-php4 | libapache2-mod-php4 | + php4-cgi | caudium-php4 (closes: #244573, #246654, #244571, #266517) + * Include skeleton directory in php4-dev (closes: #95832, #211338) + * Include php.ini-recommended in php4-common's examples (closes: #181396) + * Move /var/lib/php4 to php4-common and install a cronjob that cleans + out old sessions every 30 minutes (closes: #256831, #257111) + * Move the libapache-mod-ssl dependency from php4-imap to + libapache-mod-php4 to stop irritating users of other SAPIs + (closes: #240003, #246887, #263381) + * Compile pgsql and mysql support into the caudium SAPI, so it's + slightly less useless (closes: #181175) + + -- Adam Conrad Sun, 15 Aug 2004 19:56:14 -0600 + +php4 (4:4.3.8-5) unstable; urgency=low + + * Build-depend on chrpath and use it to nuke rpath from modules + during the install target of debian/rules. + * Add 018-unix_socket_fd_leak.patch to get rid of UNIX socket file + descriptor leak on failed fsockopen() calls. (closes: #257269) + * It would seem that if we want LFS support, all SAPIs and all extensions + that do file access need to be built with LFS support, and since + apache2 currently doesn't have LFS, this presents a problem. As + such, I'm disabling LFS accross the board until apache2 supports it. + (closes: #263962) + * Add 019-z_off_t_as_long.patch, including local headers for zlib, + forcing off_t = long for gzip file functions, however disable it + for now, as we'll only need it if we reenable LFS (closes: #208608) + * Add the Debian package revision as EXTRAVERSION to PHP, so one can + more easily tell what version is currently running (for instance, + if a user fails to restart Apache after an upgrade of php4, this + would become obvious to them in the version banner and in phpinfo() + * Fixed up debian/patches, adjusting offsets and adding newlines, + so patch stops complaining and applies them cleanly. + * libapache2-mod-php4 postinst now forces a reload of apache2, which + should get the module properly working in all cases where people + previously thought 'apachectl graceful' would cut it. + (closes: #241352, #263424, #228343) + * debian/rules explicitly sets PROG_SENDMAIL during configure so + that builds on buildds with no sendmail installed don't get the + mail() function disabled. (closes: #180734) + * Enable XMLRPC-EPI support for all SAPIs (closes: #228825, #249368) + * Enable sysvmsg support for all SAPIs (closes: #236190) + * Enable dbx support for all SAPIs (closes: #229508, #249797) + * Nuke aclocal.m4 before we run ./buildconf to ensure we get it + regenerated correctly, and we get an up-to-date libtoolization. + + -- Adam Conrad Mon, 9 Aug 2004 07:47:46 -0600 + +php4 (4:4.3.8-4) unstable; urgency=low + + * Drop 016-pread_pwrite_XOPEN_SOURCE_500.patch, as it didn't seem to + solve anything, really, and add 017-pread_pwrite_disable.patch, + wich completely disables pread/pwrite usage, fixing session support + on sparc, and pread/pwrite usage on amd64. (closes: #261311) + + -- Adam Conrad Mon, 26 Jul 2004 06:15:59 -0600 + +php4 (4:4.3.8-3) unstable; urgency=low + + * Steve Langasek : + - Give php4-pear a versioned dependency on php4-cgi, due to + backwards-compatibility issues (closes: #260924). + + * Adam Conrad : + - Added a debian/watch file for the curious, or people running + automated uscan scripts over the entire archive. + - Bump libgd2 build-dep to 2.0.28 to buy us guaranteed GIF + support in php4-gd (closes: #66293) + - Add 015-gdNewDynamicCtx_Add_Ex.patch, which fixes three double-free + errors in php4-gd. This, in concert with the librrd0 update + (see #261323) should clear up all known segfaults in php4-gd + (closes: #220196, #234571, #241270, #246833, #251220, #260790) + Thanks to Klaus Reimer for the tip. + - Add 016-pread_pwrite_XOPEN_SOURCE_500.patch, which fixes use of + pread/pwrite in conjunction with LFS64. This should fix the files + session handler on sparc, as well as the amd64 build failure. + (closes: #234766, #239420, #261311, #248765) + - Clean up debian/rules to remove a bunch of obsolete cruft, as well + as introducing an LFSFLAGS, allowing us to easily turn LFS support + on and off for each SAPI. + - Re-enable LFS for apache 1.3, as it was enable in Woody and we should + remain backward compatible. + + -- Adam Conrad Sun, 25 Jul 2004 18:49:31 -0600 + +php4 (4:4.3.8-2) unstable; urgency=high + + * Urgency "high" to make up for the last upload which contained + security fixes but was uploaded urgency "low". + + * Adam Conrad : + - Bump debhelper build-dep to >= 3, as we were using DH_COMPAT=3 + in debian/rules. Not sure how this was missed for so long. + - Add 014-apache2handler_CVS_fixes.patch, which fixes a memory + leak in the apache2handler SAPI, as well as a logical mishandling + of fatal errors during activation. + + * Steve Langasek : + - Revert large file support, which appears to cause + ABI-incompatibilities (and therefore segfaults) for apache2 + (closes: #259659). + + -- Adam Conrad Mon, 19 Jul 2004 20:44:00 -0600 + +php4 (4:4.3.8-1) unstable; urgency=low + + * Adam Conrad : + - New upstream release (4.3.8). Fixes several security issues: + + Fixed strip_tags() to correctly handle '\0' characters. + + Improved stability during startup when memory_limit is used. + + Replace alloca() with emalloc() for better stack protection. + + Added missing safe_mode checks inside ftok and itpc. + + Fixed address allocation routine in IMAP extension. + + Prevent open_basedir bypass via MySQL's LOAD DATA LOCAL. + + Fixes DoS in readfile() function, see CAN-2005-0596. + - php4-pear now includes PEAR::Mail 1.1.3 (closes: #257688) + - debian/control: change libpng3-dev build-dep to libpng12-dev + - Add Turkish debconf translation, thanks to Osman Yuksel. + (closes: #252940) + + * Andres Salomon : + - New upstream release (4.3.7). The following patches are dropped: + 007-dba_fix.patch + 008-xbithack.patch + 011-curl_api_update.patch + 012-curl_deprecated_opts.patch. + - Add 013-force_getaddrinfo.patch, so that getaddrinfo support is + always enabled (instead of doing check during build). + + * Steve Langasek : + - Enumerate supported SAPIs in both the module postinst and the module + config script, to avoid "question not found" errors from debconf. + This doesn't give us automatic support for new SAPIs as they're + added, but it avoids trying to configure SAPIs that we don't support + (e.g., caudium), and it also sidesteps shell syntax errors caused by + strangely-named subdirectories. + - Remove apache2 from the TODO list, because it's done + (closes: #243793). + - Add /var/lib/php4 to the list of directories for the apache2 module, + so we don't end up with a missing session dir (closes: #240962). + - s/modules-config/apache-modconf/, now that the canonical name of the + apache-common tool has changed + - Drop references to php3 in README.Debian, and document the + simplified process for enabling php4 in apache 1.3 (closes: #244564). + - Enable large files support for all SAPIs (closes: #249500). + - Fix commented-out default include path in php.ini (closes: #250274). + + -- Adam Conrad Wed, 14 Jul 2004 18:06:42 -0600 + +php4 (4:4.3.4-4) unstable; urgency=low + + * Drop apache2 work-around patch and add build-dep on apache2 2.0.48-8, + now that #228840 is fixed. + * Fix FTBFS problem caused by curl api changes, adding patches 011 and + 012 (closes: #239159). + * Add phpapi Provides for libapache2-mod-php4 (closes: #240386). + * Add versioned build-dep for pcre, as apache2 has proven that pcre-3.9 + and older won't work (closes: #215069). + * Tighten build-dep versions to match upstream's autoconf version checks + (closes: #214060). + + -- Andres Salomon Fri, 26 Mar 2004 23:27:27 -0500 + +php4 (4:4.3.4-3) unstable; urgency=low + + * Andres Salomon : + - Fix incorrect php.ini path in CLI manpage (closes: #233757). + - Add libapache2-mod-php4 module (closes: #214611). + * Updated Japanese debconf translation; thanks to Kenshi Muto + (closes: #222424). + * Build php4-gd against libgd2-xpm, removing the need for a separate + php4-gd2 package (closes: #235390, #206045, #135664). + * Add new Catalan debconf translation; thanks to Aleix Badia i Bosch + (closes: #236630). + * Add new Spanish debconf translation; thanks to Carlos Valdivia + Yagüe (closes: #235052). + + -- Steve Langasek Sat, 28 Feb 2004 12:11:57 -0600 + +php4 (4:4.3.4-2) unstable; urgency=low + + * Add build-depends on autoconf, missed earlier (closes: #235012). + * Minor updates to README.Debian list of supported extensions. + * Fix integer size mismatch in snmp extension affecting 64-bit + platforms + + -- Steve Langasek Thu, 26 Feb 2004 22:25:27 -0600 + +php4 (4:4.3.4-1) unstable; urgency=low + + * New upstream version. Update local patch set accordingly, with help + from Andres Salomon . + - includes fix for snmpget() not closing its socket + (closes: #207363). + * Update build-depends to libdb4.2-dev, to match apache-dev + (closes: #231692). + * Drop translations of stale templates, and add new German debconf + translation; thanks to Alwin Meschede + (closes: #232270). + * Add new Danish debconf translation; thanks to Claus Hindsgaul + (closes: #233887). + * Move local patches into debian/patches/ for easier management, and + add debian/rules targets for build-time application of patches. + * Fix a problem with PHP "xbithack" causing ini scope leakage + (closes: #230047). + * Re-enable the openssl extension statically, since we now know for + sure that the php4-imap problems are a glibc bug (closes: #197450). + * Fix pear to set /usr/bin/php4 instead of /usr/bin/php for the value + of php_bin, so PEAR-managed scripts work correctly + (closes: #228381). In addition, use alternatives for /usr/bin/php + for the benefit of user scripts (closes: #185283). + * Set the default session save_path to /var/lib/php4 instead of to + /tmp, and create this directory such that all users (for php4-cgi) + can create files there and access their own files once created, but + not see the names of other files in the directory (closes: #139810). + * Drop our override of upstream's register_globals default + (closes: #230878). + + -- Steve Langasek Sat, 14 Feb 2004 10:23:24 -0600 + +php4 (4:4.3.3-5) unstable; urgency=low + + * Have php4-pear Suggest: php4-dev, for PECL extensions + (closes: #225969). + * Recompiled against the new version of libxslt, to get rid of the + dependency on libxsltbreakpoint (closes: #224806). + * Also recompiled against the new version of libc-client (closes: #227347). + * Fix pear to not expect to be able to twiddle locks when running as + non-root, which also seems to fix a memory utilization problem + (closes: #225026). + * Make php4-imap depend on libapache-mod-ssl, since this seems to be + the only reliable way of getting apache to stop segfaulting. + * Build-depend on libt1-dev, which replaces t1lib-dev. + + -- Steve Langasek Mon, 5 Jan 2004 22:53:18 -0600 + +php4 (4:4.3.3-4) unstable; urgency=low + + * Fix prerm script to remove mod_php4, *not* mod_perl, from the + config (Closes: #216889). + * Use /etc/$i/httpd.conf instead of /etc/$i to decide whether to + call modules-config. + * Don't invoke debconf unless we have to in the postinst, to reduce + the risk of interactions between modules-config and our questions. + * Add Dutch debconf translation; thanks to Tim Dijkstra + (closes: #221439). + * Sync dba lock handling against upstream CVS HEAD, to fix a bug with + truncating db4 files when opening with 'c' (create). + (Closes: #221559). + + -- Steve Langasek Tue, 21 Oct 2003 16:49:03 -0500 + +php4 (4:4.3.3-3) unstable; urgency=low + + * Disable -gstabs on ia64, since this debugging symbol type is + apparently unknown there; we should now have clean builds (with + appropriate debugging symbols) on all archs. + + -- Steve Langasek Mon, 20 Oct 2003 19:07:40 -0500 + +php4 (4:4.3.3-2) unstable; urgency=low + + * Don't call db_stop in the postinst, as this seems to cause problems + for modules-config (closes: #215663, #215584). + * Remove duplicate -prefer-pic flag on caudium build, in hope of + making libtool do something sensible on ia64,hppa (closes: #216020). + * Always build with debugging symbols, per current policy. + * Unconditionally call dh_strip, which knows about DEB_BUILD_OPTIONS; + and call install -s when installing shared extensions by hand. + * Fix upstream build rules to not call libtool --silent. + + -- Steve Langasek Wed, 15 Oct 2003 23:19:55 -0500 + +php4 (4:4.3.3-1) unstable; urgency=low + + * New upstream release. + * Add Japanese debconf translation; thanks to Kenshi Muto + (closes: #211961). + * Fix caudium handling to always grab the current pike version from + dpkg when constructing include paths (closes: #212585). + * Bump the c-client build dependencies to use the new -dev package + name. + * Convert php4 postinst/prerm scripts to use the new apache + modules-config interface. + + -- Steve Langasek Sun, 21 Sep 2003 17:26:31 -0500 + +php4 (4:4.3.2+rc3-6) unstable; urgency=low + + * Add Brazilian Portuguese debconf translation; thanks to André Luís + Lopes (closes: #207078). + * Catch debian/control up with debian/rules for the zendapi -> phpapi + transition. + + -- Steve Langasek Sun, 31 Aug 2003 20:35:57 -0500 + +php4 (4:4.3.2+rc3-5) unstable; urgency=low + + * Kill the lintian warning on the grammar in the copyright file. + * Redirect apacheconfig I/O to /dev/tty, to work around debconf + behavior (for real this time). Closes: #207468, #206404. + * Replace 'zendapi' with 'phpapi', since the former does not + accurately describe the ABI changes that affect modules and can + leave some packages installable but broken (closes: #208020). Also, + remove the versioned conflicts with php4-{mysql,pgsql}, since this + now supersedes. + * Add French debconf translation; thanks to Michel Grentzinger + (closes: #207662). + + -- Steve Langasek Sat, 23 Aug 2003 21:43:24 -0500 + +php4 (4:4.3.2+rc3-4) unstable; urgency=low + + * Have all php extensions automatically detect and configure for any + installed SAPIs (closes: #143436). + * Remove spurious dependencies from php4-dev, and replace autoconf2.13 + with autoconf (closes: #180497). + * Conflict with old php4-pgsql as we do with php4-mysql, as it + manifests the same bug. + * Add preliminary rules for building apache2 SAPI, but don't enable. + * Call db_stop before trying to run apacheconfig (closes: #206404). + * Check for the existence of /etc/php4 before trying to rmdir it, + since there are apparently those who remove such directories + prematurely (closes: #206120). + + -- Steve Langasek Sun, 17 Aug 2003 00:19:38 -0500 + +php4 (4:4.3.2+rc3-3) unstable; urgency=low + + * Fixes for spurious package dependencies + * Fix the paths emitted by php-config, so we can build php4-pgsql et al. + + -- Steve Langasek Fri, 15 Aug 2003 23:44:55 -0500 + +php4 (4:4.3.2+rc3-2) unstable; urgency=low + + * Make sure pear.conf is properly marked as a conffile, by bumping + DH_COMPAT to 3. + * Generate all per-extension postinsts/prerms at build time, instead + of managing them by hand. + * Get rid of bogus, non-FHS directories from the caudium build. + * Install the upstream php manpage in the php4-cgi package + (closes: #175836). + * Prevent null dereferencing in ldap_explode_dn() (closes: #205405). + * Hard-code /usr/share/pear at the end of the include path, for + backwards compatibility. + * Debconf support for PHP extension registration, including + po-debconf support (closes: #122353). + * Fix interpreter path in /usr/bin/pear. + * Make php4-pear depends: php4-cgi (closes: #182393). + + -- Steve Langasek Wed, 13 Aug 2003 22:39:08 -0500 + +php4 (4:4.3.2+rc3-1) unstable; urgency=low + + * New upstream version. + - includes fix for buffer overflow crashes in imap module + (closes: #191640) + - includes fix for dysfunctional open_basedir directive + (closes: #197803) + - include fix for various XSS vulnerabilities (closes: #200736) + * Recompile against newest libc-client libs, following another soname + change (closes: #199049) + * Replace db2 with db4. + * Trim down the cgi sapi rules, since it will now build both cli and + cgi for us by default. + * Kludge the caudium sapi, by hard-coding the include path we need for + pike headers. + * Copy the lex/yacc-generated .c and .h files into the build + directories, since generating them at build time gives wildly + different, and undisputably broken, results. + * Update the install rules so they're compatible with current upstream + handling of pear and the various SAPIs. + * Add '=shared' to the --enable-xslt option, to get the right results + for that extension. + * Move PEAR extensions from /usr/share/pear to /usr/share/php. + * Conflict with php4-mysql=4:4.2.3-14, due to bizarre Zend errors. + + -- Steve Langasek Wed, 6 Aug 2003 22:43:28 -0500 + +php4 (4:4.2.3-14) unstable; urgency=low + + * Disable openssl extensions AGAIN. It appears that this double-linking mess + is still causing nasty segfaults. + (closes: #188014, #188025, #188058, #189202, #189653) + + -- Adam Conrad Sun, 20 Apr 2003 17:31:59 -0600 + +php4 (4:4.2.3-13) unstable; urgency=low + + * Revert NET-SNMP patch and build php4-snmp against UCD-SNMP again + (closes: #185534) + * Build against libmm13, as libmm12 no longer exists (closes: #187401) + * Rebuild caudium-php4 against latest caudium-dev + * Re-enable openssl linking and functions, now that our glibc 2.3 + problems appear to be ironed out. + * Enable xslt and exslt support in php4-domxml (closes: #172881) + + -- Adam Conrad Thu, 3 Apr 2003 05:53:24 -0700 + +php4 (4:4.2.3-12) unstable; urgency=low + + * Rebuild php4-sybase against libct1 (closes: #184461) + + -- Steve Langasek Sat, 8 Mar 2003 20:03:33 -0600 + +php4 (4:4.2.3-11) unstable; urgency=low + + * Remove pike header location detection from debian/rules and do it + properly in sapi/caudium/config.m4, using pike7.2-config --version + + -- Adam Conrad Mon, 3 Mar 2003 23:33:26 -0700 + +php4 (4:4.2.3-10) unstable; urgency=low + + * Added patch to build with NET-SNMP 5.x + * Updated build-dep for libc-client to 2003debian + (closes: #181565, #182854, #169886) + * Updated build-dep for libcurl to libcurl2-dev (closes: #179722) + * Added -mieee to alpha build to solve FPE errors (closes: #180656) + * Removed arch-specific logic to build with gcc-3.2 on arm, since gcc-3.2 + is now the default compiler on all architectures. + * Add libwrap0-dev to the end of the build-depends to work around #183041. + Someone remember to remove this later when the bug is fixed. :) + * Build against newer libsablot0-dev (closes: #179886, #181550) + * Introduce ugly hack in debian/rules to get the pike includes + directory right for the caudium SAPI. + + -- Adam Conrad Sun, 2 Mar 2003 12:49:07 -0700 + +php4 (4:4.2.3-9) unstable; urgency=low + + * Fix caudium-php4 to not conflict with php4-pear (closes: #175415). + + -- Steve Langasek Sun, 5 Jan 2003 16:40:20 -0600 + +php4 (4:4.2.3-8) unstable; urgency=low + + * Fix typo in debian/rules + * Rebuild to bring in sync with latest caudium packages + + -- Adam Conrad Wed, 25 Dec 2002 20:00:59 -0700 + +php4 (4:4.2.3-7) unstable; urgency=low + + * Set a sane default for safe_mode_exec_dir (closes: #122920). + * Rebuild against libmm-dev on i386, instead of against the + no-longer-available libmm11-dev which Provides: the same + (closes: #173509). + + -- Steve Langasek Mon, 16 Dec 2002 22:48:40 -0600 + +php4 (4:4.2.3-6) unstable; urgency=low + + * Build with PEAR for all SAPIs, so that the built-in include_path is + set correctly (overkill?). Closes: #169786, #172321 + * Change section of php4-dev package to devel. + * Add libkrb5-dev to build-depends, since libc-client2002-dev doesn't + pull it in (closes: #173313). + * Depend on coreutils instead of fileutils, since the latter is now an + empty package (closes: #171265). + + -- Steve Langasek Sun, 15 Dec 2002 23:20:30 -0600 + +php4 (4:4.2.3-5) unstable; urgency=low + + * Fix (snip, snip) the upstream build scripts, so that libphp4.so + isn't worthlessly linked against the problematic openssl libs + (closes: #165699, #165718, #165719, #166414). + * Update config.{sub,guess} so that the package builds on mips + platforms (closes #173218) + * Replace libc-client-ssl2001-dev with libc-client2002-dev in build + dependencies, fixing various php4-imap segfaults (closes: #169610, + #169769). + + -- Steve Langasek Sun, 15 Dec 2002 19:42:43 -0600 + +php4 (4:4.2.3-4) unstable; urgency=low + + * Remove build dependency on non-extant libmagick5-dev, which is no + longer used anyway (closes: #169829, #172402). + * Add myself to the Uploaders: field of the control file. + + -- Steve Langasek Sat, 14 Dec 2002 12:52:06 -0600 + +php4 (4:4.2.3-3) unstable; urgency=low + + * Backport a patch from CVS to sanitize control characters in php_url_parse() + to prevent ASCII control injection in fopen() calls. + + -- Adam Conrad Thu, 12 Sep 2002 16:29:46 -0600 + +php4 (4:4.2.3-2) unstable; urgency=low + + * I'm a moron (thanks to James Troup for pointing this out). + * Change gcc-3.1 references in debian/rules to gcc-3.2. + * Change GD build-dep to libgd-xpm-dev until GD package mess is worked out. + + -- Adam Conrad Tue, 10 Sep 2002 12:18:21 -0600 + +php4 (4:4.2.3-1) unstable; urgency=low + + * New upstream version + * Added a patch from Ginger Alliance to eliminate warnings in xslt compile + * Messed with the php4-imap build: + - compiling with SSL support (closes: #122700) + - commented out the static-on-i386 hack, libc-client is now linked dynamically + * Sessions should finally be fixed, however I won't tag the bugs "woody" + until I know for sure. (if you were affected, please test and send + followups to me) + * Updated arm build-dep to use gcc-3.2 since gcc-3.1 is gone now. + + -- Adam Conrad Tue, 10 Sep 2002 09:02:51 -0600 + +php4 (4:4.2.2-3) unstable; urgency=low + + * Fix typo resulting in php4-odbc not having a postinst + (closes: #157116, #157927) + * Build against latest caudium-dev to made caudium-php4 installable + again. (closes: #158247) + * Update build-deps to swap libpng3 for libpng2. (closes: #158908) + + -- Adam Conrad Sat, 7 Sep 2002 01:22:57 -0600 + +php4 (4:4.2.2-2) unstable; urgency=low + + * Pulled --with-ndbm out of ./configure, as libc6 no longer ships with + headers or the library for db1 (closes: #156141, #155889) + * Update build deps to build against libmm12 (closes: #155042) + * php4-curl no longer depends on libcurl2-ssl (closes: #155015) + + -- Adam Conrad Sat, 10 Aug 2002 01:12:47 -0600 + +php4 (4:4.2.2-1) unstable; urgency=medium + + * New upstream + * Fixes input validation vulnerability in rfc1867.c (closes: #153850) + * Added missing prerm/postinst for php4-xslt (oops) + + -- Adam Conrad Mon, 22 Jul 2002 11:58:53 -0600 + +php4 (4:4.2.1-3) unstable; urgency=low + + * Yet more build fixes. This time, bump the arm build-dep from gcc-3.0 to + gcc-3.1 to avoid compiler errors. I love the arm toolchain. No, really. + + -- Adam Conrad Wed, 29 May 2002 17:40:30 -0600 + +php4 (4:4.2.1-2) unstable; urgency=low + + * Applied small patch to fix building on non-32-bit architectures + (closes: #148231) + * Added still /more/ documentation about the unserializer, sessions, + and the session.save_handler php.ini option. + + -- Adam Conrad Sun, 26 May 2002 14:43:55 -0600 + +php4 (4:4.2.1-1) unstable; urgency=low + + * The "When is Debian going to have new software like XF^H^HPHP 4.2?" release. + * Probably the last update (barring huge packaging bugs or plain broken + binaries) before starting on a complete reorg of the PHP packages. + * Deserializer now works on big-endian architectures (addresses bug #121391 + and probably others) + * This release probably fixes a whole bunch of bugs. Will be going through + the bug list and playing the reproducibility game after the upload. + * Default include_path in php.ini now set to include pear. + * Upstream default for register_globals HAS CHANGED. In the Debian php.ini + we are still using "register_globals = On" for compatibility reasons, + however our packages will change too. This is a warning for anyone + packaging PHP scripts and applications to make sure you'll be compatible + with the new default once it's set. + + -- Adam Conrad Sun, 26 May 2002 06:24:21 -0600 + +php4 (4:4.1.2-4) unstable; urgency=high + + * No binaries were harmed in the making up this upload. + * Updated README.Debian and changelog. All other files untouched, + as the binaries were merely unpacked and repacked. + - Added a note to README.Debian about how to properly set up + Apache for use with php4, if the installation didn't (and it usually + doesn't ) get it right. + - Added a note to README.Debian about the unserializer (and sessions) + being messed up on big endian architectures. It's too late to try + to get a proper fix in for this, so we're just going to have to cope. + + -- Adam Conrad Fri, 26 Apr 2002 12:27:40 -0600 + +php4 (4:4.1.2-3.1) unstable; urgency=low + + * The 'I broke it, I have to take credit for it' release. + * Rebuild the package to get proper binary dependencies on alpha. + + -- Steve Langasek Sun, 31 Mar 2002 17:13:09 -0600 + +php4 (4:4.1.2-3) unstable; urgency=low + + * Switched to --with-regex=php (from =system). This fixes all the + problems with eregi/parse_url/fopen/etc on Alpha. + * Cleaned up long descriptions (closes: #130977, #130954) + + -- Adam Conrad Wed, 27 Mar 2002 15:11:43 -0700 + +php4 (4:4.1.2-2) unstable; urgency=low + + * New maintainer (closes: #132980) + * Enabling unixodbc support (closes: #107201) + * Changed the install-modules target in build/rules_pear.mk so that + it will error out in the case of an empty modules directory or + failure to install modules (closes: #135304) + + -- Adam Conrad Tue, 12 Mar 2002 00:25:41 -0700 + +php4 (4:4.1.2-1) unstable; urgency=high + + * New upstream version with a security fix. This + supercedes 4.1.1-2.2 from Steve Langasek: + * Fix an error in the handling of MIME file upload headers, which left + open a potential security hole. (Closes: #136063) + * Fixed gcc-3.0 fix :-) + * Thanks for fixing apache-common fix + * This version should fix session bugs with upstream fix (closes: #133877) + * With a brutal change to main/SAPI.c try to fix(?) authorize bugs + + -- Petr Cech Thu, 28 Feb 2002 11:14:26 +0100 + +php4 (4:4.1.1-2.1) unstable; urgency=low + + * Non-maintainer upload. + * loosen apache-common dependency to make us forwards-compatible, as + recommended by the apache maintainer. + * use gcc-3.0 when building on arm, because the default toolchain on + that arch has Issues (closes: #135906, #135913). + + -- Steve Langasek Tue, 26 Feb 2002 09:59:49 -0600 + +php4 (4:4.1.1-2) unstable; urgency=medium + + * Rebuild with apache 1.3.23. + * This package is in maintainer change mode. Though I orphaned it I'm not + going to change maintainer to QA, because we already have fresh blood. + * ext/gd/gd.c: s/HAVE_GD_GIF/HAVE_GD_GIF_CREATE/ to build correctly with + libgd which has GIF support (fixed included upstream) + * debian/control: + - Build-Depends: s/libgd1g-dev/libgd-dev/ + also libc-client at least version 4:2001adebian-6 to fix some segfaults + * ext/standard/head.c: make the setcookie() thingie test more simple + + -- Petr Cech Mon, 11 Feb 2002 20:07:22 +0100 + +php4 (4:4.1.1-1) unstable; urgency=high + + * New upstream bugfix release. + * debian/control: php4-gd - Conflicts/Replaces: php4-gd2 if I ever get + to upload it + * debian/rules: Correctly supply modified CFLAGS to build process + + -- Petr Cech Fri, 28 Dec 2001 23:23:47 +0100 + +php4 (4:4.1.0-2) unstable; urgency=low + + * debian/php4-cgi.README.Debian: fix typo (closes: #123866) + * debian/rules: remove --enable-mbstr-enc-trans as it breaks parametr + parsing (closes: #121403) + * debian/README.Debian: document shmmax increase (closes: #119688) + + -- Petr Cech Fri, 14 Dec 2001 09:59:59 +0100 + +php4 (4:4.1.0-1) unstable; urgency=high + + * Finally final 4.1.0 + * Urgency to reflect previous version + * debian/control: php4-pear depends on php4-cgi + + -- Petr Cech Thu, 13 Dec 2001 23:09:54 +0100 + +php4 (3:4.1-2) unstable; urgency=high + + * FIxes from CSV 4.1.0RC5. Looks like it was not the release after all. + * ext/exif/exif.c: MFH + * ext/ldap/ldap.c: small crash fix from HEAD + * and misc tiny changes. Really :-) + * ext/imap/php_imap.c: HIGH. fix from CVS (imap_rfc822_parse_adrlist) changing + the argument + + -- Petr Cech Sun, 9 Dec 2001 00:01:37 +0100 + +php4 (3:4.1-1) unstable; urgency=medium + + * Final 4.1.0 (not released) + * NEWS: s/4.0/4.1/ + * Build with GD1. It should fix some GD bugs, as gd 2.0.1 is supposed to be + a beta version with known bugs. How should I know. + * sablot extension removed upstream. So use XSLT (C/R in place) + * Apply fix for file_exists() from tilo (closes: #114409) + * "Cannot redeclare" were fixed in previous RCs (closes: #112341) + * previous version is build in hppa and ia64, so I assume it + (closes: #115391) + * Add note to sybase_ct, that it conflicts with mod_gzip folowing a user + report. + * This should fix the "final HTML> stripped" bug that was introduced + in 4.0.6-3. (closes: #110415). + * add --enable-ucd-snmp-hack to try to fix segfaults with ucd-snmp + + -- Petr Cech Mon, 26 Nov 2001 14:56:50 +0100 + +php4 (3:4.0.100-1) unstable; urgency=low + + * Really a 4.1.0RC2 + * Remove hack for apache 1.3.14, as we build-depends on 1.3.22 anyway + * Build-depends: libexpat1 (>= 1.95.2-2.1) for the .1 + * Added Provides: zendapi-$version to php4 and php4-cgi + * Made modules depend on zendapi-$version instead of php4|php4-cgi. + Please use this in your php4-$module packages + * Apply c-client hack only to i386 most architectures don't support linking + both PIC and non-PIC code. I'm still affrai to do this on i386, as it + crashes a lot more :( + * Apply some CVS patches + + -- Petr Cech Wed, 14 Nov 2001 20:50:19 +0100 + +php4 (3:4.0.99-4) unstable; urgency=medium + + * Recompile because of new version of caudium. + (I really hope this gets into testing soon as php in testing + now doesn't do apache 1.3.22) + + -- Petr Cech Fri, 9 Nov 2001 11:11:46 +0100 + +php4 (3:4.0.99-3) unstable; urgency=medium + + * Recompile for new libexpat1 (closes: #116623 and others) + * upstream: ext/gd/gd.c, ext/iconv/iconv.c + * crypt(): defalt to using DES crypt() (closes: #117092) + * debian/rules: disable libmm in -cgi build. Will lesser the impact + of the infamous /tmp/session_mm.reg + * apply patch to Zend, which should fix the "cannot redeclare" error. + It's still a bug in your code though (use include_once). More changes + to this are comming (upstream). + * Add some documentation to sybase + + -- Petr Cech Mon, 22 Oct 2001 11:20:46 +0200 + +php4 (3:4.0.99-2) unstable; urgency=low + + * "Some days are just no good" release. + * Recompile with apache 1.3.22 from Incoming + * Deal with automake going to 1:1.4 and automake1.5 + + -- Petr Cech Fri, 19 Oct 2001 15:02:00 +0200 + +php4 (3:4.0.99-1) unstable; urgency=low + + * This is really 4.1.0RC1, but ... + * Applied setcookie(), which is not in upstream yet + + -- Petr Cech Fri, 19 Oct 2001 12:05:20 +0200 + +php4 (3:4.0.6.7rc3-3) unstable; urgency=medium + + * Fix dependency in caudium-php4. Sorry for this + + -- Petr Cech Fri, 19 Oct 2001 11:28:07 +0200 + +php4 (3:4.0.6.7rc3-2) unstable; urgency=medium + + * Recompile with recent caudium/pike. Please, no new version so it can get + into testing :) + * debian/control: move php4-pear to suggests + * Fix setcookie() again. I really hate this bug + * Build-Depends: re2c - it's usually not needed, but if you make some + strange changes to the parser ... + * FIx automake 1.5 build problems (I hope) + + -- Petr Cech Thu, 18 Oct 2001 12:03:39 +0200 + +php4 (3:4.0.6.7rc3-1) unstable; urgency=low + + * New upstream test release. + + -- Petr Cech Fri, 5 Oct 2001 09:23:35 +0000 + +php4 (3:4.0.6.7rc2-3) unstable; urgency=low + + * "Let's try to fix some bugs" release. + * Add some patches: ldap (does this fix things?), pgsql, + domxml + * Build-Conflicts: automake (>= 1.5) for now + + -- Petr Cech Tue, 2 Oct 2001 10:55:23 +0200 + +php4 (3:4.0.6.7rc2-2) unstable; urgency=low + + * Enable recode extension (the library is LGPL) - shared + * Enable iconv extension - in main php4. Experimental + * Build-Depends: s/libgd-dev/libgd2-dev/ + * Build-Depends: libxml2-dev (>= 2.4.2) (Closes: #112304) + and fix autoconf macros (Closes: #113980) + * Improve?? description of PEAR (Closes: #112432) + + -- Petr Cech Sat, 22 Sep 2001 10:37:42 +0200 + +php4 (3:4.0.6.7rc2-1) unstable; urgency=medium + + * 2nd release candidate + * ext/mbstring: fix compile (cp1252) + * ext/standard/url_scanner_ex: off by one + * WARNING: caudium builds with Zend Threading enabled, but other + modules don't. So you cannot safely use DSO with caudium + * Added some Build-Conflicts - with broken libmysqlclient + - with libtool 1.4b + + -- Petr Cech Mon, 10 Sep 2001 18:04:27 +0200 + +php4 (3:4.0.6-6) unstable; urgency=medium + + * The "Paul Hampson fixes release". + * Closed those atexit() bugs. Now to find out, how to make libtool link with + gcc instead of ld :(( + * ext/standard/head.c: Fix setcookie("bla) (closes: #109524, #109697) + Thanks to Paul Hampson for finding the cause, though I've used another + fix - fixed changes in CVS made in -3 I think. Silly me to think, that + all "small" changes are fixes. + * libc-client2001 was fixed in -5, so add a (closes: #109202) here + * Conflicts: only with libtool 1.4b-{1,2,3}. libtool 1.4.1 is OK + + -- Petr Cech Sat, 1 Sep 2001 20:59:40 +0200 + +php4 (3:4.0.6-5) unstable; urgency=low + + * Recompile for libc-client2001 (I hope it doesn't break anything else) + And many other libraries. + * ATTENTION. php4 still doesn't work with autoconf 2.52 and thus libtool 1.4b!! + You have to get libtool 1.4 to be able to use phpize. + + -- Petr Cech Wed, 22 Aug 2001 23:26:08 +0200 + +php4 (3:4.0.6-4) unstable; urgency=high + + * Add pear/CODING_STANDARDS into php4-pear (fixes 105574. closed too early. sorry) + * Fix the nasty segfaults with mail(). That'll teach me taking upstream + changes without looking. Thanks Cvetan Ivanov for the correct fix (also upstream now) + (closes: #105686, #105878). + + -- Petr Cech Fri, 20 Jul 2001 23:07:30 +0200 + +php4 (3:4.0.6-3) unstable; urgency=high + + * ext/standard/mail.c: security fix + * debian/control: Build-Depends: libtool (>= 1.4) + * ext/curl/curl.c: fix typo + * ext/gd/config.m4: fix typo + * ext/mcrypt/mcrypt.c: upstream buffer overflow fix + * ext/mhash/mhash.c: upstream buffer overflow fix + * ext/pgsql/pgsql.c: fix + * ext/posix/config.m4: check for getpgid + * ext/sablot/sablot.c: fix leaks + * ext/standard/url* : fixes + * ext/sysvshm/sysvshm.c: fixes + * Zend/*: small fixes + + -- Petr Cech Fri, 13 Jul 2001 16:21:04 +0200 + +php4 (3:4.0.6-2) unstable; urgency=low + + * pear/Makefile.in: add IT_Error.php to installed files (closes: #103087) + * debian/control: - allow also libcurl-ssl-dev as Build-Depends (closes: #103618) + - libfreetype6-dev to Build-Depends + - add auto* suite to php4-dev depends (closes: #104199) + * debian/rules: - build gd module with freetype2 support + - move common ./configure flags to COMMON_CONFIG + - build with mbstring support + + -- Petr Cech Fri, 13 Jul 2001 08:22:02 +0200 + +php4 (3:4.0.6-1) unstable; urgency=medium + + * New upstream release. + * NOTE: new extension will probably be in another upload, to get this + into testing ... + + -- Petr Cech Mon, 25 Jun 2001 20:43:24 +0200 + +php4 (3:4.0.5.6rc3-3) unstable; urgency=low + + * The "I hate sablot release". Recompile with 0.60 + * debian/php4-domxml.postrm: also fix the :: (closes: #101306) + * debian/rules: --enable-ctype - still EXPERIMENTAL!!! Bug upstream + + -- Petr Cech Mon, 18 Jun 2001 09:46:17 +0200 + +php4 (3:4.0.5.6rc3-2) unstable; urgency=low + + * ext/sablot/config.m4: link sablot.so with -lsablot, not main php4 + * build/ ... : upstream fix for building with automake 1.4-pX + * don't fail, when libssl-dev is not installed. sigh + + -- Petr Cech Thu, 14 Jun 2001 23:36:34 +0200 + +php4 (3:4.0.5.6rc3-1) unstable; urgency=low + + * New upstream test release. + * Recompile with apache 1.3.20 + * debian/control: + - php4-dev: Depends: bison, flex (closes: #100634) + - Build-Depends: libcurl-dev (>=7.8) + * debian/rules: + - add --enable-bcmath to all rules (closes: #100491) + * Zend/zend.c: apply upstream fix to allow building of caudium + + -- Petr Cech Tue, 12 Jun 2001 22:27:26 +0200 + +php4 (3:4.0.5.6rc2-1) unstable; urgency=low + + * New upstream test release. + * FIx regex/regex.h (int regoff_t) + * fix php4-cgi build with pcre - don't use supplied pcre + * Fix wddx support (closes: #99468) + * Add missing $(INSTALL_ROOT) to sapi/caudium/config.m4 + + -- Petr Cech Fri, 8 Jun 2001 11:37:07 +0200 + +php4 (3:4.0.5.6rc1-1) unstable; urgency=low + + * New upstream test release with new bugs :)) + * moved pear from /usr/lib/php4 to /usr/share/php4 + * Whups. Sorry about the epoch 3: . It somehow slipped in, so I'll + have to live with it + + -- Petr Cech Wed, 16 May 2001 14:14:04 +0200 + +php4 (3:4.0.5-2) unstable; urgency=low + + * Build-Depend on newer libmhash-dev, as it supposedly doesn't + compile on current woody (closes: #96555) + * Build-Depends: s/freetype2/libttf-dev/ + * Stop building php4-pgsql - move to non-US + * Build-Deps on new libsablot0 + + -- Petr Cech Thu, 10 May 2001 10:43:02 +0200 + +php4 (3:4.0.5-1) unstable; urgency=medium + + * New upstream release. + * recompile with new sablot - how I hate this (closes: #95401) + * Merge XML into main php4 + * Reword README.Debian (closes: #89667) + * Enable wddx + * debian/*.postinst: * only ask upon first install, not upgrade (closes: #93452) + * fix typos (closes: #94118) + * Added support for Sybase/MS SQL Server (using FreeTDS) + using patch from: + http://rpms.arvin.dk/php/source/patches/php-sybase_ct.patch + thanks to Bradley Bell for the patch + * ext/pcre : two upstream fixes + * ext/sablot/sablot.c: small upstream fix + * build/buildcheck.sh : fixes to allow compile with libtool 1.4 + * ext/standard/exec.c: upstream fixes + * sapi/apache/mod_php4.c: off by one fix + * sapi/cgi/cgi_main.c: fix POST bug + * main/snprintf.c: upstream fix + + -- Petr Cech Wed, 3 May 2001 22:17:10 +0200 + +php4 (4.0.4.5rc6-2) unstable; urgency=low + + * Build-depends: libcurl-dev will pull libcurl2 (closes: #92994) + * TSRM/TSRM.c: upstream fix + * ext/pgsql: upstream fix + + -- Petr Cech Thu, 5 Apr 2001 17:51:09 +0200 + +php4 (4.0.4.5rc6-1) unstable; urgency=low + + * New upstream test release. + * Don't mention CGI support, as it's not so for a long time. + + -- Petr Cech Wed, 4 Apr 2001 13:47:45 +0200 + +php4 (4.0.4.5rc5-1) unstable; urgency=low + + * New upstream test release. + * ask about /etc/php4/cgi/php.ini also + * It's really recompiled for 1.3.19 (closes: #91901, #91822) + * problems with modules documented (closes: #81141, #82611) + + -- Petr Cech Mon, 2 Apr 2001 09:38:16 +0200 + +php4 (4.0.4.5rc3-1) unstable; urgency=low + + * New upstream RC release + * debian/rules: s/with-yp/enable-yp/ to really enable YP support. Discovered + on broken potato upload. -0potato2 is fixed + * Looks like there was a bug in latest build, this should fix it (closes: #92018) + * remove libmcal0 workaround + + -- Petr Cech Wed, 28 Mar 2001 21:15:36 +0200 + +php4 (4.0.4.5rc2-1) unstable; urgency=low + + * New upstream release test release 4.0.5RC2. + * debian/rules: Add lintian overrides + * debian/control: * add libexpat1-dev to Build-Depends + * add libmcal0 to Build-Depends since libmcal0-dev is + missing this dependancy :(( Bug filled + * ext/socket/socket.c: minor upstream patch + + -- Petr Cech Mon, 26 Mar 2001 20:43:49 +0200 + +php4 (4.0.4pl1-6) unstable; urgency=low + + * NEVER RELEASED + * Build-depends on libcurl1-dev (>= 7.6.1-5), which fixes the libcurl1 or + libcurl1-ssl problem. + * remove dh_testversion and use versioned Build-depends instead + + -- Petr Cech Tue, 13 Mar 2001 23:20:58 +0100 + +php4 (4.0.4pl1-5) unstable; urgency=low + + * Add lintian overrides + * Rebuild with correct libgd-dev installed. Sorry + (closes: #88490, #88255, #88371, #88619, #88635) + * Closed by fixed libjpeg (closes: #85865, #88141) + + -- Petr Cech Tue, 6 Mar 2001 17:26:41 +0100 + +php4 (4.0.4pl1-4) unstable; urgency=low + + * The "Enable what you can" release. + * Enable sablot extension (many files) (closes: #84073) + * Enable mcal extension (finaly closes: #65688, #85925) + * Build-Conflicts: bind-dev - this supposedly causes unresolved symbols. + Why? + * ext/pgsql/pgsql.c: apply tiny patch, which should fix postgres + problems. There is a better patch in CVS, but it needs changes to Zend + * pear/pear.in: binary is php4 no php (closes: #87848) + * ext/domxml/config.m4: link with -lxml2 (closes: #87457) + * debian/README.Debian: add notes about ldap, imap and mhash extensions + * debian/{control,rules}: activate bz2 extension + * php4.ini-dist: comment out include_path so php will use compiled in + path (closes 2nd part of 87848) + + -- Petr Cech Wed, 28 Feb 2001 10:18:11 +0100 + +php4 (4.0.4pl1-3) unstable; urgency=medium + + * Fixed postrm issues. Sorry + + -- Petr Cech Sun, 4 Feb 2001 06:13:00 +0100 + +php4 (4.0.4pl1-2) unstable; urgency=medium + + * debian/control: Build-depends: xlibs-dev (seems it's missing and causes + failed builds for arm, m68k and powerpc) + s/libsnmp4.1/libsnmp4.2/ (closes: #84139) + * debian/php4.*: make LoadModule matching case insensitive (fixes 83641 + for unstable) + + -- Petr Cech Wed, 31 Jan 2001 10:14:29 +0100 + +php4 (4.0.4pl1-1) unstable; urgency=high + + * New upstream version. + * This release fixes some security problems. + * Some patches from previous versions are not here. + * debian/control: Build-depends on newer libcurl1-dev, remove librecode-dev + * debian/control: add libjpeg62-dev to build-depends from powerpc buildlog + (hmm. Where ir Roman?) + * debian/php4{,-cgi}.postinst: don't mark php.ini as conffile and install it + when it doesn't already exist. I should find a way to check, that the default + php.ini changed and user should update it. + * debian/php4{,-cgi}.postrm: cleanup the /etc/php4 dir after purge + * fix xml.so not working with php4-cgi + + -- Petr Cech Thu, 23 Jan 2001 11:12:59 +0100 + +php4 (4.0.4final-6) unstable; urgency=medium + + * OK. Now also fix the prerm issues (closes: #81418) and to ease + that thanks for submiting bugs (closes: #81818, #81819) + * some upstream updates: browsercap, php-config + + -- Petr Cech Wed, 10 Jan 2001 14:04:19 +0100 + +php4 (4.0.4final-5) unstable; urgency=medium + + * OK. Take a deep breath and fix those bloody postinst + bugs - fix it and rewrite from ed -> sed, because ed is not essential :( + closes: #80801. + * apply some upstream fixes. + * disable ctype extension - not yet ready + + -- Petr Cech Tue, 2 Jan 2001 13:40:35 +0100 + +php4 (4.0.4final-4) unstable; urgency=low + + * debian/libc-client.la: add -lpam -ldl -lcrypt + * fix php4-cgi.postinst bugs (closes: #80817, #80805, #80801) + + -- Petr Cech Fri, 29 Dec 2000 11:40:43 +0100 + +php4 (4.0.4final-3) unstable; urgency=low + + * Brown Xmas Sock Release + * Grr. correctly fix the php4 postinst error + (closes: #80303, #80324, #80326, #80359) + NMU by Wichert Akkerman (closes: #80381) + * also fix php4-cgi. NMU by Marcelo E. Magallon + (closes: #80406). + * fix fix for php4-cgi postinst s/apache/cgi/ + * apply some upstream fixes to ext/session/ + * domxml/config.m4: fix my -Lshared,/usr/lib error + * debian/rules: + * add --enable-ctype to both targets + * --diable-pear to CGI target + * generate Depends: php4 (=ver) | php4-cgi (=ver) + + -- Petr Cech Wed, 27 Dec 2000 15:29:56 +0100 + +php4 (4.0.4final-2) unstable; urgency=low + + * Run apacheconfig with --force-modules. + * Fix stupid bug in php4 and php4-cgi postinst. + * ext/sysvshm/sysvshm.c : upstream fix + + -- Petr Cech Thu, 21 Dec 2000 22:58:27 +0100 + +php4 (4.0.4final-1) unstable; urgency=low + + * New upstream version. + * Sorry for the version, but da-katie doesn't allow overwriting of files, notably + .orig.tar.gz. It's my fault I know, but it worked till now. + + -- Petr Cech Wed, 20 Dec 2000 01:32:34 +0100 + +php4 (4.0.4-0RC6.1) unstable; urgency=low + + * OK. Final final RC for 4.0.4. + * Build-depends on libxml2-dev (>= 2.2.7) because php needs this. + * Activate ndbm dba driver. + + -- Petr Cech Sun, 17 Dec 2000 19:43:51 +0100 + +php4 (4.0.4-0RC5.1) unstable; urgency=low + + * UNRELEASED. + * Final RC for 4.0.4. + * Some mods to README.Debian and TODO + + -- Petr Cech Wed, 13 Dec 2000 00:01:08 +0100 + +php4 (4.0.4-0RC4.1) unstable; urgency=low + + * New upstream beta release. Let's stabilize things now and add new + modules after final release of 4.0.4. + + -- Petr Cech Thu, 7 Dec 2000 10:12:11 +0100 + +php4 (4.0.4-0RC3.2) unstable; urgency=low + + * recompile with new libc-client200-dev. + * fix source recompile + * depend on fixed apache 1.3.14-2 + + -- Petr Cech Thu, 7 Dec 2000 00:49:14 +0100 + +php4 (4.0.4-0RC3.1) unstable; urgency=low + + * New upstream beta release. + * Add libxml2-dev to build-depends (closes: #78479). + * implement DEB_BUILD_OPTIONS + * fix apache build wrt. apxs + * fix typo in description of curl modules (closes: #78828) + + -- Petr Cech Tue, 5 Dec 2000 14:22:30 +0100 + +php4 (4.0.3pl1-7) unstable; urgency=low + + * Rebuild with apache 1.3.14-1 + + -- Petr Cech Fri, 1 Dec 2000 01:41:41 +0100 + +php4 (4.0.3pl1-6) unstable; urgency=low + + * add --enable-memory-limit + * add --enable-exif per request from William Ono. + * Add Suggests: phpdoc (yes. it's here). + * ext/standard/crypt.c - fix from CVS. + * ext/ftp/ftp.{c,h} - fix mkdir() and RETR, STOR + * ext/gd/gd.c - add format string + - add XBM to phpinfo() + * ext/imap/php_imap.{c,h} - CVS fixes + * main/main.c - fix CGI crash + - add HTTP_SERVER_VARS in CGI mode + * and many more. Taken from php4.srpm (thanks :)) + * recompile with apache 1.3.12-2.2 + * and hack large files support into DSO module. php4 doesn't use it now :(( + + -- Petr Cech Thu, 30 Nov 2000 00:01:39 +0100 + +php4 (4.0.3pl1-5) unstable; urgency=low + + * Back out changes about --enable-versioning + * ext/domxml/php_domxml.c : fix compilation with recent libxml2 (>=2.2.7) + + -- Petr Cech Tue, 21 Nov 2000 18:03:56 +0100 + +php4 (4.0.3pl1-4) unstable; urgency=low + + * Clarify README.Debian about the DB change a bit (dbm_ -> dba_*) + * Remove aliasing hack - deprecated upstream. (closes: #76558) + * Compile with libgd-dev again (Write 100x always reinstall libgd-dev). + * --enable-versioning and tweak debian/control a bit, let's see, what breaks + + -- Petr Cech Tue, 14 Nov 2000 10:00:54 +0100 + +php4 (4.0.3pl1-3) unstable; urgency=low + + * Activate curl module. + * Really enable shmop module. + * Fix include paths in phpize. Now everyone should be able to easilly build + php4 extension modules (php4-dbase anyone?). + + -- Petr Cech Mon, 6 Nov 2000 23:17:41 +0100 + +php4 (4.0.3pl1-2) unstable; urgency=low + + * Build with libgd-dev installed (NOT libgd-gif). + + -- Petr Cech Tue, 17 Oct 2000 02:08:36 +0200 + +php4 (4.0.3pl1-1) unstable; urgency=medium + + * New upstream bugfix release. + * Depend on libopenldap1 as with the newer ldap module crashes php&apache. + + -- Petr Cech Mon, 16 Oct 2000 15:30:55 +0200 + +php4 (4.0.3-2) unstable; urgency=high + + * Urgency=high because last upload didn't have it ad it fixes some + security holes. + * ext/domxml/config.m4: don't try to build then --without-domxml + + -- Petr Cech Thu, 12 Oct 2000 12:50:17 +0200 + +php4 (4.0.3-1) unstable; urgency=low + + * New upstream release. + - fixes also some string format bugs + * Build with fixed libmysqlclient10-dev. + + -- Petr Cech Thu, 12 Oct 2000 00:00:07 +0200 + +php4 (4.0.2-7) unstable; urgency=low + + * Really, really install libldap2-dev. + * Workaround broken libmysqlclient9-dev. It has broken (again) .so symlink. + + -- Petr Cech Tue, 10 Oct 2000 22:28:48 +0200 + +php4 (4.0.2-6) unstable; urgency=low + + * Again fix description a little bit. + * Correct build-depends. + * Sic. Recompile, because I've busted (libopenldap-dev instead of + libldap2-dev was installed). + * While at it install also new apache glibc NMU and recompile with it. + * Move PEAR from php4-dev to php4 and install ALL of PEAR. + * add --prefix=/usr + * debhelper v2 + * prepare for CURL module + * Updated README.Debian + * updated XML module from php4 CVS to close: #72360 + + -- Petr Cech Mon, 2 Oct 2000 14:36:35 +0200 + +php4 (4.0.2-5) unstable; urgency=low + + * Correct build-depends (libgd1-dev -> libgd-dev). Where is Roman? :) + * Add libdb2-dev (>= 2:2.7.7-2.1) to build-depends for glibc 2.1.94. + * and recompile with glibc 2.1.94 to fix it. + + -- Petr Cech Wed, 27 Sep 2000 09:00:27 +0200 + +php4 (4.0.2-4) unstable; urgency=low + + * Tweak description a little bit more. + + -- Petr Cech Sun, 24 Sep 2000 23:58:15 +0200 + +php4 (4.0.2-3) unstable; urgency=low + + * Add info about what modules and why are enabled/disabled + into README.Debian. + * Install not so many docs (only in -dev now). + * Enable calendar and sockets modules. + * Rearange package descriptions so module-specific comments + go first (closes: # oh great leader). + * Create domxml module aka xmlv2. + * Fix spelling wan't -> want (closes: #70544). + * Add libraries for gd module only when linking this one + and not globaly (closes: #71623). + * Say that we wait for ENTER (closes: #71769). + * Fix logic in prerm script (closes: #71770). + + -- Petr Cech Sun, 24 Sep 2000 17:54:52 +0000 + +php4 (4.0.2-2) unstable; urgency=low + + * Add info about what modules and why are enabled/disabled + into README.Debian. + * Install not so many docs (only in -dev now). + * Enable calendar and sockets modules. + * Rearange package descriptions so module-specific comments + go first (closes: # oh great leader). + * Create domxml module aka xmlv2. + * Fix building (small typo). + * Compile with libmysqlclient9-dev installed. + + -- Petr Cech Mon, 18 Sep 2000 23:46:40 +0200 + +php4 (4.0.2-1) unstable; urgency=low + + * The "Back from vacation" release. + * New upstream fixed (and bugs). + * Correct postm script (only cosmetic) closes: #67350, #68541 + * build with libpcre3, libldap2 + * Use modified patch from -3 (remove #define XML_... php_XML_...) + + -- Petr Cech Thu, 7 Sep 2000 23:17:59 +0200 + +php4 (4.0.1pl2-3) unstable; urgency=low + + * UNRELEASED + * Fixed the XML packages. + + -- Norman Jordan Thu, 10 Aug 2000 21:45:15 +0000 + +php4 (4.0.1pl2-2) unstable; urgency=low + + * Fix source archive. + + -- Petr Cech Tue, 11 Jul 2000 11:04:48 +0000 + +php4 (4.0.1pl2-1) unstable; urgency=low + + * New upstream bug fix release (variation of the patches in -2) + * Build with new libgd1 library (maybe still in Incoming) + * Move PEAR stuff to php4 package (closes: #66897). + + -- Petr Cech Sun, 9 Jul 2000 09:01:06 +0000 + +php4 (4.0.1-2) unstable; urgency=low + + * Apply some CVS diffs in an attempt to fix opendir() problems. + + -- Petr Cech Fri, 30 Jun 2000 09:04:24 +0000 + +php4 (4.0.1-1) unstable; urgency=low + + * New upstream release (taken from CVS tag php_4_0_1). + * --with-regex=system else it plays havoc. Dunno why ... + * remove autoconf,automake,aclocal from configure rules. + * Fix description of XML --help message (no, it's not MySQL). + + -- Petr Cech Wed, 28 Jun 2000 22:55:16 +0200 + +php4 (4.0.0-4) unstable; urgency=low + + * Add -dev package (closes: #65907). + * Add -cgi and -cgi-* packages (closes: #51097, #52855). + * --enable-filepro + * Tweak copyright file a bit. + * Generate mhash module (closes part of 63186). + * Ask to remove libphp4 from httpd.conf upon remove/purge. + * Fixed build-depends, thanks to Roman Hodek (closes: #65938). + (I told you the first time it won't work :)) + * Mark /etc/php4/cgi/php.ini as conffile. + * Every module now ask if it should be enabled on install + (if it's not already) and disabled on remove/purge. + + -- Petr Cech Tue, 20 Jun 2000 14:29:01 +0200 + +php4 (4.0.0-3) unstable; urgency=low + + * Ship correct php.ini (extension_dir=/usr/lib/php4/apache). + * Don't use included libmysqlclient and use system one (fixes + wrong location of mysqld.sock) + * link XML module dynamicly with system xmlparse and xmltok. + + -- Petr Cech Wed, 14 Jun 2000 22:30:07 +0000 + +php4 (4.0.0-2) unstable; urgency=low + + * fix the IS_SLASH bug (closes: #65625 and probably others as well). + * Really change the maintainer field. + + -- Petr Cech Wed, 14 Jun 2000 07:44:05 +0000 + +php4 (4.0.0-1) unstable; urgency=low + + * New maintainer. + * New upstream release. + * Fix dynamic module loading. + * Added Build-Depends (I wonder, if I got them right) + * Standards-Version: 3.1.1 + + -- Petr Cech Tue, 13 Jun 2000 13:40:56 +0000 + +php4 (4.0rc1-2) unstable; urgency=low + + * Compile with latest apache and libraries from woody + (Closes: #62631, #62640) + + -- Gergely Madarasz Wed, 19 Apr 2000 14:39:25 +0200 + +php4 (4.0rc1-1) unstable; urgency=low + + * New upstream version + * Fix db2 support (Closes: #61709) + * Fix gd support (Closes: #61708) + * Remove ucd-snmp-hack from config options + + -- Gergely Madarasz Sun, 16 Apr 2000 17:04:05 +0200 + +php4 (4.0b4pl1-2) unstable; urgency=low + + * Build with --disable-debug so it should work with the zend + optimizer (Closes: #60265) + * Build with --enable-trans-sid (Closes: #60430) + * Write some more about php4/php3 differences in the description + (Closes: #60155) + + -- Gergely Madarasz Fri, 17 Mar 2000 17:35:29 +0100 + +php4 (4.0b4pl1-1) unstable; urgency=low + + * New upstream version + * Upstream reorganized the build system quite a bit, lots of patches + removed + + -- Gergely Madarasz Wed, 23 Feb 2000 17:16:00 +0100 + +php4 (4.0b3-4) unstable; urgency=low + + * Add /etc/php4/apache/php.ini to conffiles (Closes: #54194) + * Add info file for apacheconfig + * Offer to run apacheconfig and/or apache-sslconfig in postinst + * Comment out sendmail_path from php.ini so the default sendmail path + should work (Closes: #51355) + + -- Gergely Madarasz Thu, 6 Jan 2000 14:38:20 +0100 + +php4 (4.0b3-3) unstable; urgency=low + + * Compile with libgd instead of libgd-gif + + -- Gergely Madarasz Tue, 4 Jan 2000 18:07:56 +0100 + +php4 (4.0b3-2) unstable; urgency=low + + * Build imap and ldap modules + * Fix rm -f in rules file (Closes: #51623) + + -- Gergely Madarasz Mon, 3 Jan 2000 16:54:19 +0100 + +php4 (4.0b3-1) unstable; urgency=low + + * Initial Release. + + -- Gergely Madarasz Tue, 16 Nov 1999 19:33:42 +0100 --- php5-5.1.2.orig/debian/php5-cgi.postinst +++ php5-5.1.2/debian/php5-cgi.postinst @@ -0,0 +1,27 @@ +#!/bin/sh + +set -e + +#DEBHELPER# + +if [ "$1" != "configure" ]; then + exit 0 +fi + +. /usr/share/debconf/confmodule + +phpini="/etc/php5/cgi/php.ini" + +if ! [ -f $phpini ]; then + mkdir -p /etc/php5/cgi + cp /usr/share/php5/php.ini-dist $phpini +fi + +update-alternatives \ + --install /usr/bin/php-cgi php-cgi /usr/bin/php5-cgi 50 \ + --slave /usr/share/man/man1/php-cgi.1.gz php-cgi.1.gz /usr/share/man/man1/php5-cgi.1.gz + +update-alternatives \ + --install /usr/lib/cgi-bin/php php-cgi-bin /usr/lib/cgi-bin/php5 50 + +exit 0 --- php5-5.1.2.orig/debian/control +++ php5-5.1.2/debian/control @@ -0,0 +1,298 @@ +Source: php5 +Section: web +Priority: optional +Maintainer: Debian PHP Maintainers +Uploaders: Adam Conrad , Steve Langasek , Jeroen van Wolffelaar , Ondřej Surý +Build-Depends: apache2-prefork-dev (>= 2.0.53-3), autoconf, automake1.4, bison, chrpath, debhelper (>= 3), flex (>= 2.5.4), freetds-dev, po-debconf, libbz2-dev (>= 1.0.0), libcurl3-openssl-dev | libcurl3-dev, libdb4.3-dev, libexpat1-dev (>= 1.95.2-2.1), libfreetype6-dev, libgcrypt11-dev, libgd2-xpm-dev (>= 2.0.28-3), libgdbm-dev, libjpeg62-dev, libkrb5-dev, libldap2-dev, libmhash-dev (>= 0.8.8), libmysqlclient15-dev | libmysqlclient12-dev, libncurses5-dev, libpam0g-dev, libpcre3-dev (>= 4.3-1), libpng12-dev, libpq-dev | postgresql-dev, librecode-dev, libsnmp9-dev | libsnmp-dev, libsqlite0-dev, libssl-dev (>= 0.9.6), libt1-dev, libtool (>= 1.4.2-4), libwrap0-dev, libxmltok1-dev, libxml2-dev (>= 2.4.14), libxslt1-dev (>= 1.0.18), re2c, unixodbc-dev, zlib1g-dev (>= 1.0.9) +Build-Conflicts: bind-dev +Standards-Version: 3.6.2 + +Package: php5 +Architecture: all +Depends: libapache2-mod-php5 (>= ${Source-Version}) | php5-cgi (>= ${Source-Version}), php5-common (>= ${Source-Version}) +Description: server-side, HTML-embedded scripting language (meta-package) + This package is a meta-package that, when installed, guarantees that you + have at least one of the four server-side versions of the PHP5 interpreter + installed. Removing this package won't remove PHP5 from your system, however + it may remove other packages that depend on this one. + . + PHP5 is an HTML-embedded scripting language. Much of its syntax is borrowed + from C, Java and Perl with a couple of unique PHP-specific features thrown + in. The goal of the language is to allow web developers to write dynamically + generated pages quickly. + . + Homepage: http://www.php.net/ + +Package: php5-common +Architecture: any +Depends: sed (>= 4.1.1-1) +Description: Common files for packages built from the php5 source + This package contains the documentation and example files relevant to all + the other packages built from the php5 source. + . + PHP5 is an HTML-embedded scripting language. Much of its syntax is borrowed + from C, Java and Perl with a couple of unique PHP-specific features thrown + in. The goal of the language is to allow web developers to write dynamically + generated pages quickly. + . + Homepage: http://www.php.net/ + +Package: libapache2-mod-php5 +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends}, mime-support (>= 2.03-1), ${apache2:Depends}, php5-common (= ${Source-Version}), libmagic1 +Conflicts: libapache2-mod-php4 +Provides: ${php:Provides} +Suggests: php-pear +Description: server-side, HTML-embedded scripting language (apache 2.0 module) + This package provides the PHP5 module for the Apache 2.0 webserver (as + found in the apache2-mpm-prefork package). Please note that this package + ONLY works with Apache's prefork MPM, as it is not compiled thread-safe. + To use php5 with Apache 1.3, you probably want libapache-mod-php5 instead. + . + ${php:Extensions} + . + PHP5 is an HTML-embedded scripting language. Much of its syntax is borrowed + from C, Java and Perl with a couple of unique PHP-specific features thrown + in. The goal of the language is to allow web developers to write dynamically + generated pages quickly. + . + Homepage: http://www.php.net/ + +Package: php5-cgi +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends}, mime-support (>= 2.03-1), php5-common (= ${Source-Version}), libmagic1 +Provides: ${php:Provides} +Conflicts: php3 (<= 3.0.18-1) +Suggests: php-pear +Description: server-side, HTML-embedded scripting language (CGI binary) + This package provides the /usr/lib/cgi-bin/php5 CGI interpreter built + for use in apache 1.3 or apache 2.0 with mod_actions, or any other CGI + httpd that supports a similar mechanism. Note that MOST apache users + probably want the libapache-mod-php5 or libapache2-mod-php5 packages. + . + ${php:Extensions} + . + PHP5 is an HTML-embedded scripting language. Much of its syntax is borrowed + from C, Java and Perl with a couple of unique PHP-specific features thrown + in. The goal of the language is to allow web developers to write dynamically + generated pages quickly. + . + Homepage: http://www.php.net/ + +Package: php5-cli +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends}, mime-support (>= 2.03-1), php5-common (= ${Source-Version}), libmagic1 +Provides: ${php:Provides} +Conflicts: php3 (<= 3.0.18-1) +Suggests: php-pear +Description: command-line interpreter for the php5 scripting language + This package provides the /usr/bin/php5 command interpreter, useful for + testing PHP scripts from a shell, or perhaps even performing general + shell scripting tasks, if you're frightened of perl and python. + . + ${php:Extensions} + . + PHP5 is an HTML-embedded scripting language. Much of its syntax is borrowed + from C, Java and Perl with a couple of unique PHP-specific features thrown + in. The goal of the language is to allow web developers to write dynamically + generated pages quickly. + . + Homepage: http://www.php.net/ + +Package: php5-dev +Depends: autoconf, automake1.4, libssl-dev, libtool, shtool, php5-common (>= ${Source-Version}) +Section: devel +Architecture: any +Description: Files for PHP5 module development + This package provides the files from the PHP5 source needed for compiling + additional modules. + . + PHP5 is an HTML-embedded scripting language. Much of its syntax is borrowed + from C, Java and Perl with a couple of unique PHP-specific features thrown + in. The goal of the language is to allow web developers to write + dynamically generated pages quickly. + +Package: php-pear +Architecture: all +Depends: php5-cli | php4-cli, php5-common (>= ${Source-Version}) +Recommends: gnupg +Replaces: php4-pear (<< 4:4.4.0-0) +Description: PEAR - PHP Extension and Application Repository + This package contains the base PEAR classes for PHP, as well as the PEAR + installer. Many PEAR classes are already packaged for Debian, and can be + easily identified by names beginning with "php-", such as php-db and + php-auth. + . + PHP5 is an HTML-embedded scripting language. Much of its syntax is borrowed + from C, Java and Perl with a couple of unique PHP-specific features thrown + in. The goal of the language is to allow web developers to write + dynamically generated pages quickly. + +Package: php5-curl +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends}, ${php:Depends}, php5-common (= ${Source-Version}) +Description: CURL module for php5 + CURL is a library for getting files from FTP, GOPHER, HTTP server. + . + PHP5 is an HTML-embedded scripting language. Much of its syntax is borrowed + from C, Java and Perl with a couple of unique PHP-specific features thrown + in. The goal of the language is to allow web developers to write + dynamically generated pages quickly. + +Package: php5-gd +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends}, ${php:Depends}, php5-common (= ${Source-Version}) +Description: GD module for php5 + This package provides a module for handling graphics directly from PHP + scripts. It supports the PNG, JPEG, XPM and ttf fonts. + . + PHP5 is an HTML-embedded scripting language. Much of its syntax is borrowed + from C, Java and Perl with a couple of unique PHP-specific features thrown + in. The goal of the language is to allow web developers to write + dynamically generated pages quickly. + +Package: php5-ldap +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends}, ${php:Depends}, php5-common (= ${Source-Version}) +Description: LDAP module for php5 + This package provides a module for LDAP functions in PHP scripts. + . + PHP5 is an HTML-embedded scripting language. Much of its syntax is borrowed + from C, Java and Perl with a couple of unique PHP-specific features thrown + in. The goal of the language is to allow web developers to write + dynamically generated pages quickly. + +Package: php5-mhash +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends}, ${php:Depends}, php5-common (= ${Source-Version}) +Description: MHASH module for php5 + This package provides a module for mhash functions in PHP scripts. + . + PHP5 is an HTML-embedded scripting language. Much of its syntax is borrowed + from C, Java and Perl with a couple of unique PHP-specific features thrown + in. The goal of the language is to allow web developers to write + dynamically generated pages quickly. + +Package: php5-mysql +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends}, ${php:Depends}, php5-mysqli (= ${Source-Version}), php5-common (= ${Source-Version}) +Description: MySQL module for php5 + This package provides a module for MySQL database connections directly from + PHP scripts. This generic module can be used to connect to all versions of + MySQL, however when connecting to MySQL servers greater than version 4.1, + you may want to consider using the interface provided by the php5-mysqli + extention, which this package depends on. + . + PHP5 is an HTML-embedded scripting language. Much of its syntax is borrowed + from C, Java and Perl with a couple of unique PHP-specific features thrown + in. The goal of the language is to allow web developers to write + dynamically generated pages quickly. + +Package: php5-mysqli +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends}, ${php:Depends}, php5-mysql (= ${Source-Version}), php5-common (= ${Source-Version}) +Description: MySQL Improved module for php5 + This package provides a module for MySQL database connections directly from + PHP scripts. This new "Improved" interface should only be used to connect + to MySQL databases greater than version 4.1. For older MySQL servers, + please use the functions from the php5-mysql extension instead, which this + package depends on. + . + PHP5 is an HTML-embedded scripting language. Much of its syntax is borrowed + from C, Java and Perl with a couple of unique PHP-specific features thrown + in. The goal of the language is to allow web developers to write + dynamically generated pages quickly. + +Package: php5-odbc +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends}, ${php:Depends}, php5-common (= ${Source-Version}) +Description: ODBC module for php5 + This package provides a module for database access through ODBC drivers. + It uses the unixODBC library as an ODBC provider. + . + PHP5 is an HTML-embedded scripting language. Much of its syntax is borrowed + from C, Java and Perl with a couple of unique PHP-specific features thrown + in. The goal of the language is to allow web developers to write + dynamically generated pages quickly. + +Package: php5-pgsql +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends}, ${php:Depends}, php5-common (= ${Source-Version}) +Description: PostgreSQL module for php5 + This package provides a module for PostgreSQL database connections + directly from PHP scripts. + . + PHP5 is an HTML-embedded scripting language. Much of its syntax is borrowed + from C, Java and Perl with a couple of unique PHP-specific features thrown + in. The goal of the language is to allow web developers to write + dynamically generated pages quickly. + +Package: php5-recode +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends}, ${php:Depends}, php5-common (= ${Source-Version}) +Description: recode module for php5 + This package provides a module for recode - character set recoding. + . + PHP5 is an HTML-embedded scripting language. Much of its syntax is borrowed + from C, Java and Perl with a couple of unique PHP-specific features thrown + in. The goal of the language is to allow web developers to write + dynamically generated pages quickly. + +Package: php5-snmp +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends}, ${php:Depends}, php5-common (= ${Source-Version}) +Description: SNMP module for php5 + This package provides a module for SNMP functions in PHP scripts. + . + PHP5 is an HTML-embedded scripting language. Much of its syntax is borrowed + from C, Java and Perl with a couple of unique PHP-specific features thrown + in. The goal of the language is to allow web developers to write + dynamically generated pages quickly. + +Package: php5-sqlite +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends}, ${php:Depends}, php5-common (= ${Source-Version}) +Description: SQLite module for php5 + This package provides a module allowing you to use the SQLite self-contained + database engine from within your PHP scripts, eliminating the need for a full + SQL server installation like MySQL or PostgreSQL. + . + PHP5 is an HTML-embedded scripting language. Much of its syntax is borrowed + from C, Java and Perl with a couple of unique PHP-specific features thrown + in. The goal of the language is to allow web developers to write + dynamically generated pages quickly. + +Package: php5-sybase +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends}, ${php:Depends}, php5-common (= ${Source-Version}) +Description: Sybase / MS SQL Server module for php5 + This package provides a module for Sybase and Microsoft SQL Server database + connections directly from PHP scripts. + . + PHP5 is an HTML-embedded scripting language. Much of its syntax is borrowed + from C, Java and Perl with a couple of unique PHP-specific features thrown + in. The goal of the language is to allow web developers to write + dynamically generated pages quickly. + +Package: php5-xmlrpc +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends}, ${php:Depends}, php5-common (= ${Source-Version}) +Description: XML-RPC module for php5 + This package provides a module for XML-RPC functions in PHP scripts. + . + PHP5 is an HTML-embedded scripting language. Much of its syntax is borrowed + from C, Java and Perl with a couple of unique PHP-specific features thrown + in. The goal of the language is to allow web developers to write + dynamically generated pages quickly. + +Package: php5-xsl +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends}, ${php:Depends}, php5-common (= ${Source-Version}) +Description: XSL module for php5 + This package provides a module for XSL using the libxslt XSL parser. + . + PHP5 is an HTML-embedded scripting language. Much of its syntax is borrowed + from C, Java and Perl with a couple of unique PHP-specific features thrown + in. The goal of the language is to allow web developers to write + dynamically generated pages quickly. + --- php5-5.1.2.orig/debian/php5-module.postinst +++ php5-5.1.2/debian/php5-module.postinst @@ -0,0 +1,26 @@ +#!/bin/sh + +set -e + +# Source debconf library. +. /usr/share/debconf/confmodule + +#DEBHELPER# + +if [ "$1" != "configure" ]; then + exit 0 +fi + +for SAPI in apache apache2 cgi cli +do + if [ -f /etc/php5/$SAPI/php.ini ]; then + db_get php5/extension_@dsoname@_$SAPI + if [ "$RET" = "true" ] \ + && ! grep -q "^[[:space:]]*extension[[:space:]]*=[[:space:]]*@dsoname@\.so" /etc/php5/$SAPI/php.ini + then + echo "extension=@dsoname@.so" >> /etc/php5/$SAPI/php.ini + fi + fi +done + +exit 0 --- php5-5.1.2.orig/debian/libapache-mod-php5.postrm +++ php5-5.1.2/debian/libapache-mod-php5.postrm @@ -0,0 +1,42 @@ +#! /bin/sh +# postrm script for #PACKAGE# +# +# see: dh_installdeb(1) + +set -e + +# summary of how this script can be called: +# * `remove' +# * `purge' +# * `upgrade' +# * `failed-upgrade' +# * `abort-install' +# * `abort-install' +# * `abort-upgrade' +# * `disappear' overwrit>r> +# for details, see /usr/share/doc/packaging-manual/ + +case "$1" in + remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear) + + + ;; + + purge) + rm -rf /etc/php5/apache + if [ -d /etc/php5 ]; then + rmdir --ignore-fail-on-non-empty /etc/php5 + fi + ;; + *) + echo "postrm called with unknown argument \`$1'" >&2 + exit 0 + +esac + +# dh_installdeb will replace this with shell code automatically +# generated by other debhelper scripts. + +#DEBHELPER# + +exit 0 --- php5-5.1.2.orig/debian/libapache2-mod-php5.prerm +++ php5-5.1.2/debian/libapache2-mod-php5.prerm @@ -0,0 +1,15 @@ +#!/bin/sh + +set -e + +#DEBHELPER# + +if [ "$1" != "remove" -a "$1" != "purge" ]; then + exit 0 +fi + +if [ -e /etc/apache2/apache2.conf ]; then + a2dismod php5 || true +fi + +exit 0 --- php5-5.1.2.orig/debian/libapache-mod-php5.prerm +++ php5-5.1.2/debian/libapache-mod-php5.prerm @@ -0,0 +1,17 @@ +#!/bin/sh + +set -e + +#DEBHELPER# + +if [ "$1" != "remove" -a "$1" != "purge" ]; then + exit 0 +fi + +for i in apache apache-ssl apache-perl; do + if [ -e /etc/$i/httpd.conf ]; then + apache-modconf $i disable mod_php5 quiet + fi +done + +exit 0 --- php5-5.1.2.orig/debian/libapache-mod-php5.500mod_php5.info +++ php5-5.1.2/debian/libapache-mod-php5.500mod_php5.info @@ -0,0 +1,7 @@ +LoadModule: php5_module /usr/lib/apache/1.3/libphp5.so +Directives: + php_value + php_flag + php_admin_value + php_admin_flag +Description: Support for the PHP5 HTML-embedded scripting language --- php5-5.1.2.orig/debian/php5-common.php5.cron.d +++ php5-5.1.2/debian/php5-common.php5.cron.d @@ -0,0 +1,7 @@ +# /etc/cron.d/php5: crontab fragment for php5 +# This purges session files older than X, where X is defined in seconds +# as the largest value of session.gc_maxlifetime from all your php.ini +# files, or 24 minutes if not defined. See /usr/lib/php5/maxlifetime + +# Look for and purge old sessions every 30 minutes +09,39 * * * * root [ -d /var/lib/php5 ] && find /var/lib/php5/ -type f -cmin +$(/usr/lib/php5/maxlifetime) -print0 | xargs -r -0 rm --- php5-5.1.2.orig/debian/modulelist +++ php5-5.1.2/debian/modulelist @@ -0,0 +1,14 @@ +curl CURL +gd GD +ldap LDAP +mhash MHASH +mysql MySQL +mysqli MySQLi +odbc ODBC +pgsql PostgreSQL +recode recode +snmp SNMP +sqlite SQLite +sybase Sybase sybase_ct +xmlrpc XML-RPC +xsl XSL --- php5-5.1.2.orig/debian/po/vi.po +++ php5-5.1.2/debian/po/vi.po @@ -0,0 +1,90 @@ +# Vietnamese translation for php5. +# Copyright © 2005 Free Software Foundation, Inc. +# Clytie Siddall , 2005. +# +msgid "" +msgstr "" +"Project-Id-Version: php5 4/4.3.10-15\n" +"Report-Msgid-Bugs-To: \n" +"POT-Creation-Date: 2005-07-16 23:18+1000\n" +"PO-Revision-Date: 2005-07-04 14:05+0930\n" +"Last-Translator: Clytie Siddall \n" +"Language-Team: Vietnamese \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=utf-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Plural-Forms: nplurals=1; plural=0\n" +"X-Generator: LocFactoryEditor 1.2.2\n" + +#. Type: boolean +#. Description +#: ../php5-module.templates:4 +msgid "Should ${extname} be added to /etc/php5/${sapiconfig}/php.ini?" +msgstr "Có nên thêm «${extname}» vào «/etc/php5/${sapiconfig}/php.ini» không?" + +#. Type: boolean +#. Description +#: ../php5-module.templates:4 +msgid "" +"You are installing ${extname} support for php5, and it is not yet enabled in " +"the configuration for the ${sapiconfig} SAPI. Do you want this extension to " +"be enabled now?" +msgstr "" +"Lúc này bạn đang cài đặt cách hỗ trợ «${extname}» cho PHP5, nhưng mà nó chưa " +"bật trong cấu hình cho SAPI «${sapiconfig}». Bạn có muốn hiệu lực phần mở " +"rộng này ngay bây giờ không?" + +#. Type: boolean +#. Description +#: ../php5-module.templates:12 +msgid "Should ${extname} be removed from /etc/php5/${sapiconfig}/php.ini?" +msgstr "" +"Có nên loại bỏ «${extname}» ra «/etc/php5/${sapiconfig}/php.ini» không?" + +#. Type: boolean +#. Description +#: ../php5-module.templates:12 +msgid "" +"You are removing ${extname} support for php5, but it is still enabled in the " +"configuration for the ${sapiconfig} SAPI. Leaving this in place will " +"probably cause problems when trying to use PHP." +msgstr "" +"Lúc này bạn đang loại bỏ cách hỗ trợ «${extname}» ra PHP5, nhưng mà nó vẫn " +"còn bật trong cấu hình cho SAPI «${sapiconfig}». Nếu bạn không vô hiệu hóa " +"nó, rất có thể gây ra lỗi trong khi cố sử dụng PHP." + +#~ msgid "Comment out extension_dir config from /etc/php5/apache/php.ini?" +#~ msgstr "" +#~ "Dùng chú thích để vô hiệu hóa cấu hình «extension_dir» ra «/etc/php5/" +#~ "apache/php.ini» không?" + +#~ msgid "" +#~ "WARNING! The location of the php5 extensions has changed, and you have an " +#~ "extension_dir configured in /etc/php5/apache/php.ini. Leaving it in " +#~ "place may leave you unable to access some extensions from PHP scripts. " +#~ "It is recommended that you let PHP use the compiled-in default path for " +#~ "locating extensions." +#~ msgstr "" +#~ "CẢNH BÁO: vị trí của những phần mở rộng PHP5 đã thay đổi, nhưng mà bạn " +#~ "còn có một «extension_dir» được cấu hình trong «/etc/php5/apache/php." +#~ "ini». Nếu bạn không vô hiệu hóa nó, có lẽ bạn sẽ không truy cập được một " +#~ "số phần mở rộng thông qua tập lệnh PHP. Khuyên bạn cho phép PHP dùng " +#~ "đường dẫn mặc định có sẵn (đã biên dịch) để tìm phần mở rộng." + +#~ msgid "Comment out extension_dir config from /etc/php5/cgi/php.ini?" +#~ msgstr "" +#~ "Dùng chú thích để vô hiệu hóa cấu hình «extension_dir» ra «/etc/php5/cgi/" +#~ "php.ini» không?" + +#~ msgid "" +#~ "WARNING! The location of the php5 extensions has changed, and you have an " +#~ "extension_dir configured in /etc/php5/cgi/php.ini. Leaving it in place " +#~ "may leave you unable to access some extensions from PHP scripts. It is " +#~ "recommended that you let PHP use the compiled-in default path for " +#~ "locating extensions." +#~ msgstr "" +#~ "CẢNH BÁO: vị trí của những phần mở rộng PHP5 đã thay đổi, nhưng mà bạn " +#~ "còn có một «extension_dir» được cấu hình trong «/etc/php5/cgi/php.ini». " +#~ "Nếu bạn không vô hiệu hóa nó, có lẽ bạn sẽ không truy cập được một số " +#~ "phần mở rộng thông qua tập lệnh PHP. Khuyên bạn cho phép PHP dùng đường " +#~ "dẫn mặc định có sẵn (đã biên dịch) để tìm phần mở rộng" --- php5-5.1.2.orig/debian/po/nl.po +++ php5-5.1.2/debian/po/nl.po @@ -0,0 +1,96 @@ +# +# Translators, if you are not familiar with the PO format, gettext +# documentation is worth reading, especially sections dedicated to +# this format, e.g. by running: +# info -n '(gettext)PO Files' +# info -n '(gettext)Header Entry' +# +# Some information specific to po-debconf are available at +# /usr/share/doc/po-debconf/README-trans +# or http://www.debian.org/intl/l10n/po-debconf/README-trans +# +# Developers do not need to manually edit POT or PO files. +# +msgid "" +msgstr "" +"Project-Id-Version: php5 4:4.3.3-3\n" +"Report-Msgid-Bugs-To: \n" +"POT-Creation-Date: 2005-07-16 23:18+1000\n" +"PO-Revision-Date: 2003-11-14 15:42+0100\n" +"Last-Translator: Tim Dijkstra \n" +"Language-Team: Debian l10n Dutch \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=iso-8859-15\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: boolean +#. Description +#: ../php5-module.templates:4 +msgid "Should ${extname} be added to /etc/php5/${sapiconfig}/php.ini?" +msgstr "" +"Dient ${extname} te worden toegevoegd aan /etc/php5/${sapiconfig}/php.ini?" + +#. Type: boolean +#. Description +#: ../php5-module.templates:4 +msgid "" +"You are installing ${extname} support for php5, and it is not yet enabled in " +"the configuration for the ${sapiconfig} SAPI. Do you want this extension to " +"be enabled now?" +msgstr "" +"U bent ${extname}-ondersteuning voor php5 aan het installeren, maar het is " +"nog niet geactiveerd in de configuratie van de ${sapiconfig}-SAPI. Wilt u " +"deze uitbreiding nu activeren?" + +#. Type: boolean +#. Description +#: ../php5-module.templates:12 +msgid "Should ${extname} be removed from /etc/php5/${sapiconfig}/php.ini?" +msgstr "Moet ${extname} worden verwijderd uit /etc/php5/${sapiconfig}/php.ini?" + +#. Type: boolean +#. Description +#: ../php5-module.templates:12 +msgid "" +"You are removing ${extname} support for php5, but it is still enabled in the " +"configuration for the ${sapiconfig} SAPI. Leaving this in place will " +"probably cause problems when trying to use PHP." +msgstr "" +"U bent ${extname}-ondersteuning voor php5 aan het verwijderen, maar het is " +"nog wel geactiveerd in de configuratie van de ${sapiconfig}-SAPI. Dit kan " +"problemen veroorzaken tijdens het gebruik van PHP." + +#~ msgid "Comment out extension_dir config from /etc/php5/apache/php.ini?" +#~ msgstr "" +#~ "De extension_dir instelling in /etc/php5/apache/php.ini uitschakelen?" + +#~ msgid "" +#~ "WARNING! The location of the php5 extensions has changed, and you have an " +#~ "extension_dir configured in /etc/php5/apache/php.ini. Leaving it in " +#~ "place may leave you unable to access some extensions from PHP scripts. " +#~ "It is recommended that you let PHP use the compiled-in default path for " +#~ "locating extensions." +#~ msgstr "" +#~ "WAARSCHUWING! De locatie van de php5-uitbreidingen is veranderd en u " +#~ "heeft een extension_dir ingesteld in /etc/php5/apache/php.ini. Deze " +#~ "instelling behouden kan ervoor zorgen dat u in PHP-scripts sommige " +#~ "uitbreidingen niet kunt gebruiken. Het wordt aanbevolen dat u PHP het " +#~ "standaard pad voor uitbreidingen laat gebruiken dat is opgegeven tijdens " +#~ "de compilatie." + +#~ msgid "Comment out extension_dir config from /etc/php5/cgi/php.ini?" +#~ msgstr "De extension_dir instelling in /etc/php5/cgi/php.ini uitschakelen?" + +#~ msgid "" +#~ "WARNING! The location of the php5 extensions has changed, and you have an " +#~ "extension_dir configured in /etc/php5/cgi/php.ini. Leaving it in place " +#~ "may leave you unable to access some extensions from PHP scripts. It is " +#~ "recommended that you let PHP use the compiled-in default path for " +#~ "locating extensions." +#~ msgstr "" +#~ "WAARSCHUWING! De locatie van de php5-uitbreidingen is veranderd en u " +#~ "heeft een extension_dir ingesteld in /etc/php5/cgi/php.ini. Deze " +#~ "instelling behouden kan ervoor zorgen dat u in PHP-scripts sommige " +#~ "uitbreidingen niet kunt gebruiken. Het wordt aanbevolen dat u PHP het " +#~ "standaard pad voor uitbreidingen laat gebruiken dat is opgegeven tijdens " +#~ "de compilatie." --- php5-5.1.2.orig/debian/po/pt_BR.po +++ php5-5.1.2/debian/po/pt_BR.po @@ -0,0 +1,93 @@ +# +# Translators, if you are not familiar with the PO format, gettext +# documentation is worth reading, especially sections dedicated to +# this format, e.g. by running: +# info -n '(gettext)PO Files' +# info -n '(gettext)Header Entry' +# +# Some information specific to po-debconf are available at +# /usr/share/doc/po-debconf/README-trans +# or http://www.debian.org/intl/l10n/po-debconf/README-trans +# +# Developers do not need to manually edit POT or PO files. +# +msgid "" +msgstr "" +"Project-Id-Version: php5_4.3.2+rc3-3\n" +"Report-Msgid-Bugs-To: \n" +"POT-Creation-Date: 2005-07-16 23:18+1000\n" +"PO-Revision-Date: 2003-08-24 21:44-0300\n" +"Last-Translator: Andr Lus Lopes \n" +"Language-Team: Debian-BR Project \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=ISO-8859-1\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: boolean +#. Description +#: ../php5-module.templates:4 +msgid "Should ${extname} be added to /etc/php5/${sapiconfig}/php.ini?" +msgstr "${extname} deve ser adicionado a /etc/php5/${sapiconfig}/php.ini ?" + +#. Type: boolean +#. Description +#: ../php5-module.templates:4 +msgid "" +"You are installing ${extname} support for php5, and it is not yet enabled in " +"the configuration for the ${sapiconfig} SAPI. Do you want this extension to " +"be enabled now?" +msgstr "" +"Voc est instalando o suporte a ${extname} para o php5 e o mesmo ainda no " +"est habilitado para a configurao SAPI ${sapiconfig}. Voc deseja que essa " +"extenso seja habilitada agora ?" + +#. Type: boolean +#. Description +#: ../php5-module.templates:12 +msgid "Should ${extname} be removed from /etc/php5/${sapiconfig}/php.ini?" +msgstr "${extname} deve ser removido de /etc/php5/${sapiconfig}/php.ini ?" + +#. Type: boolean +#. Description +#: ../php5-module.templates:12 +msgid "" +"You are removing ${extname} support for php5, but it is still enabled in the " +"configuration for the ${sapiconfig} SAPI. Leaving this in place will " +"probably cause problems when trying to use PHP." +msgstr "" +"Voc est removendo o suporte a ${extname} para o php5 e o mesmo ainda " +"continua habilitado para a configurao SAPI ${sapiconfig}. Mant-lo onde " +"est atualmente provavelmente ir causar problemas quando voc tentar usar o " +"PHP." + +#~ msgid "Comment out extension_dir config from /etc/php5/apache/php.ini?" +#~ msgstr "Comentar parmetro extension_dir de /etc/php5/apache/php.ini ?" + +#~ msgid "" +#~ "WARNING! The location of the php5 extensions has changed, and you have an " +#~ "extension_dir configured in /etc/php5/apache/php.ini. Leaving it in " +#~ "place may leave you unable to access some extensions from PHP scripts. " +#~ "It is recommended that you let PHP use the compiled-in default path for " +#~ "locating extensions." +#~ msgstr "" +#~ "AVISO ! A local das extenses php5 mudou e voc possui atualmente o " +#~ "parmetro extension_dir definido no /etc/php5/apache/php.ini. Mant-lo " +#~ "dessa maneira poder impedir que voc acesse algumas extenses a partir " +#~ "de scripts PHP. recomendado que voc permita que o PHP use o caminho " +#~ "padro compilado para localizar extenses." + +#~ msgid "Comment out extension_dir config from /etc/php5/cgi/php.ini?" +#~ msgstr "Comentar parmetro extension_dir de /etc/php5/cgi/php.ini ?" + +#~ msgid "" +#~ "WARNING! The location of the php5 extensions has changed, and you have an " +#~ "extension_dir configured in /etc/php5/cgi/php.ini. Leaving it in place " +#~ "may leave you unable to access some extensions from PHP scripts. It is " +#~ "recommended that you let PHP use the compiled-in default path for " +#~ "locating extensions." +#~ msgstr "" +#~ "AVISO ! A local das extenses php5 mudou e voc possui atualmente o " +#~ "parmetro extension_dir definido no /etc/php5/cgi/php.ini. Mant-lo dessa " +#~ "maneira poder impedir que voc acesse algumas extenses a partir de " +#~ "scripts PHP. recomendado que voc permita que o PHP use o caminho " +#~ "padro compilado para localizar extenses." --- php5-5.1.2.orig/debian/po/es.po +++ php5-5.1.2/debian/po/es.po @@ -0,0 +1,100 @@ +# php5 debconf translation to spanish +# Copyright (C) 2004 Software in the Public Interest +# This file is distributed under the same license as the php5 package. +# +# Changes: +# - Initial translation +# Carlos Valdivia Yage , 2004 +# +# Translators, if you are not familiar with the PO format, gettext +# documentation is worth reading, especially sections dedicated to +# this format, e.g. by running: +# info -n '(gettext)PO Files' +# info -n '(gettext)Header Entry' +# +# Some information specific to po-debconf are available at +# /usr/share/doc/po-debconf/README-trans +# or http://www.debian.org/intl/l10n/po-debconf/README-trans +# +# Developers do not need to manually edit POT or PO files. +# +msgid "" +msgstr "" +"Project-Id-Version: php5 4.3.3-5\n" +"Report-Msgid-Bugs-To: \n" +"POT-Creation-Date: 2005-07-16 23:18+1000\n" +"PO-Revision-Date: 2004-02-14 12:35+0100\n" +"Last-Translator: Carlos Valdivia Yage \n" +"Language-Team: Debian L10n Spanish Team \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=ISO-8859-15\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: boolean +#. Description +#: ../php5-module.templates:4 +msgid "Should ${extname} be added to /etc/php5/${sapiconfig}/php.ini?" +msgstr "Desea aadir ${extname} a /etc/php5/${sapiconfig}/php.ini?" + +#. Type: boolean +#. Description +#: ../php5-module.templates:4 +msgid "" +"You are installing ${extname} support for php5, and it is not yet enabled in " +"the configuration for the ${sapiconfig} SAPI. Do you want this extension to " +"be enabled now?" +msgstr "" +"Est aadiendo soporte de ${extname} para php5 pero an no est activado en " +"la configuracin para la ${sapiconfig} SAPI. Quiere activar la extensin " +"ahora?" + +#. Type: boolean +#. Description +#: ../php5-module.templates:12 +msgid "Should ${extname} be removed from /etc/php5/${sapiconfig}/php.ini?" +msgstr "Quiere borrar ${extname} de /etc/php5/${sapiconfig}/php.ini?" + +#. Type: boolean +#. Description +#: ../php5-module.templates:12 +msgid "" +"You are removing ${extname} support for php5, but it is still enabled in the " +"configuration for the ${sapiconfig} SAPI. Leaving this in place will " +"probably cause problems when trying to use PHP." +msgstr "" +"Est quitando soporte de ${extname} para php5 pero an est activado en la " +"configuracin de la ${sapiconfig} SAPI. Si lo deja as es muy posible que le " +"cause problemas al intentar usar PHP." + +#~ msgid "Comment out extension_dir config from /etc/php5/apache/php.ini?" +#~ msgstr "Comentar la opcin extension_dir de /etc/php5/apache/php.ini?" + +#~ msgid "" +#~ "WARNING! The location of the php5 extensions has changed, and you have an " +#~ "extension_dir configured in /etc/php5/apache/php.ini. Leaving it in " +#~ "place may leave you unable to access some extensions from PHP scripts. " +#~ "It is recommended that you let PHP use the compiled-in default path for " +#~ "locating extensions." +#~ msgstr "" +#~ "Atencin! La ubicacin de las extensiones de php5 ha cambiado pero tiene " +#~ "la opcin extension_dir configurada en /etc/php5/apache/php.ini. Si lo " +#~ "deja tal cual, no podr utilizar determinadas extensiones desde los " +#~ "scripts en PHP. Se recomienda que permita que PHP utilice la ruta " +#~ "predeterminada en tiempo de compilacin para encontrar las extensiones." + +#~ msgid "Comment out extension_dir config from /etc/php5/cgi/php.ini?" +#~ msgstr "Comentar la opcin extension_dir de /etc/php5/cgi/php.ini?" + +#~ msgid "" +#~ "WARNING! The location of the php5 extensions has changed, and you have an " +#~ "extension_dir configured in /etc/php5/cgi/php.ini. Leaving it in place " +#~ "may leave you unable to access some extensions from PHP scripts. It is " +#~ "recommended that you let PHP use the compiled-in default path for " +#~ "locating extensions." +#~ msgstr "" +#~ "Atencin! La ubicacin de las extensiones de php5 ha cambiado pero tiene " +#~ "la opcin extension_dir configurada en /etc/php5/cgi/php.ini. Si lo deja " +#~ "tal cual, no podr utilizar determinadas extensiones desde los scripts en " +#~ "PHP. Se recomienda que permita que PHP utilice la ruta predeterminada en " +#~ "tiempo de compilacin para encontrar las extensiones." --- php5-5.1.2.orig/debian/po/ca.po +++ php5-5.1.2/debian/po/ca.po @@ -0,0 +1,91 @@ +# php5 (debconf) translation to Catalan. +# Copyright (C) 2004 Free Software Foundation, Inc. +# Aleix Badia i Bosch , 2004 +# Josep Lladonosa i Capell , 2004 +# Steve Langasek , 2004 +# Jordi Mallach , 2004 +# +msgid "" +msgstr "" +"Project-Id-Version: php5_4:4.3.3-5_templates\n" +"Report-Msgid-Bugs-To: \n" +"POT-Creation-Date: 2005-07-16 23:18+1000\n" +"PO-Revision-Date: 2004-01-31 19:46GMT\n" +"Last-Translator: Aleix Badia i Bosch \n" +"Language-Team: Debian L10n Catalan \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: boolean +#. Description +#: ../php5-module.templates:4 +msgid "Should ${extname} be added to /etc/php5/${sapiconfig}/php.ini?" +msgstr "Voleu afegir l'extensió ${extname} a /etc/php5/${sapiconfig}/php.ini?" + +#. Type: boolean +#. Description +#: ../php5-module.templates:4 +msgid "" +"You are installing ${extname} support for php5, and it is not yet enabled in " +"the configuration for the ${sapiconfig} SAPI. Do you want this extension to " +"be enabled now?" +msgstr "" +"Esteu instal·lant el suport de ${extname} per a php5 i encara no està " +"habilitat a la configuració per al SAPI ${sapiconfig}. Voleu habilitar " +"aquesta extensió?" + +#. Type: boolean +#. Description +#: ../php5-module.templates:12 +msgid "Should ${extname} be removed from /etc/php5/${sapiconfig}/php.ini?" +msgstr "" +"Voleu suprimir l'extensió ${extname} de /etc/php5/${sapiconfig}/php.ini?" + +#. Type: boolean +#. Description +#: ../php5-module.templates:12 +msgid "" +"You are removing ${extname} support for php5, but it is still enabled in the " +"configuration for the ${sapiconfig} SAPI. Leaving this in place will " +"probably cause problems when trying to use PHP." +msgstr "" +"S'està suprimint el suport de l'extensió ${extname} per a php5 però continua " +"habilitat a la configuració per al SAPI ${sapiconfig}. Si ho deixeu activat " +"pot provocar problemes a l'intentar utilitzar el php." + +#~ msgid "Comment out extension_dir config from /etc/php5/apache/php.ini?" +#~ msgstr "" +#~ "Voleu comentar la configuració de l'extension_dir de l'/etc/php5/apache/" +#~ "php.ini?" + +#~ msgid "" +#~ "WARNING! The location of the php5 extensions has changed, and you have an " +#~ "extension_dir configured in /etc/php5/apache/php.ini. Leaving it in " +#~ "place may leave you unable to access some extensions from PHP scripts. " +#~ "It is recommended that you let PHP use the compiled-in default path for " +#~ "locating extensions." +#~ msgstr "" +#~ "Avís. La ubicació de les extensions del php5 s'ha modificat i disposeu " +#~ "d'un extension_dir configurat a /etc/php5/apache/php.ini. Si no ho " +#~ "modifiqueu no podreu accedir a algunes de les extensions des de les " +#~ "seqüències de php. És recomanable que deixeu que el php utilitzi el camí " +#~ "predeterminat en la compilació per a la ubicació de les extensions." + +#~ msgid "Comment out extension_dir config from /etc/php5/cgi/php.ini?" +#~ msgstr "" +#~ "Voleu comentar la configuració de l'extension_dir de /etc/php5/cgi/php." +#~ "ini?" + +#~ msgid "" +#~ "WARNING! The location of the php5 extensions has changed, and you have an " +#~ "extension_dir configured in /etc/php5/cgi/php.ini. Leaving it in place " +#~ "may leave you unable to access some extensions from PHP scripts. It is " +#~ "recommended that you let PHP use the compiled-in default path for " +#~ "locating extensions." +#~ msgstr "" +#~ "Avís. La ubicació de les extensions del php5 s'han modificat i disposeu " +#~ "d'un extension_dir configurat a /etc/php5/cgi/php.ini. Si no ho " +#~ "modifiqueu no podreu accedir a algunes de les extensions des de les " +#~ "seqüències de php. És recomanable que deixeu que el php utilitzi el camí " +#~ "predeterminat en la compilació per a la ubicació de les extensions." --- php5-5.1.2.orig/debian/po/fr.po +++ php5-5.1.2/debian/po/fr.po @@ -0,0 +1,95 @@ +# +# Translators, if you are not familiar with the PO format, gettext +# documentation is worth reading, especially sections dedicated to +# this format, e.g. by running: +# info -n '(gettext)PO Files' +# info -n '(gettext)Header Entry' +# Some information specific to po-debconf are available at +# /usr/share/doc/po-debconf/README-trans +# or http://www.debian.org/intl/l10n/po-debconf/README-trans# +# Developers do not need to manually edit POT or PO files. +# +msgid "" +msgstr "" +"Project-Id-Version: php5_4:4.3.2+rc3-3\n" +"Report-Msgid-Bugs-To: \n" +"POT-Creation-Date: 2005-07-16 23:18+1000\n" +"PO-Revision-Date: 2003-08-24 09:07+0200\n" +"Last-Translator: Michel Grentzinger \n" +"Language-Team: French \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=ISO-8859-15\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: boolean +#. Description +#: ../php5-module.templates:4 +msgid "Should ${extname} be added to /etc/php5/${sapiconfig}/php.ini?" +msgstr "Faut-il ajouter ${extname} /etc/php5/${sapiconfig}/php.ini?" + +#. Type: boolean +#. Description +#: ../php5-module.templates:4 +msgid "" +"You are installing ${extname} support for php5, and it is not yet enabled in " +"the configuration for the ${sapiconfig} SAPI. Do you want this extension to " +"be enabled now?" +msgstr "" +"Vous installez la gestion de ${extname} par php5 et celle-ci n'est pas " +"encore active dans la configuration ${sapiconfig} SAPI. Souhaitez-vous que " +"cette extension soit active maintenant?" + +#. Type: boolean +#. Description +#: ../php5-module.templates:12 +msgid "Should ${extname} be removed from /etc/php5/${sapiconfig}/php.ini?" +msgstr "Faut-il supprimer ${extname} dans /etc/php5/${sapiconfig}/php.ini?" + +#. Type: boolean +#. Description +#: ../php5-module.templates:12 +msgid "" +"You are removing ${extname} support for php5, but it is still enabled in the " +"configuration for the ${sapiconfig} SAPI. Leaving this in place will " +"probably cause problems when trying to use PHP." +msgstr "" +"Vous supprimez la gestion de ${extname} par php5 mais elle est toujours " +"active dans la configuration ${sapiconfig} SAPI. Si vous laissez cela en " +"l'tat, vous aurez sans doute des problmes lorsque vous essayerez " +"d'utiliser PHP." + +#~ msgid "Comment out extension_dir config from /etc/php5/apache/php.ini?" +#~ msgstr "" +#~ "Faut-il commenter la configuration extension_dir dans /etc/php5/apache/" +#~ "php.ini?" + +#~ msgid "" +#~ "WARNING! The location of the php5 extensions has changed, and you have an " +#~ "extension_dir configured in /etc/php5/apache/php.ini. Leaving it in " +#~ "place may leave you unable to access some extensions from PHP scripts. " +#~ "It is recommended that you let PHP use the compiled-in default path for " +#~ "locating extensions." +#~ msgstr "" +#~ "ATTENTION! L'emplacement des extensions php5 a chang et vous avez " +#~ "configur extension_dir dans /etc/php5/apache/php.ini. En laissant cela " +#~ "en l'tat, vous pourriez tre dans l'impossibilit d'accder certaines " +#~ "extensions partir des scripts PHP. Il est recommand de laisser PHP " +#~ "utiliser le chemin par dfaut pour dfinir l'emplacement des extensions." + +#~ msgid "Comment out extension_dir config from /etc/php5/cgi/php.ini?" +#~ msgstr "" +#~ "Faut-il commenter la configuration extension_dir dans /etc/php5/cgi/php." +#~ "ini?" + +#~ msgid "" +#~ "WARNING! The location of the php5 extensions has changed, and you have an " +#~ "extension_dir configured in /etc/php5/cgi/php.ini. Leaving it in place " +#~ "may leave you unable to access some extensions from PHP scripts. It is " +#~ "recommended that you let PHP use the compiled-in default path for " +#~ "locating extensions." +#~ msgstr "" +#~ "ATTENTION! L'emplacement des extensions php5 a chang et vous avez " +#~ "configur extension_dir dans /etc/php5/cgi/php.ini. En laissant ceci en " +#~ "l'tat, vous pourriez tre dans l'impossibilit d'accder certaines " +#~ "extensions partir des scripts PHP. Il est recommand de laisser PHP " +#~ "utiliser le chemin par dfaut pour dfinir l'emplacement des extensions." --- php5-5.1.2.orig/debian/po/sv.po +++ php5-5.1.2/debian/po/sv.po @@ -0,0 +1,58 @@ +# Translators, if you are not familiar with the PO format, gettext +# documentation is worth reading, especially sections dedicated to +# this format, e.g. by running: +# info -n '(gettext)PO Files' +# info -n '(gettext)Header Entry' +# Some information specific to po-debconf are available at +# /usr/share/doc/po-debconf/README-trans +# or http://www.debian.org/intl/l10n/po-debconf/README-trans +# Developers do not need to manually edit POT or PO files. +# , fuzzy +# +# +msgid "" +msgstr "" +"Project-Id-Version: php5 5.0.5-1\n" +"Report-Msgid-Bugs-To: \n" +"POT-Creation-Date: 2005-07-16 23:18+1000\n" +"PO-Revision-Date: 2005-09-29 19:01-0700\n" +"Last-Translator: Daniel Nylander \n" +"Language-Team: Swedish \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=iso-8859-1\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: boolean +#. Description +#: ../php5-module.templates:4 +msgid "Should ${extname} be added to /etc/php5/${sapiconfig}/php.ini?" +msgstr "Ska ${extname} lggas till i /etc/php5/${sapiconfig}/php.ini?" + +#. Type: boolean +#. Description +#: ../php5-module.templates:4 +msgid "" +"You are installing ${extname} support for php5, and it is not yet enabled in " +"the configuration for the ${sapiconfig} SAPI. Do you want this extension to " +"be enabled now?" +msgstr "" +"Du installerar ${extname} std fr php5 och den r nnu inte aktiverad i " +"konfigurationen fr ${sapiconfig} SAPI. Vill du aktivera den nu?" + +#. Type: boolean +#. Description +#: ../php5-module.templates:12 +msgid "Should ${extname} be removed from /etc/php5/${sapiconfig}/php.ini?" +msgstr "Ska ${extname} raderas frn /etc/php5/${sapiconfig}/php.ini?" + +#. Type: boolean +#. Description +#: ../php5-module.templates:12 +msgid "" +"You are removing ${extname} support for php5, but it is still enabled in the " +"configuration for the ${sapiconfig} SAPI. Leaving this in place will " +"probably cause problems when trying to use PHP." +msgstr "" +"Du tar bort ${extname} stdet fr php5 och den r fortfarande aktiverad i " +"konfigurationen fr ${sapiconfig} SAPI. Lmna den aktiverad kan skapa " +"problem nr du anvnder PHP." --- php5-5.1.2.orig/debian/po/ja.po +++ php5-5.1.2/debian/po/ja.po @@ -0,0 +1,92 @@ +# +# Translators, if you are not familiar with the PO format, gettext +# documentation is worth reading, especially sections dedicated to +# this format, e.g. by running: +# info -n '(gettext)PO Files' +# info -n '(gettext)Header Entry' +# +# Some information specific to po-debconf are available at +# /usr/share/doc/po-debconf/README-trans +# or http://www.debian.org/intl/l10n/po-debconf/README-trans +# +# Developers do not need to manually edit POT or PO files. +# +msgid "" +msgstr "" +"Project-Id-Version: PHP for Debian 4.3.2+3rc3-2\n" +"Report-Msgid-Bugs-To: \n" +"POT-Creation-Date: 2005-07-16 23:18+1000\n" +"PO-Revision-Date: 2003-11-29 08:34+0900\n" +"Last-Translator: Kenshi Muto \n" +"Language-Team: Japanese \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=EUC-JP\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: boolean +#. Description +#: ../php5-module.templates:4 +msgid "Should ${extname} be added to /etc/php5/${sapiconfig}/php.ini?" +msgstr "${extname} /etc/php5/${sapiconfig}/php.ini ɲäޤ?" + +#. Type: boolean +#. Description +#: ../php5-module.templates:4 +msgid "" +"You are installing ${extname} support for php5, and it is not yet enabled in " +"the configuration for the ${sapiconfig} SAPI. Do you want this extension to " +"be enabled now?" +msgstr "" +"php5 ؤ ${extname} ǽΥݡȤ򥤥󥹥ȡ뤷Ƥޤޤ " +"${sapiconfig} SAPI ꤬ͭˤʤäƤޤ󡣤γĥǽ򤹤ͭˤ" +"ޤ?" + +#. Type: boolean +#. Description +#: ../php5-module.templates:12 +msgid "Should ${extname} be removed from /etc/php5/${sapiconfig}/php.ini?" +msgstr "${extname} /etc/php5/${sapiconfig}/php.ini ޤ?" + +#. Type: boolean +#. Description +#: ../php5-module.templates:12 +msgid "" +"You are removing ${extname} support for php5, but it is still enabled in the " +"configuration for the ${sapiconfig} SAPI. Leaving this in place will " +"probably cause problems when trying to use PHP." +msgstr "" +"php5 ؤ ${extname} ǽΥݡȤƤޤޤ ${sapiconfig} " +"SAPI ͭˤʤäޤޤǤΤޤޤξ硢PHP Ѥ褦Ȥݤ" +"餯꤬ޤ" + +#~ msgid "Comment out extension_dir config from /etc/php5/apache/php.ini?" +#~ msgstr "" +#~ "extension_dir /etc/php5/apache/php.ini 饳ȥȤޤ?" + +#~ msgid "" +#~ "WARNING! The location of the php5 extensions has changed, and you have an " +#~ "extension_dir configured in /etc/php5/apache/php.ini. Leaving it in " +#~ "place may leave you unable to access some extensions from PHP scripts. " +#~ "It is recommended that you let PHP use the compiled-in default path for " +#~ "locating extensions." +#~ msgstr "" +#~ "ٹ! php5 ĥξѹޤ/etc/php5/apache/php.ini ꤵ" +#~ "줿 extension_dir ޤΤޤޤˤƤȡPHP ץȤ餤" +#~ "Ĥγĥ˥ǤʤȤˤʤޤPHP ˳ĥΰ֤Ȥƥ" +#~ "ΥǥեȥѥȤ碌褦ᤷޤ" + +#~ msgid "Comment out extension_dir config from /etc/php5/cgi/php.ini?" +#~ msgstr "" +#~ "extension_dir /etc/php5/cgi/php.ini 饳ȥȤޤ?" + +#~ msgid "" +#~ "WARNING! The location of the php5 extensions has changed, and you have an " +#~ "extension_dir configured in /etc/php5/cgi/php.ini. Leaving it in place " +#~ "may leave you unable to access some extensions from PHP scripts. It is " +#~ "recommended that you let PHP use the compiled-in default path for " +#~ "locating extensions." +#~ msgstr "" +#~ "ٹ! php5 ĥξѹޤ/etc/php5/cgi/php.ini ꤵ" +#~ " extension_dir ޤΤޤޤˤƤȡPHP ץȤ餤" +#~ "Ĥγĥ˥ǤʤȤˤʤޤPHP ˳ĥΰ֤Ȥƥѥ" +#~ "ΥǥեȥѥȤ碌褦ᤷޤ" --- php5-5.1.2.orig/debian/po/templates.pot +++ php5-5.1.2/debian/po/templates.pot @@ -0,0 +1,55 @@ +# +# Translators, if you are not familiar with the PO format, gettext +# documentation is worth reading, especially sections dedicated to +# this format, e.g. by running: +# info -n '(gettext)PO Files' +# info -n '(gettext)Header Entry' +# +# Some information specific to po-debconf are available at +# /usr/share/doc/po-debconf/README-trans +# or http://www.debian.org/intl/l10n/po-debconf/README-trans +# +# Developers do not need to manually edit POT or PO files. +# +#, fuzzy +msgid "" +msgstr "" +"Project-Id-Version: PACKAGE VERSION\n" +"Report-Msgid-Bugs-To: \n" +"POT-Creation-Date: 2005-07-16 23:18+1000\n" +"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" +"Last-Translator: FULL NAME \n" +"Language-Team: LANGUAGE \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=CHARSET\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: boolean +#. Description +#: ../php5-module.templates:4 +msgid "Should ${extname} be added to /etc/php5/${sapiconfig}/php.ini?" +msgstr "" + +#. Type: boolean +#. Description +#: ../php5-module.templates:4 +msgid "" +"You are installing ${extname} support for php5, and it is not yet enabled in " +"the configuration for the ${sapiconfig} SAPI. Do you want this extension to " +"be enabled now?" +msgstr "" + +#. Type: boolean +#. Description +#: ../php5-module.templates:12 +msgid "Should ${extname} be removed from /etc/php5/${sapiconfig}/php.ini?" +msgstr "" + +#. Type: boolean +#. Description +#: ../php5-module.templates:12 +msgid "" +"You are removing ${extname} support for php5, but it is still enabled in the " +"configuration for the ${sapiconfig} SAPI. Leaving this in place will " +"probably cause problems when trying to use PHP." +msgstr "" --- php5-5.1.2.orig/debian/po/ru.po +++ php5-5.1.2/debian/po/ru.po @@ -0,0 +1,92 @@ +# translation of php5_4:4.3.10-15_ru.po to Russian +# +# Translators, if you are not familiar with the PO format, gettext +# documentation is worth reading, especially sections dedicated to +# this format, e.g. by running: +# info -n '(gettext)PO Files' +# info -n '(gettext)Header Entry' +# Some information specific to po-debconf are available at +# /usr/share/doc/po-debconf/README-trans +# or http://www.debian.org/intl/l10n/po-debconf/README-trans# +# Developers do not need to manually edit POT or PO files. +# Yuriy Talakan' , 2005. +# +msgid "" +msgstr "" +"Project-Id-Version: php5_4:4.3.10-15_ru\n" +"Report-Msgid-Bugs-To: \n" +"POT-Creation-Date: 2005-07-16 23:18+1000\n" +"PO-Revision-Date: 2005-05-22 22:35+1000\n" +"Last-Translator: Yuriy Talakan' \n" +"Language-Team: Russian \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Generator: KBabel 1.9.1\n" + +#. Type: boolean +#. Description +#: ../php5-module.templates:4 +msgid "Should ${extname} be added to /etc/php5/${sapiconfig}/php.ini?" +msgstr "Добавить ${extname} в /etc/php5/${sapiconfig}/php.ini?" + +#. Type: boolean +#. Description +#: ../php5-module.templates:4 +msgid "" +"You are installing ${extname} support for php5, and it is not yet enabled in " +"the configuration for the ${sapiconfig} SAPI. Do you want this extension to " +"be enabled now?" +msgstr "" +"Вы устанавливаете поддержку ${extname} для php5, а она еще не разрешена в " +"настройках для ${sapiconfig} SAPI. Хотите разрешить это расширение сейчас?" + +#. Type: boolean +#. Description +#: ../php5-module.templates:12 +msgid "Should ${extname} be removed from /etc/php5/${sapiconfig}/php.ini?" +msgstr "Удалить ${extname} из /etc/php5/${sapiconfig}/php.ini?" + +#. Type: boolean +#. Description +#: ../php5-module.templates:12 +msgid "" +"You are removing ${extname} support for php5, but it is still enabled in the " +"configuration for the ${sapiconfig} SAPI. Leaving this in place will " +"probably cause problems when trying to use PHP." +msgstr "" +"Вы удаляете поддержку ${extname} для php5, а она всё ещё разрешена в " +"настройках для ${sapiconfig} SAPI. Если оставить всё, как есть, то возможны " +"проблемы с PHP." + +#~ msgid "Comment out extension_dir config from /etc/php5/apache/php.ini?" +#~ msgstr "Закомментировать параметр extension_dir в /etc/php5/apache/php.ini?" + +#~ msgid "" +#~ "WARNING! The location of the php5 extensions has changed, and you have an " +#~ "extension_dir configured in /etc/php5/apache/php.ini. Leaving it in " +#~ "place may leave you unable to access some extensions from PHP scripts. " +#~ "It is recommended that you let PHP use the compiled-in default path for " +#~ "locating extensions." +#~ msgstr "" +#~ "ВНИМАНИЕ! Расположение расширений php5 изменилось, а у вас есть " +#~ "настройкаextension_dir в /etc/php5/apache/php.ini. Если оставить всё как " +#~ "есть, вы можете не получить доступ к некоторым расширениям из ваших " +#~ "сценариев на PHP. Рекомендуется позволить PHP использовать " +#~ "вкомпилированный путь по умолчанию к директории с расширениями." + +#~ msgid "Comment out extension_dir config from /etc/php5/cgi/php.ini?" +#~ msgstr "Закомментировать параметр extension_dir в /etc/php5/cgi/php.ini?" + +#~ msgid "" +#~ "WARNING! The location of the php5 extensions has changed, and you have an " +#~ "extension_dir configured in /etc/php5/cgi/php.ini. Leaving it in place " +#~ "may leave you unable to access some extensions from PHP scripts. It is " +#~ "recommended that you let PHP use the compiled-in default path for " +#~ "locating extensions." +#~ msgstr "" +#~ "ВНИМАНИЕ! Расположение расширений php5 изменилось, а у вас есть " +#~ "настройкаextension_dir в /etc/php5/cgi/php.ini. Если оставить всё как " +#~ "есть, вы можете не получить доступ к некоторым расширениям из ваших " +#~ "сценариев на PHP. Рекомендуется позволить PHP использовать " +#~ "вкомпилированный путь по умолчанию к директории с расширениями." --- php5-5.1.2.orig/debian/po/tr.po +++ php5-5.1.2/debian/po/tr.po @@ -0,0 +1,88 @@ +# Turkish translation of php5. +# This file is distributed under the same license as the php5 package. +# Osman Yüksel , 2004. +# +msgid "" +msgstr "" +"Project-Id-Version: php5\n" +"Report-Msgid-Bugs-To: \n" +"POT-Creation-Date: 2005-07-16 23:18+1000\n" +"PO-Revision-Date: 2004-06-06 05:40+0300\n" +"Last-Translator: Osman Yüksel \n" +"Language-Team: Turkish \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Plural-Forms: nplurals=1; plural=0;\n" +"X-Generator: KBabel 1.3.1\n" + +#. Type: boolean +#. Description +#: ../php5-module.templates:4 +msgid "Should ${extname} be added to /etc/php5/${sapiconfig}/php.ini?" +msgstr "${extname}, /etc/php5/${sapiconfig}/php.ini'ye eklensin mi?" + +#. Type: boolean +#. Description +#: ../php5-module.templates:4 +msgid "" +"You are installing ${extname} support for php5, and it is not yet enabled in " +"the configuration for the ${sapiconfig} SAPI. Do you want this extension to " +"be enabled now?" +msgstr "" +"php5 için ${extname} desteği kuruyorsunuz, ve bu henüz ${sapiconfig} SAPI " +"yapılandırmasına eklenmemiş. Bu uzantıyı şimdi etkinleştirmek ister misiniz?" + +#. Type: boolean +#. Description +#: ../php5-module.templates:12 +msgid "Should ${extname} be removed from /etc/php5/${sapiconfig}/php.ini?" +msgstr "${extname}, /etc/php5/${sapiconfig}/php.ini'den çıkarılsın mı?" + +#. Type: boolean +#. Description +#: ../php5-module.templates:12 +msgid "" +"You are removing ${extname} support for php5, but it is still enabled in the " +"configuration for the ${sapiconfig} SAPI. Leaving this in place will " +"probably cause problems when trying to use PHP." +msgstr "" +"php5 için ${extname} desteğini kaldırıyorsunuz, ancak bu hâlâ ${sapiconfig} " +"SAPI yapılandırmasında aktif duruma. Bunu böyle bırakmak ileride, PHP " +"kullanmaya çalışırken sorunlara yol açabilir." + +#~ msgid "Comment out extension_dir config from /etc/php5/apache/php.ini?" +#~ msgstr "" +#~ "/etc/php5/apache/php.ini içindeki extension_dir ayarı açıklama satırına " +#~ "dönüştürülerek etkisizleştirilsin mi?" + +#~ msgid "" +#~ "WARNING! The location of the php5 extensions has changed, and you have an " +#~ "extension_dir configured in /etc/php5/apache/php.ini. Leaving it in " +#~ "place may leave you unable to access some extensions from PHP scripts. " +#~ "It is recommended that you let PHP use the compiled-in default path for " +#~ "locating extensions." +#~ msgstr "" +#~ "UYARI! php5 uzantılarının konumu değişti, fakat mevcut /etc/php5/apache/" +#~ "php.ini dosyasındaki extension_dir değişkeni başka bir konumu gösteriyor. " +#~ "Bu ayarı böyle bırakmak, PHP betiklerinin baz eklentilere erişememesine " +#~ "yol açabilir. Uzantıları bulması için PHP'nin ontanimli derlenmiş yolu " +#~ "kullanmasına izin vermeniz tavsiye edilir." + +#~ msgid "Comment out extension_dir config from /etc/php5/cgi/php.ini?" +#~ msgstr "" +#~ "/etc/php5/cgi/php.ini içindeki extension_dir ayarı açıklama satırına " +#~ "dönüştürülerek etkisizleştirilsin mi?" + +#~ msgid "" +#~ "WARNING! The location of the php5 extensions has changed, and you have an " +#~ "extension_dir configured in /etc/php5/cgi/php.ini. Leaving it in place " +#~ "may leave you unable to access some extensions from PHP scripts. It is " +#~ "recommended that you let PHP use the compiled-in default path for " +#~ "locating extensions." +#~ msgstr "" +#~ "UYARI! php5 uzantılarının konumu değişti, fakat mevcut /etc/php5/cgi/php." +#~ "ini dosyasındaki extension_dir değişkeni başka bir konumu gösteriyor. Bu " +#~ "ayarı böyle bırakmak, PHP betiklerinin bazı eklentilere erişememesine yol " +#~ "açabilir. Uzantıları bulması için PHP'nin öntanımlı derlenmiş yolu " +#~ "kullanmasına izin vermeniz tavsiye edilir." --- php5-5.1.2.orig/debian/po/POTFILES.in +++ php5-5.1.2/debian/po/POTFILES.in @@ -0,0 +1 @@ +[type: gettext/rfc822deb] php5-module.templates --- php5-5.1.2.orig/debian/po/da.po +++ php5-5.1.2/debian/po/da.po @@ -0,0 +1,94 @@ +# translation of php5_4:4.3.3-5_templates.po to Danish +# +# Translators, if you are not familiar with the PO format, gettext +# documentation is worth reading, especially sections dedicated to +# this format, e.g. by running: +# info -n '(gettext)PO Files' +# info -n '(gettext)Header Entry' +# Some information specific to po-debconf are available at +# /usr/share/doc/po-debconf/README-trans +# or http://www.debian.org/intl/l10n/po-debconf/README-trans# +# Developers do not need to manually edit POT or PO files. +# Claus Hindsgaul , 2004. +# +msgid "" +msgstr "" +"Project-Id-Version: php5_4:4.3.3-5_templates\n" +"Report-Msgid-Bugs-To: \n" +"POT-Creation-Date: 2005-07-16 23:18+1000\n" +"PO-Revision-Date: 2004-02-20 17:04+0100\n" +"Last-Translator: Claus Hindsgaul \n" +"Language-Team: Danish \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=ISO-8859-1\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Generator: KBabel 1.3\n" +"Plural-Forms: nplurals=2; plural=(n != 1);\n" + +#. Type: boolean +#. Description +#: ../php5-module.templates:4 +msgid "Should ${extname} be added to /etc/php5/${sapiconfig}/php.ini?" +msgstr "Skal ${extname} tilfjes i /etc/php5/${sapiconfig}/php.ini?" + +#. Type: boolean +#. Description +#: ../php5-module.templates:4 +msgid "" +"You are installing ${extname} support for php5, and it is not yet enabled in " +"the configuration for the ${sapiconfig} SAPI. Do you want this extension to " +"be enabled now?" +msgstr "" +"Du er ved at installere understttelse for ${extname} i php5, og den er " +"endnu ikke aktiveret i opstningen for ${sapiconfig}-SAPI'en. nsker du at " +"aktivere denne udvidelse nu?" + +#. Type: boolean +#. Description +#: ../php5-module.templates:12 +msgid "Should ${extname} be removed from /etc/php5/${sapiconfig}/php.ini?" +msgstr "Skal ${extname} fjernes fra /etc/php5/${sapiconfig}/php.ini?" + +#. Type: boolean +#. Description +#: ../php5-module.templates:12 +msgid "" +"You are removing ${extname} support for php5, but it is still enabled in the " +"configuration for the ${sapiconfig} SAPI. Leaving this in place will " +"probably cause problems when trying to use PHP." +msgstr "" +"Du er ved at fjerne understttelse for ${extname} i php5, og den er stadig " +"aktiveret i opstningen for ${sapiconfig}-SAPI'en. Hvis du lader det vre, " +"vi du sikkert f problemer med at bruge PHP." + +#~ msgid "Comment out extension_dir config from /etc/php5/apache/php.ini?" +#~ msgstr "Udkommentr extension_dir-opstningen i /etc/php5/apache/php.ini?" + +#~ msgid "" +#~ "WARNING! The location of the php5 extensions has changed, and you have an " +#~ "extension_dir configured in /etc/php5/apache/php.ini. Leaving it in " +#~ "place may leave you unable to access some extensions from PHP scripts. " +#~ "It is recommended that you let PHP use the compiled-in default path for " +#~ "locating extensions." +#~ msgstr "" +#~ "ADVARSEL! php5-udvidelsernes placering er blevet ndret, og du har sat en " +#~ "extension_dir op i /etc/php5/apache/php.ini. Hvis du lader den vre, kan " +#~ "det vre at du ikke kan tilg nogle af udvidelserne i PHP-skripter. Det " +#~ "anbefales at du lader PHP benytte den indbyggede standardsti til " +#~ "placering af udvidelserne." + +#~ msgid "Comment out extension_dir config from /etc/php5/cgi/php.ini?" +#~ msgstr "Udkommentr extension_dir-opstningen i /etc/php5/cgi/php.ini?" + +#~ msgid "" +#~ "WARNING! The location of the php5 extensions has changed, and you have an " +#~ "extension_dir configured in /etc/php5/cgi/php.ini. Leaving it in place " +#~ "may leave you unable to access some extensions from PHP scripts. It is " +#~ "recommended that you let PHP use the compiled-in default path for " +#~ "locating extensions." +#~ msgstr "" +#~ "ADVARSEL! php5-udvidelsernes placering er blevet ndret, og du har sat en " +#~ "extension_dir op i /etc/php5/cgi/php.ini. Hvis du lader den vre, kan det " +#~ "vre at du ikke kan tilg nogle af udvidelserne i PHP-skripter. Det " +#~ "anbefales at du lader PHP benytte den indbyggede standardsti til " +#~ "placering af udvidelserne." --- php5-5.1.2.orig/debian/po/pt.po +++ php5-5.1.2/debian/po/pt.po @@ -0,0 +1,81 @@ +# Portuguese translation for php5's debconf messages. +# 2005, Miguel Figueiredo +msgid "" +msgstr "" +"Project-Id-Version: php5 4:4.3.10-10\n" +"Report-Msgid-Bugs-To: \n" +"POT-Creation-Date: 2005-07-16 23:18+1000\n" +"PO-Revision-Date: 2005-04-17 14:05+0000\n" +"Last-Translator: Miguel Figueiredo \n" +"Language-Team: Portuguese \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: boolean +#. Description +#: ../php5-module.templates:4 +msgid "Should ${extname} be added to /etc/php5/${sapiconfig}/php.ini?" +msgstr "Deve ${extname} ser adicionado a /etc/php5/${sapiconfig}/php.ini?" + +#. Type: boolean +#. Description +#: ../php5-module.templates:4 +msgid "" +"You are installing ${extname} support for php5, and it is not yet enabled in " +"the configuration for the ${sapiconfig} SAPI. Do you want this extension to " +"be enabled now?" +msgstr "" +"Você está a instalar suporte ${extname} para php5, e ainda não está activado " +"na configuração para SAPI ${sapiconfig}. Você deseja que esta extenção seja " +"activada agora?" + +#. Type: boolean +#. Description +#: ../php5-module.templates:12 +msgid "Should ${extname} be removed from /etc/php5/${sapiconfig}/php.ini?" +msgstr "Deve ${extname} ser removido de /etc/php5/${sapiconfig}/php.ini?" + +#. Type: boolean +#. Description +#: ../php5-module.templates:12 +msgid "" +"You are removing ${extname} support for php5, but it is still enabled in the " +"configuration for the ${sapiconfig} SAPI. Leaving this in place will " +"probably cause problems when trying to use PHP." +msgstr "" +"Você está a remover o suporte ${extname} para php5, mas ainda está activado " +"na configuração para SAPI ${sapiconfig}. Deixá-lo provavelmente pode causar " +"problemas quando tentar utilizar PHP." + +#~ msgid "Comment out extension_dir config from /etc/php5/apache/php.ini?" +#~ msgstr "Comentar a configuração extension_dir em /etc/php5/apache/php.ini?" + +#~ msgid "" +#~ "WARNING! The location of the php5 extensions has changed, and you have an " +#~ "extension_dir configured in /etc/php5/apache/php.ini. Leaving it in " +#~ "place may leave you unable to access some extensions from PHP scripts. " +#~ "It is recommended that you let PHP use the compiled-in default path for " +#~ "locating extensions." +#~ msgstr "" +#~ "AVISO! Foi alterado o local das extenções php5, e você tem um " +#~ "extension_dir configurado em /etc/php5/apache/php.ini. Deixá-lo lá pode " +#~ "fazer com que não seja possível aceder algumas extensões a partir de " +#~ "scripts PHP. Para localizar as extensões é recomendado que você deixe o " +#~ "PHP utilizar o caminho compilado por omissão." + +#~ msgid "Comment out extension_dir config from /etc/php5/cgi/php.ini?" +#~ msgstr "Comentar a configuração extension_dir em /etc/php5/cgi/php.ini?" + +#~ msgid "" +#~ "WARNING! The location of the php5 extensions has changed, and you have an " +#~ "extension_dir configured in /etc/php5/cgi/php.ini. Leaving it in place " +#~ "may leave you unable to access some extensions from PHP scripts. It is " +#~ "recommended that you let PHP use the compiled-in default path for " +#~ "locating extensions." +#~ msgstr "" +#~ "AVISO! Foi alterado o local das extenções php5, e você tem um " +#~ "extension_dir configurado em /etc/php5/cgi/php.ini. Deixá-lo lá pode " +#~ "fazer com que não seja possível aceder algumas extensões a partir de " +#~ "scripts PHP. Para localizar as extensões é recomendado que você deixe o " +#~ "PHP utilizar o caminho compilado por omissão." --- php5-5.1.2.orig/debian/po/cs.po +++ php5-5.1.2/debian/po/cs.po @@ -0,0 +1,91 @@ +# +# Translators, if you are not familiar with the PO format, gettext +# documentation is worth reading, especially sections dedicated to +# this format, e.g. by running: +# info -n '(gettext)PO Files' +# info -n '(gettext)Header Entry' +# +# Some information specific to po-debconf are available at +# /usr/share/doc/po-debconf/README-trans +# or http://www.debian.org/intl/l10n/po-debconf/README-trans +# +# Developers do not need to manually edit POT or PO files. +# +msgid "" +msgstr "" +"Project-Id-Version: php5\n" +"Report-Msgid-Bugs-To: \n" +"POT-Creation-Date: 2005-07-16 23:18+1000\n" +"PO-Revision-Date: 2004-09-29 15:28+0200\n" +"Last-Translator: Miroslav Kure \n" +"Language-Team: Czech \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=ISO-8859-2\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: boolean +#. Description +#: ../php5-module.templates:4 +msgid "Should ${extname} be added to /etc/php5/${sapiconfig}/php.ini?" +msgstr "M se ${extname} pidat do /etc/php5/${sapiconfig}/php.ini?" + +#. Type: boolean +#. Description +#: ../php5-module.templates:4 +msgid "" +"You are installing ${extname} support for php5, and it is not yet enabled in " +"the configuration for the ${sapiconfig} SAPI. Do you want this extension to " +"be enabled now?" +msgstr "" +"Instalujete podporu ${extname} pro php5, kter jet nen povolena v " +"konfiguraci pro ${sapiconfig} SAPI. Chcete povolit tento modul?" + +#. Type: boolean +#. Description +#: ../php5-module.templates:12 +msgid "Should ${extname} be removed from /etc/php5/${sapiconfig}/php.ini?" +msgstr "M se ${extname} odstranit z /etc/php5/${sapiconfig}/php.ini?" + +#. Type: boolean +#. Description +#: ../php5-module.templates:12 +msgid "" +"You are removing ${extname} support for php5, but it is still enabled in the " +"configuration for the ${sapiconfig} SAPI. Leaving this in place will " +"probably cause problems when trying to use PHP." +msgstr "" +"Odstraujete podporu ${extname} pro php5, kter je stle povolena v " +"konfiguraci pro ${sapiconfig} SAPI. To me zpsobit problmy pi pouvn " +"PHP." + +#~ msgid "Comment out extension_dir config from /etc/php5/apache/php.ini?" +#~ msgstr "Zakomentovat v /etc/php5/apache/php.ini poloku extension_dir?" + +#~ msgid "" +#~ "WARNING! The location of the php5 extensions has changed, and you have an " +#~ "extension_dir configured in /etc/php5/apache/php.ini. Leaving it in " +#~ "place may leave you unable to access some extensions from PHP scripts. " +#~ "It is recommended that you let PHP use the compiled-in default path for " +#~ "locating extensions." +#~ msgstr "" +#~ "VAROVN: Umstn roziujcch modul php5 se zmnilo a vy mte v /etc/" +#~ "php5/apache/php.ini nastavenou volbu extension_dir. To me zpsobit, e " +#~ "se bude pouvat chybn cesta a nebudete tak moci pouvat nkter " +#~ "moduly. Doporuujeme, abyste pro hledn roziujcch modul pouvali " +#~ "implicitn cestu zakompilovanou pmo do PHP." + +#~ msgid "Comment out extension_dir config from /etc/php5/cgi/php.ini?" +#~ msgstr "Zakomentovat v /etc/php5/cgi/php.ini poloku extension_dir?" + +#~ msgid "" +#~ "WARNING! The location of the php5 extensions has changed, and you have an " +#~ "extension_dir configured in /etc/php5/cgi/php.ini. Leaving it in place " +#~ "may leave you unable to access some extensions from PHP scripts. It is " +#~ "recommended that you let PHP use the compiled-in default path for " +#~ "locating extensions." +#~ msgstr "" +#~ "VAROVN: Umstn roziujcch modul php5 se zmnilo a vy mte v /etc/" +#~ "php5/cgi/php.ini nastavenou volbu extension_dir. To me zpsobit, e se " +#~ "bude pouvat chybn cesta a nebudete tak moci pouvat nkter moduly. " +#~ "Doporuujeme, abyste pro hledn roziujcch modul pouvali " +#~ "implicitn cestu zakompilovanou pmo do PHP." --- php5-5.1.2.orig/debian/po/de.po +++ php5-5.1.2/debian/po/de.po @@ -0,0 +1,97 @@ +# translation of php5 debconf messages to German +# +# Translators, if you are not familiar with the PO format, gettext +# documentation is worth reading, especially sections dedicated to +# this format, e.g. by running: +# info -n '(gettext)PO Files' +# info -n '(gettext)Header Entry' +# Some information specific to po-debconf are available at +# /usr/share/doc/po-debconf/README-trans +# or http://www.debian.org/intl/l10n/po-debconf/README-trans# +# Developers do not need to manually edit POT or PO files. +# Alwin Meschede , 2004. +# +msgid "" +msgstr "" +"Project-Id-Version: de\n" +"Report-Msgid-Bugs-To: \n" +"POT-Creation-Date: 2005-07-16 23:18+1000\n" +"PO-Revision-Date: 2004-02-11 17:42+0100\n" +"Last-Translator: Alwin Meschede \n" +"Language-Team: \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Generator: KBabel 1.0.2\n" + +#. Type: boolean +#. Description +#: ../php5-module.templates:4 +msgid "Should ${extname} be added to /etc/php5/${sapiconfig}/php.ini?" +msgstr "Soll ${extname} zu /etc/php5/${sapiconfig}/php.ini hinzugefügt werden?" + +#. Type: boolean +#. Description +#: ../php5-module.templates:4 +msgid "" +"You are installing ${extname} support for php5, and it is not yet enabled in " +"the configuration for the ${sapiconfig} SAPI. Do you want this extension to " +"be enabled now?" +msgstr "" +"Sie installieren ${extname}-Unterstützung für php5, und sie ist noch nicht " +"in der Konfiguration für die ${sapiconfig} SAPI aktiviert. Soll diese " +"Erweiterung jetzt aktiviert werden?" + +#. Type: boolean +#. Description +#: ../php5-module.templates:12 +msgid "Should ${extname} be removed from /etc/php5/${sapiconfig}/php.ini?" +msgstr "Soll ${extname} aus /etc/php5/${sapiconfig}/php.ini entfernt werden?" + +#. Type: boolean +#. Description +#: ../php5-module.templates:12 +msgid "" +"You are removing ${extname} support for php5, but it is still enabled in the " +"configuration for the ${sapiconfig} SAPI. Leaving this in place will " +"probably cause problems when trying to use PHP." +msgstr "" +"Sie entfernen ${extname}-Unterstützung für php5, aber sie ist immer noch in " +"der Konfiguration für die ${sapiconfig} SAPI aktiviert. Dies so zu belassen " +"kann möglicherweise Probleme bei der Verwendung von PHP verursachen." + +#~ msgid "Comment out extension_dir config from /etc/php5/apache/php.ini?" +#~ msgstr "" +#~ "Soll die extension_dir-Konfiguration in /etc/php5/apache/php.ini " +#~ "auskommentiert werden?" + +#~ msgid "" +#~ "WARNING! The location of the php5 extensions has changed, and you have an " +#~ "extension_dir configured in /etc/php5/apache/php.ini. Leaving it in " +#~ "place may leave you unable to access some extensions from PHP scripts. " +#~ "It is recommended that you let PHP use the compiled-in default path for " +#~ "locating extensions." +#~ msgstr "" +#~ "WARNUNG! Der Speicherort der php5-Erweiterungen hat sich geändert, und " +#~ "Sie haben ein extension_dir in /etc/php5/apache/php.ini konfiguriert. " +#~ "Dies kann den Zugriff auf einige Erweiterungen verhindern. Es wird " +#~ "empfohlen, dass Sie PHP den einkompilierten Standardpfad zu den " +#~ "Erweiterungen verwenden lassen." + +#~ msgid "Comment out extension_dir config from /etc/php5/cgi/php.ini?" +#~ msgstr "" +#~ "Soll die extension_dir-Konfiguration in /etc/php5/cgi/php.ini " +#~ "auskommentiert werden?" + +#~ msgid "" +#~ "WARNING! The location of the php5 extensions has changed, and you have an " +#~ "extension_dir configured in /etc/php5/cgi/php.ini. Leaving it in place " +#~ "may leave you unable to access some extensions from PHP scripts. It is " +#~ "recommended that you let PHP use the compiled-in default path for " +#~ "locating extensions." +#~ msgstr "" +#~ "WARNUNG! Der Speicherort der php5-Erweiterungen hat sich geändert, und " +#~ "Sie haben ein extension_dir in /etc/php5/cgi/php.ini konfiguriert. Dies " +#~ "kann den Zugriff auf einige Erweiterungen verhindern. Es wird empfohlen, " +#~ "dass Sie PHP den einkompilierten Standardpfad zu den Erweiterungen " +#~ "verwenden lassen." --- php5-5.1.2.orig/debian/php5-dev.postinst +++ php5-5.1.2/debian/php5-dev.postinst @@ -0,0 +1,17 @@ +#!/bin/sh + +set -e + +#DEBHELPER# + +if [ "$1" != "configure" ]; then + exit 0 +fi + +for i in php-config phpize; do + update-alternatives \ + --install /usr/bin/"$i" $i /usr/bin/"$i"5 50 \ + --slave /usr/share/man/man1/"$i".1.gz "$i".1.gz /usr/share/man/man1/"$i"5.1.gz +done + +exit 0 --- php5-5.1.2.orig/debian/libapache2-mod-php5.conf +++ php5-5.1.2/debian/libapache2-mod-php5.conf @@ -0,0 +1,4 @@ + + AddType application/x-httpd-php .php .phtml .php3 + AddType application/x-httpd-php-source .phps + --- php5-5.1.2.orig/debian/php5-cgi.prerm +++ php5-5.1.2/debian/php5-cgi.prerm @@ -0,0 +1,14 @@ +#!/bin/sh + +set -e + +#DEBHELPER# + +if [ "$1" != "remove" -a "$1" != "purge" ]; then + exit 0 +fi + +update-alternatives --remove php-cgi /usr/bin/php5-cgi +update-alternatives --remove php-cgi-bin /usr/lib/cgi-bin/php5 + +exit 0 --- php5-5.1.2.orig/debian/patches/210-CVE-2008-2829.patch +++ php5-5.1.2/debian/patches/210-CVE-2008-2829.patch @@ -0,0 +1,80 @@ +diff -Naur php5-5.1.2.orig/ext/imap/php_imap.c php5-5.1.2/ext/imap/php_imap.c +--- php5-5.1.2.orig/ext/imap/php_imap.c 2006-01-04 19:47:16.000000000 -0500 ++++ php5-5.1.2/ext/imap/php_imap.c 2008-07-16 16:41:46.000000000 -0400 +@@ -66,6 +66,7 @@ + static void _php_imap_add_body(zval *arg, BODY *body TSRMLS_DC); + static void _php_imap_parse_address(ADDRESS *addresslist, char **fulladdress, zval *paddress TSRMLS_DC); + static int _php_imap_address_size(ADDRESS *addresslist); ++static void _php_rfc822_write_address_len (char *dest, ADDRESS *adr, int len); + + /* These function declarations are missing from the IMAP header files... */ + void rfc822_date(char *date); +@@ -2031,7 +2032,7 @@ + } + + string[0]='\0'; +- rfc822_write_address(string, addr); ++ _php_rfc822_write_address_len(string, addr, sizeof(string)); + RETVAL_STRING(string, 1); + } + /* }}} */ +@@ -2789,13 +2790,13 @@ + if (env->from && _php_imap_address_size(env->from) < MAILTMPLEN) { + env->from->next=NULL; + address[0] = '\0'; +- rfc822_write_address(address, env->from); ++ _php_rfc822_write_address_len(address, env->from, sizeof(address)); + add_property_string(myoverview, "from", address, 1); + } + if (env->to && _php_imap_address_size(env->to) < MAILTMPLEN) { + env->to->next = NULL; + address[0] = '\0'; +- rfc822_write_address(address, env->to); ++ _php_rfc822_write_address_len(address, env->to, sizeof(address)); + add_property_string(myoverview, "to", address, 1); + } + if (env->date) { +@@ -3746,6 +3747,34 @@ + /* }}} */ + + ++/* {{{ _php_rfc822_soutr ++ */ ++static long _php_rfc822_soutr (void *stream,char *string) ++{ ++ return NIL; ++} ++ ++/* }}} */ ++ ++ ++/* {{{ _php_rfc822_write_address_len ++ */ ++static void _php_rfc822_write_address_len ( char *dest, ADDRESS *adr, int len) ++{ ++ RFC822BUFFER buf; ++ ++ buf.beg = dest; ++ buf.cur = buf.beg; ++ buf.end = buf.beg + len - 1; ++ buf.s = NIL; ++ buf.f = _php_rfc822_soutr; ++ rfc822_output_address_list (&buf, adr, 0, NIL); ++ *buf.cur = '\0'; ++} ++ ++/* }}} */ ++ ++ + /* {{{ _php_imap_parse_address + */ + static void _php_imap_parse_address (ADDRESS *addresslist, char **fulladdress, zval *paddress TSRMLS_DC) +@@ -3760,7 +3789,7 @@ + if ((len = _php_imap_address_size(addresstmp))) { + tmpstr = (char *) malloc(len + 1); + tmpstr[0] = '\0'; +- rfc822_write_address(tmpstr, addresstmp); ++ _php_rfc822_write_address_len(tmpstr, addresstmp, len); + *fulladdress = tmpstr; + } else { + *fulladdress = NULL; --- php5-5.1.2.orig/debian/patches/CVE-2009-3291.patch +++ php5-5.1.2/debian/patches/CVE-2009-3291.patch @@ -0,0 +1,36 @@ +Description: fix certificate spoofing via null-byte certs +upstream, Origin: http://svn.php.net/viewvc?view=revision&revision=288329 +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/php5/+bug/446313 + +diff -Naur php5-5.1.2.ori/ext/openssl/openssl.c php5-5.1.2/ext/openssl/openssl.c +--- php5-5.1.2.ori/ext/openssl/openssl.c 2009-11-25 15:29:13.000000000 -0500 ++++ php5-5.1.2/ext/openssl/openssl.c 2009-11-25 15:31:21.000000000 -0500 +@@ -3210,8 +3210,15 @@ + GET_VER_OPT_STRING("CN_match", cnmatch); + if (cnmatch) { + int match = 0; ++ int name_len = X509_NAME_get_text_by_NID(name, NID_commonName, buf, sizeof(buf)); + +- X509_NAME_get_text_by_NID(name, NID_commonName, buf, sizeof(buf)); ++ if (name_len == -1) { ++ php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to locate peer certificate CN"); ++ return FAILURE; ++ } else if (name_len != strlen(buf)) { ++ php_error_docref(NULL TSRMLS_CC, E_WARNING, "Peer certificate CN=`%.*s' is malformed", name_len, buf); ++ return FAILURE; ++ } + + match = strcmp(cnmatch, buf) == 0; + if (!match && strlen(buf) > 3 && buf[0] == '*' && buf[1] == '.') { +@@ -3226,10 +3233,7 @@ + + if (!match) { + /* didn't match */ +- php_error_docref(NULL TSRMLS_CC, E_WARNING, +- "Peer certificate CN=`%s' did not match expected CN=`%s'", +- buf, cnmatch); +- ++ php_error_docref(NULL TSRMLS_CC, E_WARNING, "Peer certificate CN=`%.*s' did not match expected CN=`%s'", name_len, buf, cnmatch); + return FAILURE; + } + } --- php5-5.1.2.orig/debian/patches/107-reflection_is_ext.patch +++ php5-5.1.2/debian/patches/107-reflection_is_ext.patch @@ -0,0 +1,11 @@ +--- php5-5.1.2/ext/reflection/config.m4.orig 2005-12-03 12:12:45.000000000 +1100 ++++ php5-5.1.2/ext/reflection/config.m4 2006-01-16 16:04:28.000000000 +1100 +@@ -2,7 +2,7 @@ + dnl config.m4 for extension reflection + + PHP_ARG_ENABLE(reflection, whether to enable reflection support, +-[ --disable-reflection Disable reflection support], yes, no) ++[ --disable-reflection Disable reflection support], yes) + + if test "$PHP_REFLECTION" != "no"; then + if test "$ext_shared" = "yes"; then --- php5-5.1.2.orig/debian/patches/033-we_WANT_libtool.patch +++ php5-5.1.2/debian/patches/033-we_WANT_libtool.patch @@ -0,0 +1,14 @@ +--- php4-4.3.10/build/build2.mk.orig 2005-02-06 00:49:53.000000000 -0700 ++++ php4-4.3.10/build/build2.mk 2005-02-06 00:51:58.000000000 -0700 +@@ -52,6 +52,11 @@ + + aclocal.m4: configure.in acinclude.m4 + @echo rebuilding $@ ++ @libtoolize=`./build/shtool path glibtoolize libtoolize`; \ ++ $$libtoolize --copy --automake --force; \ ++ ltpath=`dirname $$libtoolize`; \ ++ ltfile=`cd $$ltpath/../share/aclocal; pwd`/libtool.m4; \ ++ cp $$ltfile ./build/libtool.m4 + cat acinclude.m4 ./build/libtool.m4 > $@ + + configure: aclocal.m4 configure.in $(config_m4_files) --- php5-5.1.2.orig/debian/patches/200-string-wordwrap.patch +++ php5-5.1.2/debian/patches/200-string-wordwrap.patch @@ -0,0 +1,16 @@ +Index: php5-5.2.3/ext/standard/string.c +=================================================================== +--- php5-5.2.3.orig/ext/standard/string.c 2007-10-18 18:52:57.000000000 -0700 ++++ php5-5.2.3/ext/standard/string.c 2007-10-18 18:53:29.000000000 -0700 +@@ -648,6 +648,11 @@ + RETURN_EMPTY_STRING(); + } + ++ if (breakcharlen == 0) { ++ php_error_docref(NULL TSRMLS_CC, E_WARNING, "Break string cannot be empty"); ++ RETURN_FALSE; ++ } ++ + if (linelength == 0 && docut) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Can't force cut when width is zero."); + RETURN_FALSE; --- php5-5.1.2.orig/debian/patches/211-CVE-2008-1384.patch +++ php5-5.1.2/debian/patches/211-CVE-2008-1384.patch @@ -0,0 +1,32 @@ +diff -Naur php5-5.1.2.orig/ext/standard/formatted_print.c php5-5.1.2/ext/standard/formatted_print.c +--- php5-5.1.2.orig/ext/standard/formatted_print.c 2006-01-01 07:50:14.000000000 -0500 ++++ php5-5.1.2/ext/standard/formatted_print.c 2008-07-16 16:43:09.000000000 -0400 +@@ -176,6 +176,7 @@ + register int npad; + int req_size; + int copy_len; ++ int m_width; + + copy_len = (expprec ? MIN(max_width, len) : len); + npad = min_width - copy_len; +@@ -186,11 +187,19 @@ + + PRINTF_DEBUG(("sprintf: appendstring(%x, %d, %d, \"%s\", %d, '%c', %d)\n", + *buffer, *pos, *size, add, min_width, padding, alignment)); ++ m_width = MAX(min_width, copy_len); + +- req_size = *pos + MAX(min_width, copy_len) + 1; ++ if(m_width > INT_MAX - *pos - 1) { ++ zend_error_noreturn(E_ERROR, "Field width %d is too long", m_width); ++ } ++ ++ req_size = *pos + m_width + 1; + + if (req_size > *size) { + while (req_size > *size) { ++ if(*size > INT_MAX/2) { ++ zend_error_noreturn(E_ERROR, "Field width %d is too long", req_size); ++ } + *size <<= 1; + } + PRINTF_DEBUG(("sprintf ereallocing buffer to %d bytes\n", *size)); --- php5-5.1.2.orig/debian/patches/CVE-2006-4484.patch +++ php5-5.1.2/debian/patches/CVE-2006-4484.patch @@ -0,0 +1,47 @@ +diff -Nurp orig/ext/gd/libgd/gd_gif_in.c new/ext/gd/libgd/gd_gif_in.c +--- orig/ext/gd/libgd/gd_gif_in.c 2006-09-06 18:58:04.000000000 +0000 ++++ new/ext/gd/libgd/gd_gif_in.c 2006-09-06 18:59:01.000000000 +0000 +@@ -212,6 +212,10 @@ terminated: + if (!im) { + return 0; + } ++ if (!im->colorsTotal) { ++ gdImageDestroy(im); ++ return 0; ++ } + /* Check for open colors at the end, so + we can reduce colorsTotal and ultimately + BitsPerPixel */ +@@ -502,6 +506,18 @@ ReadImage(gdImagePtr im, gdIOCtx *fd, in + int v; + int xpos = 0, ypos = 0, pass = 0; + int i; ++ ++ /* ++ ** Initialize the Compression routines ++ */ ++ if (! ReadOK(fd,&c,1)) { ++ return; ++ } ++ ++ if (c > MAX_LWZ_BITS) { ++ return; ++ } ++ + /* Stash the color map into the image */ + for (i=0; (ired[i] = cmap[CM_RED][i]; +@@ -511,12 +527,7 @@ ReadImage(gdImagePtr im, gdIOCtx *fd, in + } + /* Many (perhaps most) of these colors will remain marked open. */ + im->colorsTotal = gdMaxColors; +- /* +- ** Initialize the Compression routines +- */ +- if (! ReadOK(fd,&c,1)) { +- return; +- } ++ + if (LWZReadByte(fd, TRUE, c) < 0) { + return; + } --- php5-5.1.2.orig/debian/patches/CVE-2006-4486.patch +++ php5-5.1.2/debian/patches/CVE-2006-4486.patch @@ -0,0 +1,52 @@ +diff -Nurp orig/Zend/zend_alloc.c new/Zend/zend_alloc.c +--- orig/Zend/zend_alloc.c 2006-10-10 13:00:14.000000000 +0000 ++++ new/Zend/zend_alloc.c 2006-10-10 13:02:51.000000000 +0000 +@@ -142,12 +142,16 @@ static long mem_block_end_magic = MEM_BL + + ZEND_API void *_emalloc(size_t size ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC) + { +- zend_mem_header *p; ++ zend_mem_header *p = NULL; + DECLARE_CACHE_VARS(); + TSRMLS_FETCH(); + + CALCULATE_REAL_SIZE_AND_CACHE_INDEX(size); + ++ if (size > INT_MAX || SIZE < size) { ++ goto emalloc_error; ++ } ++ + #if !ZEND_DISABLE_MEMORY_CACHE + if ((CACHE_INDEX < MAX_CACHED_MEMORY) && (AG(cache_count)[CACHE_INDEX] > 0)) { + p = AG(cache)[CACHE_INDEX][--AG(cache_count)[CACHE_INDEX]]; +@@ -184,6 +188,8 @@ ZEND_API void *_emalloc(size_t size ZEND + } + #endif + ++emalloc_error: ++ + HANDLE_BLOCK_INTERRUPTIONS(); + + if (!p) { +@@ -357,6 +363,13 @@ ZEND_API void *_erealloc(void *ptr, size + CALCULATE_REAL_SIZE_AND_CACHE_INDEX(size); + + HANDLE_BLOCK_INTERRUPTIONS(); ++ ++ if (size > INT_MAX || SIZE < size) { ++ REMOVE_POINTER_FROM_LIST(p); ++ p = NULL; ++ goto erealloc_error; ++ } ++ + #if MEMORY_LIMIT + CHECK_MEMORY_LIMIT(size - p->size, SIZE - REAL_SIZE(p->size)); + if (AG(allocated_memory) > AG(allocated_memory_peak)) { +@@ -365,6 +378,7 @@ ZEND_API void *_erealloc(void *ptr, size + #endif + REMOVE_POINTER_FROM_LIST(p); + p = (zend_mem_header *) ZEND_DO_REALLOC(p, sizeof(zend_mem_header)+MEM_HEADER_PADDING+SIZE+END_MAGIC_SIZE); ++erealloc_error: + if (!p) { + if (!allow_failure) { + fprintf(stderr,"FATAL: erealloc(): Unable to allocate %ld bytes\n", (long) size); --- php5-5.1.2.orig/debian/patches/209-CVE-2008-2051.patch +++ php5-5.1.2/debian/patches/209-CVE-2008-2051.patch @@ -0,0 +1,64 @@ +diff -Naur php5-5.1.2.orig/ext/standard/exec.c php5-5.1.2/ext/standard/exec.c +--- php5-5.1.2.orig/ext/standard/exec.c 2006-01-01 07:50:14.000000000 -0500 ++++ php5-5.1.2/ext/standard/exec.c 2008-07-16 16:34:09.000000000 -0400 +@@ -25,6 +25,7 @@ + #include "safe_mode.h" + #include "ext/standard/head.h" + #include "ext/standard/file.h" ++#include "basic_functions.h" + #include "exec.h" + #include "php_globals.h" + #include "SAPI.h" +@@ -265,11 +266,25 @@ + register int x, y, l; + char *cmd; + char *p = NULL; ++ ++ TSRMLS_FETCH(); + + l = strlen(str); + cmd = safe_emalloc(2, l, 1); + + for (x = 0, y = 0; x < l; x++) { ++ int mb_len = php_mblen(str + x, (l - x)); ++ ++ /* skip non-valid multibyte characters */ ++ if (mb_len < 0) { ++ continue; ++ } else if (mb_len > 1) { ++ memcpy(cmd + y, str + x, mb_len); ++ y += mb_len; ++ x += mb_len - 1; ++ continue; ++ } ++ + switch (str[x]) { + case '"': + case '\'': +@@ -328,6 +343,7 @@ + char *php_escape_shell_arg(char *str) { + int x, y, l; + char *cmd; ++ TSRMLS_FETCH(); + + y = 0; + l = strlen(str); +@@ -341,6 +357,18 @@ + #endif + + for (x = 0; x < l; x++) { ++ int mb_len = php_mblen(str + x, (l - x)); ++ ++ /* skip non-valid multibyte characters */ ++ if (mb_len < 0) { ++ continue; ++ } else if (mb_len > 1) { ++ memcpy(cmd + y, str + x, mb_len); ++ y += mb_len; ++ x += mb_len - 1; ++ continue; ++ } ++ + switch (str[x]) { + #ifdef PHP_WIN32 + case '"': --- php5-5.1.2.orig/debian/patches/221_SECURITY_CVE-2008-3658.patch +++ php5-5.1.2/debian/patches/221_SECURITY_CVE-2008-3658.patch @@ -0,0 +1,64 @@ +# +# Description: fix denial of service and possible arbitrary code execution via crafted font file +# Ubuntu: https://bugs.launchpad.net/ubuntu/+source/php5/+bug/286851 +# Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=499989 +# Patch: http://cvs.php.net/viewvc.cgi/php-src/ext/gd/gd.c?hideattic=1&r1=1.312.2.20.2.35&r2=1.312.2.20.2.36 +# Patch: http://cvs.php.net/viewvc.cgi/php-src/ext/gd/tests/imageloadfont_invalid.phpt?hideattic=1&r1=1.1.4.1&r2=1.1.4.2 +# Patch: http://cvs.php.net/viewvc.cgi/php-src/ext/gd/tests/imageloadfont_invalid.phpt?hideattic=1&r1=1.1.4.2&r2=1.1.4.3 +# +diff -Naur php5-5.1.2.ori/ext/gd/gd.c php5-5.1.2/ext/gd/gd.c +--- php5-5.1.2.ori/ext/gd/gd.c 2006-01-01 07:50:06.000000000 -0500 ++++ php5-5.1.2/ext/gd/gd.c 2009-01-28 10:10:21.000000000 -0500 +@@ -751,6 +751,22 @@ + font->nchars = FLIPWORD(font->nchars); + body_size = font->w * font->h * font->nchars; + } ++ ++ if (overflow2(font->nchars, font->h)) { ++ php_error_docref(NULL TSRMLS_CC, E_WARNING, "Error reading font, invalid font header"); ++ efree(font); ++ php_stream_close(stream); ++ RETURN_FALSE; ++ } ++ if (overflow2(font->nchars * font->h, font->w )) { ++ php_error_docref(NULL TSRMLS_CC, E_WARNING, "Error reading font, invalid font header"); ++ efree(font); ++ php_stream_close(stream); ++ RETURN_FALSE; ++ } ++ ++ ++ + + if (body_size != body_size_check) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Error reading font"); +diff -Naur php5-5.1.2.ori/ext/gd/tests/imageloadfont_invalid.phpt php5-5.1.2/ext/gd/tests/imageloadfont_invalid.phpt +--- php5-5.1.2.ori/ext/gd/tests/imageloadfont_invalid.phpt 1969-12-31 19:00:00.000000000 -0500 ++++ php5-5.1.2/ext/gd/tests/imageloadfont_invalid.phpt 2009-01-28 10:10:21.000000000 -0500 +@@ -0,0 +1,26 @@ ++--TEST-- ++imageloadfont() function crashes ++--SKIPIF-- ++ ++--FILE-- ++ ++--EXPECTF-- ++Warning: imageloadfont(): gd warning: product of memory allocation multiplication would exceed INT_MAX, failing operation gracefully ++ in %simageloadfont_invalid.php on line %d ++ ++Warning: imageloadfont(): Error reading font, invalid font header in %simageloadfont_invalid.php on line %d --- php5-5.1.2.orig/debian/patches/214-SECURITY-pcre_compile.patch +++ php5-5.1.2/debian/patches/214-SECURITY-pcre_compile.patch @@ -0,0 +1,38 @@ +diff -Naur php5-5.1.2.orig/ext/pcre/pcrelib/pcre_compile.c php5-5.1.2/ext/pcre/pcrelib/pcre_compile.c +--- php5-5.1.2.orig/ext/pcre/pcrelib/pcre_compile.c 2005-08-08 19:58:59.000000000 -0400 ++++ php5-5.1.2/ext/pcre/pcrelib/pcre_compile.c 2008-07-16 16:56:29.000000000 -0400 +@@ -1570,6 +1570,7 @@ + BOOL class_utf8; + BOOL utf8 = (options & PCRE_UTF8) != 0; + uschar *class_utf8data; ++uschar *class_utf8data_base; + uschar utf8_char[6]; + #else + BOOL utf8 = FALSE; +@@ -1769,6 +1770,7 @@ + #ifdef SUPPORT_UTF8 + class_utf8 = FALSE; /* No chars >= 256 */ + class_utf8data = code + LINK_SIZE + 34; /* For UTF-8 items */ ++ class_utf8data_base = class_utf8data; /* For resetting in pass 1 */ + #endif + + /* Initialize the 32-char bit map to all zeros. We have to build the +@@ -1791,6 +1793,18 @@ + { /* Braces are required because the */ + GETCHARLEN(c, ptr, ptr); /* macro generates multiple statements */ + } ++ ++ /* In the pre-compile phase, accumulate the length of any UTF-8 extra ++ data and reset the pointer. This is so that very large classes that ++ contain a zillion UTF-8 characters no longer overwrite the work space ++ (which is on the stack). */ ++ ++ if (lengthptr != NULL) ++ { ++ *lengthptr += class_utf8data - class_utf8data_base; ++ class_utf8data = class_utf8data_base; ++ } ++ + #endif + + /* Inside \Q...\E everything is literal except \E */ --- php5-5.1.2.orig/debian/patches/MOPB-14.patch +++ php5-5.1.2/debian/patches/MOPB-14.patch @@ -0,0 +1,56 @@ +diff -uNrp php5-5.1.2-unpatched/ext/standard/string.c php5-5.1.2/ext/standard/string.c +--- php5-5.1.2-unpatched/ext/standard/string.c 2007-04-23 16:51:15.000000000 -0700 ++++ php5-5.1.2/ext/standard/string.c 2007-04-23 16:57:07.000000000 -0700 +@@ -4482,18 +4482,20 @@ PHP_FUNCTION(substr_count) + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Offset should be greater then or equal to 0."); + RETURN_FALSE; + } +- p += Z_LVAL_PP(offset); +- if (p > endp) { ++ ++ if (Z_LVAL_PP(offset) > Z_STRLEN_PP(haystack)) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Offset value %ld exceeds string length.", Z_LVAL_PP(offset)); + RETURN_FALSE; + } ++ p += Z_LVAL_PP(offset); ++ + if (ac == 4) { + convert_to_long_ex(length); + if (Z_LVAL_PP(length) <= 0) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Length should be greater than 0."); + RETURN_FALSE; + } +- if ((p + Z_LVAL_PP(length)) > endp) { ++ if (Z_LVAL_PP(length) > (Z_STRLEN_PP(haystack) - Z_LVAL_PP(offset))) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Length value %ld exceeds string length.", Z_LVAL_PP(length)); + RETURN_FALSE; + } +@@ -4887,17 +4889,24 @@ PHP_FUNCTION(substr_compare) + RETURN_FALSE; + } + +- if ((offset + len) > s1_len) { +- php_error_docref(NULL TSRMLS_CC, E_WARNING, "The start position cannot exceed initial string length."); ++ if (ZEND_NUM_ARGS() >= 4 && len <= 0) { ++ php_error_docref(NULL TSRMLS_CC, E_WARNING, "The length must be greater than zero"); + RETURN_FALSE; + } + + if (offset < 0) { + offset = s1_len + offset; ++ offset = (offset < 0) ? 0 : offset; + } + +- if (offset < 0) { +- offset = s1_len + offset; ++ if (offset > s1_len) { ++ php_error_docref(NULL TSRMLS_CC, E_WARNING, "The start position cannot exceed initial string length"); ++ RETURN_FALSE; ++ } ++ ++ if(len > s1_len - offset) { ++ php_error_docref(NULL TSRMLS_CC, E_WARNING, "The length cannot exceed initial string length"); ++ RETURN_FALSE; + } + + cmp_len = (uint) (len ? len : MAX(s2_len, (s1_len - offset))); --- php5-5.1.2.orig/debian/patches/017-pread_pwrite_disable.patch +++ php5-5.1.2/debian/patches/017-pread_pwrite_disable.patch @@ -0,0 +1,20 @@ +--- php4-4.3.8/acinclude.m4.orig 2004-08-09 07:41:27.000000000 -0600 ++++ php4-4.3.8/acinclude.m4 2004-08-09 07:42:19.000000000 -0600 +@@ -1134,7 +1134,7 @@ + } + + ],[ +- ac_cv_pwrite=yes ++ ac_cv_pwrite=no + ],[ + ac_cv_pwrite=no + ],[ +@@ -1163,7 +1163,7 @@ + exit(0); + } + ],[ +- ac_cv_pread=yes ++ ac_cv_pread=no + ],[ + ac_cv_pread=no + ],[ --- php5-5.1.2.orig/debian/patches/056-mime_magic_liberal.patch +++ php5-5.1.2/debian/patches/056-mime_magic_liberal.patch @@ -0,0 +1,36 @@ +--- php-5.1.1/ext/mime_magic/mime_magic.c 2005-10-19 01:04:07.000000000 +1000 ++++ php5-5.1.1/ext/mime_magic/mime_magic.c 2005-12-20 19:25:24.000000000 +1100 +@@ -494,7 +494,7 @@ + } while (*(++p) != '/'); + ++p; + do { +- if (!isalnum(*p) && (*p != '-') && (*p != '.') && !isspace(*p)) { ++ if (!isalnum(*p) && (*p != '-') && (*p != '.') && (*p != '+') && !isspace(*p)) { + return 0; + } + } while (*(++p)); +@@ -627,6 +627,15 @@ + else if (strncmp(l, "string", NSTRING) == 0) { + m->type = STRING; + l += NSTRING; ++ if (*l == '/') { ++ ++l; ++ if ((*l == 'B') || (*l == 'b') || (*l == 'c')) { ++ ++l; ++ if ((*l == 'B') || (*l == 'b') || (*l == 'c')) { ++ ++l; ++ } ++ } ++ } + } + else if (strncmp(l, "date", NDATE) == 0) { + m->type = DATE; +@@ -720,7 +729,7 @@ + if (!is_valid_mimetype(l, strlen(l))) { + if(MIME_MAGIC_G(debug)) + php_error_docref("http://www.php.net/mime_magic" TSRMLS_CC, E_WARNING, ": (%s:%d) '%s' is not a valid mimetype, entry skipped", MIME_MAGIC_G(magicfile), lineno, l); +- return -1; ++ return 0; + } + + strncpy(m->desc, l, sizeof(m->desc) - 1); --- php5-5.1.2.orig/debian/patches/043-recode_size_t.patch +++ php5-5.1.2/debian/patches/043-recode_size_t.patch @@ -0,0 +1,13 @@ +--- php-5.0.4/ext/recode/recode.c 2005-07-13 14:43:06.000000000 +1000 ++++ php-5.0.4/ext/recode/recode.c 2005-07-13 14:43:45.000000000 +1000 +@@ -129,8 +129,8 @@ + { + RECODE_REQUEST request = NULL; + char *r = NULL; +- int r_len = 0, r_alen = 0; +- int req_len, str_len; ++ size_t r_len = 0, r_alen = 0; ++ size_t req_len, str_len; + char *req, *str; + + if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "ss", &req, &req_len, &str, &str_len) == FAILURE) { --- php5-5.1.2.orig/debian/patches/CVE-2006-4481.patch +++ php5-5.1.2/debian/patches/CVE-2006-4481.patch @@ -0,0 +1,36 @@ +diff -Nurp orig/ext/imap/php_imap.c new/ext/imap/php_imap.c +--- orig/ext/imap/php_imap.c 2006-09-06 19:19:56.000000000 +0000 ++++ new/ext/imap/php_imap.c 2006-09-06 19:20:31.000000000 +0000 +@@ -807,6 +807,14 @@ PHP_FUNCTION(imap_reopen) + } + imap_le_struct->flags = cl_flags; + } ++ ++ /* local filename, need to perform open_basedir and safe_mode checks */ ++ if (Z_STRVAL_PP(mailbox)[0] != '{' && ++ (php_check_open_basedir(Z_STRVAL_PP(mailbox) TSRMLS_CC) || ++ (PG(safe_mode) && !php_checkuid(Z_STRVAL_PP(mailbox), NULL, CHECKUID_CHECK_FILE_AND_DIR)))) { ++ RETURN_FALSE; ++ } ++ + imap_stream = mail_open(imap_le_struct->imap_stream, Z_STRVAL_PP(mailbox), flags); + if (imap_stream == NIL) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Couldn't re-open stream"); +diff -Nurp orig/ext/standard/filestat.c new/ext/standard/filestat.c +--- orig/ext/standard/filestat.c 2006-09-06 19:19:57.000000000 +0000 ++++ new/ext/standard/filestat.c 2006-09-06 19:21:42.000000000 +0000 +@@ -645,9 +645,13 @@ PHPAPI void php_stat(const char *filenam + /* root has special perms on plain_wrapper + But we don't know about root under Netware */ + php_stream_wrapper *wrapper; ++ char* local; + +- wrapper = php_stream_locate_url_wrapper(filename, NULL, 0 TSRMLS_CC); ++ wrapper = php_stream_locate_url_wrapper(filename, &local, 0 TSRMLS_CC); + if (wrapper == &php_plain_files_wrapper) { ++ if (php_check_open_basedir(local TSRMLS_CC) || (PG(safe_mode) && !php_checkuid_ex(filename, NULL, CHECKUID_ALLOW_FILE_NOT_EXISTS, CHECKUID_NO_ERRORS))) { ++ RETURN_FALSE; ++ } + if (type == FS_IS_X) { + xmask = S_IXROOT; + } else { --- php5-5.1.2.orig/debian/patches/MOPB-10.patch +++ php5-5.1.2/debian/patches/MOPB-10.patch @@ -0,0 +1,12 @@ +diff -uNrp php5-5.1.6-unpatched/ext/session/session.c php5-5.1.6/ext/session/session.c +--- php5-5.1.6-unpatched/ext/session/session.c 2007-04-23 16:12:26.000000000 -0700 ++++ php5-5.1.6/ext/session/session.c 2007-04-23 16:14:02.000000000 -0700 +@@ -441,7 +441,7 @@ PS_SERIALIZER_DECODE_FUNC(php_binary) + zval **tmp; + namelen = *p & (~PS_BIN_UNDEF); + +- if (namelen > PS_BIN_MAX || (p + namelen) >= endptr) { ++ if (namelen < 0 || namelen > PS_BIN_MAX || (p + namelen) >= endptr) { + return FAILURE; + } + --- php5-5.1.2.orig/debian/patches/052-phpinfo_no_configure.patch +++ php5-5.1.2/debian/patches/052-phpinfo_no_configure.patch @@ -0,0 +1,11 @@ +--- php4-4.3.11/ext/standard/info.c.orig 2005-07-10 06:23:11.000000000 +1000 ++++ php4-4.3.11/ext/standard/info.c 2005-07-10 06:23:33.000000000 +1000 +@@ -443,7 +443,7 @@ + php_info_print_table_start(); + php_info_print_table_row(2, "System", php_uname ); + php_info_print_table_row(2, "Build Date", __DATE__ " " __TIME__ ); +-#ifdef CONFIGURE_COMMAND ++#if 0 + php_info_print_table_row(2, "Configure Command", CONFIGURE_COMMAND ); + #endif + if (sapi_module.pretty_name) { --- php5-5.1.2.orig/debian/patches/100-recode_is_shared.patch +++ php5-5.1.2/debian/patches/100-recode_is_shared.patch @@ -0,0 +1,10 @@ +--- php-5.0.4/ext/recode/config9.m4.orig 2005-07-13 04:06:02.000000000 +1000 ++++ php-5.0.4/ext/recode/config9.m4 2005-07-13 04:06:28.000000000 +1000 +@@ -8,6 +8,6 @@ + test "$PHP_MYSQL" != "no" && recode_conflict="$recode_conflict mysql" + + if test -n "$recode_conflict"; then +- AC_MSG_ERROR([recode extension can not be configured together with:$recode_conflict]) ++ AC_MSG_WARN([recode extension can not be used together with:$recode_conflict]) + fi + fi --- php5-5.1.2.orig/debian/patches/122-CVE-2007-1864-xmlrpc.patch +++ php5-5.1.2/debian/patches/122-CVE-2007-1864-xmlrpc.patch @@ -0,0 +1,11 @@ +--- old/ext/xmlrpc/libxmlrpc/xml_to_soap.c 2007-06-30 14:37:52.000000000 +0200 ++++ new/ext/xmlrpc/libxmlrpc/xml_to_soap.c 2007-06-30 14:38:38.000000000 +0200 +@@ -75,7 +75,7 @@ + } + + struct array_info { +- char kids_type[30]; ++ char kids_type[128]; + unsigned long size; + /* ... ? */ + }; --- php5-5.1.2.orig/debian/patches/pear/121-pear-installer.patch +++ php5-5.1.2/debian/patches/pear/121-pear-installer.patch @@ -0,0 +1,23 @@ +diff -uNrp PEAR-1.5.3/PEAR/Installer.php PEAR-1.5.4/PEAR/Installer.php +--- PEAR-1.5.3/PEAR/Installer.php 2007-04-18 20:01:48.000000000 -0700 ++++ PEAR-1.5.4/PEAR/Installer.php 2007-05-07 21:10:49.000000000 -0700 +@@ -292,6 +292,9 @@ class PEAR_Installer extends PEAR_Downlo + $installedas_dest_file = $installedas_dest_dir . DIRECTORY_SEPARATOR . '.tmp' . basename($final_dest_file); + } + $dest_dir = dirname($final_dest_file); ++ if (preg_match('~/\.\.(/|\\z)|^\.\./~', str_replace('\\', '/', $dest_file))) { ++ return $this->raiseError("SECURITY ERROR: file $file (installed to $dest_file) contains parent directory reference ..", PEAR_INSTALLER_FAILED); ++ } + $dest_file = $dest_dir . DIRECTORY_SEPARATOR . '.tmp' . basename($final_dest_file); + // }}} + +@@ -482,6 +485,9 @@ class PEAR_Installer extends PEAR_Downlo + } else { + list($save_destdir, $dest_dir, $dest_file, $orig_file) = $info; + } ++ if (preg_match('~/\.\.(/|\\z)|^\.\./~', str_replace('\\', '/', $dest_file))) { ++ return $this->raiseError("SECURITY ERROR: file $file (installed to $dest_file) contains parent directory reference ..", PEAR_INSTALLER_FAILED); ++ } + $final_dest_file = $installed_as = $dest_file; + if (isset($this->_options['packagingroot'])) { + $final_dest_file = $this->_prependPath($final_dest_file, --- php5-5.1.2.orig/debian/patches/MOPB-30.patch +++ php5-5.1.2/debian/patches/MOPB-30.patch @@ -0,0 +1,38 @@ +diff -uNrp php5-5.1.6-unpatched/ext/session/session.c php5-5.1.6/ext/session/session.c +--- php5-5.1.6-unpatched/ext/session/session.c 2007-04-23 16:33:25.000000000 -0700 ++++ php5-5.1.6/ext/session/session.c 2007-04-23 16:34:04.000000000 -0700 +@@ -573,16 +573,20 @@ static void php_session_track_init(TSRML + zend_delete_global_variable("HTTP_SESSION_VARS", sizeof("HTTP_SESSION_VARS")-1 TSRMLS_CC); + zend_delete_global_variable("_SESSION", sizeof("_SESSION")-1 TSRMLS_CC); + ++ if (PS(http_session_vars)) { ++ zval_ptr_dtor(&PS(http_session_vars)); ++ } ++ + MAKE_STD_ZVAL(session_vars); + array_init(session_vars); + PS(http_session_vars) = session_vars; + + if (PG(register_long_arrays)) { +- ZEND_SET_GLOBAL_VAR_WITH_LENGTH("HTTP_SESSION_VARS", sizeof("HTTP_SESSION_VARS"), PS(http_session_vars), 2, 1); +- ZEND_SET_GLOBAL_VAR_WITH_LENGTH("_SESSION", sizeof("_SESSION"), PS(http_session_vars), 2, 1); ++ ZEND_SET_GLOBAL_VAR_WITH_LENGTH("HTTP_SESSION_VARS", sizeof("HTTP_SESSION_VARS"), PS(http_session_vars), 3, 1); ++ ZEND_SET_GLOBAL_VAR_WITH_LENGTH("_SESSION", sizeof("_SESSION"), PS(http_session_vars), 3, 1); + } + else { +- ZEND_SET_GLOBAL_VAR_WITH_LENGTH("_SESSION", sizeof("_SESSION"), PS(http_session_vars), 1, 0); ++ ZEND_SET_GLOBAL_VAR_WITH_LENGTH("_SESSION", sizeof("_SESSION"), PS(http_session_vars), 2, 1); + } + } + +@@ -1796,6 +1800,10 @@ static void php_rinit_session_globals(TS + + static void php_rshutdown_session_globals(TSRMLS_D) + { ++ if (PS(http_session_vars)) { ++ zval_ptr_dtor(&PS(http_session_vars)); ++ PS(http_session_vars) = NULL; ++ } + if (PS(mod_data)) { + zend_try { + PS(mod)->s_close(&PS(mod_data) TSRMLS_CC); --- php5-5.1.2.orig/debian/patches/057-no_apache_installed.patch +++ php5-5.1.2/debian/patches/057-no_apache_installed.patch @@ -0,0 +1,42 @@ +--- php5-5.1.1/sapi/apache/config.m4 2005-05-30 09:16:45.000000000 +1000 ++++ php5-5.1.1/sapi/apache/config.m4 2005-12-20 20:02:26.000000000 +1100 +@@ -52,11 +52,11 @@ + APXS_HTTPD=`$APXS -q SBINDIR`/`$APXS -q TARGET` + APACHE_INCLUDE=-I$APXS_INCLUDEDIR + +- # Test that we're trying to configure with apache 1.x +- PHP_AP_EXTRACT_VERSION($APXS_HTTPD) +- if test "$APACHE_VERSION" -ge 2000000; then +- AC_MSG_ERROR([You have enabled Apache 1.3 support while your server is Apache 2. Please use the appropiate switch --with-apxs2]) +- fi ++dnl # Test that we're trying to configure with apache 1.x ++dnl PHP_AP_EXTRACT_VERSION($APXS_HTTPD) ++dnl if test "$APACHE_VERSION" -ge 2000000; then ++dnl AC_MSG_ERROR([You have enabled Apache 1.3 support while your server is Apache 2. Please use the appropiate switch --with-apxs2]) ++dnl fi + + for flag in $APXS_CFLAGS; do + case $flag in +--- php5-5.1.1/sapi/apache2handler/config.m4 2005-09-02 00:33:47.000000000 +1000 ++++ php5-5.1.1/sapi/apache2handler/config.m4 2005-12-20 19:57:17.000000000 +1100 +@@ -56,13 +56,13 @@ + + APACHE_CFLAGS="$APACHE_CPPFLAGS -I$APXS_INCLUDEDIR $APR_CFLAGS $APU_CFLAGS" + +- # Test that we're trying to configure with apache 2.x +- PHP_AP_EXTRACT_VERSION($APXS_HTTPD) +- if test "$APACHE_VERSION" -le 2000000; then +- AC_MSG_ERROR([You have enabled Apache 2 support while your server is Apache 1.3. Please use the appropiate switch --with-apxs (without the 2)]) +- elif test "$APACHE_VERSION" -lt 2000044; then +- AC_MSG_ERROR([Please note that Apache version >= 2.0.44 is required]) +- fi ++dnl # Test that we're trying to configure with apache 2.x ++dnl PHP_AP_EXTRACT_VERSION($APXS_HTTPD) ++dnl if test "$APACHE_VERSION" -le 2000000; then ++dnl AC_MSG_ERROR([You have enabled Apache 2 support while your server is Apache 1.3. Please use the appropiate switch --with-apxs (without the 2)]) ++dnl elif test "$APACHE_VERSION" -lt 2000044; then ++dnl AC_MSG_ERROR([Please note that Apache version >= 2.0.44 is required]) ++dnl fi + + APXS_LIBEXECDIR='$(INSTALL_ROOT)'`$APXS -q LIBEXECDIR` + if test -z `$APXS -q SYSCONFDIR`; then --- php5-5.1.2.orig/debian/patches/002-static_openssl.patch +++ php5-5.1.2/debian/patches/002-static_openssl.patch @@ -0,0 +1,14 @@ +diff -urN php4-4.3.4.orig/acinclude.m4 php4-4.3.4/acinclude.m4 +--- php4-4.3.4.orig/acinclude.m4 2004-02-16 01:01:22.000000000 -0500 ++++ php4-4.3.4/acinclude.m4 2004-02-16 01:03:12.000000000 -0500 +@@ -2221,9 +2221,7 @@ + + PHP_ADD_INCLUDE($OPENSSL_INCDIR) + +- PHP_CHECK_LIBRARY(crypto, CRYPTO_free, [ +- PHP_ADD_LIBRARY(crypto,,$1) +- ],[ ++ PHP_CHECK_LIBRARY(crypto, CRYPTO_free, [:],[ + AC_MSG_ERROR([libcrypto not found!]) + ],[ + -L$OPENSSL_LIBDIR --- php5-5.1.2.orig/debian/patches/CVE-2010-2531.patch +++ php5-5.1.2/debian/patches/CVE-2010-2531.patch @@ -0,0 +1,244 @@ +Description: fix sensitive information disclosure via error messages +Origin: backport, http://svn.php.net/viewvc?view=revision&revision=301245 + +diff -Naur php5-5.1.2.ori//ext/standard/php_var.h php5-5.1.2/ext/standard/php_var.h +--- php5-5.1.2.ori//ext/standard/php_var.h 2006-01-01 07:50:15.000000000 -0500 ++++ php5-5.1.2/ext/standard/php_var.h 2010-09-15 10:10:03.000000000 -0400 +@@ -34,6 +34,8 @@ + + PHPAPI void php_var_dump(zval **struc, int level TSRMLS_DC); + PHPAPI void php_var_export(zval **struc, int level TSRMLS_DC); ++PHPAPI void php_var_export_ex(zval **struc, int level, smart_str *buf TSRMLS_DC); ++ + PHPAPI void php_debug_zval_dump(zval **struc, int level TSRMLS_DC); + + /* typdef HashTable php_serialize_data_t; */ +diff -Naur php5-5.1.2.ori//ext/standard/var.c php5-5.1.2/ext/standard/var.c +--- php5-5.1.2.ori//ext/standard/var.c 2006-01-01 07:50:16.000000000 -0500 ++++ php5-5.1.2/ext/standard/var.c 2010-09-15 10:16:40.000000000 -0400 +@@ -315,51 +315,79 @@ + } + /* }}} */ + +- ++#define buffer_append_spaces(buf, num_spaces) \ ++ do { \ ++ char *tmp_spaces; \ ++ int tmp_spaces_len; \ ++ tmp_spaces_len = spprintf(&tmp_spaces, 0,"%*c", num_spaces, ' '); \ ++ smart_str_appendl(buf, tmp_spaces, tmp_spaces_len); \ ++ efree(tmp_spaces); \ ++ } while(0); + /* {{{ php_var_export */ + + static int php_array_element_export(zval **zv, int num_args, va_list args, zend_hash_key *hash_key) + { + int level; ++ smart_str *buf; ++ + TSRMLS_FETCH(); + + level = va_arg(args, int); ++ buf = va_arg(args, smart_str *); + +- if (hash_key->nKeyLength==0) { /* numeric key */ +- php_printf("%*c%ld => ", level + 1, ' ', hash_key->h); ++ if (hash_key->nKeyLength == 0) { /* numeric key */ ++ buffer_append_spaces(buf, level+1); ++ smart_str_append_long(buf, hash_key->h); ++ smart_str_appendl(buf, " => ", 4); + } else { /* string key */ + char *key; + int key_len; + key = php_addcslashes(hash_key->arKey, hash_key->nKeyLength - 1, &key_len, 0, "'\\", 2 TSRMLS_CC); +- php_printf("%*c'", level + 1, ' '); +- PHPWRITE(key, key_len); +- php_printf("' => "); ++ ++ buffer_append_spaces(buf, level + 1); ++ ++ smart_str_appendc(buf, '\''); ++ smart_str_appendl(buf, key, key_len); ++ smart_str_appendl(buf, "' => ", 5); ++ + efree(key); + } +- php_var_export(zv, level + 2 TSRMLS_CC); +- PUTS (",\n"); ++ php_var_export_ex(zv, level + 2, buf TSRMLS_CC); ++ ++ smart_str_appendc(buf, ','); ++ smart_str_appendc(buf, '\n'); ++ + return 0; + } + + static int php_object_element_export(zval **zv, int num_args, va_list args, zend_hash_key *hash_key) + { + int level; ++ smart_str *buf; + char *prop_name, *class_name; + TSRMLS_FETCH(); + + level = va_arg(args, int); ++ buf = va_arg(args, smart_str *); + + if (hash_key->nKeyLength != 0) { +- php_printf("%*c", level + 1, ' '); ++ buffer_append_spaces(buf, level + 2); + zend_unmangle_property_name_ex(hash_key->arKey, hash_key->nKeyLength, &class_name, &prop_name); +- php_printf(" '%s' => ", prop_name); +- php_var_export(zv, level + 2 TSRMLS_CC); +- PUTS (",\n"); ++ ++ smart_str_appendc(buf, '\''); ++ smart_str_appends(buf, prop_name); ++ smart_str_appendc(buf, '\''); ++ ++ smart_str_appendl(buf, " => ", 4); ++ php_var_export_ex(zv, level + 2, buf TSRMLS_CC); ++ smart_str_appendc(buf, ','); ++ smart_str_appendc(buf, '\n'); ++ + } + return 0; + } + +-PHPAPI void php_var_export(zval **struc, int level TSRMLS_DC) ++PHPAPI void php_var_export_ex(zval **struc, int level, smart_str *buf TSRMLS_DC) /* {{{ */ + { + HashTable *myht; + char* tmp_str; +@@ -369,58 +397,83 @@ + + switch (Z_TYPE_PP(struc)) { + case IS_BOOL: +- php_printf("%s", Z_LVAL_PP(struc) ? "true" : "false"); ++ if (Z_LVAL_PP(struc)) { ++ smart_str_appendl(buf, "true", 4); ++ } else { ++ smart_str_appendl(buf, "false", 5); ++ } + break; + case IS_NULL: +- php_printf("NULL"); ++ smart_str_appendl(buf, "NULL", 4); + break; + case IS_LONG: +- php_printf("%ld", Z_LVAL_PP(struc)); ++ smart_str_append_long(buf, Z_LVAL_PP(struc)); + break; + case IS_DOUBLE: +- php_printf("%.*G", (int) EG(precision), Z_DVAL_PP(struc)); ++ tmp_len = spprintf(&tmp_str, 0,"%.*G", (int) EG(precision), Z_DVAL_PP(struc)); ++ smart_str_appendl(buf, tmp_str, tmp_len); ++ efree(tmp_str); + break; + case IS_STRING: + tmp_str = php_addcslashes(Z_STRVAL_PP(struc), Z_STRLEN_PP(struc), &tmp_len, 0, "'\\", 2 TSRMLS_CC); +- PUTS ("'"); +- PHPWRITE(tmp_str, tmp_len); +- PUTS ("'"); ++ ++ smart_str_appendc(buf, '\''); ++ smart_str_appendl(buf, tmp_str, tmp_len); ++ smart_str_appendc(buf, '\''); ++ + efree (tmp_str); + break; + case IS_ARRAY: + myht = Z_ARRVAL_PP(struc); + if (level > 1) { +- php_printf("\n%*c", level - 1, ' '); ++ smart_str_appendc(buf, '\n'); ++ buffer_append_spaces(buf, level - 1); + } +- PUTS ("array (\n"); +- zend_hash_apply_with_arguments(myht, (apply_func_args_t) php_array_element_export, 1, level, (Z_TYPE_PP(struc) == IS_ARRAY ? 0 : 1)); ++ smart_str_appendl(buf, "array (\n", 8); ++ zend_hash_apply_with_arguments(myht, (apply_func_args_t) php_array_element_export, 2, level, buf); ++ + if (level > 1) { +- php_printf("%*c", level - 1, ' '); ++ buffer_append_spaces(buf, level - 1); + } +- PUTS(")"); ++ smart_str_appendc(buf, ')'); ++ + break; + case IS_OBJECT: + myht = Z_OBJPROP_PP(struc); + if (level > 1) { +- php_printf("\n%*c", level - 1, ' '); ++ smart_str_appendc(buf, '\n'); ++ buffer_append_spaces(buf, level - 1); + } + Z_OBJ_HANDLER(**struc, get_class_name)(*struc, &class_name, &class_name_len, 0 TSRMLS_CC); +- php_printf ("%s::__set_state(array(\n", class_name); ++ ++ smart_str_appendl(buf, class_name, class_name_len); ++ smart_str_appendl(buf, "::__set_state(array(\n", 21); ++ + efree(class_name); + if (myht) { +- zend_hash_apply_with_arguments(myht, (apply_func_args_t) php_object_element_export, 1, level); ++ zend_hash_apply_with_arguments(myht, (apply_func_args_t) php_object_element_export, 2, level, buf); + } + if (level > 1) { +- php_printf("%*c", level - 1, ' '); ++ buffer_append_spaces(buf, level - 1); + } +- php_printf ("))"); ++ smart_str_appendl(buf, "))", 2); ++ + break; + default: +- PUTS ("NULL"); ++ smart_str_appendl(buf, "NULL", 4); + break; + } + } + ++/* FOR BC reasons, this will always perform and then print */ ++PHPAPI void php_var_export(zval **struc, int level TSRMLS_DC) /* {{{ */ ++{ ++ smart_str buf = {0}; ++ php_var_export_ex(struc, level, &buf TSRMLS_CC); ++ smart_str_0 (&buf); ++ PHPWRITE(buf.c, buf.len); ++ smart_str_free(&buf); ++} + /* }}} */ + + +@@ -430,21 +483,21 @@ + { + zval *var; + zend_bool return_output = 0; +- ++ smart_str buf = {0}; ++ + if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "z|b", &var, &return_output) == FAILURE) { + return; + } +- +- if (return_output) { +- php_start_ob_buffer (NULL, 0, 1 TSRMLS_CC); +- } +- +- php_var_export(&var, 1 TSRMLS_CC); ++ ++ php_var_export_ex(&var, 1, &buf TSRMLS_CC); ++ smart_str_0 (&buf); + + if (return_output) { +- php_ob_get_buffer (return_value TSRMLS_CC); +- php_end_ob_buffer (0, 0 TSRMLS_CC); ++ RETVAL_STRINGL(buf.c, buf.len, 1); ++ } else { ++ PHPWRITE(buf.c, buf.len); + } ++ smart_str_free(&buf); + } + /* }}} */ + --- php5-5.1.2.orig/debian/patches/CVE-2009-3558.patch +++ php5-5.1.2/debian/patches/CVE-2009-3558.patch @@ -0,0 +1,16 @@ +Description: fix open_basedir restrictions bypass via posix_mkfifo +upstream, Origin: http://svn.php.net/viewvc?view=revision&revision=288943 + +diff -Naur php5-5.1.2.ori/ext/posix/posix.c php5-5.1.2/ext/posix/posix.c +--- php5-5.1.2.ori/ext/posix/posix.c 2006-01-01 07:50:12.000000000 -0500 ++++ php5-5.1.2/ext/posix/posix.c 2009-11-25 15:32:42.000000000 -0500 +@@ -653,7 +653,8 @@ + RETURN_FALSE; + } + +- if (PG(safe_mode) && (!php_checkuid(path, NULL, CHECKUID_ALLOW_ONLY_DIR))) { ++ if (php_check_open_basedir_ex(path, 0 TSRMLS_CC) || ++ (PG(safe_mode) && (!php_checkuid(path, NULL, CHECKUID_ALLOW_ONLY_DIR)))) { + RETURN_FALSE; + } + --- php5-5.1.2.orig/debian/patches/226_SECURITY_CVE-2008-5625.patch +++ php5-5.1.2/debian/patches/226_SECURITY_CVE-2008-5625.patch @@ -0,0 +1,107 @@ +# +# Description: fix arbitrary file write by placing a "php_value error_log" +# entry in a .htaccess file. +# Patch: http://cvs.php.net/viewvc.cgi/php-src/sapi/apache/mod_php5.c?hideattic=0&r1=1.19.2.7.2.14&r2=1.19.2.7.2.15 +# Patch: http://cvs.php.net/viewvc.cgi/php-src/sapi/apache2handler/apache_config.c?hideattic=0&r1=1.7.2.1.2.5&r2=1.7.2.1.2.6 +# +diff -Naur php5-5.1.2.ori/sapi/apache/mod_php5.c php5-5.1.2/sapi/apache/mod_php5.c +--- php5-5.1.2.ori/sapi/apache/mod_php5.c 2009-01-28 10:17:12.000000000 -0500 ++++ php5-5.1.2/sapi/apache/mod_php5.c 2009-01-28 10:22:24.000000000 -0500 +@@ -715,11 +715,11 @@ + return 1; /* does not exist in dest, copy from source */ + } + +- if (new_per_dir_entry->type==PHP_INI_SYSTEM +- && orig_per_dir_entry->type!=PHP_INI_SYSTEM) { +- return 1; +- } else { ++ if (orig_per_dir_entry->type==PHP_INI_SYSTEM ++ && new_per_dir_entry->type!=PHP_INI_SYSTEM) { + return 0; ++ } else { ++ return 1; + } + } + /* }}} */ +@@ -751,9 +751,15 @@ + */ + static void *php_merge_dir(pool *p, void *basev, void *addv) + { +- /* This function *must* return addv, and not modify basev */ +- zend_hash_merge_ex((HashTable *) addv, (HashTable *) basev, (copy_ctor_func_t) copy_per_dir_entry, sizeof(php_per_dir_entry), (merge_checker_func_t) should_overwrite_per_dir_entry, NULL); +- return addv; ++ /* This function *must* not modify addv or basev */ ++ HashTable *new; ++ ++ /* need a copy of addv to merge */ ++ new = php_create_dir(p, "php_merge_dir"); ++ zend_hash_copy(new, (HashTable *) basev, (copy_ctor_func_t) copy_per_dir_entry, NULL, sizeof(php_per_dir_entry)); ++ ++ zend_hash_merge_ex(new, (HashTable *) addv, (copy_ctor_func_t) copy_per_dir_entry, sizeof(php_per_dir_entry), (merge_checker_func_t) should_overwrite_per_dir_entry, NULL); ++ return new; + } + /* }}} */ + +diff -Naur php5-5.1.2.ori/sapi/apache2handler/apache_config.c php5-5.1.2/sapi/apache2handler/apache_config.c +--- php5-5.1.2.ori/sapi/apache2handler/apache_config.c 2006-01-01 07:50:18.000000000 -0500 ++++ php5-5.1.2/sapi/apache2handler/apache_config.c 2009-01-28 10:36:26.000000000 -0500 +@@ -115,30 +115,54 @@ + return NULL; + } + ++static zend_bool should_overwrite_per_dir_entry(HashTable *target_ht, php_dir_entry *new_per_dir_entry, zend_hash_key *hash_key, void *pData) ++{ ++ php_dir_entry *orig_per_dir_entry; ++ ++ if (zend_hash_find(target_ht, hash_key->arKey, hash_key->nKeyLength, (void **) &orig_per_dir_entry)==FAILURE) { ++ return 1; /* does not exist in dest, copy from source */ ++ } ++ ++ if (new_per_dir_entry->status >= orig_per_dir_entry->status) { ++ /* use new entry */ ++ phpapdebug((stderr, "ADDING/OVERWRITING %s (%d vs. %d)\n", hash_key->arKey, new_per_dir_entry->status, orig_per_dir_entry->status)); ++ return 1; ++ } else { ++ return 0; ++ } ++} ++ + + void *merge_php_config(apr_pool_t *p, void *base_conf, void *new_conf) + { +- php_conf_rec *d = base_conf, *e = new_conf; ++ php_conf_rec *d = base_conf, *e = new_conf, *n = NULL; + php_dir_entry *pe; + php_dir_entry *data; + char *str; + uint str_len; + ulong num_index; + +- phpapdebug((stderr, "Merge dir (%p) (%p)\n", base_conf, new_conf)); ++ n = create_php_config(p, "merge_php_config"); ++ /* copy old config */ ++ zend_hash_copy(&n->config, &d->config, NULL, NULL, sizeof(php_dir_entry)); ++ /* merge new config */ ++ phpapdebug((stderr, "Merge dir (%p)+(%p)=(%p)\n", base_conf, new_conf, n)); ++ zend_hash_merge_ex(&n->config, &e->config, NULL, sizeof(php_dir_entry), (merge_checker_func_t) should_overwrite_per_dir_entry, NULL); ++#if STAS_0 + for (zend_hash_internal_pointer_reset(&d->config); + zend_hash_get_current_key_ex(&d->config, &str, &str_len, + &num_index, 0, NULL) == HASH_KEY_IS_STRING; + zend_hash_move_forward(&d->config)) { + pe = NULL; + zend_hash_get_current_data(&d->config, (void **) &data); +- if (zend_hash_find(&e->config, str, str_len, (void **) &pe) == SUCCESS) { ++ if (zend_hash_find(&n->config, str, str_len, (void **) &pe) == SUCCESS) { + if (pe->status >= data->status) continue; + } +- zend_hash_update(&e->config, str, str_len, data, sizeof(*data), NULL); + phpapdebug((stderr, "ADDING/OVERWRITING %s (%d vs. %d)\n", str, data->status, pe?pe->status:-1)); ++ zend_hash_update(&n->config, str, str_len, data, sizeof(*data), NULL); + } +- return new_conf; ++#endif ++ return n; + } + + char *get_php_config(void *conf, char *name, size_t name_len) --- php5-5.1.2.orig/debian/patches/121-CVE-2007-2509_ftp.patch +++ php5-5.1.2/debian/patches/121-CVE-2007-2509_ftp.patch @@ -0,0 +1,19 @@ +--- old/ext/ftp/ftp.c 2007/02/27 03:28:16 1.112.2.4.2.7 ++++ new/ext/ftp/ftp.c 2007/03/24 16:25:42 1.112.2.4.2.8 +@@ -1096,10 +1096,16 @@ + int size; + char *data; + ++ if (strpbrk(cmd, "\r\n")) { ++ return 0; ++ } + /* build the output buffer */ + if (args && args[0]) { + /* "cmd args\r\n\0" */ + if (strlen(cmd) + strlen(args) + 4 > FTP_BUFSIZE) { ++ return 0; ++ } ++ if (strpbrk(args, "\r\n")) { + return 0; + } + size = sprintf(ftp->outbuf, "%s %s\r\n", cmd, args); --- php5-5.1.2.orig/debian/patches/CVE-2009-2626.patch +++ php5-5.1.2/debian/patches/CVE-2009-2626.patch @@ -0,0 +1,30 @@ +Description: fix information disclosure and denial of service via + zend_restore_ini_entry_cb function. +Origin: upstream, http://svn.php.net/viewvc?view=revision&revision=284157 +Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=540605 + +diff -Naur php5-5.1.2.ori/Zend/zend_ini.c php5-5.1.2/Zend/zend_ini.c +--- php5-5.1.2.ori/Zend/zend_ini.c 2010-01-06 12:39:08.000000000 -0500 ++++ php5-5.1.2/Zend/zend_ini.c 2010-01-06 12:39:52.000000000 -0500 +@@ -46,15 +46,20 @@ + + static int zend_restore_ini_entry_cb(zend_ini_entry *ini_entry, int stage TSRMLS_DC) + { ++ int result = FAILURE; + if (ini_entry->modified) { + if (ini_entry->on_modify) { + zend_try { + /* even if on_modify bails out, we have to continue on with restoring, + since there can be allocated variables that would be freed on MM shutdown + and would lead to memory corruption later ini entry is modified again */ +- ini_entry->on_modify(ini_entry, ini_entry->orig_value, ini_entry->orig_value_length, ini_entry->mh_arg1, ini_entry->mh_arg2, ini_entry->mh_arg3, stage TSRMLS_CC); ++ result = ini_entry->on_modify(ini_entry, ini_entry->orig_value, ini_entry->orig_value_length, ini_entry->mh_arg1, ini_entry->mh_arg2, ini_entry->mh_arg3, stage TSRMLS_CC); + } zend_end_try(); + } ++ if(stage == ZEND_INI_STAGE_RUNTIME && result == FAILURE) { ++ /* runtime failure is OK */ ++ return 1; ++ } + if (ini_entry->value != ini_entry->orig_value) { + efree(ini_entry->value); + } --- php5-5.1.2.orig/debian/patches/CVE-2010-1129.patch +++ php5-5.1.2/debian/patches/CVE-2010-1129.patch @@ -0,0 +1,15 @@ +Description: fix safe_mode bypass via trailing slash in dir pathnames +Origin: upstream, http://svn.php.net/viewvc?view=revision&revision=294882 + +diff -Naur php5-5.1.2.ori//ext/standard/file.c php5-5.1.2/ext/standard/file.c +--- php5-5.1.2.ori//ext/standard/file.c 2010-09-15 09:41:36.000000000 -0400 ++++ php5-5.1.2/ext/standard/file.c 2010-09-15 09:51:14.000000000 -0400 +@@ -783,7 +783,7 @@ + convert_to_string_ex(arg1); + convert_to_string_ex(arg2); + +- if (PG(safe_mode) &&(!php_checkuid(Z_STRVAL_PP(arg1), NULL, CHECKUID_ALLOW_ONLY_DIR))) { ++ if (PG(safe_mode) &&(!php_checkuid(Z_STRVAL_PP(arg1), NULL, CHECKUID_CHECK_FILE_AND_DIR))) { + RETURN_FALSE; + } + --- php5-5.1.2.orig/debian/patches/207-htmlentity-utf8-fix.patch +++ php5-5.1.2/debian/patches/207-htmlentity-utf8-fix.patch @@ -0,0 +1,154 @@ +diff -Naur php-5.1.2.orig/ext/standard/html.c php-5.1.2/ext/standard/html.c +--- php-5.1.2.orig/ext/standard/html.c 2006-01-01 07:50:14.000000000 -0500 ++++ php-5.1.2/ext/standard/html.c 2008-07-22 23:50:23.000000000 -0400 +@@ -484,18 +484,29 @@ + } \ + mbseq[mbpos++] = (mbchar); } + ++#define CHECK_LEN(pos, chars_need) \ ++ if((str_len - (pos)) < chars_need) { \ ++ *status = FAILURE; \ ++ return 0; \ ++ } ++ + /* {{{ get_next_char + */ + inline static unsigned short get_next_char(enum entity_charset charset, + unsigned char * str, ++ int str_len, + int * newpos, + unsigned char * mbseq, +- int * mbseqlen) ++ int * mbseqlen, ++ int *status) + { + int pos = *newpos; + int mbpos = 0; + int mbspace = *mbseqlen; + unsigned short this_char = str[pos++]; ++ unsigned char next_char; ++ ++ *status = SUCCESS; + + if (mbspace <= 0) { + *mbseqlen = 0; +@@ -517,6 +528,10 @@ + do { + if (this_char < 0x80) { + more = 0; ++ if(stat) { ++ /* we didn't finish the UTF sequence correctly */ ++ *status = FAILURE; ++ } + break; + } else if (this_char < 0xc0) { + switch (stat) { +@@ -555,6 +570,7 @@ + break; + default: + /* invalid */ ++ *status = FAILURE; + more = 0; + } + } +@@ -562,21 +578,27 @@ + else if (this_char < 0xe0) { + stat = 0x10; /* 2 byte */ + utf = (this_char & 0x1f) << 6; ++ CHECK_LEN(pos, 1); + } else if (this_char < 0xf0) { + stat = 0x20; /* 3 byte */ + utf = (this_char & 0xf) << 12; ++ CHECK_LEN(pos, 2); + } else if (this_char < 0xf8) { + stat = 0x30; /* 4 byte */ + utf = (this_char & 0x7) << 18; ++ CHECK_LEN(pos, 3); + } else if (this_char < 0xfc) { + stat = 0x40; /* 5 byte */ + utf = (this_char & 0x3) << 24; ++ CHECK_LEN(pos, 4); + } else if (this_char < 0xfe) { + stat = 0x50; /* 6 byte */ + utf = (this_char & 0x1) << 30; ++ CHECK_LEN(pos, 5); + } else { + /* invalid; bail */ + more = 0; ++ *status = FAILURE; + break; + } + +@@ -594,7 +616,8 @@ + /* check if this is the first of a 2-byte sequence */ + if (this_char >= 0xa1 && this_char <= 0xfe) { + /* peek at the next char */ +- unsigned char next_char = str[pos]; ++ CHECK_LEN(pos, 1); ++ next_char = str[pos]; + if ((next_char >= 0x40 && next_char <= 0x7e) || + (next_char >= 0xa1 && next_char <= 0xfe)) { + /* yes, this a wide char */ +@@ -614,7 +637,8 @@ + (this_char >= 0xe0 && this_char <= 0xef) + ) { + /* peek at the next char */ +- unsigned char next_char = str[pos]; ++ CHECK_LEN(pos, 1); ++ next_char = str[pos]; + if ((next_char >= 0x40 && next_char <= 0x7e) || + (next_char >= 0x80 && next_char <= 0xfc)) + { +@@ -633,7 +657,8 @@ + /* check if this is the first of a multi-byte sequence */ + if (this_char >= 0xa1 && this_char <= 0xfe) { + /* peek at the next char */ +- unsigned char next_char = str[pos]; ++ CHECK_LEN(pos, 1); ++ next_char = str[pos]; + if (next_char >= 0xa1 && next_char <= 0xfe) { + /* yes, this a jis kanji char */ + this_char <<= 8; +@@ -644,7 +669,8 @@ + + } else if (this_char == 0x8e) { + /* peek at the next char */ +- unsigned char next_char = str[pos]; ++ CHECK_LEN(pos, 1); ++ next_char = str[pos]; + if (next_char >= 0xa1 && next_char <= 0xdf) { + /* JIS X 0201 kana */ + this_char <<= 8; +@@ -655,8 +681,10 @@ + + } else if (this_char == 0x8f) { + /* peek at the next two char */ +- unsigned char next_char = str[pos]; +- unsigned char next2_char = str[pos+1]; ++ unsigned char next2_char; ++ CHECK_LEN(pos, 2); ++ next_char = str[pos]; ++ next2_char = str[pos+1]; + if ((next_char >= 0xa1 && next_char <= 0xfe) && + (next2_char >= 0xa1 && next2_char <= 0xfe)) { + /* JIS X 0212 hojo-kanji */ +@@ -1092,8 +1120,18 @@ + while (i < oldlen) { + unsigned char mbsequence[16]; /* allow up to 15 characters in a multibyte sequence */ + int mbseqlen = sizeof(mbsequence); +- unsigned short this_char = get_next_char(charset, old, &i, mbsequence, &mbseqlen); ++ int status = SUCCESS; ++ unsigned short this_char = get_next_char(charset, old, oldlen, &i, mbsequence, &mbseqlen, &status); + ++ if(status == FAILURE) { ++ /* invalid MB sequence */ ++ efree(replaced); ++ if(!PG(display_errors)) { ++ php_error_docref(NULL TSRMLS_CC, E_WARNING, "Invalid multibyte sequence in argument"); ++ } ++ *newlen = 0; ++ return STR_EMPTY_ALLOC(); ++ } + matches_map = 0; + + if (len + 16 > maxlen) --- php5-5.1.2.orig/debian/patches/229_SECURITY_CVE-2009-2687.patch +++ php5-5.1.2/debian/patches/229_SECURITY_CVE-2009-2687.patch @@ -0,0 +1,20 @@ +# +# Description: fix denial of service via malformed JPEG image with invalid offset fields +# Patch: http://svn.php.net/viewvc?view=revision&revision=281314 +# Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=535888 +# Upstream: http://bugs.php.net/bug.php?id=48378 +# +diff -Naur php5-5.1.2.ori/ext/exif/exif.c php5-5.1.2/ext/exif/exif.c +--- php5-5.1.2.ori/ext/exif/exif.c 2009-08-21 10:47:01.000000000 -0400 ++++ php5-5.1.2/ext/exif/exif.c 2009-08-21 10:48:06.000000000 -0400 +@@ -3096,6 +3096,10 @@ + exif_error_docref(NULL EXIFERR_CC, ImageInfo, E_WARNING, "Invalid TIFF start (1)"); + return; + } ++ if (offset_of_ifd > length) { ++ exif_error_docref(NULL EXIFERR_CC, ImageInfo, E_WARNING, "Invalid IFD start"); ++ return; ++ } + + ImageInfo->sections_found |= FOUND_IFD0; + /* First directory starts at offset 8. Offsets starts at 0. */ --- php5-5.1.2.orig/debian/patches/224_SECURITY_CVE-2008-5557.patch +++ php5-5.1.2/debian/patches/224_SECURITY_CVE-2008-5557.patch @@ -0,0 +1,47 @@ +# +# Description: fix mbstring extension arbitrary code execution via crafted +# string containing HTML entity. +# Ubuntu: https://bugs.launchpad.net/ubuntu/+source/php5/+bug/317672 +# Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=511493 +# Upstream: http://bugs.php.net/bug.php?id=45722 +# Patch: http://cvs.php.net/viewvc.cgi/php-src/ext/mbstring/libmbfl/filters/mbfilter_htmlent.c?hideattic=0&r1=1.7&r2=1.8 +# +diff -Naur php5-5.1.2.ori/ext/mbstring/libmbfl/filters/mbfilter_htmlent.c php5-5.1.2/ext/mbstring/libmbfl/filters/mbfilter_htmlent.c +--- php5-5.1.2.ori/ext/mbstring/libmbfl/filters/mbfilter_htmlent.c 2005-02-21 05:12:43.000000000 -0500 ++++ php5-5.1.2/ext/mbstring/libmbfl/filters/mbfilter_htmlent.c 2009-01-28 10:16:32.000000000 -0500 +@@ -232,8 +232,7 @@ + mbfl_filt_conv_html_dec_flush(filter); + if (c=='&') + { +- filter->status = 1; +- buffer[0] = '&'; ++ buffer[filter->status++] = '&'; + } + } + } +@@ -244,17 +243,19 @@ + int mbfl_filt_conv_html_dec_flush(mbfl_convert_filter *filter) + { + int status, pos = 0; +- char *buffer; ++ unsigned char *buffer; ++ int err = 0; + +- buffer = (char*)filter->opaque; ++ buffer = (unsigned char*)filter->opaque; + status = filter->status; ++ filter->status = 0; + /* flush fragments */ + while (status--) { +- CK((*filter->output_function)(buffer[pos++], filter->data)); ++ int e = (*filter->output_function)(buffer[pos++], filter->data); ++ if (e != 0) ++ err = e; + } +- filter->status = 0; +- /*filter->buffer = 0; of cause NOT*/ +- return 0; ++ return err; + } + + --- php5-5.1.2.orig/debian/patches/CVE-2007-0910.patch +++ php5-5.1.2/debian/patches/CVE-2007-0910.patch @@ -0,0 +1,135 @@ +diff -Nurp orig/ext/session/session.c new/ext/session/session.c +--- orig/ext/session/session.c 2007-02-21 09:31:23.000000000 +0100 ++++ new/ext/session/session.c 2007-02-21 09:32:02.000000000 +0100 +@@ -291,9 +291,12 @@ void php_add_session_var(char *name, siz + if (PG(register_globals)) { + zval **sym_global = NULL; + +- zend_hash_find(&EG(symbol_table), name, namelen + 1, +- (void *) &sym_global); +- ++ if (zend_hash_find(&EG(symbol_table), name, namelen + 1, (void *) &sym_global) == SUCCESS) { ++ if ((Z_TYPE_PP(sym_global) == IS_ARRAY && Z_ARRVAL_PP(sym_global) == &EG(symbol_table)) || *sym_global == PS(http_session_vars)) { ++ return; ++ } ++ } ++ + if (sym_global == NULL && sym_track == NULL) { + zval *empty_var; + +@@ -323,7 +326,10 @@ void php_set_session_var(char *name, siz + if (PG(register_globals)) { + zval **old_symbol; + if (zend_hash_find(&EG(symbol_table),name,namelen+1,(void *)&old_symbol) == SUCCESS) { +- ++ if ((Z_TYPE_PP(old_symbol) == IS_ARRAY && Z_ARRVAL_PP(old_symbol) == &EG(symbol_table)) || *old_symbol == PS(http_session_vars)) { ++ return; ++ } ++ + /* + * A global symbol with the same name exists already. That + * symbol might have been created by other means (e.g. $_GET). +@@ -432,12 +438,20 @@ PS_SERIALIZER_DECODE_FUNC(php_binary) + PHP_VAR_UNSERIALIZE_INIT(var_hash); + + for (p = val; p < endptr; ) { ++ zval **tmp; + namelen = *p & (~PS_BIN_UNDEF); + + if (namelen > PS_BIN_MAX || (p + namelen) >= endptr) { + return FAILURE; + } + ++ if (zend_hash_find(&EG(symbol_table), name, namelen + 1, (void **) &tmp) == SUCCESS) { ++ if ((Z_TYPE_PP(tmp) == IS_ARRAY && Z_ARRVAL_PP(tmp) == &EG(symbol_table)) || *tmp == PS(http_session_vars)) { ++ efree(name); ++ continue; ++ } ++ } ++ + has_value = *p & PS_BIN_UNDEF ? 0 : 1; + + name = estrndup(p + 1, namelen); +@@ -509,6 +523,7 @@ PS_SERIALIZER_DECODE_FUNC(php) + p = val; + + while (p < endptr) { ++ zval **tmp; + q = p; + while (*q != PS_DELIMITER) + if (++q >= endptr) goto break_outer_loop; +@@ -523,7 +538,13 @@ PS_SERIALIZER_DECODE_FUNC(php) + namelen = q - p; + name = estrndup(p, namelen); + q++; +- ++ ++ if (zend_hash_find(&EG(symbol_table), name, namelen + 1, (void **) &tmp) == SUCCESS) { ++ if ((Z_TYPE_PP(tmp) == IS_ARRAY && Z_ARRVAL_PP(tmp) == &EG(symbol_table)) || *tmp == PS(http_session_vars)) { ++ goto skip; ++ } ++ } ++ + if (has_value) { + ALLOC_INIT_ZVAL(current); + if (php_var_unserialize(¤t, (const unsigned char **) &q, endptr, &var_hash TSRMLS_CC)) { +@@ -532,6 +553,7 @@ PS_SERIALIZER_DECODE_FUNC(php) + zval_ptr_dtor(¤t); + } + PS_ADD_VARL(name, namelen); ++skip: + efree(name); + + p = q; +@@ -672,7 +694,7 @@ PHPAPI char *php_session_create_id(PS_CR + buf = emalloc(100); + + /* maximum 15+19+19+10 bytes */ +- sprintf(buf, "%.15s%ld%ld%0.8f", remote_addr ? remote_addr : "", ++ sprintf(buf, "%.15s%ld%ld%0.8F", remote_addr ? remote_addr : "", + tv.tv_sec, tv.tv_usec, php_combined_lcg(TSRMLS_C) * 10); + + switch (PS(hash_func)) { +@@ -1435,6 +1457,11 @@ PHP_FUNCTION(session_save_path) + + if (ac == 1) { + convert_to_string_ex(p_name); ++ if (memchr(Z_STRVAL_PP(p_name), '\0', Z_STRLEN_PP(p_name)) != NULL) { ++ php_error_docref(NULL TSRMLS_CC, E_WARNING, "The save_path cannot contain NULL characters."); ++ efree(old); ++ RETURN_FALSE; ++ } + zend_alter_ini_entry("session.save_path", sizeof("session.save_path"), Z_STRVAL_PP(p_name), Z_STRLEN_PP(p_name), PHP_INI_USER, PHP_INI_STAGE_RUNTIME); + } + +diff -Nurp orig/main/php_variables.c new/main/php_variables.c +--- orig/main/php_variables.c 2007-02-21 09:31:20.000000000 +0100 ++++ new/main/php_variables.c 2007-02-21 09:32:31.000000000 +0100 +@@ -611,8 +611,6 @@ int php_hash_environment(TSRMLS_D) + { + char *p; + unsigned char _gpc_flags[5] = {0, 0, 0, 0, 0}; +- zval *dummy_track_vars_array = NULL; +- zend_bool initialized_dummy_track_vars_array=0; + zend_bool jit_initialization = (PG(auto_globals_jit) && !PG(register_globals) && !PG(register_long_arrays) && !PG(register_argc_argv)); + struct auto_global_record { + char *name; +@@ -703,15 +701,9 @@ int php_hash_environment(TSRMLS_D) + continue; + } + if (!PG(http_globals)[i]) { +- if (!initialized_dummy_track_vars_array) { +- ALLOC_ZVAL(dummy_track_vars_array); +- array_init(dummy_track_vars_array); +- INIT_PZVAL(dummy_track_vars_array); +- initialized_dummy_track_vars_array = 1; +- } else { +- dummy_track_vars_array->refcount++; +- } +- PG(http_globals)[i] = dummy_track_vars_array; ++ ALLOC_ZVAL(PG(http_globals)[i]); ++ array_init(PG(http_globals)[i]); ++ INIT_PZVAL(PG(http_globals)[i]); + } + + PG(http_globals)[i]->refcount++; --- php5-5.1.2.orig/debian/patches/029-php.ini_paranoid.patch +++ php5-5.1.2/debian/patches/029-php.ini_paranoid.patch @@ -0,0 +1,1199 @@ +diff -Nru php4-4.3.9.orig/php.ini-paranoid php4-4.3.9/php.ini-paranoid +--- php4-4.3.9.orig/php.ini-paranoid 1970-01-01 01:00:00.000000000 +0100 ++++ php4-4.3.9/php.ini-paranoid 2004-11-13 17:09:30.000000000 +0100 +@@ -0,0 +1,1195 @@ ++[PHP] ++ ++;;;;;;;;;;;;;;;;;;; ++; About this file ; ++;;;;;;;;;;;;;;;;;;; ++; ++; This is the paranoid, PHP 4-style version of the php.ini-dist file. It ++; sets some non standard settings, that make PHP more efficient, more secure ++; in a very paranoid way. Note that these security settings will make some ++; applications not work properly. ++; ++; The price is that with these settings, PHP may be incompatible with some ++; applications, and sometimes, more difficult to develop with. Using this ++; file is recommended for production sites which want a high degree of ++; security. As all of the changes from the standard settings are thoroughly ++; documented, you can go over each one, ++; and decide whether you want to use it or not. ++; ++; For general information about the php.ini file, please consult the ++; php.ini-dist file, included in your PHP distribution. ++; ++; For further information see ++; http://www.php.net/features.safe-mode ++; http://www.phpsecure.info/ ++; ++; This file is different from the php.ini-dist file in the fact that it features ++; different values for several directives, in order to improve performance, while ++; possibly breaking compatibility with the standard out-of-the-box behavior of ++; PHP 3. Please make sure you read what's different, and modify your scripts ++; accordingly, if you decide to use this file instead. ++; ++; - safe_mode = On [Security, Performance loss] ++; Do UID checks when opening files. Enabling safe_mode also enables ++; other functions related to this mode. For more information read: ++; http://www.php.net/features.safe-mode ++; Worthwhile reading, however, is also ++; http://ilia.ws/archives/18_PHPs_safe_mode_or_how_not_to_implement_security.html ++; Bottomline: Do not trust that safe_mode will drive all your security vulnerabilities ++; away. ++; ++; - safe_mode_protected_env_vars = LD_LIBRARY_PATH PATH [Security] ++; Environment variables that users will not be able to modify through ++; putenv() ++; ++; - open_basedir = /var/www/:/usr/lib/php4/ [Security, Performance loss] ++; Limits the files that PHP can access to the directories specified. ++; This includes the webroot and the usual location of PHP libraries ++; (e.g. PEAR). Since all file locations are checked against this list ++; before any access is allowed, this impacts in the performance of all ++; file operations. ++; ++; - disable_functions = dl, phpinfo, system, .... [Security] ++; Some functions can be used by attackers and can be malversed by ++; applications, the list (not complete) of functions disabled includes ++; functions which might have a severe impact to the system if wrongly used ++; in scripts or subverted remotely by attackers. ++; ++; - expose_php = Off [?Security?] ++; Not exposing that PHP is used in the site (nor its version) can affect ++; how some dumb worms attempt to attack the site. Many might ++; not check this and attempt to compromise the server nevertheless, ++; however. This setting is just 'security by obscurity' so no real ++; security at all (save vs. the dumbest attackers) ++; ++; - error_log = syslog [Security, Performance log] ++; All errors are reported to syslog so that the errors can be easily ++; sent outsite the site to a syslog server. This prevents an intruder ++; from tampering with them in an attempt to hide his tracks since the ++; logs are stored in a different location. It also helps in forensic ++; investigation or when using automatic tools to produce reports or ++; generate alarms based on the syslog information. ++; ++; - register_globals = Off [Security, Performance] ++; Global variables are no longer registered for input data (POST, GET, cookies, ++; environment and other server variables). Instead of using $foo, you must use ++; you can use $_REQUEST["foo"] (includes any variable that arrives through the ++; request, namely, POST, GET and cookie variables), or use one of the specific ++; $_GET["foo"], $_POST["foo"], $_COOKIE["foo"] or $_FILES["foo"], depending ++; on where the input originates. Also, you can look at the ++; import_request_variables() function. ++; Note that register_globals is going to be depracated (i.e., turned off by ++; default) in the next version of PHP, because it often leads to security bugs. ++; Read http://php.net/manual/en/security.registerglobals.php for further ++; information. ++; - display_errors = Off [Security] ++; With this directive set to off, errors that occur during the execution of ++; scripts will no longer be displayed as a part of the script output, and thus, ++; will no longer be exposed to remote users. With some errors, the error message ++; content may expose information about your script, web server, or database ++; server that may be exploitable for hacking. Production sites should have this ++; directive set to off. ++; - log_errors = On [Security] ++; This directive complements the above one. Any errors that occur during the ++; execution of your script will be logged (typically, to your server's error log, ++; but can be configured in several ways). Along with setting display_errors to off, ++; this setup gives you the ability to fully understand what may have gone wrong, ++; without exposing any sensitive information to remote users. ++; - output_buffering = 4096 [Performance] ++; Set a 4KB output buffer. Enabling output buffering typically results in less ++; writes, and sometimes less packets sent on the wire, which can often lead to ++; better performance. The gain this directive actually yields greatly depends ++; on which Web server you're working with, and what kind of scripts you're using. ++; - register_argc_argv = Off [Performance] ++; Disables registration of the somewhat redundant $argv and $argc global ++; variables. ++; - magic_quotes_gpc = On [Security] ++; Input data is escaped with slashes so that applications that do ++; not use addslashes() are not so easily subjected to SQL injection ++; when talking to SQL databases. ++; ++; - variables_order = "GPCS" [Performance] ++; The environment variables are not hashed into the $HTTP_ENV_VARS[]. To access ++; environment variables, you can use getenv() instead. ++; - error_reporting = E_ALL [Code Cleanliness, Security(?)] ++; By default, PHP surpresses errors of type E_NOTICE. These error messages ++; are emitted for non-critical errors, but that could be a symptom of a bigger ++; problem. Most notably, this will cause error messages about the use ++; of uninitialized variables to be displayed. ++; - allow_call_time_pass_reference = Off [Code cleanliness] ++; It's not possible to decide to force a variable to be passed by reference ++; when calling a function. The PHP 4 style to do this is by making the ++; function require the relevant argument by reference. ++; ++; - enable_dl = Off [Security] ++; The dl() function is not needed in most environments and does introduce ++; a number of security issues. ++; - file_uploads = Off [Security] ++; File uploads should not be allowed to the server. ++; - allow_url_fopen = Off [Security] ++; File calls should not transparently retrieve files from the network ++; since this could be subverted by attackers in poorly coded scripts ++; by forcing them to download (and execute) malicious remote content ++; from compromised hosts. This behaviour has been observed in automatic ++; worms/tools that use it to scan and propagate through badly written ++; applications (in conjuntion with other unsafe features) ++; http://myhost/myapplication.php?include=http://roguesever/rogueapp.php ++ ++ ++;;;;;;;;;;;;;;;;;;;; ++; Language Options ; ++;;;;;;;;;;;;;;;;;;;; ++ ++; Enable the PHP scripting language engine under Apache. ++engine = On ++ ++; Allow the tags are recognized. ++; NOTE: Using short tags should be avoided when developing applications or ++; libraries that are meant for redistribution, or deployment on PHP ++; servers which are not under your control, because short tags may not ++; be supported on the target server. For portable, redistributable code, ++; be sure not to use short tags. ++short_open_tag = On ++ ++; Allow ASP-style <% %> tags. ++asp_tags = Off ++ ++; The number of significant digits displayed in floating point numbers. ++precision = 14 ++ ++; Enforce year 2000 compliance (will cause problems with non-compliant browsers) ++y2k_compliance = On ++ ++; Output buffering allows you to send header lines (including cookies) even ++; after you send body content, at the price of slowing PHP's output layer a ++; bit. You can enable output buffering during runtime by calling the output ++; buffering functions. You can also enable output buffering for all files by ++; setting this directive to On. If you wish to limit the size of the buffer ++; to a certain size - you can use a maximum number of bytes instead of 'On', as ++; a value for this directive (e.g., output_buffering=4096). ++output_buffering = 4096 ++ ++; You can redirect all of the output of your scripts to a function. For ++; example, if you set output_handler to "mb_output_handler", character ++; encoding will be transparently converted to the specified encoding. ++; Setting any output handler automatically turns on output buffering. ++; Note: People who wrote portable scripts should not depend on this ini ++; directive. Instead, explicitly set the output handler using ob_start(). ++; Using this ini directive may cause problems unless you know what script ++; is doing. ++; Note: You cannot use both "mb_output_handler" with "ob_iconv_handler" ++; and you cannot use both "ob_gzhandler" and "zlib.output_compression". ++;output_handler = ++ ++; Transparent output compression using the zlib library ++; Valid values for this option are 'off', 'on', or a specific buffer size ++; to be used for compression (default is 4KB) ++; Note: Resulting chunk size may vary due to nature of compression. PHP ++; outputs chunks that are few handreds bytes each as a result of compression. ++; If you want larger chunk size for better performence, enable output_buffering ++; also. ++; Note: output_handler must be empty if this is set 'On' !!!! ++; Instead you must use zlib.output_handler. ++zlib.output_compression = Off ++ ++; You cannot specify additional output handlers if zlib.output_compression ++; is activated here. This setting does the same as output_handler but in ++; a different order. ++;zlib.output_handler = ++ ++; Implicit flush tells PHP to tell the output layer to flush itself ++; automatically after every output block. This is equivalent to calling the ++; PHP function flush() after each and every call to print() or echo() and each ++; and every HTML block. Turning this option on has serious performance ++; implications and is generally recommended for debugging purposes only. ++implicit_flush = Off ++ ++; The unserialize callback function will be called (with the undefined class' ++; name as parameter), if the unserializer finds an undefined class ++; which should be instanciated. ++; A warning appears if the specified function is not defined, or if the ++; function doesn't include/implement the missing class. ++; So only set this entry, if you really want to implement such a ++; callback-function. ++unserialize_callback_func= ++ ++; When floats & doubles are serialized store serialize_precision significant ++; digits after the floating point. The default value ensures that when floats ++; are decoded with unserialize, the data will remain the same. ++serialize_precision = 100 ++ ++; Whether to enable the ability to force arguments to be passed by reference ++; at function call time. This method is deprecated and is likely to be ++; unsupported in future versions of PHP/Zend. The encouraged method of ++; specifying which arguments should be passed by reference is in the function ++; declaration. You're encouraged to try and turn this option Off and make ++; sure your scripts work properly with it in order to ensure they will work ++; with future versions of the language (you will receive a warning each time ++; you use this feature, and the argument will be passed by value instead of by ++; reference). ++allow_call_time_pass_reference = Off ++ ++; ++; Safe Mode ++; ++safe_mode = On ++ ++; By default, Safe Mode does a UID compare check when ++; opening files. If you want to relax this to a GID compare, ++; then turn on safe_mode_gid. ++safe_mode_gid = Off ++ ++; When safe_mode is on, UID/GID checks are bypassed when ++; including files from this directory and its subdirectories. ++; (directory must also be in include_path or full path must ++; be used when including) ++safe_mode_include_dir = ++ ++; When safe_mode is on, only executables located in the safe_mode_exec_dir ++; will be allowed to be executed via the exec family of functions. ++; ++; Note: This should be customised per site (if exec is permitted) ++safe_mode_exec_dir = ++ ++; Setting certain environment variables may be a potential security breach. ++; This directive contains a comma-delimited list of prefixes. In Safe Mode, ++; the user may only alter environment variables whose names begin with the ++; prefixes supplied here. By default, users will only be able to set ++; environment variables that begin with PHP_ (e.g. PHP_FOO=BAR). ++; ++; Note: If this directive is empty, PHP will let the user modify ANY ++; environment variable! ++safe_mode_allowed_env_vars = PHP_ ++ ++; This directive contains a comma-delimited list of environment variables that ++; the end user won't be able to change using putenv(). These variables will be ++; protected even if safe_mode_allowed_env_vars is set to allow to change them. ++safe_mode_protected_env_vars = LD_LIBRARY_PATH,PATH ++ ++; open_basedir, if set, limits all file operations to the defined directory ++; and below. This directive makes most sense if used in a per-directory ++; or per-virtualhost web server configuration file. This directive is ++; *NOT* affected by whether Safe Mode is turned On or Off. ++; ++; In Debian, the WebRoot is /var/www/ so we limit file operations to it. ++open_basedir = /var/www/:/usr/lib/php4/ ++ ++; This directive allows you to disable certain functions for security reasons. ++; It receives a comma-delimited list of function names. This directive is ++; *NOT* affected by whether Safe Mode is turned On or Off. ++; ++; Note: The list of functions disabled here might break some applications ++; however, they are considered dangerous and often subverted by attackers ++; remotely ++disable_functions = dl, phpinfo, system, mail, include, shell_exec, exec, escapeshellarg, escapeshellcmd, passthru, proc_close, proc_open, proc_get_status, proc_nice, proc_open, proc_terminate, popen, pclose, chown, disk_free_space, disk_total_space, diskfreespace, fileinode, max_execution_time, set_time_limit,highlight_file, show_source ++ ++; This directive allows you to disable certain classes for security reasons. ++; It receives a comma-delimited list of class names. This directive is ++; *NOT* affected by whether Safe Mode is turned On or Off. ++disable_classes = ++ ++; Colors for Syntax Highlighting mode. Anything that's acceptable in ++; would work. ++;highlight.string = #DD0000 ++;highlight.comment = #FF9900 ++;highlight.keyword = #007700 ++;highlight.bg = #FFFFFF ++;highlight.default = #0000BB ++;highlight.html = #000000 ++ ++ ++; ++; Misc ++; ++; Decides whether PHP may expose the fact that it is installed on the server ++; (e.g. by adding its signature to the Web server header). It is no security ++; threat in any way, but it makes it possible to determine whether you use PHP ++; on your server or not. ++expose_php = Off ++ ++ ++;;;;;;;;;;;;;;;;;;; ++; Resource Limits ; ++;;;;;;;;;;;;;;;;;;; ++ ++max_execution_time = 30 ; Maximum execution time of each script, in seconds ++max_input_time = 60 ; Maximum amount of time each script may spend parsing request data ++memory_limit = 8M ; Maximum amount of memory a script may consume (8MB) ++ ++ ++;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ++; Error handling and logging ; ++;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ++ ++; error_reporting is a bit-field. Or each number up to get desired error ++; reporting level ++; E_ALL - All errors and warnings ++; E_ERROR - fatal run-time errors ++; E_WARNING - run-time warnings (non-fatal errors) ++; E_PARSE - compile-time parse errors ++; E_NOTICE - run-time notices (these are warnings which often result ++; from a bug in your code, but it's possible that it was ++; intentional (e.g., using an uninitialized variable and ++; relying on the fact it's automatically initialized to an ++; empty string) ++; E_CORE_ERROR - fatal errors that occur during PHP's initial startup ++; E_CORE_WARNING - warnings (non-fatal errors) that occur during PHP's ++; initial startup ++; E_COMPILE_ERROR - fatal compile-time errors ++; E_COMPILE_WARNING - compile-time warnings (non-fatal errors) ++; E_USER_ERROR - user-generated error message ++; E_USER_WARNING - user-generated warning message ++; E_USER_NOTICE - user-generated notice message ++; ++; Examples: ++; ++; - Show all errors, except for notices ++; ++;error_reporting = E_ALL & ~E_NOTICE ++; ++; - Show only errors ++; ++;error_reporting = E_COMPILE_ERROR|E_ERROR|E_CORE_ERROR ++; ++; - Show all errors ++; ++error_reporting = E_ALL ++ ++; Print out errors (as a part of the output). For production web sites, ++; you're strongly encouraged to turn this feature off, and use error logging ++; instead (see below). Keeping display_errors enabled on a production web site ++; may reveal security information to end users, such as file paths on your Web ++; server, your database schema or other information. ++display_errors = Off ++ ++; Even when display_errors is on, errors that occur during PHP's startup ++; sequence are not displayed. It's strongly recommended to keep ++; display_startup_errors off, except for when debugging. ++display_startup_errors = Off ++ ++; Log errors into a log file (server-specific log, stderr, or error_log (below)) ++; As stated above, you're strongly advised to use error logging in place of ++; error displaying on production web sites. ++log_errors = On ++ ++; Set maximum length of log_errors. In error_log information about the source is ++; added. The default is 1024 and 0 allows to not apply any maximum length at all. ++log_errors_max_len = 1024 ++ ++; Do not log repeated messages. Repeated errors must occur in same file on same ++; line until ignore_repeated_source is set true. ++ignore_repeated_errors = Off ++ ++; Ignore source of message when ignoring repeated messages. When this setting ++; is On you will not log errors with repeated messages from different files or ++; sourcelines. ++ignore_repeated_source = Off ++ ++; If this parameter is set to Off, then memory leaks will not be shown (on ++; stdout or in the log). This has only effect in a debug compile, and if ++; error reporting includes E_WARNING in the allowed list ++report_memleaks = On ++ ++; Store the last error/warning message in $php_errormsg (boolean). ++track_errors = Off ++ ++; Disable the inclusion of HTML tags in error messages. ++html_errors = Off ++ ++; If html_errors is set On PHP produces clickable error messages that direct ++; to a page describing the error or function causing the error in detail. ++; You can download a copy of the PHP manual from http://www.php.net/docs.php ++; and change docref_root to the base URL of your local copy including the ++; leading '/'. You must also specify the file extension being used including ++; the dot. ++;docref_root = "/phpmanual/" ++;docref_ext = .html ++ ++; String to output before an error message. ++;error_prepend_string = "" ++ ++; String to output after an error message. ++;error_append_string = "" ++ ++; Log errors to specified file. ++;error_log = filename ++ ++; Log errors to syslog (Event Log on NT, not valid in Windows 95). ++error_log = syslog ++ ++ ++;;;;;;;;;;;;;;;;; ++; Data Handling ; ++;;;;;;;;;;;;;;;;; ++; ++; Note - track_vars is ALWAYS enabled as of PHP 4.0.3 ++ ++; The separator used in PHP generated URLs to separate arguments. ++; Default is "&". ++;arg_separator.output = "&" ++ ++; List of separator(s) used by PHP to parse input URLs into variables. ++; Default is "&". ++; NOTE: Every character in this directive is considered as separator! ++;arg_separator.input = ";&" ++ ++; This directive describes the order in which PHP registers GET, POST, Cookie, ++; Environment and Built-in variables (G, P, C, E & S respectively, often ++; referred to as EGPCS or GPC). Registration is done from left to right, newer ++; values override older values. ++variables_order = "GPCS" ++ ++; Whether or not to register the EGPCS variables as global variables. You may ++; want to turn this off if you don't want to clutter your scripts' global scope ++; with user data. This makes most sense when coupled with track_vars - in which ++; case you can access all of the GPC variables through the $HTTP_*_VARS[], ++; variables. ++; ++; You should do your best to write your scripts so that they do not require ++; register_globals to be on; Using form variables as globals can easily lead ++; to possible security problems, if the code is not very well thought of. ++register_globals = Off ++ ++; This directive tells PHP whether to declare the argv&argc variables (that ++; would contain the GET information). If you don't use these variables, you ++; should turn it off for increased performance. ++register_argc_argv = Off ++ ++; Maximum size of POST data that PHP will accept. ++post_max_size = 8M ++ ++; This directive is deprecated. Use variables_order instead. ++gpc_order = "GPC" ++ ++; Magic quotes ++; ++ ++; Magic quotes for incoming GET/POST/Cookie data. ++magic_quotes_gpc = On ++ ++; Magic quotes for runtime-generated data, e.g. data from SQL, from exec(), etc. ++magic_quotes_runtime = Off ++ ++; Use Sybase-style magic quotes (escape ' with '' instead of \'). ++magic_quotes_sybase = Off ++ ++; Automatically add files before or after any PHP document. ++auto_prepend_file = ++auto_append_file = ++ ++; As of 4.0b4, PHP always outputs a character encoding by default in ++; the Content-type: header. To disable sending of the charset, simply ++; set it to be empty. ++; ++; PHP's built-in default is text/html ++default_mimetype = "text/html" ++;default_charset = "iso-8859-1" ++ ++; Always populate the $HTTP_RAW_POST_DATA variable. ++;always_populate_raw_post_data = On ++ ++ ++;;;;;;;;;;;;;;;;;;;;;;;;; ++; Paths and Directories ; ++;;;;;;;;;;;;;;;;;;;;;;;;; ++ ++; UNIX: "/path1:/path2" ++;include_path = ".:/php/includes" ++; ++; Windows: "\path1;\path2" ++;include_path = ".;c:\php\includes" ++ ++; The root of the PHP pages, used only if nonempty. ++; if PHP was not compiled with FORCE_REDIRECT, you SHOULD set doc_root ++; if you are running php as a CGI under any web server (other than IIS) ++; see documentation for security issues. The alternate is to use the ++; cgi.force_redirect configuration below ++doc_root = ++ ++; The directory under which PHP opens the script using /~usernamem used only ++; if nonempty. ++user_dir = ++ ++; Directory in which the loadable extensions (modules) reside. ++extension_dir = "./" ++ ++; Whether or not to enable the dl() function. The dl() function does NOT work ++; properly in multithreaded servers, such as IIS or Zeus, and is automatically ++; disabled on them. ++; ++; The dl function also introduces security issues. ++enable_dl = Off ++ ++; cgi.force_redirect is necessary to provide security running PHP as a CGI under ++; most web servers. Left undefined, PHP turns this on by default. You can ++; turn it off here AT YOUR OWN RISK ++; **You CAN safely turn this off for IIS, in fact, you MUST.** ++; cgi.force_redirect = 1 ++ ++; if cgi.nph is enabled it will force cgi to always sent Status: 200 with ++; every request. ++; cgi.nph = 1 ++ ++; if cgi.force_redirect is turned on, and you are not running under Apache or Netscape ++; (iPlanet) web servers, you MAY need to set an environment variable name that PHP ++; will look for to know it is OK to continue execution. Setting this variable MAY ++; cause security issues, KNOW WHAT YOU ARE DOING FIRST. ++; cgi.redirect_status_env = ; ++ ++; cgi.fix_pathinfo provides *real* PATH_INFO/PATH_TRANSLATED support for CGI. PHP's ++; previous behaviour was to set PATH_TRANSLATED to SCRIPT_FILENAME, and to not grok ++; what PATH_INFO is. For more information on PATH_INFO, see the cgi specs. Setting ++; this to 1 will cause PHP CGI to fix it's paths to conform to the spec. A setting ++; of zero causes PHP to behave as before. Default is zero. You should fix your scripts ++; to use SCRIPT_FILENAME rather than PATH_TRANSLATED. ++; cgi.fix_pathinfo=1 ++ ++; FastCGI under IIS (on WINNT based OS) supports the ability to impersonate ++; security tokens of the calling client. This allows IIS to define the ++; security context that the request runs under. mod_fastcgi under Apache ++; does not currently support this feature (03/17/2002) ++; Set to 1 if running under IIS. Default is zero. ++; fastcgi.impersonate = 1; ++ ++; cgi.rfc2616_headers configuration option tells PHP what type of headers to ++; use when sending HTTP response code. If it's set 0 PHP sends Status: header that ++; is supported by Apache. When this option is set to 1 PHP will send ++; RFC2616 compliant header. ++; Default is zero. ++;cgi.rfc2616_headers = 0 ++ ++ ++;;;;;;;;;;;;;;;; ++; File Uploads ; ++;;;;;;;;;;;;;;;; ++ ++; Whether to allow HTTP file uploads. ++file_uploads = Off ++ ++; Temporary directory for HTTP uploaded files (will use system default if not ++; specified). ++;upload_tmp_dir = ++ ++; Maximum allowed size for uploaded files. ++upload_max_filesize = 2M ++ ++ ++;;;;;;;;;;;;;;;;;; ++; Fopen wrappers ; ++;;;;;;;;;;;;;;;;;; ++ ++; Whether to allow the treatment of URLs (like http:// or ftp://) as files. ++; ++; This is turned off to avoid variable redefinition by remote attacker ++; that attempts to have the server download (and execute) a remote file ++; from a compromised host. This behaviour has been observed in automatic ++; scanning against badly written applications: ++; http://myhost/myapplication.php?include=http://roguesever/rogueapp.php ++allow_url_fopen = Off ++ ++; Define the anonymous ftp password (your email address) ++;from="john@doe.com" ++ ++; Define the user agent for php to send ++;user_agent="PHP" ++ ++; Default timeout for socket based streams (seconds) ++default_socket_timeout = 60 ++ ++; If your scripts have to deal with files from Macintosh systems, ++; or you are running on a Mac and need to deal with files from ++; unix or win32 systems, setting this flag will cause PHP to ++; automatically detect the EOL character in those files so that ++; fgets() and file() will work regardless of the source of the file. ++; auto_detect_line_endings = Off ++ ++ ++;;;;;;;;;;;;;;;;;;;;;; ++; Dynamic Extensions ; ++;;;;;;;;;;;;;;;;;;;;;; ++; ++; If you wish to have an extension loaded automatically, use the following ++; syntax: ++; ++; extension=modulename.extension ++; ++; For example, on Windows: ++; ++; extension=msql.dll ++; ++; ... or under UNIX: ++; ++; extension=msql.so ++; ++; Note that it should be the name of the module only; no directory information ++; needs to go here. Specify the location of the extension with the ++; extension_dir directive above. ++ ++ ++;Windows Extensions ++;Note that MySQL and ODBC support is now built in, so no dll is needed for it. ++; ++;extension=php_bz2.dll ++;extension=php_cpdf.dll ++;extension=php_crack.dll ++;extension=php_curl.dll ++;extension=php_db.dll ++;extension=php_dba.dll ++;extension=php_dbase.dll ++;extension=php_dbx.dll ++;extension=php_domxml.dll ++;extension=php_exif.dll ++;extension=php_fdf.dll ++;extension=php_filepro.dll ++;extension=php_gd2.dll ++;extension=php_gettext.dll ++;extension=php_hyperwave.dll ++;extension=php_iconv.dll ++;extension=php_ifx.dll ++;extension=php_iisfunc.dll ++;extension=php_imap.dll ++;extension=php_interbase.dll ++;extension=php_java.dll ++;extension=php_ldap.dll ++;extension=php_mbstring.dll ++;extension=php_mcrypt.dll ++;extension=php_mhash.dll ++;extension=php_mime_magic.dll ++;extension=php_ming.dll ++;extension=php_mssql.dll ++;extension=php_msql.dll ++;extension=php_oci8.dll ++;extension=php_openssl.dll ++;extension=php_oracle.dll ++;extension=php_pdf.dll ++;extension=php_pgsql.dll ++;extension=php_printer.dll ++;extension=php_shmop.dll ++;extension=php_snmp.dll ++;extension=php_sockets.dll ++;extension=php_sybase_ct.dll ++;extension=php_w32api.dll ++;extension=php_xmlrpc.dll ++;extension=php_xslt.dll ++;extension=php_yaz.dll ++;extension=php_zip.dll ++ ++ ++;;;;;;;;;;;;;;;;;;; ++; Module Settings ; ++;;;;;;;;;;;;;;;;;;; ++ ++[Syslog] ++; Whether or not to define the various syslog variables (e.g. $LOG_PID, ++; $LOG_CRON, etc.). Turning it off is a good idea performance-wise. In ++; runtime, you can define these variables by calling define_syslog_variables(). ++define_syslog_variables = Off ++ ++[mail function] ++; For Win32 only. ++SMTP = localhost ++smtp_port = 25 ++ ++; For Win32 only. ++;sendmail_from = me@example.com ++ ++; For Unix only. You may supply arguments as well (default: "sendmail -t -i"). ++;sendmail_path = ++ ++[Java] ++;java.class.path = .\php_java.jar ++;java.home = c:\jdk ++;java.library = c:\jdk\jre\bin\hotspot\jvm.dll ++;java.library.path = .\ ++ ++[SQL] ++sql.safe_mode = On ++ ++[ODBC] ++;odbc.default_db = Not yet implemented ++;odbc.default_user = Not yet implemented ++;odbc.default_pw = Not yet implemented ++ ++; Allow or prevent persistent links. ++odbc.allow_persistent = On ++ ++; Check that a connection is still valid before reuse. ++odbc.check_persistent = On ++ ++; Maximum number of persistent links. -1 means no limit. ++odbc.max_persistent = -1 ++ ++; Maximum number of links (persistent + non-persistent). -1 means no limit. ++odbc.max_links = -1 ++ ++; Handling of LONG fields. Returns number of bytes to variables. 0 means ++; passthru. ++odbc.defaultlrl = 4096 ++ ++; Handling of binary data. 0 means passthru, 1 return as is, 2 convert to char. ++; See the documentation on odbc_binmode and odbc_longreadlen for an explanation ++; of uodbc.defaultlrl and uodbc.defaultbinmode ++odbc.defaultbinmode = 1 ++ ++[MySQL] ++; Allow or prevent persistent links. ++mysql.allow_persistent = On ++ ++; Maximum number of persistent links. -1 means no limit. ++mysql.max_persistent = -1 ++ ++; Maximum number of links (persistent + non-persistent). -1 means no limit. ++mysql.max_links = -1 ++ ++; Default port number for mysql_connect(). If unset, mysql_connect() will use ++; the $MYSQL_TCP_PORT or the mysql-tcp entry in /etc/services or the ++; compile-time value defined MYSQL_PORT (in that order). Win32 will only look ++; at MYSQL_PORT. ++mysql.default_port = ++ ++; Default socket name for local MySQL connects. If empty, uses the built-in ++; MySQL defaults. ++mysql.default_socket = ++ ++; Default host for mysql_connect() (doesn't apply in safe mode). ++mysql.default_host = ++ ++; Default user for mysql_connect() (doesn't apply in safe mode). ++mysql.default_user = ++ ++; Default password for mysql_connect() (doesn't apply in safe mode). ++; Note that this is generally a *bad* idea to store passwords in this file. ++; *Any* user with PHP access can run 'echo get_cfg_var("mysql.default_password") ++; and reveal this password! And of course, any users with read access to this ++; file will be able to reveal the password as well. ++mysql.default_password = ++ ++; Maximum time (in seconds) for connect timeout. -1 means no limit ++mysql.connect_timeout = 60 ++ ++; Trace mode. When trace_mode is active (=On), warnings for table/index scans and ++; SQL-Errors will be displayed. ++mysql.trace_mode = Off ++ ++[mSQL] ++; Allow or prevent persistent links. ++msql.allow_persistent = On ++ ++; Maximum number of persistent links. -1 means no limit. ++msql.max_persistent = -1 ++ ++; Maximum number of links (persistent+non persistent). -1 means no limit. ++msql.max_links = -1 ++ ++[PostgresSQL] ++; Allow or prevent persistent links. ++pgsql.allow_persistent = On ++ ++; Detect broken persistent links always with pg_pconnect(). ++; Auto reset feature requires a little overheads. ++pgsql.auto_reset_persistent = Off ++ ++; Maximum number of persistent links. -1 means no limit. ++pgsql.max_persistent = -1 ++ ++; Maximum number of links (persistent+non persistent). -1 means no limit. ++pgsql.max_links = -1 ++ ++; Ignore PostgreSQL backends Notice message or not. ++; Notice message logging require a little overheads. ++pgsql.ignore_notice = 0 ++ ++; Log PostgreSQL backends Noitce message or not. ++; Unless pgsql.ignore_notice=0, module cannot log notice message. ++pgsql.log_notice = 0 ++ ++[Sybase] ++; Allow or prevent persistent links. ++sybase.allow_persistent = On ++ ++; Maximum number of persistent links. -1 means no limit. ++sybase.max_persistent = -1 ++ ++; Maximum number of links (persistent + non-persistent). -1 means no limit. ++sybase.max_links = -1 ++ ++;sybase.interface_file = "/usr/sybase/interfaces" ++ ++; Minimum error severity to display. ++sybase.min_error_severity = 10 ++ ++; Minimum message severity to display. ++sybase.min_message_severity = 10 ++ ++; Compatability mode with old versions of PHP 3.0. ++; If on, this will cause PHP to automatically assign types to results according ++; to their Sybase type, instead of treating them all as strings. This ++; compatibility mode will probably not stay around forever, so try applying ++; whatever necessary changes to your code, and turn it off. ++sybase.compatability_mode = Off ++ ++[Sybase-CT] ++; Allow or prevent persistent links. ++sybct.allow_persistent = On ++ ++; Maximum number of persistent links. -1 means no limit. ++sybct.max_persistent = -1 ++ ++; Maximum number of links (persistent + non-persistent). -1 means no limit. ++sybct.max_links = -1 ++ ++; Minimum server message severity to display. ++sybct.min_server_severity = 10 ++ ++; Minimum client message severity to display. ++sybct.min_client_severity = 10 ++ ++[dbx] ++; returned column names can be converted for compatibility reasons ++; possible values for dbx.colnames_case are ++; "unchanged" (default, if not set) ++; "lowercase" ++; "uppercase" ++; the recommended default is either upper- or lowercase, but ++; unchanged is currently set for backwards compatibility ++dbx.colnames_case = "lowercase" ++ ++[bcmath] ++; Number of decimal digits for all bcmath functions. ++bcmath.scale = 0 ++ ++[browscap] ++;browscap = extra/browscap.ini ++ ++[Informix] ++; Default host for ifx_connect() (doesn't apply in safe mode). ++ifx.default_host = ++ ++; Default user for ifx_connect() (doesn't apply in safe mode). ++ifx.default_user = ++ ++; Default password for ifx_connect() (doesn't apply in safe mode). ++ifx.default_password = ++ ++; Allow or prevent persistent links. ++ifx.allow_persistent = On ++ ++; Maximum number of persistent links. -1 means no limit. ++ifx.max_persistent = -1 ++ ++; Maximum number of links (persistent + non-persistent). -1 means no limit. ++ifx.max_links = -1 ++ ++; If on, select statements return the contents of a text blob instead of its id. ++ifx.textasvarchar = 0 ++ ++; If on, select statements return the contents of a byte blob instead of its id. ++ifx.byteasvarchar = 0 ++ ++; Trailing blanks are stripped from fixed-length char columns. May help the ++; life of Informix SE users. ++ifx.charasvarchar = 0 ++ ++; If on, the contents of text and byte blobs are dumped to a file instead of ++; keeping them in memory. ++ifx.blobinfile = 0 ++ ++; NULL's are returned as empty strings, unless this is set to 1. In that case, ++; NULL's are returned as string 'NULL'. ++ifx.nullformat = 0 ++ ++[Session] ++; Handler used to store/retrieve data. ++session.save_handler = files ++ ++; Argument passed to save_handler. In the case of files, this is the path ++; where data files are stored. Note: Windows users have to change this ++; variable in order to use PHP's session functions. ++;session.save_path = /tmp ++ ++; Whether to use cookies. ++session.use_cookies = 1 ++ ++; This option enables administrators to make their users invulnerable to ++; attacks which involve passing session ids in URLs; defaults to 0. ++; session.use_only_cookies = 1 ++ ++; Name of the session (used as cookie name). ++session.name = PHPSESSID ++ ++; Initialize session on request startup. ++session.auto_start = 0 ++ ++; Lifetime in seconds of cookie or, if 0, until browser is restarted. ++session.cookie_lifetime = 0 ++ ++; The path for which the cookie is valid. ++session.cookie_path = / ++ ++; The domain for which the cookie is valid. ++session.cookie_domain = ++ ++; Handler used to serialize data. php is the standard serializer of PHP. ++session.serialize_handler = php ++ ++; Define the probability that the 'garbage collection' process is started ++; on every session initialization. ++; The probability is calculated by using gc_probability/gc_divisor, ++; e.g. 1/100 means there is a 1% chance that the GC process starts ++; on each request. ++ ++session.gc_probability = 1 ++session.gc_divisor = 1000 ++ ++; After this number of seconds, stored data will be seen as 'garbage' and ++; cleaned up by the garbage collection process. ++session.gc_maxlifetime = 1440 ++ ++; PHP 4.2 and less have an undocumented feature/bug that allows you to ++; to initialize a session variable in the global scope, albeit register_globals ++; is disabled. PHP 4.3 and later will warn you, if this feature is used. ++; You can disable the feature and the warning separately. At this time, ++; the warning is only displayed, if bug_compat_42 is enabled. ++ ++session.bug_compat_42 = 0 ++session.bug_compat_warn = 1 ++ ++; Check HTTP Referer to invalidate externally stored URLs containing ids. ++; HTTP_REFERER has to contain this substring for the session to be ++; considered as valid. ++session.referer_check = ++ ++; How many bytes to read from the file. ++session.entropy_length = 0 ++ ++; Specified here to create the session id. ++session.entropy_file = ++ ++;session.entropy_length = 16 ++ ++;session.entropy_file = /dev/urandom ++ ++; Set to {nocache,private,public,} to determine HTTP caching aspects. ++; or leave this empty to avoid sending anti-caching headers. ++session.cache_limiter = nocache ++ ++; Document expires after n minutes. ++session.cache_expire = 180 ++ ++; trans sid support is disabled by default. ++; Use of trans sid may risk your users security. ++; Use this option with caution. ++; - User may send URL contains active session ID ++; to other person via. email/irc/etc. ++; - URL that contains active session ID may be stored ++; in publically accessible computer. ++; - User may access your site with the same session ID ++; always using URL stored in browser's history or bookmarks. ++session.use_trans_sid = 0 ++ ++; The URL rewriter will look for URLs in a defined set of HTML tags. ++; form/fieldset are special; if you include them here, the rewriter will ++; add a hidden field with the info which is otherwise appended ++; to URLs. If you want XHTML conformity, remove the form entry. ++; Note that all valid entries require a "=", even if no value follows. ++url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=fakeentry" ++ ++[MSSQL] ++; Allow or prevent persistent links. ++mssql.allow_persistent = On ++ ++; Maximum number of persistent links. -1 means no limit. ++mssql.max_persistent = -1 ++ ++; Maximum number of links (persistent+non persistent). -1 means no limit. ++mssql.max_links = -1 ++ ++; Minimum error severity to display. ++mssql.min_error_severity = 10 ++ ++; Minimum message severity to display. ++mssql.min_message_severity = 10 ++ ++; Compatability mode with old versions of PHP 3.0. ++mssql.compatability_mode = Off ++ ++; Connect timeout ++;mssql.connect_timeout = 5 ++ ++; Query timeout ++;mssql.timeout = 60 ++ ++; Valid range 0 - 2147483647. Default = 4096. ++;mssql.textlimit = 4096 ++ ++; Valid range 0 - 2147483647. Default = 4096. ++;mssql.textsize = 4096 ++ ++; Limits the number of records in each batch. 0 = all records in one batch. ++;mssql.batchsize = 0 ++ ++; Specify how datetime and datetim4 columns are returned ++; On => Returns data converted to SQL server settings ++; Off => Returns values as YYYY-MM-DD hh:mm:ss ++;mssql.datetimeconvert = On ++ ++; Use NT authentication when connecting to the server ++mssql.secure_connection = On ++ ++; Specify max number of processes. Default = 25 ++;mssql.max_procs = 25 ++ ++[Assertion] ++; Assert(expr); active by default. ++;assert.active = On ++ ++; Issue a PHP warning for each failed assertion. ++;assert.warning = On ++ ++; Don't bail out by default. ++;assert.bail = Off ++ ++; User-function to be called if an assertion fails. ++;assert.callback = 0 ++ ++; Eval the expression with current error_reporting(). Set to true if you want ++; error_reporting(0) around the eval(). ++;assert.quiet_eval = 0 ++ ++[Ingres II] ++; Allow or prevent persistent links. ++ingres.allow_persistent = On ++ ++; Maximum number of persistent links. -1 means no limit. ++ingres.max_persistent = -1 ++ ++; Maximum number of links, including persistents. -1 means no limit. ++ingres.max_links = -1 ++ ++; Default database (format: [node_id::]dbname[/srv_class]). ++ingres.default_database = ++ ++; Default user. ++ingres.default_user = ++ ++; Default password. ++ingres.default_password = ++ ++[Verisign Payflow Pro] ++; Default Payflow Pro server. ++pfpro.defaulthost = "test-payflow.verisign.com" ++ ++; Default port to connect to. ++pfpro.defaultport = 443 ++ ++; Default timeout in seconds. ++pfpro.defaulttimeout = 30 ++ ++; Default proxy IP address (if required). ++;pfpro.proxyaddress = ++ ++; Default proxy port. ++;pfpro.proxyport = ++ ++; Default proxy logon. ++;pfpro.proxylogon = ++ ++; Default proxy password. ++;pfpro.proxypassword = ++ ++[Sockets] ++; Use the system read() function instead of the php_read() wrapper. ++sockets.use_system_read = On ++ ++[com] ++; path to a file containing GUIDs, IIDs or filenames of files with TypeLibs ++;com.typelib_file = ++; allow Distributed-COM calls ++;com.allow_dcom = true ++; autoregister constants of a components typlib on com_load() ++;com.autoregister_typelib = true ++; register constants casesensitive ++;com.autoregister_casesensitive = false ++; show warnings on duplicate constat registrations ++;com.autoregister_verbose = true ++ ++[Printer] ++;printer.default_printer = "" ++ ++[mbstring] ++; language for internal character representation. ++;mbstring.language = Japanese ++ ++; internal/script encoding. ++; Some encoding cannot work as internal encoding. ++; (e.g. SJIS, BIG5, ISO-2022-*) ++;mbstring.internal_encoding = EUC-JP ++ ++; http input encoding. ++;mbstring.http_input = auto ++ ++; http output encoding. mb_output_handler must be ++; registered as output buffer to function ++;mbstring.http_output = SJIS ++ ++; enable automatic encoding translation accoding to ++; mbstring.internal_encoding setting. Input chars are ++; converted to internal encoding by setting this to On. ++; Note: Do _not_ use automatic encoding translation for ++; portable libs/applications. ++;mbstring.encoding_translation = Off ++ ++; automatic encoding detection order. ++; auto means ++;mbstring.detect_order = auto ++ ++; substitute_character used when character cannot be converted ++; one from another ++;mbstring.substitute_character = none; ++ ++; overload(replace) single byte functions by mbstring functions. ++; mail(), ereg(), etc are overloaded by mb_send_mail(), mb_ereg(), ++; etc. Possible values are 0,1,2,4 or combination of them. ++; For example, 7 for overload everything. ++; 0: No overload ++; 1: Overload mail() function ++; 2: Overload str*() functions ++; 4: Overload ereg*() functions ++;mbstring.func_overload = 0 ++ ++[FrontBase] ++;fbsql.allow_persistent = On ++;fbsql.autocommit = On ++;fbsql.default_database = ++;fbsql.default_database_password = ++;fbsql.default_host = ++;fbsql.default_password = ++;fbsql.default_user = "_SYSTEM" ++;fbsql.generate_warnings = Off ++;fbsql.max_connections = 128 ++;fbsql.max_links = 128 ++;fbsql.max_persistent = -1 ++;fbsql.max_results = 128 ++;fbsql.batchSize = 1000 ++ ++[Crack] ++; Modify the setting below to match the directory location of the cracklib ++; dictionary files. Include the base filename, but not the file extension. ++; crack.default_dictionary = "c:\php\lib\cracklib_dict" ++ ++[exif] ++; Exif UNICODE user comments are handled as UCS-2BE/UCS-2LE and JIS as JIS. ++; With mbstring support this will automatically be converted into the encoding ++; given by corresponding encode setting. When empty mbstring.internal_encoding ++; is used. For the decode settings you can distinguish between motorola and ++; intel byte order. A decode setting cannot be empty. ++;exif.encode_unicode = ISO-8859-15 ++;exif.decode_unicode_motorola = UCS-2BE ++;exif.decode_unicode_intel = UCS-2LE ++;exif.encode_jis = ++;exif.decode_jis_motorola = JIS ++;exif.decode_jis_intel = JIS ++ ++; Local Variables: ++; tab-width: 4 ++; End: --- php5-5.1.2.orig/debian/patches/CVE-2007-0909_print.patch +++ php5-5.1.2/debian/patches/CVE-2007-0909_print.patch @@ -0,0 +1,15 @@ +diff -Nurp orig/ext/standard/formatted_print.c new/ext/standard/formatted_print.c +--- orig/ext/standard/formatted_print.c 2007-02-21 08:56:46.000000000 +0100 ++++ new/ext/standard/formatted_print.c 2007-02-21 08:57:26.000000000 +0100 +@@ -485,9 +485,10 @@ php_formatted_print(int ht, int *len, in + { + zval ***args, **z_format; + int argc, size = 240, inpos = 0, outpos = 0, temppos; +- int alignment, width, precision, currarg, adjusting, argnum; ++ int alignment, currarg, adjusting; + char *format, *result, padding; + int always_sign; ++ long argnum, width, precision; + + argc = ZEND_NUM_ARGS(); + --- php5-5.1.2.orig/debian/patches/MOPB-41.patch +++ php5-5.1.2/debian/patches/MOPB-41.patch @@ -0,0 +1,39 @@ +diff -uNrp php5-5.1.6-unpatched/ext/sqlite/sess_sqlite.c php5-5.1.6/ext/sqlite/sess_sqlite.c +--- php5-5.1.6-unpatched/ext/sqlite/sess_sqlite.c 2006-01-01 04:50:14.000000000 -0800 ++++ php5-5.1.6/ext/sqlite/sess_sqlite.c 2007-04-23 16:28:46.000000000 -0700 +@@ -31,6 +31,11 @@ + extern int sqlite_encode_binary(const unsigned char *in, int n, unsigned char *out); + extern int sqlite_decode_binary(const unsigned char *in, unsigned char *out); + ++#define php_sqlite_decode_binary(in, out) ( \ ++ (!in || !*in) ? 0 : \ ++ sqlite_decode_binary((const unsigned char *)in, (unsigned char *)out) \ ++) ++ + PS_FUNCS(sqlite); + + ps_module ps_mod_sqlite = { +@@ -111,7 +116,7 @@ PS_READ_FUNC(sqlite) + if (rowdata[0] != NULL) { + *vallen = strlen(rowdata[0]); + *val = emalloc(*vallen); +- *vallen = sqlite_decode_binary(rowdata[0], *val); ++ *vallen = php_sqlite_decode_binary(rowdata[0], *val); + (*val)[*vallen] = '\0'; + } + break; +diff -uNrp php5-5.1.6-unpatched/ext/sqlite/sqlite.c php5-5.1.6/ext/sqlite/sqlite.c +--- php5-5.1.6-unpatched/ext/sqlite/sqlite.c 2006-04-18 07:30:15.000000000 -0700 ++++ php5-5.1.6/ext/sqlite/sqlite.c 2007-04-23 16:28:46.000000000 -0700 +@@ -72,7 +72,10 @@ extern int sqlite_encode_binary(const un + extern int sqlite_decode_binary(const unsigned char *in, unsigned char *out); + + #define php_sqlite_encode_binary(in, n, out) sqlite_encode_binary((const unsigned char *)in, n, (unsigned char *)out) +-#define php_sqlite_decode_binary(in, out) sqlite_decode_binary((const unsigned char *)in, (unsigned char *)out) ++#define php_sqlite_decode_binary(in, out) ( \ ++ (!in || !*in) ? 0 : \ ++ sqlite_decode_binary((const unsigned char *)in, (unsigned char *)out) \ ++) + + static int sqlite_count_elements(zval *object, long *count TSRMLS_DC); + --- php5-5.1.2.orig/debian/patches/019-z_off_t_as_long.patch.disabled +++ php5-5.1.2/debian/patches/019-z_off_t_as_long.patch.disabled @@ -0,0 +1,1534 @@ +diff -urN php4-4.3.8.orig/ext/zlib/zconf.h php4-4.3.8/ext/zlib/zconf.h +--- php4-4.3.8.orig/ext/zlib/zconf.h 1969-12-31 17:00:00.000000000 -0700 ++++ php4-4.3.8/ext/zlib/zconf.h 2004-08-04 03:34:18.000000000 -0600 +@@ -0,0 +1,326 @@ ++/* zconf.h -- configuration of the zlib compression library ++ * Copyright (C) 1995-2003 Jean-loup Gailly. ++ * For conditions of distribution and use, see copyright notice in zlib.h ++ */ ++ ++/* @(#) $Id: 019-z_off_t_as_long.patch.disabled,v 1.3 2004/08/23 07:48:56 adconrad Exp $ */ ++ ++#ifndef ZCONF_H ++#define ZCONF_H ++ ++#warning Including local zconf.h instead of system zconf.h ++ ++/* ++ * If you *really* need a unique prefix for all types and library functions, ++ * compile with -DZ_PREFIX. The "standard" zlib should be compiled without it. ++ */ ++#ifdef Z_PREFIX ++# define deflateInit_ z_deflateInit_ ++# define deflate z_deflate ++# define deflateEnd z_deflateEnd ++# define inflateInit_ z_inflateInit_ ++# define inflate z_inflate ++# define inflateEnd z_inflateEnd ++# define deflateInit2_ z_deflateInit2_ ++# define deflateSetDictionary z_deflateSetDictionary ++# define deflateCopy z_deflateCopy ++# define deflateReset z_deflateReset ++# define deflatePrime z_deflatePrime ++# define deflateParams z_deflateParams ++# define deflateBound z_deflateBound ++# define inflateInit2_ z_inflateInit2_ ++# define inflateSetDictionary z_inflateSetDictionary ++# define inflateSync z_inflateSync ++# define inflateSyncPoint z_inflateSyncPoint ++# define inflateCopy z_inflateCopy ++# define inflateReset z_inflateReset ++# define compress z_compress ++# define compress2 z_compress2 ++# define compressBound z_compressBound ++# define uncompress z_uncompress ++# define adler32 z_adler32 ++# define crc32 z_crc32 ++# define get_crc_table z_get_crc_table ++ ++# define Byte z_Byte ++# define uInt z_uInt ++# define uLong z_uLong ++# define Bytef z_Bytef ++# define charf z_charf ++# define intf z_intf ++# define uIntf z_uIntf ++# define uLongf z_uLongf ++# define voidpf z_voidpf ++# define voidp z_voidp ++#endif ++ ++#if defined(__MSDOS__) && !defined(MSDOS) ++# define MSDOS ++#endif ++#if (defined(OS_2) || defined(__OS2__)) && !defined(OS2) ++# define OS2 ++#endif ++#if defined(_WINDOWS) && !defined(WINDOWS) ++# define WINDOWS ++#endif ++#if (defined(_WIN32) || defined(__WIN32__)) && !defined(WIN32) ++# define WIN32 ++#endif ++#if (defined(MSDOS) || defined(OS2) || defined(WINDOWS)) && !defined(WIN32) ++# if !defined(__GNUC__) && !defined(__FLAT__) && !defined(__386__) ++# ifndef SYS16BIT ++# define SYS16BIT ++# endif ++# endif ++#endif ++ ++/* ++ * Compile with -DMAXSEG_64K if the alloc function cannot allocate more ++ * than 64k bytes at a time (needed on systems with 16-bit int). ++ */ ++#ifdef SYS16BIT ++# define MAXSEG_64K ++#endif ++#ifdef MSDOS ++# define UNALIGNED_OK ++#endif ++ ++#ifdef __STDC_VERSION__ ++# ifndef STDC ++# define STDC ++# endif ++# if __STDC_VERSION__ >= 199901L ++# ifndef STDC99 ++# define STDC99 ++# endif ++# endif ++#endif ++#if !defined(STDC) && (defined(__STDC__) || defined(__cplusplus)) ++# define STDC ++#endif ++#if !defined(STDC) && (defined(__GNUC__) || defined(__BORLANDC__)) ++# define STDC ++#endif ++#if !defined(STDC) && (defined(MSDOS) || defined(WINDOWS) || defined(WIN32)) ++# define STDC ++#endif ++#if !defined(STDC) && (defined(OS2) || defined(__HOS_AIX__)) ++# define STDC ++#endif ++ ++#if defined(__OS400__) && !defined(STDC) /* iSeries (formerly AS/400). */ ++# define STDC ++#endif ++ ++#ifndef STDC ++# ifndef const /* cannot use !defined(STDC) && !defined(const) on Mac */ ++# define const /* note: need a more gentle solution here */ ++# endif ++#endif ++ ++/* Some Mac compilers merge all .h files incorrectly: */ ++#if defined(__MWERKS__)||defined(applec)||defined(THINK_C)||defined(__SC__) ++# define NO_DUMMY_DECL ++#endif ++ ++/* Maximum value for memLevel in deflateInit2 */ ++#ifndef MAX_MEM_LEVEL ++# ifdef MAXSEG_64K ++# define MAX_MEM_LEVEL 8 ++# else ++# define MAX_MEM_LEVEL 9 ++# endif ++#endif ++ ++/* Maximum value for windowBits in deflateInit2 and inflateInit2. ++ * WARNING: reducing MAX_WBITS makes minigzip unable to extract .gz files ++ * created by gzip. (Files created by minigzip can still be extracted by ++ * gzip.) ++ */ ++#ifndef MAX_WBITS ++# define MAX_WBITS 15 /* 32K LZ77 window */ ++#endif ++ ++/* The memory requirements for deflate are (in bytes): ++ (1 << (windowBits+2)) + (1 << (memLevel+9)) ++ that is: 128K for windowBits=15 + 128K for memLevel = 8 (default values) ++ plus a few kilobytes for small objects. For example, if you want to reduce ++ the default memory requirements from 256K to 128K, compile with ++ make CFLAGS="-O -DMAX_WBITS=14 -DMAX_MEM_LEVEL=7" ++ Of course this will generally degrade compression (there's no free lunch). ++ ++ The memory requirements for inflate are (in bytes) 1 << windowBits ++ that is, 32K for windowBits=15 (default value) plus a few kilobytes ++ for small objects. ++*/ ++ ++ /* Type declarations */ ++ ++#ifndef OF /* function prototypes */ ++# ifdef STDC ++# define OF(args) args ++# else ++# define OF(args) () ++# endif ++#endif ++ ++/* The following definitions for FAR are needed only for MSDOS mixed ++ * model programming (small or medium model with some far allocations). ++ * This was tested only with MSC; for other MSDOS compilers you may have ++ * to define NO_MEMCPY in zutil.h. If you don't need the mixed model, ++ * just define FAR to be empty. ++ */ ++#ifdef SYS16BIT ++# if defined(M_I86SM) || defined(M_I86MM) ++ /* MSC small or medium model */ ++# define SMALL_MEDIUM ++# ifdef _MSC_VER ++# define FAR _far ++# else ++# define FAR far ++# endif ++# endif ++# if (defined(__SMALL__) || defined(__MEDIUM__)) ++ /* Turbo C small or medium model */ ++# define SMALL_MEDIUM ++# ifdef __BORLANDC__ ++# define FAR _far ++# else ++# define FAR far ++# endif ++# endif ++#endif ++ ++#if defined(WINDOWS) || defined(WIN32) ++ /* If building or using zlib as a DLL, define ZLIB_DLL. ++ * This is not mandatory, but it offers a little performance increase. ++ */ ++# ifdef ZLIB_DLL ++# if defined(WIN32) && (!defined(__BORLANDC__) || (__BORLANDC__ >= 0x500)) ++# ifdef ZLIB_INTERNAL ++# define ZEXTERN extern __declspec(dllexport) ++# else ++# define ZEXTERN extern __declspec(dllimport) ++# endif ++# endif ++# endif /* ZLIB_DLL */ ++ /* If building or using zlib with the WINAPI/WINAPIV calling convention, ++ * define ZLIB_WINAPI. ++ * Caution: the standard ZLIB1.DLL is NOT compiled using ZLIB_WINAPI. ++ */ ++# ifdef ZLIB_WINAPI ++# ifdef FAR ++# undef FAR ++# endif ++# include ++ /* No need for _export, use ZLIB.DEF instead. */ ++ /* For complete Windows compatibility, use WINAPI, not __stdcall. */ ++# define ZEXPORT WINAPI ++# ifdef WIN32 ++# define ZEXPORTVA WINAPIV ++# else ++# define ZEXPORTVA FAR CDECL ++# endif ++# endif ++#endif ++ ++#if defined (__BEOS__) ++# ifdef ZLIB_DLL ++# ifdef ZLIB_INTERNAL ++# define ZEXPORT __declspec(dllexport) ++# define ZEXPORTVA __declspec(dllexport) ++# else ++# define ZEXPORT __declspec(dllimport) ++# define ZEXPORTVA __declspec(dllimport) ++# endif ++# endif ++#endif ++ ++#ifndef ZEXTERN ++# define ZEXTERN extern ++#endif ++#ifndef ZEXPORT ++# define ZEXPORT ++#endif ++#ifndef ZEXPORTVA ++# define ZEXPORTVA ++#endif ++ ++#ifndef FAR ++# define FAR ++#endif ++ ++#if !defined(__MACTYPES__) ++typedef unsigned char Byte; /* 8 bits */ ++#endif ++typedef unsigned int uInt; /* 16 bits or more */ ++typedef unsigned long uLong; /* 32 bits or more */ ++ ++#ifdef SMALL_MEDIUM ++ /* Borland C/C++ and some old MSC versions ignore FAR inside typedef */ ++# define Bytef Byte FAR ++#else ++ typedef Byte FAR Bytef; ++#endif ++typedef char FAR charf; ++typedef int FAR intf; ++typedef uInt FAR uIntf; ++typedef uLong FAR uLongf; ++ ++#ifdef STDC ++ typedef void const *voidpc; ++ typedef void FAR *voidpf; ++ typedef void *voidp; ++#else ++ typedef Byte const *voidpc; ++ typedef Byte FAR *voidpf; ++ typedef Byte *voidp; ++#endif ++ ++#if 1 /* HAVE_UNISTD_H -- this line is updated by ./configure */ ++# include /* for off_t */ ++# include /* for SEEK_* and off_t */ ++# ifdef VMS ++# include /* for off_t */ ++# endif ++/* # define z_off_t off_t */ ++#endif ++#ifndef SEEK_SET ++# define SEEK_SET 0 /* Seek from beginning of file. */ ++# define SEEK_CUR 1 /* Seek from current position. */ ++# define SEEK_END 2 /* Set file pointer to EOF plus "offset" */ ++#endif ++#ifndef z_off_t ++# warning Defining z_off_t as 'long' rather than 'off_t' ++# define z_off_t long ++#endif ++ ++#if defined(__OS400__) ++#define NO_vsnprintf ++#endif ++ ++#if defined(__MVS__) ++# define NO_vsnprintf ++# ifdef FAR ++# undef FAR ++# endif ++#endif ++ ++/* MVS linker does not support external names larger than 8 bytes */ ++#if defined(__MVS__) ++# pragma map(deflateInit_,"DEIN") ++# pragma map(deflateInit2_,"DEIN2") ++# pragma map(deflateEnd,"DEEND") ++# pragma map(deflateBound,"DEBND") ++# pragma map(inflateInit_,"ININ") ++# pragma map(inflateInit2_,"ININ2") ++# pragma map(inflateEnd,"INEND") ++# pragma map(inflateSync,"INSY") ++# pragma map(inflateSetDictionary,"INSEDI") ++# pragma map(compressBound,"CMBND") ++# pragma map(inflate_table,"INTABL") ++# pragma map(inflate_fast,"INFA") ++# pragma map(inflate_copyright,"INCOPY") ++#endif ++ ++#endif /* ZCONF_H */ +diff -urN php4-4.3.8.orig/ext/zlib/zlib.h php4-4.3.8/ext/zlib/zlib.h +--- php4-4.3.8.orig/ext/zlib/zlib.h 1969-12-31 17:00:00.000000000 -0700 ++++ php4-4.3.8/ext/zlib/zlib.h 2004-08-04 03:34:18.000000000 -0600 +@@ -0,0 +1,1200 @@ ++/* zlib.h -- interface of the 'zlib' general purpose compression library ++ version 1.2.1.1, January 9th, 2004 ++ ++ Copyright (C) 1995-2004 Jean-loup Gailly and Mark Adler ++ ++ This software is provided 'as-is', without any express or implied ++ warranty. In no event will the authors be held liable for any damages ++ arising from the use of this software. ++ ++ Permission is granted to anyone to use this software for any purpose, ++ including commercial applications, and to alter it and redistribute it ++ freely, subject to the following restrictions: ++ ++ 1. The origin of this software must not be misrepresented; you must not ++ claim that you wrote the original software. If you use this software ++ in a product, an acknowledgment in the product documentation would be ++ appreciated but is not required. ++ 2. Altered source versions must be plainly marked as such, and must not be ++ misrepresented as being the original software. ++ 3. This notice may not be removed or altered from any source distribution. ++ ++ Jean-loup Gailly Mark Adler ++ jloup@gzip.org madler@alumni.caltech.edu ++ ++ ++ The data format used by the zlib library is described by RFCs (Request for ++ Comments) 1950 to 1952 in the files http://www.ietf.org/rfc/rfc1950.txt ++ (zlib format), rfc1951.txt (deflate format) and rfc1952.txt (gzip format). ++*/ ++ ++#ifndef ZLIB_H ++#define ZLIB_H ++ ++#include "zconf.h" ++ ++#ifdef __cplusplus ++extern "C" { ++#endif ++ ++#define ZLIB_VERSION "1.2.1.1" ++#define ZLIB_VERNUM 0x1211 ++ ++/* ++ The 'zlib' compression library provides in-memory compression and ++ decompression functions, including integrity checks of the uncompressed ++ data. This version of the library supports only one compression method ++ (deflation) but other algorithms will be added later and will have the same ++ stream interface. ++ ++ Compression can be done in a single step if the buffers are large ++ enough (for example if an input file is mmap'ed), or can be done by ++ repeated calls of the compression function. In the latter case, the ++ application must provide more input and/or consume the output ++ (providing more output space) before each call. ++ ++ The compressed data format used by the in-memory functions is the zlib ++ format, which is a zlib wrapper documented in RFC 1950, wrapped around a ++ deflate stream, which is itself documented in RFC 1951. ++ ++ The library also supports reading and writing files in gzip (.gz) format ++ with an interface similar to that of stdio using the functions that start ++ with "gz". The gzip format is different from the zlib format. gzip is a ++ gzip wrapper, documented in RFC 1952, wrapped around a deflate stream. ++ ++ The zlib format was designed to be compact and fast for use in memory ++ and on communications channels. The gzip format was designed for single- ++ file compression on file systems, has a larger header than zlib to maintain ++ directory information, and uses a different, slower check method than zlib. ++ ++ This library does not provide any functions to write gzip files in memory. ++ However such functions could be easily written using zlib's deflate function, ++ the documentation in the gzip RFC, and the examples in gzio.c. ++ ++ The library does not install any signal handler. The decoder checks ++ the consistency of the compressed data, so the library should never ++ crash even in case of corrupted input. ++*/ ++ ++typedef voidpf (*alloc_func) OF((voidpf opaque, uInt items, uInt size)); ++typedef void (*free_func) OF((voidpf opaque, voidpf address)); ++ ++struct internal_state; ++ ++typedef struct z_stream_s { ++ Bytef *next_in; /* next input byte */ ++ uInt avail_in; /* number of bytes available at next_in */ ++ uLong total_in; /* total nb of input bytes read so far */ ++ ++ Bytef *next_out; /* next output byte should be put there */ ++ uInt avail_out; /* remaining free space at next_out */ ++ uLong total_out; /* total nb of bytes output so far */ ++ ++ char *msg; /* last error message, NULL if no error */ ++ struct internal_state FAR *state; /* not visible by applications */ ++ ++ alloc_func zalloc; /* used to allocate the internal state */ ++ free_func zfree; /* used to free the internal state */ ++ voidpf opaque; /* private data object passed to zalloc and zfree */ ++ ++ int data_type; /* best guess about the data type: ascii or binary */ ++ uLong adler; /* adler32 value of the uncompressed data */ ++ uLong reserved; /* reserved for future use */ ++} z_stream; ++ ++typedef z_stream FAR *z_streamp; ++ ++/* ++ The application must update next_in and avail_in when avail_in has ++ dropped to zero. It must update next_out and avail_out when avail_out ++ has dropped to zero. The application must initialize zalloc, zfree and ++ opaque before calling the init function. All other fields are set by the ++ compression library and must not be updated by the application. ++ ++ The opaque value provided by the application will be passed as the first ++ parameter for calls of zalloc and zfree. This can be useful for custom ++ memory management. The compression library attaches no meaning to the ++ opaque value. ++ ++ zalloc must return Z_NULL if there is not enough memory for the object. ++ If zlib is used in a multi-threaded application, zalloc and zfree must be ++ thread safe. ++ ++ On 16-bit systems, the functions zalloc and zfree must be able to allocate ++ exactly 65536 bytes, but will not be required to allocate more than this ++ if the symbol MAXSEG_64K is defined (see zconf.h). WARNING: On MSDOS, ++ pointers returned by zalloc for objects of exactly 65536 bytes *must* ++ have their offset normalized to zero. The default allocation function ++ provided by this library ensures this (see zutil.c). To reduce memory ++ requirements and avoid any allocation of 64K objects, at the expense of ++ compression ratio, compile the library with -DMAX_WBITS=14 (see zconf.h). ++ ++ The fields total_in and total_out can be used for statistics or ++ progress reports. After compression, total_in holds the total size of ++ the uncompressed data and may be saved for use in the decompressor ++ (particularly if the decompressor wants to decompress everything in ++ a single step). ++*/ ++ ++ /* constants */ ++ ++#define Z_NO_FLUSH 0 ++#define Z_PARTIAL_FLUSH 1 /* will be removed, use Z_SYNC_FLUSH instead */ ++#define Z_SYNC_FLUSH 2 ++#define Z_FULL_FLUSH 3 ++#define Z_FINISH 4 ++#define Z_BLOCK 5 ++/* Allowed flush values; see deflate() and inflate() below for details */ ++ ++#define Z_OK 0 ++#define Z_STREAM_END 1 ++#define Z_NEED_DICT 2 ++#define Z_ERRNO (-1) ++#define Z_STREAM_ERROR (-2) ++#define Z_DATA_ERROR (-3) ++#define Z_MEM_ERROR (-4) ++#define Z_BUF_ERROR (-5) ++#define Z_VERSION_ERROR (-6) ++/* Return codes for the compression/decompression functions. Negative ++ * values are errors, positive values are used for special but normal events. ++ */ ++ ++#define Z_NO_COMPRESSION 0 ++#define Z_BEST_SPEED 1 ++#define Z_BEST_COMPRESSION 9 ++#define Z_DEFAULT_COMPRESSION (-1) ++/* compression levels */ ++ ++#define Z_FILTERED 1 ++#define Z_HUFFMAN_ONLY 2 ++#define Z_RLE 3 ++#define Z_DEFAULT_STRATEGY 0 ++/* compression strategy; see deflateInit2() below for details */ ++ ++#define Z_BINARY 0 ++#define Z_ASCII 1 ++#define Z_UNKNOWN 2 ++/* Possible values of the data_type field (though see inflate()) */ ++ ++#define Z_DEFLATED 8 ++/* The deflate compression method (the only one supported in this version) */ ++ ++#define Z_NULL 0 /* for initializing zalloc, zfree, opaque */ ++ ++#define zlib_version zlibVersion() ++/* for compatibility with versions < 1.0.2 */ ++ ++ /* basic functions */ ++ ++ZEXTERN const char * ZEXPORT zlibVersion OF((void)); ++/* The application can compare zlibVersion and ZLIB_VERSION for consistency. ++ If the first character differs, the library code actually used is ++ not compatible with the zlib.h header file used by the application. ++ This check is automatically made by deflateInit and inflateInit. ++ */ ++ ++/* ++ZEXTERN int ZEXPORT deflateInit OF((z_streamp strm, int level)); ++ ++ Initializes the internal stream state for compression. The fields ++ zalloc, zfree and opaque must be initialized before by the caller. ++ If zalloc and zfree are set to Z_NULL, deflateInit updates them to ++ use default allocation functions. ++ ++ The compression level must be Z_DEFAULT_COMPRESSION, or between 0 and 9: ++ 1 gives best speed, 9 gives best compression, 0 gives no compression at ++ all (the input data is simply copied a block at a time). ++ Z_DEFAULT_COMPRESSION requests a default compromise between speed and ++ compression (currently equivalent to level 6). ++ ++ deflateInit returns Z_OK if success, Z_MEM_ERROR if there was not ++ enough memory, Z_STREAM_ERROR if level is not a valid compression level, ++ Z_VERSION_ERROR if the zlib library version (zlib_version) is incompatible ++ with the version assumed by the caller (ZLIB_VERSION). ++ msg is set to null if there is no error message. deflateInit does not ++ perform any compression: this will be done by deflate(). ++*/ ++ ++ ++ZEXTERN int ZEXPORT deflate OF((z_streamp strm, int flush)); ++/* ++ deflate compresses as much data as possible, and stops when the input ++ buffer becomes empty or the output buffer becomes full. It may introduce some ++ output latency (reading input without producing any output) except when ++ forced to flush. ++ ++ The detailed semantics are as follows. deflate performs one or both of the ++ following actions: ++ ++ - Compress more input starting at next_in and update next_in and avail_in ++ accordingly. If not all input can be processed (because there is not ++ enough room in the output buffer), next_in and avail_in are updated and ++ processing will resume at this point for the next call of deflate(). ++ ++ - Provide more output starting at next_out and update next_out and avail_out ++ accordingly. This action is forced if the parameter flush is non zero. ++ Forcing flush frequently degrades the compression ratio, so this parameter ++ should be set only when necessary (in interactive applications). ++ Some output may be provided even if flush is not set. ++ ++ Before the call of deflate(), the application should ensure that at least ++ one of the actions is possible, by providing more input and/or consuming ++ more output, and updating avail_in or avail_out accordingly; avail_out ++ should never be zero before the call. The application can consume the ++ compressed output when it wants, for example when the output buffer is full ++ (avail_out == 0), or after each call of deflate(). If deflate returns Z_OK ++ and with zero avail_out, it must be called again after making room in the ++ output buffer because there might be more output pending. ++ ++ If the parameter flush is set to Z_SYNC_FLUSH, all pending output is ++ flushed to the output buffer and the output is aligned on a byte boundary, so ++ that the decompressor can get all input data available so far. (In particular ++ avail_in is zero after the call if enough output space has been provided ++ before the call.) Flushing may degrade compression for some compression ++ algorithms and so it should be used only when necessary. ++ ++ If flush is set to Z_FULL_FLUSH, all output is flushed as with ++ Z_SYNC_FLUSH, and the compression state is reset so that decompression can ++ restart from this point if previous compressed data has been damaged or if ++ random access is desired. Using Z_FULL_FLUSH too often can seriously degrade ++ the compression. ++ ++ If deflate returns with avail_out == 0, this function must be called again ++ with the same value of the flush parameter and more output space (updated ++ avail_out), until the flush is complete (deflate returns with non-zero ++ avail_out). In the case of a Z_FULL_FLUSH or Z_SYNC_FLUSH, make sure that ++ avail_out is greater than six to avoid repeated flush markers due to ++ avail_out == 0 on return. ++ ++ If the parameter flush is set to Z_FINISH, pending input is processed, ++ pending output is flushed and deflate returns with Z_STREAM_END if there ++ was enough output space; if deflate returns with Z_OK, this function must be ++ called again with Z_FINISH and more output space (updated avail_out) but no ++ more input data, until it returns with Z_STREAM_END or an error. After ++ deflate has returned Z_STREAM_END, the only possible operations on the ++ stream are deflateReset or deflateEnd. ++ ++ Z_FINISH can be used immediately after deflateInit if all the compression ++ is to be done in a single step. In this case, avail_out must be at least ++ the value returned by deflateBound (see below). If deflate does not return ++ Z_STREAM_END, then it must be called again as described above. ++ ++ deflate() sets strm->adler to the adler32 checksum of all input read ++ so far (that is, total_in bytes). ++ ++ deflate() may update data_type if it can make a good guess about ++ the input data type (Z_ASCII or Z_BINARY). In doubt, the data is considered ++ binary. This field is only for information purposes and does not affect ++ the compression algorithm in any manner. ++ ++ deflate() returns Z_OK if some progress has been made (more input ++ processed or more output produced), Z_STREAM_END if all input has been ++ consumed and all output has been produced (only when flush is set to ++ Z_FINISH), Z_STREAM_ERROR if the stream state was inconsistent (for example ++ if next_in or next_out was NULL), Z_BUF_ERROR if no progress is possible ++ (for example avail_in or avail_out was zero). Note that Z_BUF_ERROR is not ++ fatal, and deflate() can be called again with more input and more output ++ space to continue compressing. ++*/ ++ ++ ++ZEXTERN int ZEXPORT deflateEnd OF((z_streamp strm)); ++/* ++ All dynamically allocated data structures for this stream are freed. ++ This function discards any unprocessed input and does not flush any ++ pending output. ++ ++ deflateEnd returns Z_OK if success, Z_STREAM_ERROR if the ++ stream state was inconsistent, Z_DATA_ERROR if the stream was freed ++ prematurely (some input or output was discarded). In the error case, ++ msg may be set but then points to a static string (which must not be ++ deallocated). ++*/ ++ ++ ++/* ++ZEXTERN int ZEXPORT inflateInit OF((z_streamp strm)); ++ ++ Initializes the internal stream state for decompression. The fields ++ next_in, avail_in, zalloc, zfree and opaque must be initialized before by ++ the caller. If next_in is not Z_NULL and avail_in is large enough (the exact ++ value depends on the compression method), inflateInit determines the ++ compression method from the zlib header and allocates all data structures ++ accordingly; otherwise the allocation will be deferred to the first call of ++ inflate. If zalloc and zfree are set to Z_NULL, inflateInit updates them to ++ use default allocation functions. ++ ++ inflateInit returns Z_OK if success, Z_MEM_ERROR if there was not enough ++ memory, Z_VERSION_ERROR if the zlib library version is incompatible with the ++ version assumed by the caller. msg is set to null if there is no error ++ message. inflateInit does not perform any decompression apart from reading ++ the zlib header if present: this will be done by inflate(). (So next_in and ++ avail_in may be modified, but next_out and avail_out are unchanged.) ++*/ ++ ++ ++ZEXTERN int ZEXPORT inflate OF((z_streamp strm, int flush)); ++/* ++ inflate decompresses as much data as possible, and stops when the input ++ buffer becomes empty or the output buffer becomes full. It may introduce ++ some output latency (reading input without producing any output) except when ++ forced to flush. ++ ++ The detailed semantics are as follows. inflate performs one or both of the ++ following actions: ++ ++ - Decompress more input starting at next_in and update next_in and avail_in ++ accordingly. If not all input can be processed (because there is not ++ enough room in the output buffer), next_in is updated and processing ++ will resume at this point for the next call of inflate(). ++ ++ - Provide more output starting at next_out and update next_out and avail_out ++ accordingly. inflate() provides as much output as possible, until there ++ is no more input data or no more space in the output buffer (see below ++ about the flush parameter). ++ ++ Before the call of inflate(), the application should ensure that at least ++ one of the actions is possible, by providing more input and/or consuming ++ more output, and updating the next_* and avail_* values accordingly. ++ The application can consume the uncompressed output when it wants, for ++ example when the output buffer is full (avail_out == 0), or after each ++ call of inflate(). If inflate returns Z_OK and with zero avail_out, it ++ must be called again after making room in the output buffer because there ++ might be more output pending. ++ ++ The flush parameter of inflate() can be Z_NO_FLUSH, Z_SYNC_FLUSH, ++ Z_FINISH, or Z_BLOCK. Z_SYNC_FLUSH requests that inflate() flush as much ++ output as possible to the output buffer. Z_BLOCK requests that inflate() stop ++ if and when it get to the next deflate block boundary. When decoding the zlib ++ or gzip format, this will cause inflate() to return immediately after the ++ header and before the first block. When doing a raw inflate, inflate() will ++ go ahead and process the first block, and will return when it gets to the end ++ of that block, or when it runs out of data. ++ ++ The Z_BLOCK option assists in appending to or combining deflate streams. ++ Also to assist in this, on return inflate() will set strm->data_type to the ++ number of unused bits in the last byte taken from strm->next_in, plus 64 ++ if inflate() is currently decoding the last block in the deflate stream, ++ plus 128 if inflate() returned immediately after decoding an end-of-block ++ code or decoding the complete header up to just before the first byte of the ++ deflate stream. The end-of-block will not be indicated until all of the ++ uncompressed data from that block has been written to strm->next_out. The ++ number of unused bits may in general be greater than seven, except when ++ bit 7 of data_type is set, in which case the number of unused bits will be ++ less than eight. ++ ++ inflate() should normally be called until it returns Z_STREAM_END or an ++ error. However if all decompression is to be performed in a single step ++ (a single call of inflate), the parameter flush should be set to ++ Z_FINISH. In this case all pending input is processed and all pending ++ output is flushed; avail_out must be large enough to hold all the ++ uncompressed data. (The size of the uncompressed data may have been saved ++ by the compressor for this purpose.) The next operation on this stream must ++ be inflateEnd to deallocate the decompression state. The use of Z_FINISH ++ is never required, but can be used to inform inflate that a faster approach ++ may be used for the single inflate() call. ++ ++ In this implementation, inflate() always flushes as much output as ++ possible to the output buffer, and always uses the faster approach on the ++ first call. So the only effect of the flush parameter in this implementation ++ is on the return value of inflate(), as noted below, or when it returns early ++ because Z_BLOCK is used. ++ ++ If a preset dictionary is needed after this call (see inflateSetDictionary ++ below), inflate sets strm-adler to the adler32 checksum of the dictionary ++ chosen by the compressor and returns Z_NEED_DICT; otherwise it sets ++ strm->adler to the adler32 checksum of all output produced so far (that is, ++ total_out bytes) and returns Z_OK, Z_STREAM_END or an error code as described ++ below. At the end of the stream, inflate() checks that its computed adler32 ++ checksum is equal to that saved by the compressor and returns Z_STREAM_END ++ only if the checksum is correct. ++ ++ inflate() will decompress and check either zlib-wrapped or gzip-wrapped ++ deflate data. The header type is detected automatically. Any information ++ contained in the gzip header is not retained, so applications that need that ++ information should instead use raw inflate, see inflateInit2() below, or ++ inflateBack() and perform their own processing of the gzip header and ++ trailer. ++ ++ inflate() returns Z_OK if some progress has been made (more input processed ++ or more output produced), Z_STREAM_END if the end of the compressed data has ++ been reached and all uncompressed output has been produced, Z_NEED_DICT if a ++ preset dictionary is needed at this point, Z_DATA_ERROR if the input data was ++ corrupted (input stream not conforming to the zlib format or incorrect check ++ value), Z_STREAM_ERROR if the stream structure was inconsistent (for example ++ if next_in or next_out was NULL), Z_MEM_ERROR if there was not enough memory, ++ Z_BUF_ERROR if no progress is possible or if there was not enough room in the ++ output buffer when Z_FINISH is used. Note that Z_BUF_ERROR is not fatal, and ++ inflate() can be called again with more input and more output space to ++ continue decompressing. If Z_DATA_ERROR is returned, the application may then ++ call inflateSync() to look for a good compression block if a partial recovery ++ of the data is desired. ++*/ ++ ++ ++ZEXTERN int ZEXPORT inflateEnd OF((z_streamp strm)); ++/* ++ All dynamically allocated data structures for this stream are freed. ++ This function discards any unprocessed input and does not flush any ++ pending output. ++ ++ inflateEnd returns Z_OK if success, Z_STREAM_ERROR if the stream state ++ was inconsistent. In the error case, msg may be set but then points to a ++ static string (which must not be deallocated). ++*/ ++ ++ /* Advanced functions */ ++ ++/* ++ The following functions are needed only in some special applications. ++*/ ++ ++/* ++ZEXTERN int ZEXPORT deflateInit2 OF((z_streamp strm, ++ int level, ++ int method, ++ int windowBits, ++ int memLevel, ++ int strategy)); ++ ++ This is another version of deflateInit with more compression options. The ++ fields next_in, zalloc, zfree and opaque must be initialized before by ++ the caller. ++ ++ The method parameter is the compression method. It must be Z_DEFLATED in ++ this version of the library. ++ ++ The windowBits parameter is the base two logarithm of the window size ++ (the size of the history buffer). It should be in the range 8..15 for this ++ version of the library. Larger values of this parameter result in better ++ compression at the expense of memory usage. The default value is 15 if ++ deflateInit is used instead. ++ ++ windowBits can also be -8..-15 for raw deflate. In this case, -windowBits ++ determines the window size. deflate() will then generate raw deflate data ++ with no zlib header or trailer, and will not compute an adler32 check value. ++ ++ windowBits can also be greater than 15 for optional gzip encoding. Add ++ 16 to windowBits to write a simple gzip header and trailer around the ++ compressed data instead of a zlib wrapper. The gzip header will have no ++ file name, no extra data, no comment, no modification time (set to zero), ++ no header crc, and the operating system will be set to 255 (unknown). ++ ++ The memLevel parameter specifies how much memory should be allocated ++ for the internal compression state. memLevel=1 uses minimum memory but ++ is slow and reduces compression ratio; memLevel=9 uses maximum memory ++ for optimal speed. The default value is 8. See zconf.h for total memory ++ usage as a function of windowBits and memLevel. ++ ++ The strategy parameter is used to tune the compression algorithm. Use the ++ value Z_DEFAULT_STRATEGY for normal data, Z_FILTERED for data produced by a ++ filter (or predictor), Z_HUFFMAN_ONLY to force Huffman encoding only (no ++ string match), or Z_RLE to limit match distances to one (run-length ++ encoding). Filtered data consists mostly of small values with a somewhat ++ random distribution. In this case, the compression algorithm is tuned to ++ compress them better. The effect of Z_FILTERED is to force more Huffman ++ coding and less string matching; it is somewhat intermediate between ++ Z_DEFAULT and Z_HUFFMAN_ONLY. Z_RLE is designed to be almost as fast as ++ Z_HUFFMAN_ONLY, but give better compression for PNG image data. The strategy ++ parameter only affects the compression ratio but not the correctness of the ++ compressed output even if it is not set appropriately. ++ ++ deflateInit2 returns Z_OK if success, Z_MEM_ERROR if there was not enough ++ memory, Z_STREAM_ERROR if a parameter is invalid (such as an invalid ++ method). msg is set to null if there is no error message. deflateInit2 does ++ not perform any compression: this will be done by deflate(). ++*/ ++ ++ZEXTERN int ZEXPORT deflateSetDictionary OF((z_streamp strm, ++ const Bytef *dictionary, ++ uInt dictLength)); ++/* ++ Initializes the compression dictionary from the given byte sequence ++ without producing any compressed output. This function must be called ++ immediately after deflateInit, deflateInit2 or deflateReset, before any ++ call of deflate. The compressor and decompressor must use exactly the same ++ dictionary (see inflateSetDictionary). ++ ++ The dictionary should consist of strings (byte sequences) that are likely ++ to be encountered later in the data to be compressed, with the most commonly ++ used strings preferably put towards the end of the dictionary. Using a ++ dictionary is most useful when the data to be compressed is short and can be ++ predicted with good accuracy; the data can then be compressed better than ++ with the default empty dictionary. ++ ++ Depending on the size of the compression data structures selected by ++ deflateInit or deflateInit2, a part of the dictionary may in effect be ++ discarded, for example if the dictionary is larger than the window size in ++ deflate or deflate2. Thus the strings most likely to be useful should be ++ put at the end of the dictionary, not at the front. ++ ++ Upon return of this function, strm->adler is set to the adler32 value ++ of the dictionary; the decompressor may later use this value to determine ++ which dictionary has been used by the compressor. (The adler32 value ++ applies to the whole dictionary even if only a subset of the dictionary is ++ actually used by the compressor.) If a raw deflate was requested, then the ++ adler32 value is not computed and strm->adler is not set. ++ ++ deflateSetDictionary returns Z_OK if success, or Z_STREAM_ERROR if a ++ parameter is invalid (such as NULL dictionary) or the stream state is ++ inconsistent (for example if deflate has already been called for this stream ++ or if the compression method is bsort). deflateSetDictionary does not ++ perform any compression: this will be done by deflate(). ++*/ ++ ++ZEXTERN int ZEXPORT deflateCopy OF((z_streamp dest, ++ z_streamp source)); ++/* ++ Sets the destination stream as a complete copy of the source stream. ++ ++ This function can be useful when several compression strategies will be ++ tried, for example when there are several ways of pre-processing the input ++ data with a filter. The streams that will be discarded should then be freed ++ by calling deflateEnd. Note that deflateCopy duplicates the internal ++ compression state which can be quite large, so this strategy is slow and ++ can consume lots of memory. ++ ++ deflateCopy returns Z_OK if success, Z_MEM_ERROR if there was not ++ enough memory, Z_STREAM_ERROR if the source stream state was inconsistent ++ (such as zalloc being NULL). msg is left unchanged in both source and ++ destination. ++*/ ++ ++ZEXTERN int ZEXPORT deflateReset OF((z_streamp strm)); ++/* ++ This function is equivalent to deflateEnd followed by deflateInit, ++ but does not free and reallocate all the internal compression state. ++ The stream will keep the same compression level and any other attributes ++ that may have been set by deflateInit2. ++ ++ deflateReset returns Z_OK if success, or Z_STREAM_ERROR if the source ++ stream state was inconsistent (such as zalloc or state being NULL). ++*/ ++ ++ZEXTERN int ZEXPORT deflateParams OF((z_streamp strm, ++ int level, ++ int strategy)); ++/* ++ Dynamically update the compression level and compression strategy. The ++ interpretation of level and strategy is as in deflateInit2. This can be ++ used to switch between compression and straight copy of the input data, or ++ to switch to a different kind of input data requiring a different ++ strategy. If the compression level is changed, the input available so far ++ is compressed with the old level (and may be flushed); the new level will ++ take effect only at the next call of deflate(). ++ ++ Before the call of deflateParams, the stream state must be set as for ++ a call of deflate(), since the currently available input may have to ++ be compressed and flushed. In particular, strm->avail_out must be non-zero. ++ ++ deflateParams returns Z_OK if success, Z_STREAM_ERROR if the source ++ stream state was inconsistent or if a parameter was invalid, Z_BUF_ERROR ++ if strm->avail_out was zero. ++*/ ++ ++ZEXTERN uLong ZEXPORT deflateBound OF((z_streamp strm, ++ uLong sourceLen)); ++/* ++ deflateBound() returns an upper bound on the compressed size after ++ deflation of sourceLen bytes. It must be called after deflateInit() ++ or deflateInit2(). This would be used to allocate an output buffer ++ for deflation in a single pass, and so would be called before deflate(). ++*/ ++ ++ZEXTERN int ZEXPORT deflatePrime OF((z_streamp strm, ++ int bits, ++ int value)); ++/* ++ deflatePrime() inserts bits in the deflate output stream. The intent ++ is that this function is used to start off the deflate output with the ++ bits leftover from a previous deflate stream when appending to it. As such, ++ this function can only be used for raw deflate, and must be used before the ++ first deflate() call after a deflateInit2() or deflateReset(). bits must be ++ less than or equal to 16, and that many of the least significant bits of ++ value will be inserted in the output. ++ ++ deflatePrime returns Z_OK if success, or Z_STREAM_ERROR if the source ++ stream state was inconsistent. ++*/ ++ ++/* ++ZEXTERN int ZEXPORT inflateInit2 OF((z_streamp strm, ++ int windowBits)); ++ ++ This is another version of inflateInit with an extra parameter. The ++ fields next_in, avail_in, zalloc, zfree and opaque must be initialized ++ before by the caller. ++ ++ The windowBits parameter is the base two logarithm of the maximum window ++ size (the size of the history buffer). It should be in the range 8..15 for ++ this version of the library. The default value is 15 if inflateInit is used ++ instead. windowBits must be greater than or equal to the windowBits value ++ provided to deflateInit2() while compressing, or it must be equal to 15 if ++ deflateInit2() was not used. If a compressed stream with a larger window ++ size is given as input, inflate() will return with the error code ++ Z_DATA_ERROR instead of trying to allocate a larger window. ++ ++ windowBits can also be -8..-15 for raw inflate. In this case, -windowBits ++ determines the window size. inflate() will then process raw deflate data, ++ not looking for a zlib or gzip header, not generating a check value, and not ++ looking for any check values for comparison at the end of the stream. This ++ is for use with other formats that use the deflate compressed data format ++ such as zip. Those formats provide their own check values. If a custom ++ format is developed using the raw deflate format for compressed data, it is ++ recommended that a check value such as an adler32 or a crc32 be applied to ++ the uncompressed data as is done in the zlib, gzip, and zip formats. For ++ most applications, the zlib format should be used as is. Note that comments ++ above on the use in deflateInit2() applies to the magnitude of windowBits. ++ ++ windowBits can also be greater than 15 for optional gzip decoding. Add ++ 32 to windowBits to enable zlib and gzip decoding with automatic header ++ detection, or add 16 to decode only the gzip format (the zlib format will ++ return a Z_DATA_ERROR). ++ ++ inflateInit2 returns Z_OK if success, Z_MEM_ERROR if there was not enough ++ memory, Z_STREAM_ERROR if a parameter is invalid (such as a negative ++ memLevel). msg is set to null if there is no error message. inflateInit2 ++ does not perform any decompression apart from reading the zlib header if ++ present: this will be done by inflate(). (So next_in and avail_in may be ++ modified, but next_out and avail_out are unchanged.) ++*/ ++ ++ZEXTERN int ZEXPORT inflateSetDictionary OF((z_streamp strm, ++ const Bytef *dictionary, ++ uInt dictLength)); ++/* ++ Initializes the decompression dictionary from the given uncompressed byte ++ sequence. This function must be called immediately after a call of inflate ++ if this call returned Z_NEED_DICT. The dictionary chosen by the compressor ++ can be determined from the adler32 value returned by this call of ++ inflate. The compressor and decompressor must use exactly the same ++ dictionary (see deflateSetDictionary). ++ ++ inflateSetDictionary returns Z_OK if success, Z_STREAM_ERROR if a ++ parameter is invalid (such as NULL dictionary) or the stream state is ++ inconsistent, Z_DATA_ERROR if the given dictionary doesn't match the ++ expected one (incorrect adler32 value). inflateSetDictionary does not ++ perform any decompression: this will be done by subsequent calls of ++ inflate(). ++*/ ++ ++ZEXTERN int ZEXPORT inflateSync OF((z_streamp strm)); ++/* ++ Skips invalid compressed data until a full flush point (see above the ++ description of deflate with Z_FULL_FLUSH) can be found, or until all ++ available input is skipped. No output is provided. ++ ++ inflateSync returns Z_OK if a full flush point has been found, Z_BUF_ERROR ++ if no more input was provided, Z_DATA_ERROR if no flush point has been found, ++ or Z_STREAM_ERROR if the stream structure was inconsistent. In the success ++ case, the application may save the current current value of total_in which ++ indicates where valid compressed data was found. In the error case, the ++ application may repeatedly call inflateSync, providing more input each time, ++ until success or end of the input data. ++*/ ++ ++ZEXTERN int ZEXPORT inflateCopy OF((z_streamp dest, ++ z_streamp source)); ++/* ++ Sets the destination stream as a complete copy of the source stream. ++ ++ This function can be useful when randomly accessing a large stream. The ++ first pass through the stream can periodically record the inflate state, ++ allowing restarting inflate at those points when randomly accessing the ++ stream. ++ ++ inflateCopy returns Z_OK if success, Z_MEM_ERROR if there was not ++ enough memory, Z_STREAM_ERROR if the source stream state was inconsistent ++ (such as zalloc being NULL). msg is left unchanged in both source and ++ destination. ++*/ ++ ++ZEXTERN int ZEXPORT inflateReset OF((z_streamp strm)); ++/* ++ This function is equivalent to inflateEnd followed by inflateInit, ++ but does not free and reallocate all the internal decompression state. ++ The stream will keep attributes that may have been set by inflateInit2. ++ ++ inflateReset returns Z_OK if success, or Z_STREAM_ERROR if the source ++ stream state was inconsistent (such as zalloc or state being NULL). ++*/ ++ ++/* ++ZEXTERN int ZEXPORT inflateBackInit OF((z_stream FAR *strm, int windowBits, ++ unsigned char FAR *window)); ++ ++ Initialize the internal stream state for decompression using inflateBack() ++ calls. The fields zalloc, zfree and opaque in strm must be initialized ++ before the call. If zalloc and zfree are Z_NULL, then the default library- ++ derived memory allocation routines are used. windowBits is the base two ++ logarithm of the window size, in the range 8..15. window is a caller ++ supplied buffer of that size. Except for special applications where it is ++ assured that deflate was used with small window sizes, windowBits must be 15 ++ and a 32K byte window must be supplied to be able to decompress general ++ deflate streams. ++ ++ See inflateBack() for the usage of these routines. ++ ++ inflateBackInit will return Z_OK on success, Z_STREAM_ERROR if any of ++ the paramaters are invalid, Z_MEM_ERROR if the internal state could not ++ be allocated, or Z_VERSION_ERROR if the version of the library does not ++ match the version of the header file. ++*/ ++ ++typedef unsigned (*in_func) OF((void FAR *, unsigned char FAR * FAR *)); ++typedef int (*out_func) OF((void FAR *, unsigned char FAR *, unsigned)); ++ ++ZEXTERN int ZEXPORT inflateBack OF((z_stream FAR *strm, ++ in_func in, void FAR *in_desc, ++ out_func out, void FAR *out_desc)); ++/* ++ inflateBack() does a raw inflate with a single call using a call-back ++ interface for input and output. This is more efficient than inflate() for ++ file i/o applications in that it avoids copying between the output and the ++ sliding window by simply making the window itself the output buffer. This ++ function trusts the application to not change the output buffer passed by ++ the output function, at least until inflateBack() returns. ++ ++ inflateBackInit() must be called first to allocate the internal state ++ and to initialize the state with the user-provided window buffer. ++ inflateBack() may then be used multiple times to inflate a complete, raw ++ deflate stream with each call. inflateBackEnd() is then called to free ++ the allocated state. ++ ++ A raw deflate stream is one with no zlib or gzip header or trailer. ++ This routine would normally be used in a utility that reads zip or gzip ++ files and writes out uncompressed files. The utility would decode the ++ header and process the trailer on its own, hence this routine expects ++ only the raw deflate stream to decompress. This is different from the ++ normal behavior of inflate(), which expects either a zlib or gzip header and ++ trailer around the deflate stream. ++ ++ inflateBack() uses two subroutines supplied by the caller that are then ++ called by inflateBack() for input and output. inflateBack() calls those ++ routines until it reads a complete deflate stream and writes out all of the ++ uncompressed data, or until it encounters an error. The function's ++ parameters and return types are defined above in the in_func and out_func ++ typedefs. inflateBack() will call in(in_desc, &buf) which should return the ++ number of bytes of provided input, and a pointer to that input in buf. If ++ there is no input available, in() must return zero--buf is ignored in that ++ case--and inflateBack() will return a buffer error. inflateBack() will call ++ out(out_desc, buf, len) to write the uncompressed data buf[0..len-1]. out() ++ should return zero on success, or non-zero on failure. If out() returns ++ non-zero, inflateBack() will return with an error. Neither in() nor out() ++ are permitted to change the contents of the window provided to ++ inflateBackInit(), which is also the buffer that out() uses to write from. ++ The length written by out() will be at most the window size. Any non-zero ++ amount of input may be provided by in(). ++ ++ For convenience, inflateBack() can be provided input on the first call by ++ setting strm->next_in and strm->avail_in. If that input is exhausted, then ++ in() will be called. Therefore strm->next_in must be initialized before ++ calling inflateBack(). If strm->next_in is Z_NULL, then in() will be called ++ immediately for input. If strm->next_in is not Z_NULL, then strm->avail_in ++ must also be initialized, and then if strm->avail_in is not zero, input will ++ initially be taken from strm->next_in[0 .. strm->avail_in - 1]. ++ ++ The in_desc and out_desc parameters of inflateBack() is passed as the ++ first parameter of in() and out() respectively when they are called. These ++ descriptors can be optionally used to pass any information that the caller- ++ supplied in() and out() functions need to do their job. ++ ++ On return, inflateBack() will set strm->next_in and strm->avail_in to ++ pass back any unused input that was provided by the last in() call. The ++ return values of inflateBack() can be Z_STREAM_END on success, Z_BUF_ERROR ++ if in() or out() returned an error, Z_DATA_ERROR if there was a format ++ error in the deflate stream (in which case strm->msg is set to indicate the ++ nature of the error), or Z_STREAM_ERROR if the stream was not properly ++ initialized. In the case of Z_BUF_ERROR, an input or output error can be ++ distinguished using strm->next_in which will be Z_NULL only if in() returned ++ an error. If strm->next is not Z_NULL, then the Z_BUF_ERROR was due to ++ out() returning non-zero. (in() will always be called before out(), so ++ strm->next_in is assured to be defined if out() returns non-zero.) Note ++ that inflateBack() cannot return Z_OK. ++*/ ++ ++ZEXTERN int ZEXPORT inflateBackEnd OF((z_stream FAR *strm)); ++/* ++ All memory allocated by inflateBackInit() is freed. ++ ++ inflateBackEnd() returns Z_OK on success, or Z_STREAM_ERROR if the stream ++ state was inconsistent. ++*/ ++ ++ZEXTERN uLong ZEXPORT zlibCompileFlags OF((void)); ++/* Return flags indicating compile-time options. ++ ++ Type sizes, two bits each, 00 = 16 bits, 01 = 32, 10 = 64, 11 = other: ++ 1.0: size of uInt ++ 3.2: size of uLong ++ 5.4: size of voidpf (pointer) ++ 7.6: size of z_off_t ++ ++ Compiler, assembler, and debug options: ++ 8: DEBUG ++ 9: ASMV or ASMINF -- use ASM code ++ 10: ZLIB_WINAPI -- exported functions use the WINAPI calling convention ++ 11: 0 (reserved) ++ ++ One-time table building (smaller code, but not thread-safe if true): ++ 12: BUILDFIXED -- build static block decoding tables when needed ++ 13: DYNAMIC_CRC_TABLE -- build CRC calculation tables when needed ++ 14,15: 0 (reserved) ++ ++ Library content (indicates missing functionality): ++ 16: NO_GZCOMPRESS -- gz* functions cannot compress (to avoid linking ++ deflate code when not needed) ++ 17: NO_GZIP -- deflate can't write gzip streams, and inflate can't detect ++ and decode gzip streams (to avoid linking crc code) ++ 18-19: 0 (reserved) ++ ++ Operation variations (changes in library functionality): ++ 20: PKZIP_BUG_WORKAROUND -- slightly more permissive inflate ++ 21: FASTEST -- deflate algorithm with only one, lowest compression level ++ 22,23: 0 (reserved) ++ ++ The sprintf variant used by gzprintf (zero is best): ++ 24: 0 = vs*, 1 = s* -- 1 means limited to 20 arguments after the format ++ 25: 0 = *nprintf, 1 = *printf -- 1 means gzprintf() not secure! ++ 26: 0 = returns value, 1 = void -- 1 means inferred string length returned ++ ++ Remainder: ++ 27-31: 0 (reserved) ++ */ ++ ++ ++ /* utility functions */ ++ ++/* ++ The following utility functions are implemented on top of the ++ basic stream-oriented functions. To simplify the interface, some ++ default options are assumed (compression level and memory usage, ++ standard memory allocation functions). The source code of these ++ utility functions can easily be modified if you need special options. ++*/ ++ ++ZEXTERN int ZEXPORT compress OF((Bytef *dest, uLongf *destLen, ++ const Bytef *source, uLong sourceLen)); ++/* ++ Compresses the source buffer into the destination buffer. sourceLen is ++ the byte length of the source buffer. Upon entry, destLen is the total ++ size of the destination buffer, which must be at least the value returned ++ by compressBound(sourceLen). Upon exit, destLen is the actual size of the ++ compressed buffer. ++ This function can be used to compress a whole file at once if the ++ input file is mmap'ed. ++ compress returns Z_OK if success, Z_MEM_ERROR if there was not ++ enough memory, Z_BUF_ERROR if there was not enough room in the output ++ buffer. ++*/ ++ ++ZEXTERN int ZEXPORT compress2 OF((Bytef *dest, uLongf *destLen, ++ const Bytef *source, uLong sourceLen, ++ int level)); ++/* ++ Compresses the source buffer into the destination buffer. The level ++ parameter has the same meaning as in deflateInit. sourceLen is the byte ++ length of the source buffer. Upon entry, destLen is the total size of the ++ destination buffer, which must be at least the value returned by ++ compressBound(sourceLen). Upon exit, destLen is the actual size of the ++ compressed buffer. ++ ++ compress2 returns Z_OK if success, Z_MEM_ERROR if there was not enough ++ memory, Z_BUF_ERROR if there was not enough room in the output buffer, ++ Z_STREAM_ERROR if the level parameter is invalid. ++*/ ++ ++ZEXTERN uLong ZEXPORT compressBound OF((uLong sourceLen)); ++/* ++ compressBound() returns an upper bound on the compressed size after ++ compress() or compress2() on sourceLen bytes. It would be used before ++ a compress() or compress2() call to allocate the destination buffer. ++*/ ++ ++ZEXTERN int ZEXPORT uncompress OF((Bytef *dest, uLongf *destLen, ++ const Bytef *source, uLong sourceLen)); ++/* ++ Decompresses the source buffer into the destination buffer. sourceLen is ++ the byte length of the source buffer. Upon entry, destLen is the total ++ size of the destination buffer, which must be large enough to hold the ++ entire uncompressed data. (The size of the uncompressed data must have ++ been saved previously by the compressor and transmitted to the decompressor ++ by some mechanism outside the scope of this compression library.) ++ Upon exit, destLen is the actual size of the compressed buffer. ++ This function can be used to decompress a whole file at once if the ++ input file is mmap'ed. ++ ++ uncompress returns Z_OK if success, Z_MEM_ERROR if there was not ++ enough memory, Z_BUF_ERROR if there was not enough room in the output ++ buffer, or Z_DATA_ERROR if the input data was corrupted or incomplete. ++*/ ++ ++ ++typedef voidp gzFile; ++ ++ZEXTERN gzFile ZEXPORT gzopen OF((const char *path, const char *mode)); ++/* ++ Opens a gzip (.gz) file for reading or writing. The mode parameter ++ is as in fopen ("rb" or "wb") but can also include a compression level ++ ("wb9") or a strategy: 'f' for filtered data as in "wb6f", 'h' for ++ Huffman only compression as in "wb1h", or 'R' for run-length encoding ++ as in "wb1R". (See the description of deflateInit2 for more information ++ about the strategy parameter.) ++ ++ gzopen can be used to read a file which is not in gzip format; in this ++ case gzread will directly read from the file without decompression. ++ ++ gzopen returns NULL if the file could not be opened or if there was ++ insufficient memory to allocate the (de)compression state; errno ++ can be checked to distinguish the two cases (if errno is zero, the ++ zlib error is Z_MEM_ERROR). */ ++ ++ZEXTERN gzFile ZEXPORT gzdopen OF((int fd, const char *mode)); ++/* ++ gzdopen() associates a gzFile with the file descriptor fd. File ++ descriptors are obtained from calls like open, dup, creat, pipe or ++ fileno (in the file has been previously opened with fopen). ++ The mode parameter is as in gzopen. ++ The next call of gzclose on the returned gzFile will also close the ++ file descriptor fd, just like fclose(fdopen(fd), mode) closes the file ++ descriptor fd. If you want to keep fd open, use gzdopen(dup(fd), mode). ++ gzdopen returns NULL if there was insufficient memory to allocate ++ the (de)compression state. ++*/ ++ ++ZEXTERN int ZEXPORT gzsetparams OF((gzFile file, int level, int strategy)); ++/* ++ Dynamically update the compression level or strategy. See the description ++ of deflateInit2 for the meaning of these parameters. ++ gzsetparams returns Z_OK if success, or Z_STREAM_ERROR if the file was not ++ opened for writing. ++*/ ++ ++ZEXTERN int ZEXPORT gzread OF((gzFile file, voidp buf, unsigned len)); ++/* ++ Reads the given number of uncompressed bytes from the compressed file. ++ If the input file was not in gzip format, gzread copies the given number ++ of bytes into the buffer. ++ gzread returns the number of uncompressed bytes actually read (0 for ++ end of file, -1 for error). */ ++ ++ZEXTERN int ZEXPORT gzwrite OF((gzFile file, ++ voidpc buf, unsigned len)); ++/* ++ Writes the given number of uncompressed bytes into the compressed file. ++ gzwrite returns the number of uncompressed bytes actually written ++ (0 in case of error). ++*/ ++ ++ZEXTERN int ZEXPORTVA gzprintf OF((gzFile file, const char *format, ...)); ++/* ++ Converts, formats, and writes the args to the compressed file under ++ control of the format string, as in fprintf. gzprintf returns the number of ++ uncompressed bytes actually written (0 in case of error). The number of ++ uncompressed bytes written is limited to 4095. The caller should assure that ++ this limit is not exceeded. If it is exceeded, then gzprintf() will return ++ return an error (0) with nothing written. In this case, there may also be a ++ buffer overflow with unpredictable consequences, which is possible only if ++ zlib was compiled with the insecure functions sprintf() or vsprintf() ++ because the secure snprintf() or vsnprintf() functions were not available. ++*/ ++ ++ZEXTERN int ZEXPORT gzputs OF((gzFile file, const char *s)); ++/* ++ Writes the given null-terminated string to the compressed file, excluding ++ the terminating null character. ++ gzputs returns the number of characters written, or -1 in case of error. ++*/ ++ ++ZEXTERN char * ZEXPORT gzgets OF((gzFile file, char *buf, int len)); ++/* ++ Reads bytes from the compressed file until len-1 characters are read, or ++ a newline character is read and transferred to buf, or an end-of-file ++ condition is encountered. The string is then terminated with a null ++ character. ++ gzgets returns buf, or Z_NULL in case of error. ++*/ ++ ++ZEXTERN int ZEXPORT gzputc OF((gzFile file, int c)); ++/* ++ Writes c, converted to an unsigned char, into the compressed file. ++ gzputc returns the value that was written, or -1 in case of error. ++*/ ++ ++ZEXTERN int ZEXPORT gzgetc OF((gzFile file)); ++/* ++ Reads one byte from the compressed file. gzgetc returns this byte ++ or -1 in case of end of file or error. ++*/ ++ ++ZEXTERN int ZEXPORT gzungetc OF((int c, gzFile file)); ++/* ++ Push one character back onto the stream to be read again later. ++ Only one character of push-back is allowed. gzungetc() returns the ++ character pushed, or -1 on failure. gzungetc() will fail if a ++ character has been pushed but not read yet, or if c is -1. The pushed ++ character will be discarded if the stream is repositioned with gzseek() ++ or gzrewind(). ++*/ ++ ++ZEXTERN int ZEXPORT gzflush OF((gzFile file, int flush)); ++/* ++ Flushes all pending output into the compressed file. The parameter ++ flush is as in the deflate() function. The return value is the zlib ++ error number (see function gzerror below). gzflush returns Z_OK if ++ the flush parameter is Z_FINISH and all output could be flushed. ++ gzflush should be called only when strictly necessary because it can ++ degrade compression. ++*/ ++ ++ZEXTERN z_off_t ZEXPORT gzseek OF((gzFile file, ++ z_off_t offset, int whence)); ++/* ++ Sets the starting position for the next gzread or gzwrite on the ++ given compressed file. The offset represents a number of bytes in the ++ uncompressed data stream. The whence parameter is defined as in lseek(2); ++ the value SEEK_END is not supported. ++ If the file is opened for reading, this function is emulated but can be ++ extremely slow. If the file is opened for writing, only forward seeks are ++ supported; gzseek then compresses a sequence of zeroes up to the new ++ starting position. ++ ++ gzseek returns the resulting offset location as measured in bytes from ++ the beginning of the uncompressed stream, or -1 in case of error, in ++ particular if the file is opened for writing and the new starting position ++ would be before the current position. ++*/ ++ ++ZEXTERN int ZEXPORT gzrewind OF((gzFile file)); ++/* ++ Rewinds the given file. This function is supported only for reading. ++ ++ gzrewind(file) is equivalent to (int)gzseek(file, 0L, SEEK_SET) ++*/ ++ ++ZEXTERN z_off_t ZEXPORT gztell OF((gzFile file)); ++/* ++ Returns the starting position for the next gzread or gzwrite on the ++ given compressed file. This position represents a number of bytes in the ++ uncompressed data stream. ++ ++ gztell(file) is equivalent to gzseek(file, 0L, SEEK_CUR) ++*/ ++ ++ZEXTERN int ZEXPORT gzeof OF((gzFile file)); ++/* ++ Returns 1 when EOF has previously been detected reading the given ++ input stream, otherwise zero. ++*/ ++ ++ZEXTERN int ZEXPORT gzclose OF((gzFile file)); ++/* ++ Flushes all pending output if necessary, closes the compressed file ++ and deallocates all the (de)compression state. The return value is the zlib ++ error number (see function gzerror below). ++*/ ++ ++ZEXTERN const char * ZEXPORT gzerror OF((gzFile file, int *errnum)); ++/* ++ Returns the error message for the last error which occurred on the ++ given compressed file. errnum is set to zlib error number. If an ++ error occurred in the file system and not in the compression library, ++ errnum is set to Z_ERRNO and the application may consult errno ++ to get the exact error code. ++*/ ++ ++ZEXTERN void ZEXPORT gzclearerr OF((gzFile file)); ++/* ++ Clears the error and end-of-file flags for file. This is analogous to the ++ clearerr() function in stdio. This is useful for continuing to read a gzip ++ file that is being written concurrently. ++*/ ++ ++ /* checksum functions */ ++ ++/* ++ These functions are not related to compression but are exported ++ anyway because they might be useful in applications using the ++ compression library. ++*/ ++ ++ZEXTERN uLong ZEXPORT adler32 OF((uLong adler, const Bytef *buf, uInt len)); ++ ++/* ++ Update a running Adler-32 checksum with the bytes buf[0..len-1] and ++ return the updated checksum. If buf is NULL, this function returns ++ the required initial value for the checksum. ++ An Adler-32 checksum is almost as reliable as a CRC32 but can be computed ++ much faster. Usage example: ++ ++ uLong adler = adler32(0L, Z_NULL, 0); ++ ++ while (read_buffer(buffer, length) != EOF) { ++ adler = adler32(adler, buffer, length); ++ } ++ if (adler != original_adler) error(); ++*/ ++ ++ZEXTERN uLong ZEXPORT crc32 OF((uLong crc, const Bytef *buf, uInt len)); ++/* ++ Update a running crc with the bytes buf[0..len-1] and return the updated ++ crc. If buf is NULL, this function returns the required initial value ++ for the crc. Pre- and post-conditioning (one's complement) is performed ++ within this function so it shouldn't be done by the application. ++ Usage example: ++ ++ uLong crc = crc32(0L, Z_NULL, 0); ++ ++ while (read_buffer(buffer, length) != EOF) { ++ crc = crc32(crc, buffer, length); ++ } ++ if (crc != original_crc) error(); ++*/ ++ ++ ++ /* various hacks, don't look :) */ ++ ++/* deflateInit and inflateInit are macros to allow checking the zlib version ++ * and the compiler's view of z_stream: ++ */ ++ZEXTERN int ZEXPORT deflateInit_ OF((z_streamp strm, int level, ++ const char *version, int stream_size)); ++ZEXTERN int ZEXPORT inflateInit_ OF((z_streamp strm, ++ const char *version, int stream_size)); ++ZEXTERN int ZEXPORT deflateInit2_ OF((z_streamp strm, int level, int method, ++ int windowBits, int memLevel, ++ int strategy, const char *version, ++ int stream_size)); ++ZEXTERN int ZEXPORT inflateInit2_ OF((z_streamp strm, int windowBits, ++ const char *version, int stream_size)); ++ZEXTERN int ZEXPORT inflateBackInit_ OF((z_stream FAR *strm, int windowBits, ++ unsigned char FAR *window, ++ const char *version, ++ int stream_size)); ++#define deflateInit(strm, level) \ ++ deflateInit_((strm), (level), ZLIB_VERSION, sizeof(z_stream)) ++#define inflateInit(strm) \ ++ inflateInit_((strm), ZLIB_VERSION, sizeof(z_stream)) ++#define deflateInit2(strm, level, method, windowBits, memLevel, strategy) \ ++ deflateInit2_((strm),(level),(method),(windowBits),(memLevel),\ ++ (strategy), ZLIB_VERSION, sizeof(z_stream)) ++#define inflateInit2(strm, windowBits) \ ++ inflateInit2_((strm), (windowBits), ZLIB_VERSION, sizeof(z_stream)) ++#define inflateBackInit(strm, windowBits, window) \ ++ inflateBackInit_((strm), (windowBits), (window), \ ++ ZLIB_VERSION, sizeof(z_stream)) ++ ++ ++#if !defined(ZUTIL_H) && !defined(NO_DUMMY_DECL) ++ struct internal_state {int dummy;}; /* hack for buggy compilers */ ++#endif ++ ++ZEXTERN const char * ZEXPORT zError OF((int err)); ++ZEXTERN int ZEXPORT inflateSyncPoint OF((z_streamp z)); ++ZEXTERN const uLongf * ZEXPORT get_crc_table OF((void)); ++ ++#ifdef __cplusplus ++} ++#endif ++ ++#endif /* ZLIB_H */ --- php5-5.1.2.orig/debian/patches/MOPB-34.patch +++ php5-5.1.2/debian/patches/MOPB-34.patch @@ -0,0 +1,28 @@ +diff -uNrp php5-5.1.6-unpatched/ext/mbstring/mbstring.c php5-5.1.6/ext/mbstring/mbstring.c +--- php5-5.1.6-unpatched/ext/mbstring/mbstring.c 2006-05-11 07:47:34.000000000 -0700 ++++ php5-5.1.6/ext/mbstring/mbstring.c 2007-04-23 16:27:52.000000000 -0700 +@@ -2849,8 +2849,8 @@ PHP_FUNCTION(mb_decode_numericentity) + + #define SKIP_LONG_HEADER_SEP_MBSTRING(str, pos) \ + if (str[pos] == '\r' && str[pos + 1] == '\n' && (str[pos + 2] == ' ' || str[pos + 2] == '\t')) { \ +- pos += 3; \ +- while (str[pos] == ' ' || str[pos] == '\t') { \ ++ pos += 2; \ ++ while (str[pos + 1] == ' ' || str[pos + 1] == '\t') { \ + pos++; \ + } \ + continue; \ +diff -uNrp php5-5.1.6-unpatched/ext/standard/mail.c php5-5.1.6/ext/standard/mail.c +--- php5-5.1.6-unpatched/ext/standard/mail.c 2006-01-01 04:50:15.000000000 -0800 ++++ php5-5.1.6/ext/standard/mail.c 2007-04-23 16:27:52.000000000 -0700 +@@ -48,8 +48,8 @@ + + #define SKIP_LONG_HEADER_SEP(str, pos) \ + if (str[pos] == '\r' && str[pos + 1] == '\n' && (str[pos + 2] == ' ' || str[pos + 2] == '\t')) { \ +- pos += 3; \ +- while (str[pos] == ' ' || str[pos] == '\t') { \ ++ pos += 2; \ ++ while (str[pos + 1] == ' ' || str[pos + 1] == '\t') { \ + pos++; \ + } \ + continue; \ --- php5-5.1.2.orig/debian/patches/CVE-2007-0908.patch +++ php5-5.1.2/debian/patches/CVE-2007-0908.patch @@ -0,0 +1,30 @@ +diff -Nurp orig/ext/wddx/wddx.c new/ext/wddx/wddx.c +--- orig/ext/wddx/wddx.c 2007-02-21 08:52:27.000000000 +0100 ++++ new/ext/wddx/wddx.c 2007-02-21 08:52:53.000000000 +0100 +@@ -284,7 +284,7 @@ PS_SERIALIZER_DECODE_FUNC(wddx) + + switch (hash_type) { + case HASH_KEY_IS_LONG: +- sprintf(tmp, "%ld", idx); ++ key_length = sprintf(tmp, "%ld", idx) + 1; + key = tmp; + /* fallthru */ + case HASH_KEY_IS_STRING: +@@ -479,7 +479,7 @@ static void php_wddx_serialize_object(wd + PHP_SET_CLASS_ATTRIBUTES(obj); + + php_wddx_add_chunk_static(packet, WDDX_STRUCT_S); +- sprintf(tmp_buf, WDDX_VAR_S, PHP_CLASS_NAME_VAR); ++ snprintf(tmp_buf, WDDX_BUF_LEN, WDDX_VAR_S, PHP_CLASS_NAME_VAR); + php_wddx_add_chunk(packet, tmp_buf); + php_wddx_add_chunk_static(packet, WDDX_STRING_S); + php_wddx_add_chunk_ex(packet, class_name, name_len); +@@ -511,7 +511,7 @@ static void php_wddx_serialize_object(wd + PHP_SET_CLASS_ATTRIBUTES(obj); + + php_wddx_add_chunk_static(packet, WDDX_STRUCT_S); +- sprintf(tmp_buf, WDDX_VAR_S, PHP_CLASS_NAME_VAR); ++ snprintf(tmp_buf, WDDX_BUF_LEN, WDDX_VAR_S, PHP_CLASS_NAME_VAR); + php_wddx_add_chunk(packet, tmp_buf); + php_wddx_add_chunk_static(packet, WDDX_STRING_S); + php_wddx_add_chunk_ex(packet, class_name, name_len); --- php5-5.1.2.orig/debian/patches/CVE-2009-3557.patch +++ php5-5.1.2/debian/patches/CVE-2009-3557.patch @@ -0,0 +1,17 @@ +Description: fix safe_mode bypass via tempam function +upstream, Origin: http://svn.php.net/viewvc?view=revision&revision=288945 + +diff -Naur php5-5.1.2.ori/ext/standard/file.c php5-5.1.2/ext/standard/file.c +--- php5-5.1.2.ori/ext/standard/file.c 2009-11-25 15:29:14.000000000 -0500 ++++ php5-5.1.2/ext/standard/file.c 2009-11-25 15:32:18.000000000 -0500 +@@ -783,6 +783,10 @@ + convert_to_string_ex(arg1); + convert_to_string_ex(arg2); + ++ if (PG(safe_mode) &&(!php_checkuid(Z_STRVAL_PP(arg1), NULL, CHECKUID_ALLOW_ONLY_DIR))) { ++ RETURN_FALSE; ++ } ++ + if (php_check_open_basedir(Z_STRVAL_PP(arg1) TSRMLS_CC)) { + RETURN_FALSE; + } --- php5-5.1.2.orig/debian/patches/CVE-2006-3017.patch +++ php5-5.1.2/debian/patches/CVE-2006-3017.patch @@ -0,0 +1,23 @@ +diff -Nurp orig/Zend/zend_hash.c new/Zend/zend_hash.c +--- orig/Zend/zend_hash.c 2006-07-18 17:16:52.000000000 +0000 ++++ new/Zend/zend_hash.c 2006-07-18 17:19:06.000000000 +0000 +@@ -455,14 +455,17 @@ ZEND_API int zend_hash_del_key_or_index( + IS_CONSISTENT(ht); + + if (flag == HASH_DEL_KEY) { ++ HANDLE_NUMERIC(arKey, nKeyLength, zend_hash_del_key_or_index(ht, NULL, 0, idx, HASH_DEL_INDEX)); + h = zend_inline_hash_func(arKey, nKeyLength); + } + nIndex = h & ht->nTableMask; + + p = ht->arBuckets[nIndex]; + while (p != NULL) { +- if ((p->h == h) && ((p->nKeyLength == 0) || /* Numeric index */ +- ((p->nKeyLength == nKeyLength) && (!memcmp(p->arKey, arKey, nKeyLength))))) { ++ if ((p->h == h) ++ && (p->nKeyLength == nKeyLength) ++ && ((p->nKeyLength == 0) /* Numeric index (short circuits the memcmp() check) */ ++ || !memcmp(p->arKey, arKey, nKeyLength))) { /* String index */ + HANDLE_BLOCK_INTERRUPTIONS(); + if (p == ht->arBuckets[nIndex]) { + ht->arBuckets[nIndex] = p->pNext; --- php5-5.1.2.orig/debian/patches/203-openssl_make_REQ-overflow.patch +++ php5-5.1.2/debian/patches/203-openssl_make_REQ-overflow.patch @@ -0,0 +1,24 @@ +Index: php5-5.2.3/ext/openssl/openssl.c +=================================================================== +--- php5-5.2.3.orig/ext/openssl/openssl.c 2007-10-18 19:14:01.000000000 -0700 ++++ php5-5.2.3/ext/openssl/openssl.c 2007-10-19 13:05:47.000000000 -0700 +@@ -1710,7 +1710,7 @@ + /* Finally apply defaults from config file */ + for(i = 0; i < sk_CONF_VALUE_num(dn_sk); i++) { + int len; +- char buffer[200]; ++ char buffer[200 + 1]; /*200 + \0 !*/ + + v = sk_CONF_VALUE_value(dn_sk, i); + type = v->name; +@@ -1723,7 +1723,9 @@ + if (strcmp("_default", type + len) != 0) { + continue; + } +- ++ if (len > 200) { ++ len = 200; ++ } + memcpy(buffer, type, len); + buffer[len] = '\0'; + type = buffer; --- php5-5.1.2.orig/debian/patches/201-strspn-oob-read.patch +++ php5-5.1.2/debian/patches/201-strspn-oob-read.patch @@ -0,0 +1,20 @@ +Index: php5-5.2.3/ext/standard/string.c +=================================================================== +--- php5-5.2.3.orig/ext/standard/string.c 2007-10-18 18:54:54.000000000 -0700 ++++ php5-5.2.3/ext/standard/string.c 2007-10-19 13:28:00.000000000 -0700 +@@ -237,10 +237,14 @@ static void php_spn_common_handler(INTER + } + } + +- if (((unsigned) start + (unsigned) len) > len1) { ++ if (len > len1 - start) { + len = len1 - start; + } + ++ if (len == 0) { ++ RETURN_LONG(0); ++ } ++ + if (behavior == STR_STRSPN) { + RETURN_LONG(php_strspn(s11 + start /*str1_start*/, + s22 /*str2_start*/, --- php5-5.1.2.orig/debian/patches/CVE-2006-1490.patch +++ php5-5.1.2/debian/patches/CVE-2006-1490.patch @@ -0,0 +1,12 @@ +diff -Nurp orig/ext/standard/html.c new/ext/standard/html.c +--- orig/ext/standard/html.c 2006-07-18 16:43:12.000000000 +0000 ++++ new/ext/standard/html.c 2006-07-18 16:44:10.000000000 +0000 +@@ -884,7 +884,7 @@ PHPAPI char *php_unescape_html_entities( + unsigned char replacement[15]; + int replacement_len; + +- ret = estrdup(old); ++ ret = estrndup(old, oldlen); + retlen = oldlen; + if (!retlen) { + goto empty_source; --- php5-5.1.2.orig/debian/patches/222_SECURITY_CVE-2008-3659.patch +++ php5-5.1.2/debian/patches/222_SECURITY_CVE-2008-3659.patch @@ -0,0 +1,40 @@ +# +# Description: fix denial of service and possible arbitrary code execution +# via the delimiter argument to the explode function +# Ubuntu: https://bugs.launchpad.net/ubuntu/+source/php5/+bug/286851 +# Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=499988 +# Patch: http://cvs.php.net/viewvc.cgi/ZendEngine2/zend_operators.h?r1=1.94.2.4.2.11&r2=1.94.2.4.2.12&view=patch +# Patch: http://cvs.php.net/viewvc.cgi/php-src/ext/standard/tests/strings/explode_bug.phpt?hideattic=1&r1=1.1&r2=1.1.2.1 +# +diff -Naur php5-5.1.2.ori/ext/standard/tests/strings/explode_bug.phpt php5-5.1.2/ext/standard/tests/strings/explode_bug.phpt +--- php5-5.1.2.ori/ext/standard/tests/strings/explode_bug.phpt 1969-12-31 19:00:00.000000000 -0500 ++++ php5-5.1.2/ext/standard/tests/strings/explode_bug.phpt 2009-01-28 10:12:43.000000000 -0500 +@@ -0,0 +1,15 @@ ++--TEST-- ++Explode/memnstr bug ++--INI-- ++error_reporting=2047 ++memory_limit=256M ++--FILE-- ++ ++--EXPECTF-- ++array(1) { ++ [0]=> ++ string(1) "1" ++} +diff -Naur php5-5.1.2.ori/Zend/zend_operators.h php5-5.1.2/Zend/zend_operators.h +--- php5-5.1.2.ori/Zend/zend_operators.h 2006-01-04 18:53:04.000000000 -0500 ++++ php5-5.1.2/Zend/zend_operators.h 2009-01-28 10:12:43.000000000 -0500 +@@ -140,6 +140,9 @@ + char *p = haystack; + char ne = needle[needle_len-1]; + ++ if(needle_len > end-haystack) { ++ return NULL; ++ } + end -= needle_len; + + while (p <= end) { --- php5-5.1.2.orig/debian/patches/CVE-2007-0906_string.patch +++ php5-5.1.2/debian/patches/CVE-2007-0906_string.patch @@ -0,0 +1,12 @@ +diff -Nurp orig/ext/standard/string.c new/ext/standard/string.c +--- orig/ext/standard/string.c 2007-02-21 08:44:35.000000000 +0100 ++++ new/ext/standard/string.c 2007-02-21 08:45:14.000000000 +0100 +@@ -3044,7 +3044,7 @@ PHPAPI int php_char_to_str_ex(char *str, + } + + Z_STRLEN_P(result) = len + (char_count * (to_len - 1)); +- Z_STRVAL_P(result) = target = emalloc(Z_STRLEN_P(result) + 1); ++ Z_STRVAL_P(result) = target = safe_emalloc(char_count, to_len, len + 1); + Z_TYPE_P(result) = IS_STRING; + + for (source = str; source < source_end; source++) { --- php5-5.1.2.orig/debian/patches/MOPB-22.patch +++ php5-5.1.2/debian/patches/MOPB-22.patch @@ -0,0 +1,11 @@ +diff -uNrp php5-5.1.6-unpatched/ext/session/session.c php5-5.1.6/ext/session/session.c +--- php5-5.1.6-unpatched/ext/session/session.c 2007-04-23 16:12:26.000000000 -0700 ++++ php5-5.1.6/ext/session/session.c 2007-04-23 16:19:15.000000000 -0700 +@@ -1514,6 +1514,7 @@ PHP_FUNCTION(session_regenerate_id) + RETURN_FALSE; + } + efree(PS(id)); ++ PS(id) = NULL; + } + + PS(id) = PS(mod)->s_create_sid(&PS(mod_data), NULL TSRMLS_CC); --- php5-5.1.2.orig/debian/patches/CVE-2007-0906_session.patch +++ php5-5.1.2/debian/patches/CVE-2007-0906_session.patch @@ -0,0 +1,15 @@ +diff -Nurp orig/ext/session/session.c new/ext/session/session.c +--- orig/ext/session/session.c 2007-02-21 08:40:31.000000000 +0100 ++++ new/ext/session/session.c 2007-02-21 08:41:11.000000000 +0100 +@@ -433,6 +433,11 @@ PS_SERIALIZER_DECODE_FUNC(php_binary) + + for (p = val; p < endptr; ) { + namelen = *p & (~PS_BIN_UNDEF); ++ ++ if (namelen > PS_BIN_MAX || (p + namelen) >= endptr) { ++ return FAILURE; ++ } ++ + has_value = *p & PS_BIN_UNDEF ? 0 : 1; + + name = estrndup(p + 1, namelen); --- php5-5.1.2.orig/debian/patches/004-ldap_fix.patch +++ php5-5.1.2/debian/patches/004-ldap_fix.patch @@ -0,0 +1,21 @@ +--- php4-4.3.4.orig/ext/ldap/ldap.c ++++ php4-4.3.4/ext/ldap/ldap.c +@@ -1356,7 +1356,7 @@ + } + + i=0; +- while (ldap_value[i] != NULL) i++; ++ while (ldap_value && ldap_value[i] != NULL) i++; + count = i; + + array_init(return_value); +@@ -1366,7 +1366,8 @@ + add_index_string(return_value, i, ldap_value[i], 1); + } + +- ldap_value_free(ldap_value); ++ if (ldap_value) ++ ldap_value_free(ldap_value); + } + /* }}} */ + --- php5-5.1.2.orig/debian/patches/CVE-2007-0909_odbc.patch +++ php5-5.1.2/debian/patches/CVE-2007-0909_odbc.patch @@ -0,0 +1,50 @@ +diff -Nurp orig/ext/odbc/php_odbc.c new/ext/odbc/php_odbc.c +--- orig/ext/odbc/php_odbc.c 2007-02-21 08:58:37.000000000 +0100 ++++ new/ext/odbc/php_odbc.c 2007-02-21 08:59:13.000000000 +0100 +@@ -1991,12 +1991,12 @@ PHP_FUNCTION(odbc_result_all) + RETURN_FALSE; + } + if (rc == SQL_SUCCESS_WITH_INFO) +- php_printf(buf,result->longreadlen); ++ PHPWRITE(buf, result->longreadlen); + else if (result->values[i].vallen == SQL_NULL_DATA) { + php_printf("NULL"); + break; + } else { +- php_printf(buf, result->values[i].vallen); ++ PHPWRITE(buf, result->values[i].vallen); + } + php_printf(""); + break; +@@ -2097,23 +2097,23 @@ int odbc_sqlconnect(odbc_connection **co + if (strstr(db, "pwd") || strstr(db, "PWD")) { + pwd = NULL; + } +- strncpy( lpszConnStr, db, CONNSTRSIZE); ++ strlcpy( lpszConnStr, db, CONNSTRSIZE); + } + else { + strcpy(lpszConnStr, "DSN="); +- strcat(lpszConnStr, db); ++ strlcat(lpszConnStr, db, CONNSTRSIZE); + } + if (uid) { + if (uid[0]) { +- strcat(lpszConnStr, ";UID="); +- strcat(lpszConnStr, uid); +- strcat(lpszConnStr, ";"); ++ strlcat(lpszConnStr, ";UID=", CONNSTRSIZE); ++ strlcat(lpszConnStr, uid, CONNSTRSIZE); ++ strlcat(lpszConnStr, ";", CONNSTRSIZE); + } + if (pwd) { + if (pwd[0]) { +- strcat(lpszConnStr, "PWD="); +- strcat(lpszConnStr, pwd); +- strcat(lpszConnStr, ";"); ++ strlcat(lpszConnStr, "PWD=", CONNSTRSIZE); ++ strlcat(lpszConnStr, pwd, CONNSTRSIZE); ++ strlcat(lpszConnStr, ";", CONNSTRSIZE); + } + } + } --- php5-5.1.2.orig/debian/patches/CVE-2007-0906_imap.patch +++ php5-5.1.2/debian/patches/CVE-2007-0906_imap.patch @@ -0,0 +1,149 @@ +diff -Nurp orig/ext/imap/php_imap.c new/ext/imap/php_imap.c +--- orig/ext/imap/php_imap.c 2007-02-21 08:35:44.000000000 +0100 ++++ new/ext/imap/php_imap.c 2007-02-21 08:37:15.000000000 +0100 +@@ -1152,13 +1152,13 @@ PHP_FUNCTION(imap_headers) + if ((i = cache->user_flags)) { + strcat(tmp, "{"); + while (i) { +- strcat(tmp, imap_le_struct->imap_stream->user_flags[find_rightmost_bit (&i)]); +- if (i) strcat(tmp, " "); ++ strlcat(tmp, imap_le_struct->imap_stream->user_flags[find_rightmost_bit (&i)], sizeof(tmp)); ++ if (i) strlcat(tmp, " ", sizeof(tmp)); + } +- strcat(tmp, "} "); ++ strlcat(tmp, "} ", sizeof(tmp)); + } + mail_fetchsubject(t = tmp + strlen(tmp), imap_le_struct->imap_stream, msgno, (long)25); +- sprintf(t += strlen(t), " (%ld chars)", cache->rfc822_size); ++ snprintf(t += strlen(t), sizeof(tmp) - strlen(tmp), " (%ld chars)", cache->rfc822_size); + add_next_index_string(return_value, tmp, 1); + } + } +@@ -2915,7 +2915,7 @@ PHP_FUNCTION(imap_mail_compose) + BODY *bod=NULL, *topbod=NULL; + PART *mypart=NULL, *part; + PARAMETER *param, *disp_param = NULL, *custom_headers_param = NULL, *tmp_param = NULL; +- char tmp[8 * MAILTMPLEN], *mystring=NULL, *t=NULL, *tempstring=NULL; ++ char tmp[SENDBUFLEN + 1], *mystring=NULL, *t=NULL, *tempstring=NULL; + int toppart = 0; + + if (ZEND_NUM_ARGS() != 2 || zend_get_parameters_ex(2, &envelope, &body) == FAILURE) { +@@ -3216,8 +3216,8 @@ PHP_FUNCTION(imap_mail_compose) + goto done; + } + +- rfc822_encode_body_7bit(env, topbod); +- rfc822_header (tmp, env, topbod); ++ rfc822_encode_body_7bit(env, topbod); ++ rfc822_header(tmp, env, topbod); + + /* add custom envelope headers */ + if (custom_headers_param) { +@@ -3266,43 +3266,42 @@ PHP_FUNCTION(imap_mail_compose) + /* yucky default */ + if (!cookie) { + cookie = "-"; ++ } else if (strlen(cookie) > (sizeof(tmp) - 2 - 2)) { /* validate cookie length -- + CRLF */ ++ php_error_docref(NULL TSRMLS_CC, E_WARNING, "The boudary should be no longer then 4kb"); ++ RETVAL_FALSE; ++ goto done; + } + + /* for each part */ + do { + t=tmp; + /* build cookie */ +- sprintf (t, "--%s%s", cookie, CRLF); ++ sprintf(t, "--%s%s", cookie, CRLF); + + /* append mini-header */ + rfc822_write_body_header(&t, &part->body); + + /* write terminating blank line */ +- strcat (t, CRLF); ++ strcat(t, CRLF); + + /* output cookie, mini-header, and contents */ +- tempstring=emalloc(strlen(mystring)+strlen(tmp)+1); +- sprintf(tempstring, "%s%s", mystring, tmp); ++ spprintf(&tempstring, 0, "%s%s", mystring, tmp); + efree(mystring); + mystring=tempstring; + + bod=&part->body; + +- tempstring=emalloc(strlen(bod->contents.text.data)+strlen(CRLF)+strlen(mystring)+1); +- sprintf(tempstring, "%s%s%s", mystring, bod->contents.text.data, CRLF); ++ spprintf(&tempstring, 0, "%s%s%s", mystring, bod->contents.text.data, CRLF); + efree(mystring); + mystring=tempstring; + } while ((part = part->next)); /* until done */ + + /* output trailing cookie */ +- sprintf(tmp, "--%s--", cookie); +- tempstring=emalloc(strlen(tmp)+strlen(CRLF)+strlen(mystring)+1); +- sprintf(tempstring, "%s%s%s", mystring, tmp, CRLF); ++ spprintf(&tempstring, 0, "%s--%s--%s", mystring, tmp, CRLF); + efree(mystring); + mystring=tempstring; + } else if (bod) { +- tempstring = emalloc(strlen(bod->contents.text.data)+strlen(CRLF)+strlen(mystring)+1); +- sprintf(tempstring, "%s%s%s", mystring, bod->contents.text.data, CRLF); ++ spprintf(&tempstring, 0, "%s%s%s", mystring, bod->contents.text.data, CRLF); + efree(mystring); + mystring=tempstring; + } else { +@@ -3350,14 +3349,14 @@ int _php_imap_mail(char *to, char *subje + #define PHP_IMAP_CLEAN if (bufferTo) efree(bufferTo); if (bufferCc) efree(bufferCc); if (bufferBcc) efree(bufferBcc); if (bufferHeader) efree(bufferHeader); + #define PHP_IMAP_BAD_DEST PHP_IMAP_CLEAN; efree(tempMailTo); return (BAD_MSG_DESTINATION); + +- bufferHeader = (char *)emalloc(bufferLen); ++ bufferHeader = (char *)emalloc(bufferLen + 1); + memset(bufferHeader, 0, bufferLen); + if (to && *to) { +- strcat(bufferHeader, "To: "); +- strcat(bufferHeader, to); +- strcat(bufferHeader, "\r\n"); ++ strlcat(bufferHeader, "To: ", bufferLen + 1); ++ strlcat(bufferHeader, to, bufferLen + 1); ++ strlcat(bufferHeader, "\r\n", bufferLen + 1); + tempMailTo = estrdup(to); +- bufferTo = (char *)emalloc(strlen(to)); ++ bufferTo = (char *)emalloc(strlen(to) + 1); + offset = 0; + addr = NULL; + rfc822_parse_adrlist(&addr, tempMailTo, NULL); +@@ -3376,11 +3375,11 @@ int _php_imap_mail(char *to, char *subje + } + + if (cc && *cc) { +- strcat(bufferHeader, "Cc: "); +- strcat(bufferHeader, cc); +- strcat(bufferHeader, "\r\n"); ++ strlcat(bufferHeader, "Cc: ", bufferLen + 1); ++ strlcat(bufferHeader, cc, bufferLen + 1); ++ strlcat(bufferHeader, "\r\n", bufferLen + 1); + tempMailTo = estrdup(cc); +- bufferCc = (char *)emalloc(strlen(cc)); ++ bufferCc = (char *)emalloc(strlen(cc) + 1); + offset = 0; + addr = NULL; + rfc822_parse_adrlist(&addr, tempMailTo, NULL); +@@ -3400,7 +3399,7 @@ int _php_imap_mail(char *to, char *subje + + if (bcc && *bcc) { + tempMailTo = estrdup(bcc); +- bufferBcc = (char *)emalloc(strlen(bcc)); ++ bufferBcc = (char *)emalloc(strlen(bcc) + 1); + offset = 0; + addr = NULL; + rfc822_parse_adrlist(&addr, tempMailTo, NULL); +@@ -3419,7 +3418,7 @@ int _php_imap_mail(char *to, char *subje + } + + if (headers && *headers) { +- strcat(bufferHeader, headers); ++ strlcat(bufferHeader, headers, bufferLen + 1); + } + + if (TSendMail(INI_STR("SMTP"), &tsm_err, &tsm_errmsg, bufferHeader, subject, bufferTo, message, bufferCc, bufferBcc, rpath TSRMLS_CC) != SUCCESS) { --- php5-5.1.2.orig/debian/patches/101-sqlite_is_shared.patch +++ php5-5.1.2/debian/patches/101-sqlite_is_shared.patch @@ -0,0 +1,11 @@ +--- php5-5.1.1/ext/sqlite/config.m4 2005-06-14 11:44:16.000000000 +1000 ++++ php5-5.1.1/ext/sqlite/config.m4 2005-12-15 16:32:04.000000000 +1100 +@@ -86,7 +86,7 @@ + ]) + SQLITE_MODULE_TYPE=external + PHP_SQLITE_CFLAGS=$pdo_inc_path +- sqlite_extra_sources="libsqlite/src/encode.c" ++ sqlite_extra_sources="" + else + # use bundled library + PHP_PROG_LEMON --- php5-5.1.2.orig/debian/patches/223_SECURITY_CVE-2008-3660.patch +++ php5-5.1.2/debian/patches/223_SECURITY_CVE-2008-3660.patch @@ -0,0 +1,61 @@ +# +# Description: fix denial of service via a request with multiple dots +# preceding the extension (ex: foo..php) +# Ubuntu: https://bugs.launchpad.net/ubuntu/+source/php5/+bug/286851 +# Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=499987 +# Patch: http://cvs.php.net/viewvc.cgi/php-src/sapi/cgi/cgi_main.c?r1=1.267.2.15.2.57&r2=1.267.2.15.2.58&view=patch +# +diff -Naur php5-5.1.2.ori/sapi/cgi/cgi_main.c php5-5.1.2/sapi/cgi/cgi_main.c +--- php5-5.1.2.ori/sapi/cgi/cgi_main.c 2006-01-01 07:50:18.000000000 -0500 ++++ php5-5.1.2/sapi/cgi/cgi_main.c 2009-01-28 10:15:42.000000000 -0500 +@@ -591,6 +591,39 @@ + } + /* }}} */ + ++/* {{{ is_valid_path ++ * ++ * some server configurations allow '..' to slip through in the ++ * translated path. We'll just refuse to handle such a path. ++ */ ++static int is_valid_path(const char *path) ++{ ++ const char *p; ++ ++ if (!path) { ++ return 0; ++ } ++ p = strstr(path, ".."); ++ if (p) { ++ if ((p == path || IS_SLASH(*(p-1))) && ++ (*(p+2) == 0 || IS_SLASH(*(p+2)))) { ++ return 0; ++ } ++ while (1) { ++ p = strstr(p+1, ".."); ++ if (!p) { ++ break; ++ } ++ if (IS_SLASH(*(p-1)) && ++ (*(p+2) == 0 || IS_SLASH(*(p+2)))) { ++ return 0; ++ } ++ } ++ } ++ return 1; ++} ++/* }}} */ ++ + /* {{{ init_request_info + + initializes request_info structure +@@ -864,9 +897,7 @@ + SG(request_info).request_method = sapi_cgibin_getenv("REQUEST_METHOD", 0 TSRMLS_CC); + /* FIXME - Work out proto_num here */ + SG(request_info).query_string = sapi_cgibin_getenv("QUERY_STRING", 0 TSRMLS_CC); +- /* some server configurations allow '..' to slip through in the +- translated path. We'll just refuse to handle such a path. */ +- if (script_path_translated && !strstr(script_path_translated, "..")) { ++ if (is_valid_path(script_path_translated)) { + SG(request_info).path_translated = estrdup(script_path_translated); + } + SG(request_info).content_type = (content_type ? content_type : "" ); --- php5-5.1.2.orig/debian/patches/MOPB-24.patch +++ php5-5.1.2/debian/patches/MOPB-24.patch @@ -0,0 +1,61 @@ +diff -uNrp php5-5.1.6-unpatched/ext/standard/array.c php5-5.1.6/ext/standard/array.c +--- php5-5.1.6-unpatched/ext/standard/array.c 2006-06-03 11:59:55.000000000 -0700 ++++ php5-5.1.6/ext/standard/array.c 2007-04-23 16:25:23.000000000 -0700 +@@ -703,40 +703,40 @@ static int array_user_key_compare(const + { + Bucket *f; + Bucket *s; +- zval key1, key2; ++ zval *key1, *key2; + zval *args[2]; + zval retval; + int status; + +- args[0] = &key1; +- args[1] = &key2; +- INIT_PZVAL(&key1); +- INIT_PZVAL(&key2); ++ ALLOC_INIT_ZVAL(key1); ++ ALLOC_INIT_ZVAL(key2); ++ args[0] = key1; ++ args[1] = key2; + + f = *((Bucket **) a); + s = *((Bucket **) b); + + if (f->nKeyLength) { +- Z_STRVAL(key1) = estrndup(f->arKey, f->nKeyLength-1); +- Z_STRLEN(key1) = f->nKeyLength-1; +- Z_TYPE(key1) = IS_STRING; ++ Z_STRVAL_P(key1) = estrndup(f->arKey, f->nKeyLength-1); ++ Z_STRLEN_P(key1) = f->nKeyLength-1; ++ Z_TYPE_P(key1) = IS_STRING; + } else { +- Z_LVAL(key1) = f->h; +- Z_TYPE(key1) = IS_LONG; ++ Z_LVAL_P(key1) = f->h; ++ Z_TYPE_P(key1) = IS_LONG; + } + if (s->nKeyLength) { +- Z_STRVAL(key2) = estrndup(s->arKey, s->nKeyLength-1); +- Z_STRLEN(key2) = s->nKeyLength-1; +- Z_TYPE(key2) = IS_STRING; ++ Z_STRVAL_P(key2) = estrndup(s->arKey, s->nKeyLength-1); ++ Z_STRLEN_P(key2) = s->nKeyLength-1; ++ Z_TYPE_P(key2) = IS_STRING; + } else { +- Z_LVAL(key2) = s->h; +- Z_TYPE(key2) = IS_LONG; ++ Z_LVAL_P(key2) = s->h; ++ Z_TYPE_P(key2) = IS_LONG; + } + + status = call_user_function(EG(function_table), NULL, *BG(user_compare_func_name), &retval, 2, args TSRMLS_CC); + +- zval_dtor(&key1); +- zval_dtor(&key2); ++ zval_ptr_dtor(&key1); ++ zval_ptr_dtor(&key2); + + if (status == SUCCESS) { + convert_to_long(&retval); --- php5-5.1.2.orig/debian/patches/CVE-2010-1868.patch +++ php5-5.1.2/debian/patches/CVE-2010-1868.patch @@ -0,0 +1,24 @@ +Description: fix arbitrary code execution via empty SQL query +Origin: upstream, http://svn.php.net/viewvc?view=revision&revision=298697 + +diff -Naur php5-5.1.2.ori//ext/sqlite/sqlite.c php5-5.1.2/ext/sqlite/sqlite.c +--- php5-5.1.2.ori//ext/sqlite/sqlite.c 2010-09-15 09:41:36.000000000 -0400 ++++ php5-5.1.2/ext/sqlite/sqlite.c 2010-09-15 10:05:06.000000000 -0400 +@@ -2175,7 +2175,7 @@ + return; + } + +- rres = (struct php_sqlite_result *)emalloc(sizeof(*rres)); ++ rres = (struct php_sqlite_result *)ecalloc(1, sizeof(*rres)); + sqlite_query(NULL, db, sql, sql_len, (int)mode, 0, NULL, &rres, NULL TSRMLS_CC); + if (db->last_err_code != SQLITE_OK) { + if (rres) { +@@ -2291,7 +2291,7 @@ + return; + } + +- rres = (struct php_sqlite_result *)emalloc(sizeof(*rres)); ++ rres = (struct php_sqlite_result *)ecalloc(1, sizeof(*rres)); + sqlite_query(NULL, db, sql, sql_len, PHPSQLITE_NUM, 0, NULL, &rres, NULL TSRMLS_CC); + if (db->last_err_code != SQLITE_OK) { + if (rres) { --- php5-5.1.2.orig/debian/patches/MOPB-26.patch +++ php5-5.1.2/debian/patches/MOPB-26.patch @@ -0,0 +1,26 @@ +diff -uNrp php5-5.1.6-unpatched/ext/mbstring/mb_gpc.c php5-5.1.6/ext/mbstring/mb_gpc.c +--- php5-5.1.6-unpatched/ext/mbstring/mb_gpc.c 2006-01-01 04:50:08.000000000 -0800 ++++ php5-5.1.6/ext/mbstring/mb_gpc.c 2007-04-23 16:27:04.000000000 -0700 +@@ -206,9 +206,8 @@ enum mbfl_no_encoding _php_mb_encoding_h + /* register_globals stuff + * XXX: this feature is going to be deprecated? */ + +- if (info->force_register_globals) { +- prev_rg_state = PG(register_globals); +- PG(register_globals) = 1; ++ if (info->force_register_globals && !(prev_rg_state = PG(register_globals))) { ++ zend_alter_ini_entry("register_globals", sizeof("register_globals"), "1", sizeof("1")-1, PHP_INI_PERDIR, PHP_INI_STAGE_RUNTIME); + } + + if (!res || *res == '\0') { +@@ -341,8 +340,8 @@ enum mbfl_no_encoding _php_mb_encoding_h + + out: + /* register_global stuff */ +- if (info->force_register_globals) { +- PG(register_globals) = prev_rg_state; ++ if (info->force_register_globals && !prev_rg_state) { ++ zend_alter_ini_entry("register_globals", sizeof("register_globals"), "0", sizeof("0")-1, PHP_INI_PERDIR, PHP_INI_STAGE_RUNTIME); + } + + if (convd != NULL) { --- php5-5.1.2.orig/debian/patches/CVE-2006-1990.patch +++ php5-5.1.2/debian/patches/CVE-2006-1990.patch @@ -0,0 +1,32 @@ +diff -Nurp orig/ext/standard/string.c new/ext/standard/string.c +--- orig/ext/standard/string.c 2006-07-18 16:52:57.000000000 +0000 ++++ new/ext/standard/string.c 2006-07-18 16:53:30.000000000 +0000 +@@ -676,12 +676,13 @@ PHP_FUNCTION(wordwrap) + /* Multiple character line break or forced cut */ + if (linelength > 0) { + chk = (int)(textlen/linelength + 1); ++ newtext = safe_emalloc(chk, breakcharlen, textlen + 1); + alloced = textlen + chk * breakcharlen + 1; + } else { + chk = textlen; + alloced = textlen * (breakcharlen + 1) + 1; ++ newtext = safe_emalloc(textlen, (breakcharlen + 1), 1); + } +- newtext = emalloc(alloced); + + /* now keep track of the actual new text length */ + newtextlen = 0; +diff -Nurp orig/Zend/zend_alloc.c new/Zend/zend_alloc.c +--- orig/Zend/zend_alloc.c 2006-07-18 16:52:57.000000000 +0000 ++++ new/Zend/zend_alloc.c 2006-07-18 16:53:46.000000000 +0000 +@@ -127,8 +127,8 @@ static long mem_block_end_magic = MEM_BL + #endif + + #define DECLARE_CACHE_VARS() \ +- unsigned int real_size; \ +- unsigned int cache_index ++ size_t real_size; \ ++ size_t cache_index + + #define REAL_SIZE(size) ((size+7) & ~0x7) + --- php5-5.1.2.orig/debian/patches/CVE-2006-4020.patch +++ php5-5.1.2/debian/patches/CVE-2006-4020.patch @@ -0,0 +1,80 @@ +diff -Nurp orig/ext/standard/scanf.c new/ext/standard/scanf.c +--- orig/ext/standard/scanf.c 2006-09-06 18:36:00.000000000 +0000 ++++ new/ext/standard/scanf.c 2006-09-06 18:43:40.000000000 +0000 +@@ -732,7 +732,7 @@ PHPAPI int php_sscanf_internal( char *st + if (*end == '$') { + format = end+1; + ch = format++; +- objIndex = varStart + value; ++ objIndex = varStart + value - 1; + } + } + +@@ -762,6 +762,9 @@ PHPAPI int php_sscanf_internal( char *st + switch (*ch) { + case 'n': + if (!(flags & SCAN_SUPPRESS)) { ++ if (numVars && objIndex >= argCount) { ++ break; ++ } else + if (numVars) { + zend_uint refcount; + +@@ -888,6 +891,9 @@ PHPAPI int php_sscanf_internal( char *st + } + } + if (!(flags & SCAN_SUPPRESS)) { ++ if (numVars && objIndex >= argCount) { ++ break; ++ } else + if (numVars) { + zend_uint refcount; + +@@ -932,8 +938,10 @@ PHPAPI int php_sscanf_internal( char *st + goto done; + } + if (!(flags & SCAN_SUPPRESS)) { +- if (numVars) { +- current = args[objIndex++]; ++ if (numVars && objIndex >= argCount) { ++ break; ++ } else if (numVars) { ++ current = args[objIndex++]; + zval_dtor( *current ); + ZVAL_STRINGL( *current, string, end-string, 1); + } else { +@@ -1089,8 +1097,10 @@ PHPAPI int php_sscanf_internal( char *st + value = (int) (*fn)(buf, NULL, base); + if ((flags & SCAN_UNSIGNED) && (value < 0)) { + sprintf(buf, "%u", value); /* INTL: ISO digit */ +- if (numVars) { +- /* change passed value type to string */ ++ if (numVars && objIndex >= argCount) { ++ break; ++ } else if (numVars) { ++ /* change passed value type to string */ + current = args[objIndex++]; + convert_to_string( *current ); + ZVAL_STRING( *current, buf, 1 ); +@@ -1098,7 +1108,9 @@ PHPAPI int php_sscanf_internal( char *st + add_index_string(*return_value, objIndex++, buf, 1); + } + } else { +- if (numVars) { ++ if (numVars && objIndex >= argCount) { ++ break; ++ } else if (numVars) { + current = args[objIndex++]; + convert_to_long( *current ); + Z_LVAL(**current) = value; +@@ -1206,7 +1218,9 @@ PHPAPI int php_sscanf_internal( char *st + double dvalue; + *end = '\0'; + dvalue = zend_strtod(buf, NULL); +- if (numVars) { ++ if (numVars && objIndex >= argCount) { ++ break; ++ } else if (numVars) { + current = args[objIndex++]; + convert_to_double( *current ); + Z_DVAL_PP( current ) = dvalue; --- php5-5.1.2.orig/debian/patches/CVE-2006-3011.patch +++ php5-5.1.2/debian/patches/CVE-2006-3011.patch @@ -0,0 +1,12 @@ +diff -Nurp orig/ext/standard/basic_functions.c new/ext/standard/basic_functions.c +--- orig/ext/standard/basic_functions.c 2006-07-18 17:11:41.000000000 +0000 ++++ new/ext/standard/basic_functions.c 2006-07-18 17:12:32.000000000 +0000 +@@ -2024,7 +2024,7 @@ PHPAPI int _php_error_log(int opt_err, c + break; + + case 3: /*save to a file */ +- stream = php_stream_open_wrapper(opt, "a", IGNORE_URL | ENFORCE_SAFE_MODE | REPORT_ERRORS, NULL); ++ stream = php_stream_open_wrapper(opt, "a", IGNORE_URL_WIN | ENFORCE_SAFE_MODE | REPORT_ERRORS, NULL); + if (!stream) + return FAILURE; + php_stream_write(stream, message, strlen(message)); --- php5-5.1.2.orig/debian/patches/206-cookie-nesting-fix.patch +++ php5-5.1.2/debian/patches/206-cookie-nesting-fix.patch @@ -0,0 +1,65 @@ +--- php5-5.2.1~/main/main.c 2007/01/20 22:16:24 1.104.2.10.2.4 +--- php5-5.2.1~/main/main.c 2007/01/20 22:16:24 1.104.2.10.2.4 +@@ -338,6 +338,7 @@ + STD_PHP_INI_ENTRY("upload_max_filesize", "2M", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateInt, upload_max_filesize, php_core_globals, core_globals) + STD_PHP_INI_ENTRY("post_max_size", "8M", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateInt, post_max_size, sapi_globals_struct,sapi_globals) + STD_PHP_INI_ENTRY("upload_tmp_dir", NULL, PHP_INI_SYSTEM, OnUpdateStringUnempty, upload_tmp_dir, php_core_globals, core_globals) ++ STD_PHP_INI_ENTRY("max_input_nesting_level", "64", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateLong, max_input_nesting_level, php_core_globals, core_globals) + + STD_PHP_INI_ENTRY("user_dir", NULL, PHP_INI_SYSTEM, OnUpdateString, user_dir, php_core_globals, core_globals) + STD_PHP_INI_ENTRY("variables_order", NULL, PHP_INI_ALL, OnUpdateStringUnempty, variables_order, php_core_globals, core_globals) +--- php5-5.2.1~/main/php_globals.h 2007/01/20 22:16:24 1.104.2.10.2.4 +--- php5-5.2.1~/main/php_globals.h 2007/01/20 22:16:24 1.104.2.10.2.4 +@@ -155,6 +155,7 @@ + + char *disable_functions; + char *disable_classes; ++ long max_input_nesting_level; + }; + + ++++ php5-5.2.1/main/php_variables.c 2007/06/03 16:19:14 1.104.2.10.2.9 ++++ php5-5.2.1/main/php_variables.c 2007/06/03 16:19:14 1.104.2.10.2.9 +@@ -119,10 +119,30 @@ + index_len = var_len; + + while (1) { ++ int nest_level = 0; + if (is_array) { + char *index_s; + int new_idx_len = 0; + ++ if(++nest_level > PG(max_input_nesting_level)) { ++ HashTable *ht; ++ /* too many levels of nesting */ ++ ++ if (track_vars_array) { ++ ht = Z_ARRVAL_P(track_vars_array); ++ } else if (PG(register_globals)) { ++ ht = EG(active_symbol_table); ++ } ++ ++ zend_hash_del(ht, var, var_len + 1); ++ zval_dtor(val); ++ ++ if (!PG(display_errors)) { ++ php_error_docref(NULL TSRMLS_CC, E_WARNING, "Input variable nesting level more than allowed %ld (change max_input_nesting_level in php.ini to increase the limit)", PG(max_input_nesting_level)); ++ } ++ return; ++ } ++ + ip++; + index_s = ip; + if (isspace(*ip)) { +@@ -136,9 +156,9 @@ + /* PHP variables cannot contain '[' in their names, so we replace the character with a '_' */ + *(index_s - 1) = '_'; + +- index_len = var_len = 0; ++ index_len = 0; + if (index) { +- index_len = var_len = strlen(index); ++ index_len = strlen(index); + } + goto plain_var; + return; --- php5-5.1.2.orig/debian/patches/219_SECURITY_CVE-2007-3996.patch +++ php5-5.1.2/debian/patches/219_SECURITY_CVE-2007-3996.patch @@ -0,0 +1,30 @@ +# +# Description: fix denial of service from incorrect libgd return code handling +# Ubuntu: http://www.ubuntu.com/usn/usn-557-1 +# Patch: http://cvs.php.net/viewvc.cgi/php-src/ext/gd/gd.c?r1=1.312.2.20.2.28&r2=1.312.2.20.2.29 +# +diff -Naur php5-5.1.2.ori/ext/gd/gd.c php5-5.1.2/ext/gd/gd.c +--- php5-5.1.2.ori/ext/gd/gd.c 2006-01-01 07:50:06.000000000 -0500 ++++ php5-5.1.2/ext/gd/gd.c 2009-01-29 08:14:37.000000000 -0500 +@@ -853,6 +853,10 @@ + + im = gdImageCreateTrueColor(Z_LVAL_PP(x_size), Z_LVAL_PP(y_size)); + ++ if (!im) { ++ RETURN_FALSE; ++ } ++ + ZEND_REGISTER_RESOURCE(return_value, im, le_gd); + } + /* }}} */ +@@ -1305,6 +1309,10 @@ + + im = gdImageCreate(Z_LVAL_PP(x_size), Z_LVAL_PP(y_size)); + ++ if (!im) { ++ RETURN_FALSE; ++ } ++ + ZEND_REGISTER_RESOURCE(return_value, im, le_gd); + } + /* }}} */ --- php5-5.1.2.orig/debian/patches/CVE-2008-7068.patch +++ php5-5.1.2/debian/patches/CVE-2008-7068.patch @@ -0,0 +1,18 @@ +Description: fix file truncation via key with null byte +upstream, Origin: http://cvs.php.net/viewvc.cgi/php-src/ext/dba/libinifile/inifile.c?r1=1.14.2.1.2.4&r2=1.14.2.1.2.5 +Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507101 + +diff -Naur php5-5.1.2.ori/ext/dba/libinifile/inifile.c php5-5.1.2/ext/dba/libinifile/inifile.c +--- php5-5.1.2.ori/ext/dba/libinifile/inifile.c 2006-01-01 07:50:05.000000000 -0500 ++++ php5-5.1.2/ext/dba/libinifile/inifile.c 2009-11-25 15:30:16.000000000 -0500 +@@ -508,7 +508,9 @@ + + /* 5 */ + if (ret == SUCCESS) { +- ret = inifile_truncate(dba, append ? pos_grp_next : pos_grp_start TSRMLS_CC); /* writes error on fail */ ++ if (!value || (key->name && strlen(key->name))) { ++ ret = inifile_truncate(dba, append ? pos_grp_next : pos_grp_start TSRMLS_CC); /* writes error on fail */ ++ } + } + + if (ret == SUCCESS) { --- php5-5.1.2.orig/debian/patches/CVE-2006-4483.patch +++ php5-5.1.2/debian/patches/CVE-2006-4483.patch @@ -0,0 +1,44 @@ +diff -Nurp orig/ext/curl/interface.c new/ext/curl/interface.c +--- orig/ext/curl/interface.c 2006-07-18 17:06:23.000000000 +0000 ++++ new/ext/curl/interface.c 2006-07-18 17:10:04.000000000 +0000 +@@ -979,7 +979,6 @@ PHP_FUNCTION(curl_setopt) + case CURLOPT_FTPLISTONLY: + case CURLOPT_FTPAPPEND: + case CURLOPT_NETRC: +- case CURLOPT_FOLLOWLOCATION: + case CURLOPT_PUT: + #if CURLOPT_MUTE != 0 + case CURLOPT_MUTE: +@@ -1030,6 +1029,16 @@ PHP_FUNCTION(curl_setopt) + convert_to_long_ex(zvalue); + error = curl_easy_setopt(ch->cp, option, Z_LVAL_PP(zvalue)); + break; ++ case CURLOPT_FOLLOWLOCATION: ++ convert_to_long_ex(zvalue); ++ if ((PG(open_basedir) && *PG(open_basedir)) || PG(safe_mode)) { ++ if (Z_LVAL_PP(zvalue) != 0) { ++ php_error_docref(NULL TSRMLS_CC, E_WARNING, "CURLOPT_FOLLOWLOCATION cannot be activated when in safe_mode or an open_basedir is set"); ++ RETURN_FALSE; ++ } ++ } ++ error = curl_easy_setopt(ch->cp, option, Z_LVAL_PP(zvalue)); ++ break; + case CURLOPT_URL: + case CURLOPT_PROXY: + case CURLOPT_USERPWD: +diff -Nurp orig/ext/curl/streams.c new/ext/curl/streams.c +--- orig/ext/curl/streams.c 2006-07-18 17:06:23.000000000 +0000 ++++ new/ext/curl/streams.c 2006-07-18 17:07:04.000000000 +0000 +@@ -289,7 +289,11 @@ php_stream *php_curl_stream_opener(php_s + curl_easy_setopt(curlstream->curl, CURLOPT_WRITEHEADER, stream); + + /* currently buggy (bug is in curl) */ +- curl_easy_setopt(curlstream->curl, CURLOPT_FOLLOWLOCATION, 1); ++ if ((PG(open_basedir) && *PG(open_basedir)) || PG(safe_mode)) { ++ curl_easy_setopt(curlstream->curl, CURLOPT_FOLLOWLOCATION, 0); ++ } else { ++ curl_easy_setopt(curlstream->curl, CURLOPT_FOLLOWLOCATION, 1); ++ } + + curl_easy_setopt(curlstream->curl, CURLOPT_ERRORBUFFER, curlstream->errstr); + curl_easy_setopt(curlstream->curl, CURLOPT_VERBOSE, 0); --- php5-5.1.2.orig/debian/patches/CVE-2006-3016.patch +++ php5-5.1.2/debian/patches/CVE-2006-3016.patch @@ -0,0 +1,16 @@ +diff -Nurp orig/ext/session/session.c new/ext/session/session.c +--- orig/ext/session/session.c 2006-07-18 17:15:23.000000000 +0000 ++++ new/ext/session/session.c 2006-07-18 17:15:46.000000000 +0000 +@@ -741,6 +741,12 @@ static void php_session_initialize(TSRML + char *val; + int vallen; + ++ /* check session name for invalid characters */ ++ if (PS(id) && strpbrk(PS(id), "\r\n\t <>'\"\\")) { ++ efree(PS(id)); ++ PS(id) = NULL; ++ } ++ + if (!PS(mod)) { + php_error_docref(NULL TSRMLS_CC, E_ERROR, "No storage module chosen - failed to initialize session."); + return; --- php5-5.1.2.orig/debian/patches/013-force_getaddrinfo.patch +++ php5-5.1.2/debian/patches/013-force_getaddrinfo.patch @@ -0,0 +1,96 @@ +--- php4-4.3.10/configure.in 2004-12-15 17:00:57.000000000 -0700 ++++ php4-4.3.10/configure.in 2004-12-15 17:03:30.000000000 -0700 +@@ -533,50 +533,50 @@ + + dnl Check for getaddrinfo, should be a better way, but... + dnl Also check for working getaddrinfo +-AC_CACHE_CHECK([for getaddrinfo], ac_cv_func_getaddrinfo, +-[AC_TRY_LINK([#include ], +- [struct addrinfo *g,h;g=&h;getaddrinfo("","",g,&g);], +- AC_TRY_RUN([ +-#include +-#include +-#ifndef AF_INET +-# include +-#endif +-int main(void) { +- struct addrinfo *ai, *pai, hints; +- +- memset(&hints, 0, sizeof(hints)); +- hints.ai_flags = AI_NUMERICHOST; +- +- if (getaddrinfo("127.0.0.1", 0, &hints, &ai) < 0) { +- exit(1); +- } +- +- if (ai == 0) { +- exit(1); +- } +- +- pai = ai; +- +- while (pai) { +- if (pai->ai_family != AF_INET) { +- /* 127.0.0.1/NUMERICHOST should only resolve ONE way */ +- exit(1); +- } +- if (pai->ai_addr->sa_family != AF_INET) { +- /* 127.0.0.1/NUMERICHOST should only resolve ONE way */ +- exit(1); +- } +- pai = pai->ai_next; +- } +- freeaddrinfo(ai); +- exit(0); +-} +- ],ac_cv_func_getaddrinfo=yes, ac_cv_func_getaddrinfo=no, ac_cv_func_getaddrinfo=no), +-ac_cv_func_getaddrinfo=no)]) +-if test "$ac_cv_func_getaddrinfo" = yes; then ++dnl AC_CACHE_CHECK([for getaddrinfo], ac_cv_func_getaddrinfo, ++dnl [AC_TRY_LINK([#include ], ++dnl [struct addrinfo *g,h;g=&h;getaddrinfo("","",g,&g);], ++dnl AC_TRY_RUN([ ++dnl #include ++dnl #include ++dnl #ifndef AF_INET ++dnl # include ++dnl #endif ++dnl int main(void) { ++dnl struct addrinfo *ai, *pai, hints; ++dnl ++dnl memset(&hints, 0, sizeof(hints)); ++dnl hints.ai_flags = AI_NUMERICHOST; ++dnl ++dnl if (getaddrinfo("127.0.0.1", 0, &hints, &ai) < 0) { ++dnl exit(1); ++dnl } ++dnl ++dnl if (ai == 0) { ++dnl exit(1); ++dnl } ++dnl ++dnl pai = ai; ++dnl ++dnl while (pai) { ++dnl if (pai->ai_family != AF_INET) { ++dnl /* 127.0.0.1/NUMERICHOST should only resolve ONE way */ ++dnl exit(1); ++dnl } ++dnl if (pai->ai_addr->sa_family != AF_INET) { ++dnl /* 127.0.0.1/NUMERICHOST should only resolve ONE way */ ++dnl exit(1); ++dnl } ++dnl pai = pai->ai_next; ++dnl } ++dnl freeaddrinfo(ai); ++dnl exit(0); ++dnl } ++dnl ],ac_cv_func_getaddrinfo=yes, ac_cv_func_getaddrinfo=no, ac_cv_func_getaddrinfo=no), ++dnl ac_cv_func_getaddrinfo=no)]) ++dnl if test "$ac_cv_func_getaddrinfo" = yes; then + AC_DEFINE(HAVE_GETADDRINFO,1,[Define if you have the getaddrinfo function]) +-fi ++dnl fi + + AC_REPLACE_FUNCS(strlcat strlcpy getopt) + AC_FUNC_UTIME_NULL --- php5-5.1.2.orig/debian/patches/CVE-2006-4485.patch +++ php5-5.1.2/debian/patches/CVE-2006-4485.patch @@ -0,0 +1,22 @@ +diff -Nurp orig/ext/standard/string.c new/ext/standard/string.c +--- orig/ext/standard/string.c 2006-10-10 12:53:47.000000000 +0000 ++++ new/ext/standard/string.c 2006-10-10 12:54:40.000000000 +0000 +@@ -1613,10 +1613,18 @@ PHP_FUNCTION(stripos) + RETURN_FALSE; + } + ++ if (haystack_len == 0) { ++ RETURN_FALSE; ++ } ++ + haystack_dup = estrndup(haystack, haystack_len); + php_strtolower(haystack_dup, haystack_len); + + if (Z_TYPE_P(needle) == IS_STRING) { ++ if (Z_STRLEN_P(needle) == 0 || Z_STRLEN_P(needle) > haystack_len) { ++ efree(haystack_dup); ++ RETURN_FALSE; ++ } + needle_dup = estrndup(Z_STRVAL_P(needle), Z_STRLEN_P(needle)); + php_strtolower(needle_dup, Z_STRLEN_P(needle)); + found = php_memnstr(haystack_dup + offset, needle_dup, Z_STRLEN_P(needle), haystack_dup + haystack_len); --- php5-5.1.2.orig/debian/patches/CVE-2010-1917.patch +++ php5-5.1.2/debian/patches/CVE-2010-1917.patch @@ -0,0 +1,17 @@ +Description: fix denial of service via fnmatch stack consumption +Origin: upstream, http://svn.php.net/viewvc?view=revision&revision=298881 + +diff -Naur php5-5.1.2.ori//ext/standard/file.c php5-5.1.2/ext/standard/file.c +--- php5-5.1.2.ori//ext/standard/file.c 2010-09-15 09:51:14.000000000 -0400 ++++ php5-5.1.2/ext/standard/file.c 2010-09-15 10:05:30.000000000 -0400 +@@ -2454,6 +2454,10 @@ + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Filename exceeds the maximum allowed length of %d characters", MAXPATHLEN); + RETURN_FALSE; + } ++ if (pattern_len >= MAXPATHLEN) { ++ php_error_docref(NULL TSRMLS_CC, E_WARNING, "Pattern exceeds the maximum allowed length of %d characters", MAXPATHLEN); ++ RETURN_FALSE; ++ } + + RETURN_BOOL( ! fnmatch( pattern, filename, flags )); + } --- php5-5.1.2.orig/debian/patches/044-strtod_arm_fix.patch +++ php5-5.1.2/debian/patches/044-strtod_arm_fix.patch @@ -0,0 +1,54 @@ +--- php4-4.3.10/Zend/zend_strtod.c 2005-02-14 17:17:51.000000000 -0700 ++++ php4-4.3.10/Zend/zend_strtod.c 2005-02-14 17:18:31.000000000 -0700 +@@ -123,13 +123,25 @@ + #define IEEE_LITTLE_ENDIAN + #endif + +-#if defined(__arm__) && !defined(__VFP_FP__) +-/* +- * Although the CPU is little endian the FP has different +- * byte and word endianness. The byte order is still little endian +- * but the word order is big endian. +- */ +-#define IEEE_BIG_ENDIAN ++#if defined(__arm__) || defined(__thumb__) ++/* ARM traditionally used big-endian words; and within those words the ++ byte ordering was big or little endian depending upon the target. ++ Modern floating-point formats are naturally ordered; in this case ++ __VFP_FP__ will be defined, even if soft-float. */ ++#undef IEEE_LITTLE_ENDIAN ++#undef IEEE_BIG_ENDIAN ++#if defined(__VFP_FP__) || defined(__MAVERICK__) ++# ifdef __ARMEL__ ++# define IEEE_LITTLE_ENDIAN ++# else ++# define IEEE_BIG_ENDIAN ++# endif ++#else ++# define IEEE_BIG_ENDIAN ++# ifdef __ARMEL__ ++# define IEEE_BYTES_LITTLE_ENDIAN ++# endif ++#endif + #endif + + #ifdef __vax__ +@@ -237,8 +245,7 @@ + + #if defined(IEEE_LITTLE_ENDIAN) + defined(IEEE_BIG_ENDIAN) + defined(VAX) + \ + defined(IBM) != 1 +-Exactly one of IEEE_LITTLE_ENDIAN IEEE_BIG_ENDIAN, VAX, or +-IBM should be defined. ++#error "Exactly one of IEEE_LITTLE_ENDIAN IEEE_BIG_ENDIAN, VAX, or IBM should be defined." + #endif + + typedef union { +@@ -258,7 +265,7 @@ + * An alternative that might be better on some machines is + * #define Storeinc(a,b,c) (*a++ = b << 16 | c & 0xffff) + */ +-#if defined(IEEE_LITTLE_ENDIAN) + defined(VAX) + defined(__arm__) ++#if defined(IEEE_LITTLE_ENDIAN) + defined(VAX) + defined(IEEE_BYTES_LITTLE_ENDIAN) + #define Storeinc(a,b,c) (((unsigned short *)a)[1] = (unsigned short)b, \ + ((unsigned short *)a)[0] = (unsigned short)c, a++) + #else --- php5-5.1.2.orig/debian/patches/213-SECURITY_CVE-2007-4782.patch +++ php5-5.1.2/debian/patches/213-SECURITY_CVE-2007-4782.patch @@ -0,0 +1,15 @@ +diff -Naur php5-5.1.2/ext/standard/file.c php5-5.1.2.orig/ext/standard/file.c +--- php5-5.1.2/ext/standard/file.c 2006-01-01 07:50:14.000000000 -0500 ++++ php5-5.1.2.orig/ext/standard/file.c 2008-07-16 16:44:55.000000000 -0400 +@@ -2440,6 +2440,11 @@ + == FAILURE) + return; + ++ if (filename_len >= MAXPATHLEN) { ++ php_error_docref(NULL TSRMLS_CC, E_WARNING, "Filename exceeds the maximum allowed length of %d characters", MAXPATHLEN); ++ RETURN_FALSE; ++ } ++ + RETURN_BOOL( ! fnmatch( pattern, filename, flags )); + } + /* }}} */ --- php5-5.1.2.orig/debian/patches/CVE-2009-4018.patch +++ php5-5.1.2/debian/patches/CVE-2009-4018.patch @@ -0,0 +1,50 @@ +Description: fix safe_mode_protected_env_vars bypass via proc_open() +upstream, Origin: http://svn.php.net/viewvc/?view=revision&revision=286360 +Bug: http://bugs.php.net/bug.php?id=49026 + +diff -Naur php5-5.1.2.ori/ext/standard/proc_open.c php5-5.1.2/ext/standard/proc_open.c +--- php5-5.1.2.ori/ext/standard/proc_open.c 2006-01-01 07:50:15.000000000 -0500 ++++ php5-5.1.2/ext/standard/proc_open.c 2009-11-25 15:38:01.000000000 -0500 +@@ -30,6 +30,7 @@ + #include "php_string.h" + #include "safe_mode.h" + #include "ext/standard/head.h" ++#include "ext/standard/basic_functions.h" + #include "ext/standard/file.h" + #include "exec.h" + #include "php_globals.h" +@@ -148,6 +149,34 @@ + if (string_length == 0) { + continue; + } ++ if (PG(safe_mode)) { ++ /* Check the protected list */ ++ if (zend_hash_exists(&BG(sm_protected_env_vars), string_key, string_length - 1)) { ++ php_error_docref(NULL TSRMLS_CC, E_WARNING, "Safe Mode warning: Cannot override protected environment variable '%s'", string_key); ++ return env; ++ } ++ /* Check the allowed list */ ++ if (BG(sm_allowed_env_vars) && *BG(sm_allowed_env_vars)) { ++ char *allowed_env_vars = estrdup(BG(sm_allowed_env_vars)); ++ char *strtok_buf = NULL; ++ char *allowed_prefix = php_strtok_r(allowed_env_vars, ", ", &strtok_buf); ++ zend_bool allowed = 0; ++ ++ while (allowed_prefix) { ++ if (!strncmp(allowed_prefix, string_key, strlen(allowed_prefix))) { ++ allowed = 1; ++ break; ++ } ++ allowed_prefix = php_strtok_r(NULL, ", ", &strtok_buf); ++ } ++ efree(allowed_env_vars); ++ if (!allowed) { ++ php_error_docref(NULL TSRMLS_CC, E_WARNING, "Safe Mode warning: Cannot set environment variable '%s' - it's not in the allowed list", string_key); ++ return env; ++ } ++ } ++ } ++ + l = string_length + el_len + 1; + memcpy(p, string_key, string_length); + strcat(p, "="); --- php5-5.1.2.orig/debian/patches/CVE-2010-0397.patch +++ php5-5.1.2/debian/patches/CVE-2010-0397.patch @@ -0,0 +1,56 @@ +Description: fix denial of service via xmlrpc crafted argument +Origin: backport, http://svn.php.net/viewvc?view=revision&revision=296152 +Origin: backport, http://svn.php.net/viewvc?view=revision&revision=296153 +Bug: http://bugs.php.net/bug.php?id=51288 +Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=573573 + +diff -Naur php5-5.1.2.ori//ext/xmlrpc/tests/bug51288.phpt php5-5.1.2/ext/xmlrpc/tests/bug51288.phpt +--- php5-5.1.2.ori//ext/xmlrpc/tests/bug51288.phpt 1969-12-31 19:00:00.000000000 -0500 ++++ php5-5.1.2/ext/xmlrpc/tests/bug51288.phpt 2010-09-15 09:42:42.000000000 -0400 +@@ -0,0 +1,14 @@ ++--TEST-- ++Bug #51288 (CVE-2010-0397, NULL pointer deref when no in request) ++--FILE-- ++'; ++var_dump(xmlrpc_decode_request($req, $method)); ++var_dump($method); ++echo "Done\n"; ++?> ++--EXPECT-- ++NULL ++NULL ++Done +diff -Naur php5-5.1.2.ori//ext/xmlrpc/xmlrpc-epi-php.c php5-5.1.2/ext/xmlrpc/xmlrpc-epi-php.c +--- php5-5.1.2.ori//ext/xmlrpc/xmlrpc-epi-php.c 2006-01-01 07:50:16.000000000 -0500 ++++ php5-5.1.2/ext/xmlrpc/xmlrpc-epi-php.c 2010-09-15 09:44:40.000000000 -0400 +@@ -724,6 +724,7 @@ + zval* retval = NULL; + XMLRPC_REQUEST response; + STRUCT_XMLRPC_REQUEST_INPUT_OPTIONS opts = {{0}}; ++ const char *method_name; + opts.xml_elem_opts.encoding = encoding_in ? utf8_get_encoding_id_from_string(Z_STRVAL_P(encoding_in)) : ENCODING_DEFAULT; + + /* generate XMLRPC_REQUEST from raw xml */ +@@ -734,10 +735,16 @@ + + if(XMLRPC_RequestGetRequestType(response) == xmlrpc_request_call) { + if(method_name_out) { +- convert_to_string(method_name_out); +- Z_TYPE_P(method_name_out) = IS_STRING; +- Z_STRVAL_P(method_name_out) = estrdup(XMLRPC_RequestGetMethodName(response)); +- Z_STRLEN_P(method_name_out) = strlen(Z_STRVAL_P(method_name_out)); ++ method_name = XMLRPC_RequestGetMethodName(response); ++ if (method_name) { ++ zval_dtor(method_name_out); ++ Z_TYPE_P(method_name_out) = IS_STRING; ++ Z_STRVAL_P(method_name_out) = estrdup(method_name); ++ Z_STRLEN_P(method_name_out) = strlen(Z_STRVAL_P(method_name_out)); ++ } else if (retval) { ++ zval_ptr_dtor(&retval); ++ retval = NULL; ++ } + } + } + --- php5-5.1.2.orig/debian/patches/CVE-2009-4143.patch +++ php5-5.1.2/debian/patches/CVE-2009-4143.patch @@ -0,0 +1,30 @@ +Description: fix restrictions bypass via incorrect session data handling +Origin: upstream, http://svn.php.net/viewvc?view=revision&revision=291681 + +diff -Naur php5-5.1.2.ori/ext/session/session.c php5-5.1.2/ext/session/session.c +--- php5-5.1.2.ori/ext/session/session.c 2010-01-06 12:39:08.000000000 -0500 ++++ php5-5.1.2/ext/session/session.c 2010-01-06 12:53:06.000000000 -0500 +@@ -1656,7 +1656,10 @@ + + convert_to_string_ex(p_name); + +- PS_DEL_VARL(Z_STRVAL_PP(p_name), Z_STRLEN_PP(p_name)); ++ IF_SESSION_VARS() { ++ SEPARATE_ZVAL_IF_NOT_REF(&PS(http_session_vars)); ++ PS_DEL_VARL(Z_STRVAL_PP(p_name), Z_STRLEN_PP(p_name)); ++ } + + RETURN_TRUE; + } +@@ -1766,7 +1769,10 @@ + RETURN_FALSE; + + IF_SESSION_VARS() { +- HashTable *ht = Z_ARRVAL_P(PS(http_session_vars)); ++ HashTable *ht; ++ ++ SEPARATE_ZVAL_IF_NOT_REF(&PS(http_session_vars)); ++ ht = Z_ARRVAL_P(PS(http_session_vars)); + + if (PG(register_globals)) { + uint str_len; --- php5-5.1.2.orig/debian/patches/CVE-2006-4625.patch +++ php5-5.1.2/debian/patches/CVE-2006-4625.patch @@ -0,0 +1,14 @@ +diff -Nurp orig/Zend/zend_ini.c new/Zend/zend_ini.c +--- orig/Zend/zend_ini.c 2006-10-10 13:07:55.000000000 +0000 ++++ new/Zend/zend_ini.c 2006-10-10 13:08:54.000000000 +0000 +@@ -256,8 +256,8 @@ ZEND_API int zend_restore_ini_entry(char + zend_ini_entry *ini_entry; + TSRMLS_FETCH(); + +- if (zend_hash_find(EG(ini_directives), name, name_length, (void **) &ini_entry)==FAILURE) { +- return FAILURE; ++ if (zend_hash_find(EG(ini_directives), name, name_length, (void **) &ini_entry)==FAILURE || ++ (stage == ZEND_INI_STAGE_RUNTIME && (ini_entry->modifiable & ZEND_INI_USER) == 0)) { return FAILURE; + } + + zend_restore_ini_entry_cb(ini_entry, stage TSRMLS_CC); --- php5-5.1.2.orig/debian/patches/027-readline_is_editline.patch +++ php5-5.1.2/debian/patches/027-readline_is_editline.patch @@ -0,0 +1,34 @@ +--- php4-4.3.9/ext/readline/config.m4 2003-09-30 20:54:04.000000000 -0600 ++++ php4-4.3.9/ext/readline/config.m4 2004-10-04 21:40:38.000000000 -0600 +@@ -12,7 +12,7 @@ + + if test "$PHP_READLINE" && test "$PHP_READLINE" != "no"; then + for i in $PHP_READLINE /usr/local /usr; do +- test -f $i/include/readline/readline.h && READLINE_DIR=$i && break ++ test -f $i/include/editline/readline.h && READLINE_DIR=$i && break + done + + if test -z "$READLINE_DIR"; then +@@ -64,7 +64,7 @@ + elif test "$PHP_LIBEDIT" != "no"; then + + for i in $PHP_LIBEDIT /usr/local /usr; do +- test -f $i/include/readline/readline.h && LIBEDIT_DIR=$i && break ++ test -f $i/include/editline/readline.h && LIBEDIT_DIR=$i && break + done + + if test -z "$LIBEDIT_DIR"; then +--- php4-4.3.9/ext/readline/readline.c 2002-12-31 09:35:15.000000000 -0700 ++++ php4-4.3.9/ext/readline/readline.c 2004-10-04 21:42:15.000000000 -0600 +@@ -33,9 +33,9 @@ + #define rl_completion_matches completion_matches + #endif + +-#include ++#include + #ifndef HAVE_LIBEDIT +-#include ++#include + #endif + + PHP_FUNCTION(readline); --- php5-5.1.2.orig/debian/patches/CVE-2006-4482.patch +++ php5-5.1.2/debian/patches/CVE-2006-4482.patch @@ -0,0 +1,35 @@ +diff -Nurp orig/ext/standard/string.c new/ext/standard/string.c +--- orig/ext/standard/string.c 2006-09-06 18:55:41.000000000 +0000 ++++ new/ext/standard/string.c 2006-09-06 18:57:01.000000000 +0000 +@@ -632,7 +632,8 @@ PHP_FUNCTION(wordwrap) + { + const char *text, *breakchar = "\n"; + char *newtext; +- int textlen, breakcharlen = 1, newtextlen, alloced, chk; ++ int textlen, breakcharlen = 1, newtextlen, chk; ++ size_t alloced; + long current = 0, laststart = 0, lastspace = 0; + long linelength = 75; + zend_bool docut = 0; +@@ -4194,7 +4195,7 @@ PHP_FUNCTION(str_repeat) + zval **input_str; /* Input string */ + zval **mult; /* Multiplier */ + char *result; /* Resulting string */ +- int result_len; /* Length of the resulting string */ ++ size_t result_len; /* Length of the resulting string */ + + if (ZEND_NUM_ARGS() != 2 || zend_get_parameters_ex(2, &input_str, &mult) == FAILURE) { + WRONG_PARAM_COUNT; +@@ -4219,11 +4220,7 @@ PHP_FUNCTION(str_repeat) + + /* Initialize the result string */ + result_len = Z_STRLEN_PP(input_str) * Z_LVAL_PP(mult); +- if (result_len < 1 || result_len > 2147483647) { +- php_error_docref(NULL TSRMLS_CC, E_WARNING, "You may not create strings longer than 2147483647 bytes"); +- RETURN_FALSE; +- } +- result = (char *)emalloc(result_len + 1); ++ result = (char *)safe_emalloc(Z_STRLEN_PP(input_str), Z_LVAL_PP(mult), 1); + + /* Heavy optimization for situations where input string is 1 byte long */ + if (Z_STRLEN_PP(input_str) == 1) { --- php5-5.1.2.orig/debian/patches/209-array-soap-response.patch +++ php5-5.1.2/debian/patches/209-array-soap-response.patch @@ -0,0 +1,201 @@ +--- php-5.1.2/ext/soap/php_encoding.c 2006/04/17 16:09:42 1.126 ++++ php-5.1.2/ext/soap/php_encoding.c 2006/05/26 09:04:53 1.127 +@@ -88,6 +88,10 @@ + + static xmlNodePtr check_and_resolve_href(xmlNodePtr data); + ++static void set_ns_prop(xmlNodePtr node, char *ns, char *name, char *val); ++static void set_xsi_nil(xmlNodePtr node); ++static void set_xsi_type(xmlNodePtr node, char *type); ++ + static void get_type_str(xmlNodePtr node, const char* ns, const char* type, smart_str* ret); + static void set_ns_and_type_ex(xmlNodePtr node, char *ns, char *type); + +@@ -113,7 +117,7 @@ + { \ + if (!zval || Z_TYPE_P(zval) == IS_NULL) { \ + if (style == SOAP_ENCODED) {\ +- xmlSetProp(xml, "xsi:nil", "true"); \ ++ set_xsi_nil(xml); \ + } \ + return xml; \ + } \ +@@ -307,9 +311,6 @@ + + if (style == SOAP_ENCODED || (SOAP_GLOBAL(sdl) && encode != enc)) { + if (zend_hash_find(ht, "enc_stype", sizeof("enc_stype"), (void **)&zstype) == SUCCESS) { +- if (style == SOAP_LITERAL) { +- encode_add_ns(node, XSI_NAMESPACE); +- } + if (zend_hash_find(ht, "enc_ns", sizeof("enc_ns"), (void **)&zns) == SUCCESS) { + set_ns_and_type_ex(node, Z_STRVAL_PP(zns), Z_STRVAL_PP(zstype)); + } else { +@@ -1016,7 +1017,7 @@ + ret = xmlNewNode(NULL,"BOGUS"); + xmlAddChild(parent, ret); + if (style == SOAP_ENCODED) { +- xmlSetProp(ret, "xsi:nil", "true"); ++ set_xsi_nil(ret); + } + return ret; + } +@@ -1430,12 +1431,7 @@ + if (Z_TYPE_PP(val) == IS_NULL && model->u.element->nillable) { + property = xmlNewNode(NULL,"BOGUS"); + xmlAddChild(node, property); +- if (style == SOAP_ENCODED) { +- xmlSetProp(property, "xsi:nil", "true"); +- } else { +- xmlNsPtr xsi = encode_add_ns(property,XSI_NAMESPACE); +- xmlSetNsProp(property, xsi, "nil", "true"); +- } ++ set_xsi_nil(property); + } else { + property = master_to_xml(enc, *val, style, node); + if (property->children && property->children->content && +@@ -1456,12 +1452,7 @@ + if (Z_TYPE_P(data) == IS_NULL && model->u.element->nillable) { + property = xmlNewNode(NULL,"BOGUS"); + xmlAddChild(node, property); +- if (style == SOAP_ENCODED) { +- xmlSetProp(property, "xsi:nil", "true"); +- } else { +- xmlNsPtr xsi = encode_add_ns(property,XSI_NAMESPACE); +- xmlSetNsProp(property, xsi, "nil", "true"); +- } ++ set_xsi_nil(property); + } else { + property = master_to_xml(enc, data, style, node); + if (property->children && property->children->content && +@@ -1481,12 +1472,7 @@ + } else if (strict && model->u.element->nillable && model->min_occurs > 0) { + property = xmlNewNode(NULL,model->u.element->name); + xmlAddChild(node, property); +- if (style == SOAP_ENCODED) { +- xmlSetProp(property, "xsi:nil", "true"); +- } else { +- xmlNsPtr xsi = encode_add_ns(property,XSI_NAMESPACE); +- xmlSetNsProp(property, xsi, "nil", "true"); +- } ++ set_xsi_nil(property); + if (style == SOAP_LITERAL && + model->u.element->namens && + model->u.element->form == XSD_FORM_QUALIFIED) { +@@ -1621,7 +1607,7 @@ + xmlParam = xmlNewNode(NULL,"BOGUS"); + xmlAddChild(parent, xmlParam); + if (style == SOAP_ENCODED) { +- xmlSetProp(xmlParam, "xsi:nil", "true"); ++ set_xsi_nil(xmlParam); + } + return xmlParam; + } +@@ -1701,12 +1687,7 @@ + if (Z_TYPE_PP(val) == IS_NULL && array_el->nillable) { + property = xmlNewNode(NULL,"BOGUS"); + xmlAddChild(xmlParam, property); +- if (style == SOAP_ENCODED) { +- xmlSetProp(property, "xsi:nil", "true"); +- } else { +- xmlNsPtr xsi = encode_add_ns(property,XSI_NAMESPACE); +- xmlSetNsProp(property, xsi, "nil", "true"); +- } ++ set_xsi_nil(property); + } else { + property = master_to_xml(array_el->encode, *val, style, xmlParam); + } +@@ -2167,7 +2148,7 @@ + smart_str_append(&array_type, &array_size); + smart_str_appendc(&array_type, ']'); + smart_str_0(&array_type); +- xmlSetProp(xmlParam, SOAP_1_1_ENC_NS_PREFIX":arrayType", array_type.c); ++ set_ns_prop(xmlParam, SOAP_1_1_ENC_NAMESPACE, "arrayType", array_type.c); + } else { + int i = 0; + while (i < array_size.len) { +@@ -2176,8 +2157,8 @@ + } + smart_str_0(&array_type); + smart_str_0(&array_size); +- xmlSetProp(xmlParam, SOAP_1_2_ENC_NS_PREFIX":itemType", array_type.c); +- xmlSetProp(xmlParam, SOAP_1_2_ENC_NS_PREFIX":arraySize", array_size.c); ++ set_ns_prop(xmlParam, SOAP_1_2_ENC_NAMESPACE, "itemType", array_type.c); ++ set_ns_prop(xmlParam, SOAP_1_2_ENC_NAMESPACE, "arraySize", array_size.c); + } + } + smart_str_free(&array_type); +@@ -2433,7 +2414,7 @@ + xmlAddChild(item,key); + if (zend_hash_get_current_key(data->value.ht, &key_val, (long *)&int_val, FALSE) == HASH_KEY_IS_STRING) { + if (style == SOAP_ENCODED) { +- xmlSetProp(key, "xsi:type", "xsd:string"); ++ set_xsi_type(key, "xsd:string"); + } + xmlNodeSetContent(key, key_val); + } else { +@@ -2442,7 +2423,7 @@ + smart_str_0(&tmp); + + if (style == SOAP_ENCODED) { +- xmlSetProp(key, "xsi:type", "xsd:int"); ++ set_xsi_type(key, "xsd:int"); + } + xmlNodeSetContentLen(key, tmp.c, tmp.len); + +@@ -2520,7 +2501,6 @@ + ret = master_to_xml(enc, data, style, parent); + /* + if (style == SOAP_LITERAL && SOAP_GLOBAL(sdl)) { +- encode_add_ns(node, XSI_NAMESPACE); + set_ns_and_type(ret, &enc->details); + } + */ +@@ -3051,7 +3031,7 @@ + { + smart_str nstype = {0}; + get_type_str(node, ns, type, &nstype); +- xmlSetProp(node, "xsi:type", nstype.c); ++ set_xsi_type(node, nstype.c); + smart_str_free(&nstype); + } + +@@ -3084,6 +3064,21 @@ + return xmlns; + } + ++static void set_ns_prop(xmlNodePtr node, char *ns, char *name, char *val) ++{ ++ xmlSetNsProp(node, encode_add_ns(node, ns), name, val); ++} ++ ++static void set_xsi_nil(xmlNodePtr node) ++{ ++ set_ns_prop(node, XSI_NAMESPACE, "nil", "true"); ++} ++ ++static void set_xsi_type(xmlNodePtr node, char *type) ++{ ++ set_ns_prop(node, XSI_NAMESPACE, "type", type); ++} ++ + void encode_reset_ns() + { + TSRMLS_FETCH(); +@@ -3143,7 +3138,7 @@ + char *prev_stype = NULL, *cur_stype = NULL, *prev_ns = NULL, *cur_ns = NULL; + + if (!array || Z_TYPE_P(array) != IS_ARRAY) { +- smart_str_appendl(type, "xsd:anyType", 11); ++ smart_str_appendl(type, "xsd:anyType", sizeof("xsd:anyType")-1); + return get_conversion(XSD_ANYTYPE); + } + +@@ -3205,7 +3200,7 @@ + } + + if (different || count == 0) { +- smart_str_appendl(type, "xsd:anyType", 11); ++ smart_str_appendl(type, "xsd:anyType", sizeof("xsd:anyType")-1); + return get_conversion(XSD_ANYTYPE); + } else { + encodePtr enc; --- php5-5.1.2.orig/debian/patches/034-apache2_umask_fix.patch +++ php5-5.1.2/debian/patches/034-apache2_umask_fix.patch @@ -0,0 +1,44 @@ + +Save and restore umask across requests correctly. + +--- php-4.3.10/sapi/apache2handler/sapi_apache2.c.umask ++++ php-4.3.10/sapi/apache2handler/sapi_apache2.c +@@ -401,6 +401,19 @@ + return APR_SUCCESS; + } + ++static int saved_umask; ++ ++static void php_save_umask(void) ++{ ++ saved_umask = umask(077); ++ umask(saved_umask); ++} ++ ++static void php_restore_umask(void) ++{ ++ umask(saved_umask); ++} ++ + static int php_apache_request_ctor(request_rec *r, php_struct *ctx TSRMLS_DC) + { + char *content_type; +@@ -575,6 +588,8 @@ + } else { + zend_file_handle zfd; + ++ php_save_umask(); ++ + zfd.type = ZEND_HANDLE_FILENAME; + zfd.filename = (char *) r->filename; + zfd.free_filename = 0; +@@ -585,6 +600,9 @@ + } else { + zend_execute_scripts(ZEND_INCLUDE TSRMLS_CC, NULL, 1, &zfd); + } ++ ++ php_restore_umask(); ++ + #if MEMORY_LIMIT + { + char *mem_usage; --- php5-5.1.2.orig/debian/patches/CVE-2006-0996.patch +++ php5-5.1.2/debian/patches/CVE-2006-0996.patch @@ -0,0 +1,58 @@ +diff -Nurp orig/ext/standard/info.c new/ext/standard/info.c +--- orig/ext/standard/info.c 2006-07-18 16:37:55.000000000 +0000 ++++ new/ext/standard/info.c 2006-07-18 16:38:53.000000000 +0000 +@@ -58,6 +58,21 @@ ZEND_EXTERN_MODULE_GLOBALS(iconv) + + PHPAPI extern char *php_ini_opened_path; + PHPAPI extern char *php_ini_scanned_files; ++ ++static int php_info_write_wrapper(const char *str, uint str_length) ++{ ++ TSRMLS_FETCH(); ++ ++ int new_len, written; ++ char *elem_esc = php_escape_html_entities((char *)str, str_length, &new_len, 0, ENT_QUOTES, NULL TSRMLS_CC); ++ ++ written = php_body_write(elem_esc, new_len TSRMLS_CC); ++ ++ efree(elem_esc); ++ ++ return written; ++} ++ + + /* {{{ _display_module_info + */ +@@ -135,30 +150,13 @@ static void php_print_gpcse_array(char * + PUTS(" => "); + } + if (Z_TYPE_PP(tmp) == IS_ARRAY) { +- zval *tmp3; +- +- MAKE_STD_ZVAL(tmp3); +- + if (!sapi_module.phpinfo_as_text) { + PUTS("
");
+-				}
+-				php_start_ob_buffer(NULL, 4096, 1 TSRMLS_CC);
+-				
+-				zend_print_zval_r(*tmp, 0 TSRMLS_CC);
+-				
+-				php_ob_get_buffer(tmp3 TSRMLS_CC);
+-				php_end_ob_buffer(0, 0 TSRMLS_CC);
+-				
+-				if (!sapi_module.phpinfo_as_text) {
+-					elem_esc = php_info_html_esc(Z_STRVAL_P(tmp3) TSRMLS_CC);
+-					PUTS(elem_esc);
+-					efree(elem_esc);
++					zend_print_zval_ex((zend_write_func_t) php_info_write_wrapper, *tmp, 0 TSRMLS_CC);
+ 					PUTS("
"); + } else { +- PUTS(Z_STRVAL_P(tmp3)); ++ zend_print_zval_r(*tmp, 0 TSRMLS_CC); + } +- zval_ptr_dtor(&tmp3); +- + } else if (Z_TYPE_PP(tmp) != IS_STRING) { + tmp2 = **tmp; + zval_copy_ctor(&tmp2); --- php5-5.1.2.orig/debian/patches/053-extension_api.patch +++ php5-5.1.2/debian/patches/053-extension_api.patch @@ -0,0 +1,48 @@ +diff -ur php-5.0.4/configure.in php5-5.0.4/configure.in +--- php-5.0.4/configure.in 2005-03-31 07:43:12.000000000 +1000 ++++ php5-5.0.4/configure.in 2005-07-31 02:35:46.000000000 +1000 +@@ -1039,8 +1039,10 @@ + + ZEND_MODULE_API_NO=`$EGREP '#define ZEND_MODULE_API_NO ' $srcdir/Zend/zend_modules.h|$SED 's/#define ZEND_MODULE_API_NO //'` + ++DEBIAN_PHP_API=`egrep -h '^#define ZEND_EXTENSION_API_NO|^#define ZEND_MODULE_API_NO|#define PHP_API_VERSION' $srcdir/Zend/zend_extensions.h $srcdir/Zend/zend_modules.h $srcdir/main/php.h | awk '{print $3}' | sed -e 's/^2200/200/' | sort -n | tail -n 1` ++ + if test -z "$EXTENSION_DIR"; then +- extbasedir=$ZEND_MODULE_API_NO ++ extbasedir=$DEBIAN_PHP_API + if test "$oldstyleextdir" = "yes"; then + if test "$PHP_DEBUG" = "1"; then + part1=debug +@@ -1169,6 +1171,7 @@ + PHP_SUBST(CXXFLAGS) + PHP_SUBST(CXXFLAGS_CLEAN) + PHP_SUBST_OLD(DEBUG_CFLAGS) ++PHP_SUBST_OLD(DEBIAN_PHP_API) + PHP_SUBST_OLD(EXTENSION_DIR) + PHP_SUBST_OLD(EXTRA_LDFLAGS) + PHP_SUBST_OLD(EXTRA_LDFLAGS_PROGRAM) +diff -ur php-5.0.4/scripts/php-config.in php5-5.0.4/scripts/php-config.in +--- php-5.0.4/scripts/php-config.in 2005-03-16 17:36:54.000000000 +1100 ++++ php5-5.0.4/scripts/php-config.in 2005-07-31 02:34:52.000000000 +1000 +@@ -12,6 +12,7 @@ + program_suffix="@program_suffix@" + exe_extension="@EXEEXT@" + php_binary="@bindir@/${program_prefix}php${program_suffix}${exe_extension}" ++phpapi="@DEBIAN_PHP_API@" + + case "$1" in + --prefix) +@@ -28,10 +29,12 @@ + echo $includedir;; + --php-binary) + echo $php_binary;; ++--phpapi) ++ echo $phpapi;; + --version) + echo $version;; + *) +- echo "Usage: $0 [--prefix|--includes|--ldflags|--libs|--extension-dir|--include-dir|--php-binary|--version]" ++ echo "Usage: $0 [--prefix|--includes|--ldflags|--libs|--extension-dir|--include-dir|--php-binary|--phpapi|--version]" + exit 1;; + esac + --- php5-5.1.2.orig/debian/patches/CVE-2007-0906_streams.patch +++ php5-5.1.2/debian/patches/CVE-2007-0906_streams.patch @@ -0,0 +1,93 @@ +diff -Nurp orig/ext/standard/streamsfuncs.c new/ext/standard/streamsfuncs.c +--- orig/ext/standard/streamsfuncs.c 2007-03-07 11:23:51.000000000 +0100 ++++ new/ext/standard/streamsfuncs.c 2007-03-07 11:24:18.000000000 +0100 +@@ -357,7 +357,7 @@ PHP_FUNCTION(stream_socket_recvfrom) + RETURN_FALSE; + } + +- read_buf = emalloc(to_read + 1); ++ read_buf = safe_emalloc(1, to_read, 1); + + recvd = php_stream_xport_recvfrom(stream, read_buf, to_read, flags, NULL, NULL, + zremote ? &Z_STRVAL_P(zremote) : NULL, +@@ -526,7 +526,7 @@ PHP_FUNCTION(stream_get_transports) + while (zend_hash_get_current_key_ex(stream_xport_hash, + &stream_xport, &stream_xport_len, + &num_key, 0, NULL) == HASH_KEY_IS_STRING) { +- add_next_index_stringl(return_value, stream_xport, stream_xport_len, 1); ++ add_next_index_stringl(return_value, stream_xport, stream_xport_len - 1, 1); + zend_hash_move_forward(stream_xport_hash); + } + } else { +@@ -554,7 +554,7 @@ PHP_FUNCTION(stream_get_wrappers) + (key_flags = zend_hash_get_current_key_ex(url_stream_wrappers_hash, &stream_protocol, &stream_protocol_len, &num_key, 0, NULL)) != HASH_KEY_NON_EXISTANT; + zend_hash_move_forward(url_stream_wrappers_hash)) { + if (key_flags == HASH_KEY_IS_STRING) { +- add_next_index_stringl(return_value, stream_protocol, stream_protocol_len, 1); ++ add_next_index_stringl(return_value, stream_protocol, stream_protocol_len - 1, 1); + } + } + } else { +diff -Nurp orig/main/streams/streams.c new/main/streams/streams.c +--- orig/main/streams/streams.c 2007-03-07 11:23:49.000000000 +0100 ++++ new/main/streams/streams.c 2007-03-07 11:27:12.000000000 +0100 +@@ -1457,12 +1457,12 @@ PHPAPI int php_register_url_stream_wrapp + return FAILURE; + } + +- return zend_hash_add(&url_stream_wrappers_hash, protocol, protocol_len, wrapper, sizeof(*wrapper), NULL); ++ return zend_hash_add(&url_stream_wrappers_hash, protocol, protocol_len + 1, wrapper, sizeof(*wrapper), NULL); + } + + PHPAPI int php_unregister_url_stream_wrapper(char *protocol TSRMLS_DC) + { +- return zend_hash_del(&url_stream_wrappers_hash, protocol, strlen(protocol)); ++ return zend_hash_del(&url_stream_wrappers_hash, protocol, strlen(protocol) + 1); + } + + /* API for registering VOLATILE wrappers */ +@@ -1482,7 +1482,7 @@ PHPAPI int php_register_url_stream_wrapp + zend_hash_copy(FG(stream_wrappers), &url_stream_wrappers_hash, NULL, &tmpwrapper, sizeof(php_stream_wrapper)); + } + +- return zend_hash_add(FG(stream_wrappers), protocol, protocol_len, wrapper, sizeof(*wrapper), NULL); ++ return zend_hash_add(FG(stream_wrappers), protocol, protocol_len + 1, wrapper, sizeof(*wrapper), NULL); + } + + PHPAPI int php_unregister_url_stream_wrapper_volatile(char *protocol TSRMLS_DC) +@@ -1495,7 +1495,7 @@ PHPAPI int php_unregister_url_stream_wra + zend_hash_copy(FG(stream_wrappers), &url_stream_wrappers_hash, NULL, &tmpwrapper, sizeof(php_stream_wrapper)); + } + +- return zend_hash_del(FG(stream_wrappers), protocol, strlen(protocol)); ++ return zend_hash_del(FG(stream_wrappers), protocol, strlen(protocol) + 1); + } + /* }}} */ + +@@ -1529,7 +1529,8 @@ PHPAPI php_stream_wrapper *php_stream_lo + } + + if (protocol) { +- if (FAILURE == zend_hash_find(wrapper_hash, (char*)protocol, n, (void**)&wrapper)) { ++ char *tmp = estrndup(protocol, n); ++ if (FAILURE == zend_hash_find(wrapper_hash, (char*)tmp, n + 1, (void**)&wrapper)) { + char wrapper_name[32]; + + if (n >= sizeof(wrapper_name)) +@@ -1542,6 +1543,7 @@ PHPAPI php_stream_wrapper *php_stream_lo + wrapper = NULL; + protocol = NULL; + } ++ efree(tmp); + } + /* TODO: curl based streams probably support file:// properly */ + if (!protocol || !strncasecmp(protocol, "file", n)) { +@@ -1590,7 +1592,7 @@ PHPAPI php_stream_wrapper *php_stream_lo + } + + /* Check again, the original check might have not known the protocol name */ +- if (zend_hash_find(wrapper_hash, "file", sizeof("file")-1, (void**)&wrapper) == SUCCESS) { ++ if (zend_hash_find(wrapper_hash, "file", sizeof("file"), (void**)&wrapper) == SUCCESS) { + return wrapper; + } + --- php5-5.1.2.orig/debian/patches/CVE-2010-3065.patch +++ php5-5.1.2/debian/patches/CVE-2010-3065.patch @@ -0,0 +1,16 @@ +Description: fix arbitrary session variable modification via crafted + session variable name +Origin: backport, http://svn.php.net/viewvc?view=revision&revision=298608 + +diff -Naur php5-5.1.2.ori//ext/session/session.c php5-5.1.2/ext/session/session.c +--- php5-5.1.2.ori//ext/session/session.c 2010-09-15 10:02:57.000000000 -0400 ++++ php5-5.1.2/ext/session/session.c 2010-09-15 10:18:15.000000000 -0400 +@@ -504,7 +504,7 @@ + + PS_ENCODE_LOOP( + smart_str_appendl(&buf, key, (unsigned char) key_length); +- if (memchr(key, PS_DELIMITER, key_length)) { ++ if (memchr(key, PS_DELIMITER, key_length) || memchr(key, PS_UNDEF_MARKER, key_length)) { + PHP_VAR_SERIALIZE_DESTROY(var_hash); + smart_str_free(&buf); + return FAILURE; --- php5-5.1.2.orig/debian/patches/047-zts_with_dl.patch +++ php5-5.1.2/debian/patches/047-zts_with_dl.patch @@ -0,0 +1,15 @@ +--- php5-5.1.1/ext/standard/dl.c 2005-08-09 02:49:43.000000000 +1000 ++++ php5-5.1.1/ext/standard/dl.c 2005-12-15 15:40:28.000000000 +1100 +@@ -76,12 +76,7 @@ + if ((strncmp(sapi_module.name, "cgi", 3)!=0) && + (strcmp(sapi_module.name, "cli")!=0) && + (strncmp(sapi_module.name, "embed", 5)!=0)) { +-#ifdef ZTS +- php_error_docref(NULL TSRMLS_CC, E_WARNING, "Not supported in multithreaded Web servers - use extension=%s in your php.ini", Z_STRVAL_PP(file)); +- RETURN_FALSE; +-#else + php_error_docref(NULL TSRMLS_CC, E_STRICT, "dl() is deprecated - use extension=%s in your php.ini", Z_STRVAL_PP(file)); +-#endif + } + + php_dl(*file, MODULE_TEMPORARY, return_value, 0 TSRMLS_CC); --- php5-5.1.2.orig/debian/patches/CVE-2009-4017.patch +++ php5-5.1.2/debian/patches/CVE-2009-4017.patch @@ -0,0 +1,59 @@ +Description: fix denial of service via large number of files in + form-data POST request. +upstream, Origin: http://svn.php.net/viewvc?view=revision&revision=289990 +upstream, Origin: http://svn.php.net/viewvc?view=revision&revision=290029 +upstream, Origin: http://svn.php.net/viewvc?view=revision&revision=290306 + +diff -Naur php5-5.1.2.ori/main/main.c php5-5.1.2/main/main.c +--- php5-5.1.2.ori/main/main.c 2009-11-25 15:29:13.000000000 -0500 ++++ php5-5.1.2/main/main.c 2009-11-25 15:34:43.000000000 -0500 +@@ -320,6 +320,7 @@ + PHP_INI_ENTRY("mail.force_extra_parameters",NULL, PHP_INI_SYSTEM|PHP_INI_PERDIR, NULL) + PHP_INI_ENTRY("disable_functions", "", PHP_INI_SYSTEM, NULL) + PHP_INI_ENTRY("disable_classes", "", PHP_INI_SYSTEM, NULL) ++ PHP_INI_ENTRY("max_file_uploads", "50", PHP_INI_SYSTEM, NULL) + + STD_PHP_INI_BOOLEAN("allow_url_fopen", "1", PHP_INI_SYSTEM, OnUpdateBool, allow_url_fopen, php_core_globals, core_globals) + STD_PHP_INI_BOOLEAN("always_populate_raw_post_data", "0", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateBool, always_populate_raw_post_data, php_core_globals, core_globals) +diff -Naur php5-5.1.2.ori/main/rfc1867.c php5-5.1.2/main/rfc1867.c +--- php5-5.1.2.ori/main/rfc1867.c 2006-01-01 07:50:17.000000000 -0500 ++++ php5-5.1.2/main/rfc1867.c 2009-11-25 15:36:24.000000000 -0500 +@@ -32,6 +32,7 @@ + #include "php_globals.h" + #include "php_variables.h" + #include "rfc1867.h" ++#include "php_ini.h" + + #define DEBUG_FILE_UPLOAD ZEND_DEBUG + +@@ -791,6 +792,12 @@ + zval *array_ptr = (zval *) arg; + int fd=-1; + zend_llist header; ++ char *max_uploads = INI_STR("max_file_uploads"); ++ int upload_cnt = 0; ++ ++ if (max_uploads && *max_uploads) { ++ upload_cnt = atoi(max_uploads); ++ } + + if (SG(request_info).content_length > SG(post_max_size)) { + sapi_module.sapi_error(E_WARNING, "POST Content-Length of %ld bytes exceeds the limit of %ld bytes", SG(request_info).content_length, SG(post_max_size)); +@@ -932,6 +939,9 @@ + /* If file_uploads=off, skip the file part */ + if (!PG(file_uploads)) { + skip_upload = 1; ++ } else if (upload_cnt <= 0) { ++ skip_upload = 1; ++ sapi_module.sapi_error(E_WARNING, "Maximum number of allowable file uploads has been exceeded"); + } + + /* Return with an error if the posted data is garbled */ +@@ -976,6 +986,7 @@ + if (!skip_upload) { + /* Handle file */ + fd = php_open_temporary_fd(PG(upload_tmp_dir), "php", &temp_filename TSRMLS_CC); ++ upload_cnt--; + if (fd==-1) { + sapi_module.sapi_error(E_WARNING, "File upload error - unable to create a temporary file"); + cancel_upload = UPLOAD_ERROR_E; --- php5-5.1.2.orig/debian/patches/212-CVE-2008-2107+2108.patch +++ php5-5.1.2/debian/patches/212-CVE-2008-2107+2108.patch @@ -0,0 +1,12 @@ +diff -Naur php5-5.1.2.orig/ext/standard/php_rand.h php5-5.1.2/ext/standard/php_rand.h +--- php5-5.1.2.orig/ext/standard/php_rand.h 2006-01-01 07:50:15.000000000 -0500 ++++ php5-5.1.2/ext/standard/php_rand.h 2008-07-16 16:43:51.000000000 -0400 +@@ -49,7 +49,7 @@ + #ifdef PHP_WIN32 + #define GENERATE_SEED() ((long) (time(0) * GetCurrentProcessId() * 1000000 * php_combined_lcg(TSRMLS_C))) + #else +-#define GENERATE_SEED() ((long) (time(0) * getpid() * 1000000 * php_combined_lcg(TSRMLS_C))) ++#define GENERATE_SEED() (((long) (time(0) * getpid())) ^ ((long) (1000000.0 * php_combined_lcg(TSRMLS_C)))) + #endif + + PHPAPI void php_srand(long seed TSRMLS_DC); --- php5-5.1.2.orig/debian/patches/228_SECURITY_CVE-2009-0754.patch +++ php5-5.1.2/debian/patches/228_SECURITY_CVE-2009-0754.patch @@ -0,0 +1,27 @@ +# +# Description: fix mbstring.func_overload setting in .htaccess affects +# other virtual hosts. +# Patch: http://cvsweb.php.net/viewvc.cgi/php-src/ext/mbstring/mbstring.c?r1=1.276&r2=1.277 +# Upstream: http://bugs.php.net/bug.php?id=27421 +# +diff -Naur php5-5.1.2.ori/ext/mbstring/mbstring.c php5-5.1.2/ext/mbstring/mbstring.c +--- php5-5.1.2.ori/ext/mbstring/mbstring.c 2006-01-01 07:50:08.000000000 -0500 ++++ php5-5.1.2/ext/mbstring/mbstring.c 2009-04-15 14:19:32.000000000 -0400 +@@ -1001,9 +1001,14 @@ + /* clear overloaded function. */ + if (MBSTRG(func_overload)){ + p = &(mb_ovld[0]); +- while (p->type > 0 && zend_hash_find(EG(function_table), p->save_func, strlen(p->save_func)+1 , (void **)&orig) == SUCCESS) { +- zend_hash_update(EG(function_table), p->orig_func, strlen(p->orig_func)+1, orig, sizeof(zend_function), NULL); +- zend_hash_del(EG(function_table), p->save_func, strlen(p->save_func)+1); ++ while (p->type > 0) { ++ if ((MBSTRG(func_overload) & p->type) == p->type && ++ zend_hash_find(EG(function_table), p->save_func, ++ strlen(p->save_func)+1, (void **)&orig) == SUCCESS) { ++ ++ zend_hash_update(EG(function_table), p->orig_func, strlen(p->orig_func)+1, orig, sizeof(zend_function), NULL); ++ zend_hash_del(EG(function_table), p->save_func, strlen(p->save_func)+1); ++ } + p++; + } + } --- php5-5.1.2.orig/debian/patches/CVE-2007-0907.patch +++ php5-5.1.2/debian/patches/CVE-2007-0907.patch @@ -0,0 +1,12 @@ +diff -Nurp orig/main/SAPI.c new/main/SAPI.c +--- orig/main/SAPI.c 2007-02-21 08:48:51.000000000 +0100 ++++ new/main/SAPI.c 2007-02-21 08:49:14.000000000 +0100 +@@ -563,7 +563,7 @@ SAPI_API int sapi_header_op(sapi_header_ + header_line = estrndup(header_line, header_line_len); + + /* cut of trailing spaces, linefeeds and carriage-returns */ +- while(isspace(header_line[header_line_len-1])) ++ while(header_line_len && isspace(header_line[header_line_len-1])) + header_line[--header_line_len]='\0'; + + /* new line safety check */ --- php5-5.1.2.orig/debian/patches/CVE-2006-3018.patch +++ php5-5.1.2/debian/patches/CVE-2006-3018.patch @@ -0,0 +1,19 @@ +diff -Nurp orig/ext/session/mod_files.c new/ext/session/mod_files.c +--- orig/ext/session/mod_files.c 2006-07-18 17:21:03.000000000 +0000 ++++ new/ext/session/mod_files.c 2006-07-18 17:21:46.000000000 +0000 +@@ -397,10 +397,12 @@ PS_DESTROY_FUNC(files) + if (!ps_files_path_create(buf, sizeof(buf), data, key)) + return FAILURE; + +- ps_files_close(data); ++ if (data->fd != -1) { ++ ps_files_close(data); + +- if (VCWD_UNLINK(buf) == -1) { +- return FAILURE; ++ if (VCWD_UNLINK(buf) == -1) { ++ return FAILURE; ++ } + } + + return SUCCESS; --- php5-5.1.2.orig/debian/patches/CVE-2006-5465.patch +++ php5-5.1.2/debian/patches/CVE-2006-5465.patch @@ -0,0 +1,29 @@ +diff -Nurp orig/ext/standard/html.c new/ext/standard/html.c +--- orig/ext/standard/html.c 2006-11-02 09:57:49.000000000 +0000 ++++ new/ext/standard/html.c 2006-11-02 10:00:40.000000000 +0000 +@@ -1096,7 +1096,7 @@ PHPAPI char *php_escape_html_entities(un + + matches_map = 0; + +- if (len + 9 > maxlen) ++ if (len + 16 > maxlen) + replaced = erealloc (replaced, maxlen += 128); + + if (all) { +@@ -1121,9 +1121,15 @@ PHPAPI char *php_escape_html_entities(un + } + + if (matches_map) { ++ int l = strlen(rep); ++ /* increase the buffer size */ ++ if (len + 2 + l >= maxlen) { ++ replaced = erealloc(replaced, maxlen += 128); ++ } ++ + replaced[len++] = '&'; + strcpy(replaced + len, rep); +- len += strlen(rep); ++ len += l; + replaced[len++] = ';'; + } + } --- php5-5.1.2.orig/debian/patches/201-tempnam_openbasedir_bypass.patch +++ php5-5.1.2/debian/patches/201-tempnam_openbasedir_bypass.patch @@ -0,0 +1,32 @@ +diff -Nurp orig/main/php_open_temporary_file.c new/main/php_open_temporary_file.c +--- orig/main/php_open_temporary_file.c 2006-11-02 10:07:35.000000000 +0000 ++++ new/main/php_open_temporary_file.c 2006-11-02 10:11:54.000000000 +0000 +@@ -206,6 +206,7 @@ PHPAPI const char* php_get_temporary_dir + PHPAPI int php_open_temporary_fd(const char *dir, const char *pfx, char **opened_path_p TSRMLS_DC) + { + int fd; ++ const char *temp_dir = php_get_temporary_directory(); + + if (!pfx) { + pfx = "tmp."; +@@ -214,11 +215,19 @@ PHPAPI int php_open_temporary_fd(const c + *opened_path_p = NULL; + } + ++ if (!dir || *dir == '\0') { ++ if (temp_dir && *temp_dir != '\0' && !php_check_open_basedir(temp_dir TSRMLS_CC)) { ++ return php_do_open_temporary_file(temp_dir, pfx, opened_path_p TSRMLS_CC); ++ } else { ++ return -1; ++ } ++ } ++ + /* Try the directory given as parameter. */ + fd = php_do_open_temporary_file(dir, pfx, opened_path_p TSRMLS_CC); + if (fd == -1) { + /* Use default temporary directory. */ +- fd = php_do_open_temporary_file(php_get_temporary_directory(), pfx, opened_path_p TSRMLS_CC); ++ fd = php_do_open_temporary_file(temp_dir, pfx, opened_path_p TSRMLS_CC); + } + return fd; + } --- php5-5.1.2.orig/debian/patches/041-shut_up_snmp.patch +++ php5-5.1.2/debian/patches/041-shut_up_snmp.patch @@ -0,0 +1,12 @@ +--- php4-4.3.10/ext/snmp/snmp.c 2005-03-23 00:32:06.000000000 -0700 ++++ php4-4.3.10/ext/snmp/snmp.c 2005-03-23 00:30:18.000000000 -0700 +@@ -220,7 +220,9 @@ + */ + PHP_MSHUTDOWN_FUNCTION(snmp) + { ++/*** This should be re-enabled when I have a newer libsnmp to play with *** + snmp_shutdown("snmpapp"); ++**************************************************************************/ + + return SUCCESS; + } --- php5-5.1.2.orig/debian/patches/036-fd_setsize_fix.patch +++ php5-5.1.2/debian/patches/036-fd_setsize_fix.patch @@ -0,0 +1,24 @@ +diff -urN php-5.0.4.orig/ext/sockets/sockets.c php-5.0.4/ext/sockets/sockets.c +--- php-5.0.4.orig/ext/sockets/sockets.c 2005-02-15 00:44:31.000000000 +0100 ++++ php-5.0.4/ext/sockets/sockets.c 2005-04-10 17:32:15.851738072 +0200 +@@ -542,6 +542,7 @@ + + php_sock = (php_socket*) zend_fetch_resource(element TSRMLS_CC, -1, le_socket_name, NULL, 1, le_socket); + if (!php_sock) continue; /* If element is not a resource, skip it */ ++ if (php_sock->bsd_socket > FD_SETSIZE) continue; /* must ignore it */ + + PHP_SAFE_FD_SET(php_sock->bsd_socket, fds); + if (php_sock->bsd_socket > *max_fd) { +diff -urN php-5.0.4.orig/ext/standard/streamsfuncs.c php-5.0.4/ext/standard/streamsfuncs.c +--- php-5.0.4.orig/ext/standard/streamsfuncs.c 2005-01-15 05:51:03.000000000 +0100 ++++ php-5.0.4/ext/standard/streamsfuncs.c 2005-04-10 17:34:29.274454736 +0200 +@@ -588,6 +588,9 @@ + * is not displayed. + * */ + if (SUCCESS == php_stream_cast(stream, PHP_STREAM_AS_FD_FOR_SELECT | PHP_STREAM_CAST_INTERNAL, (void*)&this_fd, 1) && this_fd >= 0) { ++ if (this_fd > FD_SETSIZE) ++ continue; ++ + + PHP_SAFE_FD_SET(this_fd, fds); + --- php5-5.1.2.orig/debian/patches/CVE-2006-1608.patch +++ php5-5.1.2/debian/patches/CVE-2006-1608.patch @@ -0,0 +1,12 @@ +diff -Nurp orig/ext/standard/file.c new/ext/standard/file.c +--- orig/ext/standard/file.c 2006-07-18 16:48:20.000000000 +0000 ++++ new/ext/standard/file.c 2006-07-18 16:48:54.000000000 +0000 +@@ -1762,7 +1762,7 @@ no_stat: + } + safe_to_copy: + +- srcstream = php_stream_open_wrapper(src, "rb", STREAM_DISABLE_OPEN_BASEDIR | REPORT_ERRORS, NULL); ++ srcstream = php_stream_open_wrapper(src, "rb", ENFORCE_SAFE_MODE | REPORT_ERRORS, NULL); + + if (!srcstream) { + return ret; --- php5-5.1.2.orig/debian/patches/CVE-2009-3292.patch +++ php5-5.1.2/debian/patches/CVE-2009-3292.patch @@ -0,0 +1,71 @@ +Description: fix denial of service via malformed exif images +upstream, Origin: http://svn.php.net/viewvc?view=revision&revision=287371 +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/php5/+bug/446313 + +diff -Naur php5-5.1.2.ori/ext/exif/exif.c php5-5.1.2/ext/exif/exif.c +--- php5-5.1.2.ori/ext/exif/exif.c 2009-11-25 15:29:14.000000000 -0500 ++++ php5-5.1.2/ext/exif/exif.c 2009-11-25 15:31:51.000000000 -0500 +@@ -3124,7 +3124,7 @@ + { + /* Check the APP1 for Exif Identifier Code */ + static const uchar ExifHeader[] = {0x45, 0x78, 0x69, 0x66, 0x00, 0x00}; +- if (memcmp(CharBuf+2, ExifHeader, 6)) { ++ if (length <= 8 || memcmp(CharBuf+2, ExifHeader, 6)) { + exif_error_docref(NULL EXIFERR_CC, ImageInfo, E_WARNING, "Incorrect APP1 Exif Identifier Code"); + return; + } +@@ -3207,8 +3207,14 @@ + } + + /* Read the length of the section. */ +- lh = php_stream_getc(ImageInfo->infile); +- ll = php_stream_getc(ImageInfo->infile); ++ if ((lh = php_stream_getc(ImageInfo->infile)) == EOF) { ++ EXIF_ERRLOG_CORRUPT(ImageInfo) ++ return FALSE; ++ } ++ if ((ll = php_stream_getc(ImageInfo->infile)) == EOF) { ++ EXIF_ERRLOG_CORRUPT(ImageInfo) ++ return FALSE; ++ } + + itemlen = (lh << 8) | ll; + +@@ -3408,6 +3414,10 @@ + int entry_tag , entry_type; + tag_table_type tag_table = exif_get_tag_table(section_index); + ++ if (ImageInfo->ifd_nesting_level > MAX_IFD_NESTING_LEVEL) { ++ return FALSE; ++ } ++ + if (ImageInfo->FileSize >= dir_offset+2) { + sn = exif_file_sections_add(ImageInfo, M_PSEUDO, 2, NULL); + #ifdef EXIF_DEBUG +@@ -3551,6 +3561,7 @@ + #ifdef EXIF_DEBUG + exif_error_docref(NULL EXIFERR_CC, ImageInfo, E_NOTICE, "Next IFD: %s @x%04X", exif_get_sectionname(sub_section_index), entry_offset); + #endif ++ ImageInfo->ifd_nesting_level++; + exif_process_IFD_in_TIFF(ImageInfo, entry_offset, sub_section_index TSRMLS_CC); + if (section_index!=SECTION_THUMBNAIL && entry_tag==TAG_SUB_IFD) { + if (ImageInfo->Thumbnail.filetype != IMAGE_FILETYPE_UNKNOWN +@@ -3590,6 +3601,7 @@ + #ifdef EXIF_DEBUG + exif_error_docref(NULL EXIFERR_CC, ImageInfo, E_NOTICE, "Read next IFD (THUMBNAIL) at x%04X", next_offset); + #endif ++ ImageInfo->ifd_nesting_level++; + exif_process_IFD_in_TIFF(ImageInfo, next_offset, SECTION_THUMBNAIL TSRMLS_CC); + #ifdef EXIF_DEBUG + exif_error_docref(NULL EXIFERR_CC, ImageInfo, E_NOTICE, "%s THUMBNAIL @0x%04X + 0x%04X", ImageInfo->Thumbnail.data ? "Ignore" : "Read", ImageInfo->Thumbnail.offset, ImageInfo->Thumbnail.size); +@@ -3658,9 +3670,7 @@ + } else { + exif_error_docref(NULL EXIFERR_CC, ImageInfo, E_WARNING, "Invalid TIFF file"); + } +- } +- else +- if (!memcmp(file_header, "MM\x00\x2a", 4)) { ++ } else if (!memcmp(file_header, "MM\x00\x2a", 4)) { + ImageInfo->FileType = IMAGE_FILETYPE_TIFF_MM; + ImageInfo->motorola_intel = 1; + #ifdef EXIF_DEBUG --- php5-5.1.2.orig/debian/patches/202-money-format-abuse.patch +++ php5-5.1.2/debian/patches/202-money-format-abuse.patch @@ -0,0 +1,34 @@ +Index: php5-5.2.3/ext/standard/string.c +=================================================================== +--- php5-5.2.3.orig/ext/standard/string.c 2007-10-18 19:05:26.000000000 -0700 ++++ php5-5.2.3/ext/standard/string.c 2007-10-18 19:05:44.000000000 -0700 +@@ -5010,13 +5010,28 @@ + PHP_FUNCTION(money_format) + { + int format_len = 0, str_len; +- char *format, *str; ++ char *format, *str, *p, *e; + double value; ++ zend_bool check = 0; + + if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "sd", &format, &format_len, &value) == FAILURE) { + return; + } + ++ p = format; ++ e = p + format_len; ++ while ((p = memchr(p, '%', (e - p)))) { ++ if (*(p + 1) == '%') { ++ p += 2; ++ } else if (!check) { ++ check = 1; ++ p++; ++ } else { ++ php_error_docref(NULL TSRMLS_CC, E_WARNING, "Only a single %%i or %%n token can be used"); ++ RETURN_FALSE; ++ } ++ } ++ + str_len = format_len + 1024; + str = emalloc(str_len); + if ((str_len = strfmon(str, str_len, format, value)) < 0) { --- php5-5.1.2.orig/debian/patches/CVE-2010-1128.patch +++ php5-5.1.2/debian/patches/CVE-2010-1128.patch @@ -0,0 +1,27 @@ +Description: fix weak entropy in Linear Congruential Generator (LCG) +Origin: upstream, http://svn.php.net/viewvc?view=revision&revision=293253 + +diff -Naur php5-5.1.2.ori//ext/standard/lcg.c php5-5.1.2/ext/standard/lcg.c +--- php5-5.1.2.ori//ext/standard/lcg.c 2006-01-01 07:50:15.000000000 -0500 ++++ php5-5.1.2/ext/standard/lcg.c 2010-09-15 09:49:47.000000000 -0400 +@@ -78,7 +78,7 @@ + struct timeval tv; + + if (gettimeofday(&tv, NULL) == 0) { +- LCG(s1) = tv.tv_sec ^ (~tv.tv_usec); ++ LCG(s1) = tv.tv_sec ^ (tv.tv_usec<<11); + } else { + LCG(s1) = 1; + } +@@ -88,6 +88,11 @@ + LCG(s2) = (long) getpid(); + #endif + ++ /* Add entropy to s2 by calling gettimeofday() again */ ++ if (gettimeofday(&tv, NULL) == 0) { ++ LCG(s2) ^= (tv.tv_usec<<11); ++ } ++ + LCG(seeded) = 1; + } + --- php5-5.1.2.orig/debian/patches/225_SECURITY_CVE-2008-5624.patch +++ php5-5.1.2/debian/patches/225_SECURITY_CVE-2008-5624.patch @@ -0,0 +1,48 @@ +# +# Description: fix safe_mode restriction bypass via unrestricted variable settings. +# Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508021 +# Patch: http://cvs.php.net/viewvc.cgi/php-src/ext/standard/basic_functions.c?r1=1.725.2.31.2.78&r2=1.725.2.31.2.79&diff_format=u +# Patch: http://cvs.php.net/viewvc.cgi/php-src/sapi/apache/mod_php5.c?r1=1.19.2.7.2.15&r2=1.19.2.7.2.16&diff_format=u +# +diff -Naur php5-5.1.2.ori/ext/standard/basic_functions.c php5-5.1.2/ext/standard/basic_functions.c +--- php5-5.1.2.ori/ext/standard/basic_functions.c 2006-01-04 16:31:29.000000000 -0500 ++++ php5-5.1.2/ext/standard/basic_functions.c 2009-01-28 10:17:12.000000000 -0500 +@@ -958,6 +958,8 @@ + memset(&BG(mblen_state), 0, sizeof(BG(mblen_state))); + #endif + BG(incomplete_class) = incomplete_class_entry; ++ BG(page_uid) = -1; ++ BG(page_gid) = -1; + } + + +@@ -1243,6 +1245,8 @@ + + PHP_RSHUTDOWN(user_filters)(SHUTDOWN_FUNC_ARGS_PASSTHRU); + ++ BG(page_uid) = -1; ++ BG(page_gid) = -1; + return SUCCESS; + } + +diff -Naur php5-5.1.2.ori/sapi/apache/mod_php5.c php5-5.1.2/sapi/apache/mod_php5.c +--- php5-5.1.2.ori/sapi/apache/mod_php5.c 2006-01-06 13:06:38.000000000 -0500 ++++ php5-5.1.2/sapi/apache/mod_php5.c 2009-01-28 10:17:12.000000000 -0500 +@@ -576,6 +576,8 @@ + return OK; + } + ++ SG(server_context) = r; ++ + zend_first_try { + + /* Make sure file exists */ +@@ -633,8 +635,6 @@ + /* Init timeout */ + hard_timeout("send", r); + +- SG(server_context) = r; +- + php_save_umask(); + add_common_vars(r); + add_cgi_vars(r); --- php5-5.1.2.orig/debian/patches/208-session-id-leak.patch +++ php5-5.1.2/debian/patches/208-session-id-leak.patch @@ -0,0 +1,106 @@ +Index: php5-5.2.3/ext/standard/url_scanner_ex.c +=================================================================== +--- php5-5.2.3.orig/ext/standard/url_scanner_ex.c 2007-11-27 14:08:53.000000000 -0800 ++++ php5-5.2.3/ext/standard/url_scanner_ex.c 2007-11-27 14:11:43.000000000 -0800 +@@ -232,16 +232,29 @@ + + if (ctx->form_app.len > 0) { + switch (ctx->tag.len) { +- +-#define RECOGNIZE(x) do { \ +- case sizeof(x)-1: \ +- if (strncasecmp(ctx->tag.c, x, sizeof(x)-1) == 0) \ +- doit = 1; \ +- break; \ +-} while (0) +- +- RECOGNIZE("form"); +- RECOGNIZE("fieldset"); ++ case sizeof("form") - 1: ++ if (!strncasecmp(ctx->tag.c, "form", sizeof("form") - 1)) { ++ doit = 1; ++ } ++ if (doit && ctx->val.c && ctx->lookup_data && *ctx->lookup_data) { ++ char *e, *p = zend_memnstr(ctx->val.c, "://", sizeof("://") - 1, ctx->val.c + ctx->val.len); ++ if (p) { ++ e = memchr(p, '/', (ctx->val.c + ctx->val.len) - p); ++ if (!e) { ++ e = ctx->val.c + ctx->val.len; ++ } ++ if ((e - p) && strncasecmp(p, ctx->lookup_data, (e - p))) { ++ doit = 0; ++ } ++ } ++ } ++ break; ++ ++ case sizeof("fieldset") - 1: ++ if (!strncasecmp(ctx->tag.c, "fieldset", sizeof("fieldset") - 1)) { ++ doit = 1; ++ } ++ break; + } + + if (doit) +@@ -249,8 +262,6 @@ + } + } + +- +- + /* + * HANDLE_TAG copies the HTML Tag and checks whether we + * have that tag in our table. If we might modify it, +Index: php5-5.2.3/ext/standard/url_scanner_ex.re +=================================================================== +--- php5-5.2.3.orig/ext/standard/url_scanner_ex.re 2007-11-27 14:08:52.000000000 -0800 ++++ php5-5.2.3/ext/standard/url_scanner_ex.re 2007-11-27 14:10:47.000000000 -0800 +@@ -204,16 +204,29 @@ + + if (ctx->form_app.len > 0) { + switch (ctx->tag.len) { +- +-#define RECOGNIZE(x) do { \ +- case sizeof(x)-1: \ +- if (strncasecmp(ctx->tag.c, x, sizeof(x)-1) == 0) \ +- doit = 1; \ +- break; \ +-} while (0) +- +- RECOGNIZE("form"); +- RECOGNIZE("fieldset"); ++ case sizeof("form") - 1: ++ if (!strncasecmp(ctx->tag.c, "form", sizeof("form") - 1)) { ++ doit = 1; ++ } ++ if (doit && ctx->val.c && ctx->lookup_data && *ctx->lookup_data) { ++ char *e, *p = zend_memnstr(ctx->val.c, "://", sizeof("://") - 1, ctx->val.c + ctx->val.len); ++ if (p) { ++ e = memchr(p, '/', (ctx->val.c + ctx->val.len) - p); ++ if (!e) { ++ e = ctx->val.c + ctx->val.len; ++ } ++ if ((e - p) && strncasecmp(p, ctx->lookup_data, (e - p))) { ++ doit = 0; ++ } ++ } ++ } ++ break; ++ ++ case sizeof("fieldset") - 1: ++ if (!strncasecmp(ctx->tag.c, "fieldset", sizeof("fieldset") - 1)) { ++ doit = 1; ++ } ++ break; + } + + if (doit) +@@ -221,8 +234,6 @@ + } + } + +- +- + /* + * HANDLE_TAG copies the HTML Tag and checks whether we + * have that tag in our table. If we might modify it, --- php5-5.1.2.orig/debian/patches/121-CVE-2007-2510_soap.patch +++ php5-5.1.2/debian/patches/121-CVE-2007-2510_soap.patch @@ -0,0 +1,33 @@ +--- old/ext/soap/php_http.c 2007/01/01 09:36:06 1.77.2.11.2.5 ++++ new/ext/soap/php_http.c 2007/02/21 04:29:15 1.77.2.11.2.6 +@@ -910,19 +910,20 @@ + efree(http_body); + efree(loc); + if (new_url->scheme == NULL && new_url->path != NULL) { +- new_url->scheme = estrdup(phpurl->scheme); +- new_url->host = estrdup(phpurl->host); ++ new_url->scheme = NULL; ++ new_url->host = phpurl->host ? estrdup(phpurl->host) : NULL; + new_url->port = phpurl->port; + if (new_url->path && new_url->path[0] != '/') { +- char *t = phpurl->path?phpurl->path:"/"; ++ char *t = phpurl->path; + char *p = strrchr(t, '/'); +- char *s = emalloc((p - t) + strlen(new_url->path) + 2); +- +- strncpy(s, t, (p - t) + 1); +- s[(p - t) + 1] = 0; +- strcat(s, new_url->path); +- efree(new_url->path); +- new_url->path = s; ++ if (p) { ++ char *s = emalloc((p - t) + strlen(new_url->path) + 2); ++ strncpy(s, t, (p - t) + 1); ++ s[(p - t) + 1] = 0; ++ strcat(s, new_url->path); ++ efree(new_url->path); ++ new_url->path = s; ++ } + } + } + phpurl = new_url; --- php5-5.1.2.orig/debian/patches/045-exif_nesting_level.patch +++ php5-5.1.2/debian/patches/045-exif_nesting_level.patch @@ -0,0 +1,11 @@ +--- php4-4.3.10/ext/exif/exif.c.orig 2005-02-14 16:13:09.000000000 -0700 ++++ php4-4.3.10/ext/exif/exif.c 2005-02-14 16:13:40.000000000 -0700 +@@ -96,7 +96,7 @@ + + #define EFREE_IF(ptr) if (ptr) efree(ptr) + +-#define MAX_IFD_NESTING_LEVEL 100 ++#define MAX_IFD_NESTING_LEVEL 250 + + static + ZEND_BEGIN_ARG_INFO(exif_thumbnail_force_ref, 1) --- php5-5.1.2.orig/debian/patches/CVE-2006-1991.patch +++ php5-5.1.2/debian/patches/CVE-2006-1991.patch @@ -0,0 +1,23 @@ +diff -Nurp orig/ext/standard/string.c new/ext/standard/string.c +--- orig/ext/standard/string.c 2006-07-18 16:55:43.000000000 +0000 ++++ new/ext/standard/string.c 2006-07-18 16:57:51.000000000 +0000 +@@ -4882,7 +4882,7 @@ PHP_FUNCTION(substr_compare) + RETURN_FALSE; + } + +- if (len && offset >= s1_len) { ++ if ((offset + len) > s1_len) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "The start position cannot exceed initial string length."); + RETURN_FALSE; + } +@@ -4891,6 +4891,10 @@ PHP_FUNCTION(substr_compare) + offset = s1_len + offset; + } + ++ if (offset < 0) { ++ offset = s1_len + offset; ++ } ++ + cmp_len = (uint) (len ? len : MAX(s2_len, (s1_len - offset))); + + if (!cs) { --- php5-5.1.2.orig/debian/patches/CVE-2006-1494.patch +++ php5-5.1.2/debian/patches/CVE-2006-1494.patch @@ -0,0 +1,35 @@ +diff -Nurp orig/ext/standard/file.c new/ext/standard/file.c +--- orig/ext/standard/file.c 2006-07-18 16:45:24.000000000 +0000 ++++ new/ext/standard/file.c 2006-07-18 16:46:48.000000000 +0000 +@@ -773,8 +773,9 @@ PHP_FUNCTION(tempnam) + zval **arg1, **arg2; + char *d; + char *opened_path; +- char p[64]; ++ char *p; + int fd; ++ size_t p_len; + + if (ZEND_NUM_ARGS() != 2 || zend_get_parameters_ex(2, &arg1, &arg2) == FAILURE) { + WRONG_PARAM_COUNT; +@@ -787,7 +788,11 @@ PHP_FUNCTION(tempnam) + } + + d = estrndup(Z_STRVAL_PP(arg1), Z_STRLEN_PP(arg1)); +- strlcpy(p, Z_STRVAL_PP(arg2), sizeof(p)); ++ ++ php_basename(Z_STRVAL_PP(arg2), Z_STRLEN_PP(arg2), NULL, 0, &p, &p_len TSRMLS_CC); ++ if (p_len > 64) { ++ p[63] = '\0'; ++ } + + if ((fd = php_open_temporary_fd(d, p, &opened_path TSRMLS_CC)) >= 0) { + close(fd); +@@ -795,6 +800,7 @@ PHP_FUNCTION(tempnam) + } else { + RETVAL_FALSE; + } ++ efree(p); + efree(d); + } + /* }}} */ --- php5-5.1.2.orig/debian/patches/MOPB-15.patch +++ php5-5.1.2/debian/patches/MOPB-15.patch @@ -0,0 +1,91 @@ +diff -uNrp php5-5.1.6-unpatched/ext/shmop/shmop.c php5-5.1.6/ext/shmop/shmop.c +--- php5-5.1.6-unpatched/ext/shmop/shmop.c 2006-01-01 04:50:13.000000000 -0800 ++++ php5-5.1.6/ext/shmop/shmop.c 2007-04-23 16:17:02.000000000 -0700 +@@ -78,6 +78,16 @@ zend_module_entry shmop_module_entry = { + ZEND_GET_MODULE(shmop) + #endif + ++#define PHP_SHMOP_GET_RES \ ++ shmop = zend_list_find(shmid, &type); \ ++ if (!shmop) { \ ++ php_error_docref(NULL TSRMLS_CC, E_WARNING, "no shared memory segment with an id of [%lu]", shmid); \ ++ RETURN_FALSE; \ ++ } else if (type != shm_type) { \ ++ php_error_docref(NULL TSRMLS_CC, E_WARNING, "not a shmop resource"); \ ++ RETURN_FALSE; \ ++ } \ ++ + /* {{{ rsclean + */ + static void rsclean(zend_rsrc_list_entry *rsrc TSRMLS_DC) +@@ -201,13 +211,8 @@ PHP_FUNCTION(shmop_read) + WRONG_PARAM_COUNT; + } + +- shmop = zend_list_find(shmid, &type); ++ PHP_SHMOP_GET_RES + +- if (!shmop) { +- php_error_docref(NULL TSRMLS_CC, E_WARNING, "no shared memory segment with an id of [%lu]", shmid); +- RETURN_FALSE; +- } +- + if (start < 0 || start > shmop->size) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "start is out of range"); + RETURN_FALSE; +@@ -241,12 +246,7 @@ PHP_FUNCTION(shmop_close) + WRONG_PARAM_COUNT; + } + +- shmop = zend_list_find(shmid, &type); +- +- if (!shmop) { +- php_error_docref(NULL TSRMLS_CC, E_WARNING, "no shared memory segment with an id of [%lu]", shmid); +- RETURN_FALSE; +- } ++ PHP_SHMOP_GET_RES + + zend_list_delete(shmid); + } +@@ -264,12 +264,7 @@ PHP_FUNCTION(shmop_size) + WRONG_PARAM_COUNT; + } + +- shmop = zend_list_find(shmid, &type); +- +- if (!shmop) { +- php_error_docref(NULL TSRMLS_CC, E_WARNING, "no shared memory segment with an id of [%lu]", shmid); +- RETURN_FALSE; +- } ++ PHP_SHMOP_GET_RES + + RETURN_LONG(shmop->size); + } +@@ -290,12 +285,7 @@ PHP_FUNCTION(shmop_write) + WRONG_PARAM_COUNT; + } + +- shmop = zend_list_find(shmid, &type); +- +- if (!shmop) { +- php_error_docref(NULL TSRMLS_CC, E_WARNING, "no shared memory segment with an id of [%lu]", shmid); +- RETURN_FALSE; +- } ++ PHP_SHMOP_GET_RES + + if ((shmop->shmatflg & SHM_RDONLY) == SHM_RDONLY) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "trying to write to a read only segment"); +@@ -326,12 +316,7 @@ PHP_FUNCTION(shmop_delete) + WRONG_PARAM_COUNT; + } + +- shmop = zend_list_find(shmid, &type); +- +- if (!shmop) { +- php_error_docref(NULL TSRMLS_CC, E_WARNING, "no shared memory segment with an id of [%lu]", shmid); +- RETURN_FALSE; +- } ++ PHP_SHMOP_GET_RES + + if (shmctl(shmop->shmid, IPC_RMID, NULL)) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "can't mark segment for deletion (are you the owner?)"); --- php5-5.1.2.orig/debian/patches/220_SECURITY_CVE-2007-5900.patch +++ php5-5.1.2/debian/patches/220_SECURITY_CVE-2007-5900.patch @@ -0,0 +1,204 @@ +# +# Description: fix php_admin_value and php_admin_flag restrictions bypass via ini_set +# Ubuntu: https://bugs.launchpad.net/ubuntu/+source/php5/+bug/228095 +# Upstream: http://bugs.php.net/bug.php?id=41561 +# Patch: http://cvs.php.net/viewvc.cgi/ZendEngine2/zend_ini.c?hideattic=1&r1=1.39.2.2.2.8&r2=1.39.2.2.2.9 +# Patch: http://cvs.php.net/viewvc.cgi/ZendEngine2/zend_ini.c?hideattic=1&r1=1.39.2.2.2.9&r2=1.39.2.2.2.10 +# Patch: http://cvs.php.net/viewvc.cgi/ZendEngine2/zend_ini.c?hideattic=1&r1=1.39.2.2.2.13&r2=1.39.2.2.2.14 +# Patch: http://cvs.php.net/viewvc.cgi/ZendEngine2/zend_ini.c?hideattic=1&r1=1.39.2.2.2.14&r2=1.39.2.2.2.15 +# Patch: http://cvs.php.net/viewvc.cgi/ZendEngine2/zend_ini.h?hideattic=1&r1=1.34.2.1.2.4&r2=1.34.2.1.2.5 +# Patch: http://cvs.php.net/viewvc.cgi/ZendEngine2/zend_ini.h?hideattic=1&r1=1.34.2.1.2.5&r2=1.34.2.1.2.6 +# Patch: http://cvs.php.net/viewvc.cgi/ZendEngine2/zend_vm_def.h?hideattic=1&r1=1.59.2.29.2.47&r2=1.59.2.29.2.48 +# Patch: http://cvs.php.net/viewvc.cgi/ZendEngine2/zend_vm_execute.h?hideattic=1&r1=1.62.2.30.2.48&r2=1.62.2.30.2.49 +# Patch: http://cvs.php.net/viewvc.cgi/ZendEngine2/zend_ini.c?hideattic=1&r1=1.39.2.2.2.26&r2=1.39.2.2.2.27 +# +diff -Naur php5-5.1.2.ori/sapi/cgi/cgi_main.c php5-5.1.2/sapi/cgi/cgi_main.c +--- php5-5.1.2.ori/sapi/cgi/cgi_main.c 2006-01-01 07:50:18.000000000 -0500 ++++ php5-5.1.2/sapi/cgi/cgi_main.c 2009-01-29 19:25:12.000000000 -0500 +@@ -891,7 +891,9 @@ + } else { + value = "1"; + } +- zend_alter_ini_entry(name, strlen(name) + 1, value, strlen(value), PHP_INI_SYSTEM, PHP_INI_STAGE_ACTIVATE); ++ /* Use the force flag, and don't use PHP_INI_SYSTEM so we don't update ini_entry->modifiable. ++ This is necessary because of the security backport for CVE-2007-5900. */ ++ zend_alter_ini_entry_ex(name, strlen(name) + 1, value, strlen(value), PHP_INI_PERDIR, PHP_INI_STAGE_ACTIVATE, 1); + } + + +diff -Naur php5-5.1.2.ori/sapi/cli/php_cli.c php5-5.1.2/sapi/cli/php_cli.c +--- php5-5.1.2.ori/sapi/cli/php_cli.c 2006-01-01 07:50:19.000000000 -0500 ++++ php5-5.1.2/sapi/cli/php_cli.c 2009-01-29 19:26:50.000000000 -0500 +@@ -337,7 +337,7 @@ + + /* hard coded ini settings must be set in main() */ + #define INI_HARDCODED(name,value)\ +- zend_alter_ini_entry(name, sizeof(name), value, strlen(value), PHP_INI_SYSTEM, PHP_INI_STAGE_ACTIVATE); ++ zend_alter_ini_entry_ex(name, sizeof(name), value, strlen(value), PHP_INI_PERDIR, PHP_INI_STAGE_ACTIVATE, 1); + + static void sapi_cli_ini_defaults(HashTable *configuration_hash) + { +@@ -460,7 +460,9 @@ + ZVAL_STRING(&extension, value, 0); + php_dl(&extension, MODULE_PERSISTENT, &zval, 1 TSRMLS_CC); + } else { +- zend_alter_ini_entry(name, strlen(name)+1, value, strlen(value), PHP_INI_SYSTEM, PHP_INI_STAGE_ACTIVATE); ++ /* Use the force flag, and don't use PHP_INI_SYSTEM so we don't update ini_entry->modifiable. ++ This is necessary because of the security backport for CVE-2007-5900. */ ++ zend_alter_ini_entry_ex(name, strlen(name)+1, value, strlen(value), PHP_INI_PERDIR, PHP_INI_STAGE_ACTIVATE, 1); + } + } + +diff -Naur php5-5.1.2.ori/Zend/zend_ini.c php5-5.1.2/Zend/zend_ini.c +--- php5-5.1.2.ori/Zend/zend_ini.c 2006-01-04 18:53:04.000000000 -0500 ++++ php5-5.1.2/Zend/zend_ini.c 2009-01-29 19:21:09.000000000 -0500 +@@ -55,12 +55,17 @@ + ini_entry->on_modify(ini_entry, ini_entry->orig_value, ini_entry->orig_value_length, ini_entry->mh_arg1, ini_entry->mh_arg2, ini_entry->mh_arg3, stage TSRMLS_CC); + } zend_end_try(); + } +- efree(ini_entry->value); ++ if (ini_entry->value != ini_entry->orig_value) { ++ efree(ini_entry->value); ++ } + ini_entry->value = ini_entry->orig_value; + ini_entry->value_length = ini_entry->orig_value_length; + ini_entry->modified = 0; + ini_entry->orig_value = NULL; + ini_entry->orig_value_length = 0; ++ if (ini_entry->modifiable >= (1 << 3)) { ++ ini_entry->modifiable >>= 3; ++ } + } + return 0; + } +@@ -218,31 +223,52 @@ + + ZEND_API int zend_alter_ini_entry(char *name, uint name_length, char *new_value, uint new_value_length, int modify_type, int stage) + { ++ return zend_alter_ini_entry_ex(name, name_length, new_value, new_value_length, modify_type, stage, 0); ++} ++ ++ZEND_API int zend_alter_ini_entry_ex(char *name, uint name_length, char *new_value, uint new_value_length, int modify_type, int stage, int force_change) /* {{{ */ ++{ + zend_ini_entry *ini_entry; + char *duplicate; ++ zend_bool modifiable; ++ zend_bool modified; + TSRMLS_FETCH(); + + if (zend_hash_find(EG(ini_directives), name, name_length, (void **) &ini_entry)==FAILURE) { + return FAILURE; + } + +- if (!(ini_entry->modifiable & modify_type)) { +- return FAILURE; ++ modifiable = ini_entry->modifiable; ++ modified = ini_entry->modified; ++ ++ if (stage == ZEND_INI_STAGE_ACTIVATE && modify_type == ZEND_INI_SYSTEM) { ++ /* only touch lower bits */ ++ ini_entry->modifiable = (ini_entry->modifiable & (ZEND_INI_ALL << 3)) | ZEND_INI_SYSTEM; ++ } ++ ++ if (!force_change) { ++ if (!(ini_entry->modifiable & modify_type)) { ++ return FAILURE; ++ } ++ } ++ ++ if (!modified) { ++ ini_entry->orig_value = ini_entry->value; ++ ini_entry->orig_value_length = ini_entry->value_length; ++ /* store orginial value in the upper bits */ ++ ini_entry->modifiable = (modifiable << 3) | ini_entry->modifiable; ++ ini_entry->modified = 1; + } + + duplicate = estrndup(new_value, new_value_length); + + if (!ini_entry->on_modify + || ini_entry->on_modify(ini_entry, duplicate, new_value_length, ini_entry->mh_arg1, ini_entry->mh_arg2, ini_entry->mh_arg3, stage TSRMLS_CC)==SUCCESS) { +- if (!ini_entry->modified) { +- ini_entry->orig_value = ini_entry->value; +- ini_entry->orig_value_length = ini_entry->value_length; +- } else { /* we already changed the value, free the changed value */ ++ if (modified && ini_entry->orig_value != ini_entry->value) { /* we already changed the value, free the changed value */ + efree(ini_entry->value); + } + ini_entry->value = duplicate; + ini_entry->value_length = new_value_length; +- ini_entry->modified = 1; + } else { + efree(duplicate); + } +diff -Naur php5-5.1.2.ori/Zend/zend_ini.h php5-5.1.2/Zend/zend_ini.h +--- php5-5.1.2.ori/Zend/zend_ini.h 2006-01-04 18:53:04.000000000 -0500 ++++ php5-5.1.2/Zend/zend_ini.h 2009-01-29 19:21:09.000000000 -0500 +@@ -96,6 +96,7 @@ + ZEND_API void zend_unregister_ini_entries(int module_number TSRMLS_DC); + ZEND_API void zend_ini_refresh_caches(int stage TSRMLS_DC); + ZEND_API int zend_alter_ini_entry(char *name, uint name_length, char *new_value, uint new_value_length, int modify_type, int stage); ++ZEND_API int zend_alter_ini_entry_ex(char *name, uint name_length, char *new_value, uint new_value_length, int modify_type, int stage, int force_change); + ZEND_API int zend_restore_ini_entry(char *name, uint name_length, int stage); + ZEND_API void display_ini_entries(zend_module_entry *module); + +diff -Naur php5-5.1.2.ori/Zend/zend_vm_def.h php5-5.1.2/Zend/zend_vm_def.h +--- php5-5.1.2.ori/Zend/zend_vm_def.h 2006-01-04 18:53:04.000000000 -0500 ++++ php5-5.1.2/Zend/zend_vm_def.h 2009-01-29 19:21:09.000000000 -0500 +@@ -3431,7 +3431,7 @@ + } + + if (EG(error_reporting)) { +- zend_alter_ini_entry("error_reporting", sizeof("error_reporting"), "0", 1, ZEND_INI_USER, ZEND_INI_STAGE_RUNTIME); ++ zend_alter_ini_entry_ex("error_reporting", sizeof("error_reporting"), "0", 1, ZEND_INI_USER, ZEND_INI_STAGE_RUNTIME, 1); + } + ZEND_VM_NEXT_OPCODE(); + } +@@ -3451,7 +3451,7 @@ + restored_error_reporting.type = IS_LONG; + restored_error_reporting.value.lval = EX_T(opline->op1.u.var).tmp_var.value.lval; + convert_to_string(&restored_error_reporting); +- zend_alter_ini_entry("error_reporting", sizeof("error_reporting"), Z_STRVAL(restored_error_reporting), Z_STRLEN(restored_error_reporting), ZEND_INI_USER, ZEND_INI_STAGE_RUNTIME); ++ zend_alter_ini_entry_ex("error_reporting", sizeof("error_reporting"), Z_STRVAL(restored_error_reporting), Z_STRLEN(restored_error_reporting), ZEND_INI_USER, ZEND_INI_STAGE_RUNTIME, 1); + zendi_zval_dtor(restored_error_reporting); + } + if (EX(old_error_reporting) == &EX_T(opline->op1.u.var).tmp_var) { +@@ -3621,7 +3621,7 @@ + restored_error_reporting.type = IS_LONG; + restored_error_reporting.value.lval = EX(old_error_reporting)->value.lval; + convert_to_string(&restored_error_reporting); +- zend_alter_ini_entry("error_reporting", sizeof("error_reporting"), Z_STRVAL(restored_error_reporting), Z_STRLEN(restored_error_reporting), ZEND_INI_USER, ZEND_INI_STAGE_RUNTIME); ++ zend_alter_ini_entry_ex("error_reporting", sizeof("error_reporting"), Z_STRVAL(restored_error_reporting), Z_STRLEN(restored_error_reporting), ZEND_INI_USER, ZEND_INI_STAGE_RUNTIME, 1); + zendi_zval_dtor(restored_error_reporting); + } + EX(old_error_reporting) = NULL; +diff -Naur php5-5.1.2.ori/Zend/zend_vm_execute.h php5-5.1.2/Zend/zend_vm_execute.h +--- php5-5.1.2.ori/Zend/zend_vm_execute.h 2006-01-04 18:53:04.000000000 -0500 ++++ php5-5.1.2/Zend/zend_vm_execute.h 2009-01-29 19:21:09.000000000 -0500 +@@ -434,7 +434,7 @@ + } + + if (EG(error_reporting)) { +- zend_alter_ini_entry("error_reporting", sizeof("error_reporting"), "0", 1, ZEND_INI_USER, ZEND_INI_STAGE_RUNTIME); ++ zend_alter_ini_entry_ex("error_reporting", sizeof("error_reporting"), "0", 1, ZEND_INI_USER, ZEND_INI_STAGE_RUNTIME, 1); + } + ZEND_VM_NEXT_OPCODE(); + } +@@ -562,7 +562,7 @@ + restored_error_reporting.type = IS_LONG; + restored_error_reporting.value.lval = EX(old_error_reporting)->value.lval; + convert_to_string(&restored_error_reporting); +- zend_alter_ini_entry("error_reporting", sizeof("error_reporting"), Z_STRVAL(restored_error_reporting), Z_STRLEN(restored_error_reporting), ZEND_INI_USER, ZEND_INI_STAGE_RUNTIME); ++ zend_alter_ini_entry_ex("error_reporting", sizeof("error_reporting"), Z_STRVAL(restored_error_reporting), Z_STRLEN(restored_error_reporting), ZEND_INI_USER, ZEND_INI_STAGE_RUNTIME, 1); + zendi_zval_dtor(restored_error_reporting); + } + EX(old_error_reporting) = NULL; +@@ -4619,7 +4619,7 @@ + restored_error_reporting.type = IS_LONG; + restored_error_reporting.value.lval = EX_T(opline->op1.u.var).tmp_var.value.lval; + convert_to_string(&restored_error_reporting); +- zend_alter_ini_entry("error_reporting", sizeof("error_reporting"), Z_STRVAL(restored_error_reporting), Z_STRLEN(restored_error_reporting), ZEND_INI_USER, ZEND_INI_STAGE_RUNTIME); ++ zend_alter_ini_entry_ex("error_reporting", sizeof("error_reporting"), Z_STRVAL(restored_error_reporting), Z_STRLEN(restored_error_reporting), ZEND_INI_USER, ZEND_INI_STAGE_RUNTIME, 1); + zendi_zval_dtor(restored_error_reporting); + } + if (EX(old_error_reporting) == &EX_T(opline->op1.u.var).tmp_var) { --- php5-5.1.2.orig/debian/patches/CVE-2007-0988.patch +++ php5-5.1.2/debian/patches/CVE-2007-0988.patch @@ -0,0 +1,23 @@ +diff -Nurp orig/Zend/zend_hash.c new/Zend/zend_hash.c +--- orig/Zend/zend_hash.c 2007-02-21 09:22:11.000000000 +0100 ++++ new/Zend/zend_hash.c 2007-02-21 09:22:48.000000000 +0100 +@@ -141,11 +141,16 @@ ZEND_API int _zend_hash_init(HashTable * + + SET_INCONSISTENT(HT_OK); + +- while ((1U << i) < nSize) { +- i++; ++ if (nSize >= 0x80000000) { ++ /* prevent overflow */ ++ ht->nTableSize = 0x80000000; ++ } else { ++ while ((1U << i) < nSize) { ++ i++; ++ } ++ ht->nTableSize = 1 << i; + } + +- ht->nTableSize = 1 << i; + ht->nTableMask = ht->nTableSize - 1; + ht->pDestructor = pDestructor; + ht->arBuckets = NULL; --- php5-5.1.2.orig/debian/patches/227_SECURITY_CVE-2008-5814.patch +++ php5-5.1.2/debian/patches/227_SECURITY_CVE-2008-5814.patch @@ -0,0 +1,22 @@ +# +# Description: fix cross-site scripting vulnerability when display_errors is enabled. +# Patch: http://viewcvs.php.net/viewvc.cgi/php-src/ext/standard/head.c?r1=1.84.2.1.2.8&r2=1.84.2.1.2.9&pathrev=PHP_5_2 +# +diff -Naur php5-5.1.2.ori/ext/standard/head.c php5-5.1.2/ext/standard/head.c +--- php5-5.1.2.ori/ext/standard/head.c 2006-01-01 07:50:14.000000000 -0500 ++++ php5-5.1.2/ext/standard/head.c 2009-04-15 14:14:39.000000000 -0400 +@@ -69,12 +69,12 @@ + int result; + + if (name && strpbrk(name, "=,; \t\r\n\013\014") != NULL) { /* man isspace for \013 and \014 */ +- zend_error( E_WARNING, "Cookie names can not contain any of the folllowing '=,; \\t\\r\\n\\013\\014' (%s)", name ); ++ zend_error( E_WARNING, "Cookie names can not contain any of the folllowing '=,; \\t\\r\\n\\013\\014'" ); + return FAILURE; + } + + if (!url_encode && value && strpbrk(value, ",; \t\r\n\013\014") != NULL) { /* man isspace for \013 and \014 */ +- zend_error( E_WARNING, "Cookie values can not contain any of the folllowing ',; \\t\\r\\n\\013\\014' (%s)", value ); ++ zend_error( E_WARNING, "Cookie values can not contain any of the folllowing ',; \\t\\r\\n\\013\\014'" ); + return FAILURE; + } + --- php5-5.1.2.orig/debian/patches/106-strptime_xopen.patch +++ php5-5.1.2/debian/patches/106-strptime_xopen.patch @@ -0,0 +1,15 @@ +--- php5-5.1.1.0/ext/standard/datetime.c.orig 2005-08-04 00:07:57.000000000 +1000 ++++ php5-5.1.1.0/ext/standard/datetime.c 2006-01-11 18:43:28.000000000 +1100 +@@ -20,11 +20,11 @@ + + /* $Id: datetime.c,v 1.134.2.2 2006/01/01 12:50:14 sniper Exp $ */ + ++#include "php.h" + #if HAVE_STRPTIME + #define _XOPEN_SOURCE + #endif + +-#include "php.h" + #include "zend_operators.h" + #include "datetime.h" + #include "php_globals.h" --- php5-5.1.2.orig/debian/patches/CVE-2006-4812.patch +++ php5-5.1.2/debian/patches/CVE-2006-4812.patch @@ -0,0 +1,21 @@ +diff -Nurp orig/Zend/zend_alloc.c new/Zend/zend_alloc.c +--- orig/Zend/zend_alloc.c 2006-10-10 13:10:15.000000000 +0000 ++++ new/Zend/zend_alloc.c 2006-10-10 13:11:48.000000000 +0000 +@@ -320,15 +320,14 @@ ZEND_API void _efree(void *ptr ZEND_FILE + ZEND_API void *_ecalloc(size_t nmemb, size_t size ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC) + { + void *p; +- int final_size = size*nmemb; + + HANDLE_BLOCK_INTERRUPTIONS(); +- p = _emalloc(final_size ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC); ++ p = _safe_emalloc(nmemb, size, 0 ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC); + if (!p) { + HANDLE_UNBLOCK_INTERRUPTIONS(); + return (void *) p; + } +- memset(p, 0, final_size); ++ memset(p, 0, size * nmemb); + HANDLE_UNBLOCK_INTERRUPTIONS(); + return p; + } --- php5-5.1.2.orig/debian/patches/MOPB-42.patch +++ php5-5.1.2/debian/patches/MOPB-42.patch @@ -0,0 +1,13 @@ +diff -uNrp php5-5.1.6-unpatched/main/streams/filter.c php5-5.1.6/main/streams/filter.c +--- php5-5.1.6-unpatched/main/streams/filter.c 2006-05-19 03:24:19.000000000 -0700 ++++ php5-5.1.6/main/streams/filter.c 2007-04-23 16:29:50.000000000 -0700 +@@ -264,7 +264,8 @@ PHPAPI php_stream_filter *php_stream_fil + /* try a wildcard */ + char *wildname; + +- wildname = estrdup(filtername); ++ wildname = emalloc(n+3); ++ memcpy(wildname, filtername, n+1); + period = wildname + (period - filtername); + while (period && !filter) { + *period = '\0'; --- php5-5.1.2.orig/debian/patches/204-start-session-cookies.patch +++ php5-5.1.2/debian/patches/204-start-session-cookies.patch @@ -0,0 +1,33 @@ +Index: php5-5.2.3/ext/session/session.c +=================================================================== +--- php5-5.2.3.orig/ext/session/session.c 2007-10-18 19:30:36.000000000 -0700 ++++ php5-5.2.3/ext/session/session.c 2007-10-18 19:30:40.000000000 -0700 +@@ -1075,6 +1075,7 @@ + { + smart_str ncookie = {0}; + char *date_fmt = NULL; ++ char *e_session_name, *e_id; + + if (SG(headers_sent)) { + char *output_start_filename = php_get_output_start_filename(TSRMLS_C); +@@ -1088,11 +1089,18 @@ + } + return; + } ++ ++ /* URL encode session_name and id because they might be user supplied */ ++ e_session_name = php_url_encode(PS(session_name), strlen(PS(session_name)), NULL); ++ e_id = php_url_encode(PS(id), strlen(PS(id)), NULL); + + smart_str_appends(&ncookie, COOKIE_SET_COOKIE); +- smart_str_appends(&ncookie, PS(session_name)); ++ smart_str_appends(&ncookie, e_session_name); + smart_str_appendc(&ncookie, '='); +- smart_str_appends(&ncookie, PS(id)); ++ smart_str_appends(&ncookie, e_id); ++ ++ efree(e_session_name); ++ efree(e_id); + + if (PS(cookie_lifetime) > 0) { + struct timeval tv; --- php5-5.1.2.orig/debian/patches/CVE-2009-4142.patch +++ php5-5.1.2/debian/patches/CVE-2009-4142.patch @@ -0,0 +1,4493 @@ +Description: fix Cross-site scripting via incomplete htmlspecialchars filtering +Origin: upstream, http://svn.php.net/viewvc/?view=revision&revision=289411 +Origin: upstream, http://svn.php.net/viewvc/?view=revision&revision=289554 +Origin: upstream, http://svn.php.net/viewvc/?view=revision&revision=289565 +Origin: upstream, http://svn.php.net/viewvc/?view=revision&revision=289567 +Origin: upstream, http://svn.php.net/viewvc/?view=revision&revision=289605 +Origin: upstream, http://svn.php.net/viewvc/?view=revision&revision=291821 +Bug: http://bugs.php.net/bug.php?id=49785 + +diff -Naur php5-5.1.2.ori/ext/standard/html.c php5-5.1.2/ext/standard/html.c +--- php5-5.1.2.ori/ext/standard/html.c 2010-01-06 12:39:08.000000000 -0500 ++++ php5-5.1.2/ext/standard/html.c 2010-01-06 12:52:08.000000000 -0500 +@@ -484,15 +484,31 @@ + } \ + mbseq[mbpos++] = (mbchar); } + ++/* skip one byte and return */ ++#define MB_FAILURE(pos) do { \ ++ *newpos = pos + 1; \ ++ *status = FAILURE; \ ++ return 0; \ ++} while (0) ++ + #define CHECK_LEN(pos, chars_need) \ +- if((str_len - (pos)) < chars_need) { \ +- *status = FAILURE; \ +- return 0; \ ++ if (chars_need < 1) { \ ++ if((str_len - (pos)) < chars_need) { \ ++ *newpos = pos; \ ++ *status = FAILURE; \ ++ return 0; \ ++ } \ ++ } else { \ ++ if((str_len - (pos)) < chars_need) { \ ++ *newpos = pos + 1; \ ++ *status = FAILURE; \ ++ return 0; \ ++ } \ + } + + /* {{{ get_next_char + */ +-inline static unsigned short get_next_char(enum entity_charset charset, ++inline static unsigned int get_next_char(enum entity_charset charset, + unsigned char * str, + int str_len, + int * newpos, +@@ -503,205 +519,191 @@ + int pos = *newpos; + int mbpos = 0; + int mbspace = *mbseqlen; +- unsigned short this_char = str[pos++]; ++ unsigned int this_char = 0; + unsigned char next_char; + + *status = SUCCESS; +- ++ + if (mbspace <= 0) { + *mbseqlen = 0; +- return this_char; ++ CHECK_LEN(pos, 1); ++ *newpos = pos + 1; ++ return str[pos]; + } +- +- MB_WRITE((unsigned char)this_char); +- ++ + switch (charset) { + case cs_utf_8: + { +- unsigned long utf = 0; +- int stat = 0; +- int more = 1; +- +- /* unpack utf-8 encoding into a wide char. +- * Code stolen from the mbstring extension */ +- +- do { +- if (this_char < 0x80) { +- more = 0; +- if(stat) { +- /* we didn't finish the UTF sequence correctly */ +- *status = FAILURE; +- } +- break; +- } else if (this_char < 0xc0) { +- switch (stat) { +- case 0x10: /* 2, 2nd */ +- case 0x21: /* 3, 3rd */ +- case 0x32: /* 4, 4th */ +- case 0x43: /* 5, 5th */ +- case 0x54: /* 6, 6th */ +- /* last byte in sequence */ +- more = 0; +- utf |= (this_char & 0x3f); +- this_char = (unsigned short)utf; +- break; +- case 0x20: /* 3, 2nd */ +- case 0x31: /* 4, 3rd */ +- case 0x42: /* 5, 4th */ +- case 0x53: /* 6, 5th */ +- /* penultimate char */ +- utf |= ((this_char & 0x3f) << 6); +- stat++; +- break; +- case 0x30: /* 4, 2nd */ +- case 0x41: /* 5, 3rd */ +- case 0x52: /* 6, 4th */ +- utf |= ((this_char & 0x3f) << 12); +- stat++; +- break; +- case 0x40: /* 5, 2nd */ +- case 0x51: +- utf |= ((this_char & 0x3f) << 18); +- stat++; +- break; +- case 0x50: /* 6, 2nd */ +- utf |= ((this_char & 0x3f) << 24); +- stat++; +- break; +- default: +- /* invalid */ +- *status = FAILURE; +- more = 0; +- } +- } +- /* lead byte */ +- else if (this_char < 0xe0) { +- stat = 0x10; /* 2 byte */ +- utf = (this_char & 0x1f) << 6; +- CHECK_LEN(pos, 1); +- } else if (this_char < 0xf0) { +- stat = 0x20; /* 3 byte */ +- utf = (this_char & 0xf) << 12; +- CHECK_LEN(pos, 2); +- } else if (this_char < 0xf8) { +- stat = 0x30; /* 4 byte */ +- utf = (this_char & 0x7) << 18; +- CHECK_LEN(pos, 3); +- } else if (this_char < 0xfc) { +- stat = 0x40; /* 5 byte */ +- utf = (this_char & 0x3) << 24; +- CHECK_LEN(pos, 4); +- } else if (this_char < 0xfe) { +- stat = 0x50; /* 6 byte */ +- utf = (this_char & 0x1) << 30; +- CHECK_LEN(pos, 5); +- } else { +- /* invalid; bail */ +- more = 0; +- *status = FAILURE; +- break; ++ unsigned char c; ++ CHECK_LEN(pos, 1); ++ c = str[pos]; ++ if (c < 0x80) { ++ MB_WRITE(c); ++ this_char = c; ++ pos++; ++ } else if (c < 0xc0) { ++ MB_FAILURE(pos); ++ } else if (c < 0xe0) { ++ CHECK_LEN(pos, 2); ++ if (str[pos + 1] < 0x80 || str[pos + 1] > 0xbf) { ++ MB_FAILURE(pos); + } +- +- if (more) { +- this_char = str[pos++]; +- MB_WRITE((unsigned char)this_char); ++ this_char = ((c & 0x1f) << 6) | (str[pos + 1] & 0x3f); ++ if (this_char < 0x80) { ++ MB_FAILURE(pos); + } +- } while (more); ++ MB_WRITE((unsigned char)c); ++ MB_WRITE((unsigned char)str[pos + 1]); ++ pos += 2; ++ } else if (c < 0xf0) { ++ CHECK_LEN(pos, 3); ++ if (str[pos + 1] < 0x80 || str[pos + 1] > 0xbf) { ++ MB_FAILURE(pos); ++ } ++ if (str[pos + 2] < 0x80 || str[pos + 2] > 0xbf) { ++ MB_FAILURE(pos); ++ } ++ this_char = ((c & 0x0f) << 12) | ((str[pos + 1] & 0x3f) << 6) | (str[pos + 2] & 0x3f); ++ if (this_char < 0x800) { ++ MB_FAILURE(pos); ++ } else if (this_char >= 0xd800 && this_char <= 0xdfff) { ++ MB_FAILURE(pos); ++ } ++ MB_WRITE((unsigned char)c); ++ MB_WRITE((unsigned char)str[pos + 1]); ++ MB_WRITE((unsigned char)str[pos + 2]); ++ pos += 3; ++ } else if (c < 0xf8) { ++ CHECK_LEN(pos, 4); ++ if (str[pos + 1] < 0x80 || str[pos + 1] > 0xbf) { ++ MB_FAILURE(pos); ++ } ++ if (str[pos + 2] < 0x80 || str[pos + 2] > 0xbf) { ++ MB_FAILURE(pos); ++ } ++ if (str[pos + 3] < 0x80 || str[pos + 3] > 0xbf) { ++ MB_FAILURE(pos); ++ } ++ this_char = ((c & 0x07) << 18) | ((str[pos + 1] & 0x3f) << 12) | ((str[pos + 2] & 0x3f) << 6) | (str[pos + 3] & 0x3f); ++ if (this_char < 0x10000) { ++ MB_FAILURE(pos); ++ } ++ MB_WRITE((unsigned char)c); ++ MB_WRITE((unsigned char)str[pos + 1]); ++ MB_WRITE((unsigned char)str[pos + 2]); ++ MB_WRITE((unsigned char)str[pos + 3]); ++ pos += 4; ++ } else { ++ MB_FAILURE(pos); ++ } + } + break; + case cs_big5: + case cs_gb2312: + case cs_big5hkscs: + { ++ CHECK_LEN(pos, 1); ++ this_char = str[pos++]; + /* check if this is the first of a 2-byte sequence */ +- if (this_char >= 0xa1 && this_char <= 0xfe) { ++ if (this_char >= 0x81 && this_char <= 0xfe) { + /* peek at the next char */ + CHECK_LEN(pos, 1); +- next_char = str[pos]; ++ next_char = str[pos++]; + if ((next_char >= 0x40 && next_char <= 0x7e) || + (next_char >= 0xa1 && next_char <= 0xfe)) { + /* yes, this a wide char */ +- this_char <<= 8; ++ MB_WRITE(this_char); + MB_WRITE(next_char); +- this_char |= next_char; +- pos++; ++ this_char = (this_char << 8) | next_char; ++ } else { ++ MB_FAILURE(pos); + } +- ++ } else { ++ MB_WRITE(this_char); + } +- break; + } ++ break; + case cs_sjis: + { ++ CHECK_LEN(pos, 1); ++ this_char = str[pos++]; + /* check if this is the first of a 2-byte sequence */ +- if ( (this_char >= 0x81 && this_char <= 0x9f) || +- (this_char >= 0xe0 && this_char <= 0xef) +- ) { ++ if ((this_char >= 0x81 && this_char <= 0x9f) || ++ (this_char >= 0xe0 && this_char <= 0xfc)) { + /* peek at the next char */ + CHECK_LEN(pos, 1); +- next_char = str[pos]; ++ next_char = str[pos++]; + if ((next_char >= 0x40 && next_char <= 0x7e) || + (next_char >= 0x80 && next_char <= 0xfc)) + { + /* yes, this a wide char */ +- this_char <<= 8; ++ MB_WRITE(this_char); + MB_WRITE(next_char); +- this_char |= next_char; +- pos++; ++ this_char = (this_char << 8) | next_char; ++ } else { ++ MB_FAILURE(pos); + } +- ++ } else { ++ MB_WRITE(this_char); + } + break; + } + case cs_eucjp: + { ++ CHECK_LEN(pos, 1); ++ this_char = str[pos++]; + /* check if this is the first of a multi-byte sequence */ + if (this_char >= 0xa1 && this_char <= 0xfe) { + /* peek at the next char */ + CHECK_LEN(pos, 1); +- next_char = str[pos]; ++ next_char = str[pos++]; + if (next_char >= 0xa1 && next_char <= 0xfe) { + /* yes, this a jis kanji char */ +- this_char <<= 8; ++ MB_WRITE(this_char); + MB_WRITE(next_char); +- this_char |= next_char; +- pos++; ++ this_char = (this_char << 8) | next_char; ++ } else { ++ MB_FAILURE(pos); + } +- + } else if (this_char == 0x8e) { + /* peek at the next char */ + CHECK_LEN(pos, 1); +- next_char = str[pos]; ++ next_char = str[pos++]; + if (next_char >= 0xa1 && next_char <= 0xdf) { + /* JIS X 0201 kana */ +- this_char <<= 8; ++ MB_WRITE(this_char); + MB_WRITE(next_char); +- this_char |= next_char; +- pos++; ++ this_char = (this_char << 8) | next_char; ++ } else { ++ MB_FAILURE(pos); + } +- + } else if (this_char == 0x8f) { + /* peek at the next two char */ + unsigned char next2_char; + CHECK_LEN(pos, 2); + next_char = str[pos]; +- next2_char = str[pos+1]; ++ next2_char = str[pos + 1]; ++ pos += 2; + if ((next_char >= 0xa1 && next_char <= 0xfe) && + (next2_char >= 0xa1 && next2_char <= 0xfe)) { + /* JIS X 0212 hojo-kanji */ +- this_char <<= 8; ++ MB_WRITE(this_char); + MB_WRITE(next_char); +- this_char |= next_char; +- pos++; +- this_char <<= 8; + MB_WRITE(next2_char); +- this_char |= next2_char; +- pos++; ++ this_char = (this_char << 16) | (next_char << 8) | next2_char; ++ } else { ++ MB_FAILURE(pos); + } +- ++ } else { ++ MB_WRITE(this_char); + } + break; + } + default: ++ /* single-byte charsets */ ++ CHECK_LEN(pos, 1); ++ this_char = str[pos++]; ++ MB_WRITE(this_char); + break; + } + MB_RETURN; +@@ -1121,7 +1123,7 @@ + unsigned char mbsequence[16]; /* allow up to 15 characters in a multibyte sequence */ + int mbseqlen = sizeof(mbsequence); + int status = SUCCESS; +- unsigned short this_char = get_next_char(charset, old, oldlen, &i, mbsequence, &mbseqlen, &status); ++ unsigned int this_char = get_next_char(charset, old, oldlen, &i, mbsequence, &mbseqlen, &status); + + if(status == FAILURE) { + /* invalid MB sequence */ +diff -Naur php5-5.1.2.ori/ext/standard/tests/strings/bug49785.phpt php5-5.1.2/ext/standard/tests/strings/bug49785.phpt +--- php5-5.1.2.ori/ext/standard/tests/strings/bug49785.phpt 1969-12-31 19:00:00.000000000 -0500 ++++ php5-5.1.2/ext/standard/tests/strings/bug49785.phpt 2010-01-06 12:52:08.000000000 -0500 +@@ -0,0 +1,4114 @@ ++--TEST-- ++Bug #49785 (insufficient input string validation of htmlspecialchars()) ++--FILE-- ++= 0x80 ++var_dump(_bin2hex(htmlspecialchars("\x80", ENT_QUOTES, 'Shift_JIS'))); ++foreach (array_map('chr', range(0xa0, 0xdf)) as $c) { ++ var_dump(_bin2hex(htmlspecialchars($c, ENT_QUOTES, 'Shift_JIS'))); ++} ++var_dump(_bin2hex(htmlspecialchars("\xfd", ENT_QUOTES, 'Shift_JIS'))); ++var_dump(_bin2hex(htmlspecialchars("\xfe", ENT_QUOTES, 'Shift_JIS'))); ++var_dump(_bin2hex(htmlspecialchars("\xff", ENT_QUOTES, 'Shift_JIS'))); ++ ++echo "--\n"; ++// Shift_JIS: incomplete / invalid multibyte sequences ++foreach (array_map('chr', array_merge(range(0x81, 0x9f), range(0xe0, 0xfc))) as $c) { ++ var_dump(_bin2hex(htmlspecialchars("$c", ENT_QUOTES, 'Shift_JIS'))); ++ var_dump(_bin2hex(htmlspecialchars("$c\x3f", ENT_QUOTES, 'Shift_JIS'))); ++ var_dump(_bin2hex(htmlspecialchars("$c\x40", ENT_QUOTES, 'Shift_JIS'))); ++ var_dump(_bin2hex(htmlspecialchars("$c\x7e", ENT_QUOTES, 'Shift_JIS'))); ++ var_dump(_bin2hex(htmlspecialchars("$c\x7f", ENT_QUOTES, 'Shift_JIS'))); ++ var_dump(_bin2hex(htmlspecialchars("$c\x80", ENT_QUOTES, 'Shift_JIS'))); ++ var_dump(_bin2hex(htmlspecialchars("$c\xfc", ENT_QUOTES, 'Shift_JIS'))); ++ var_dump(_bin2hex(htmlspecialchars("$c\xfd", ENT_QUOTES, 'Shift_JIS'))); ++ var_dump(_bin2hex(htmlspecialchars("$c\xfe", ENT_QUOTES, 'Shift_JIS'))); ++ var_dump(_bin2hex(htmlspecialchars("$c\xff", ENT_QUOTES, 'Shift_JIS'))); ++} ++ ++echo "--\n"; ++// EUC-JP: non-lead byte >= 0x80 ++foreach (array_map('chr', array_merge(range(0x80, 0x8d), range(0x90, 0x9f))) as $c) { ++ var_dump(_bin2hex(htmlspecialchars($c, ENT_QUOTES, 'EUC-JP'))); ++} ++var_dump(_bin2hex(htmlspecialchars("\xff", ENT_QUOTES, 'EUC-JP'))); ++ ++// EUC-JP: control codes that are virtually lead bytes ++var_dump(_bin2hex(htmlspecialchars("\x8e", ENT_QUOTES, 'EUC-JP'))); ++var_dump(_bin2hex(htmlspecialchars("\x8f", ENT_QUOTES, 'EUC-JP'))); ++var_dump(_bin2hex(htmlspecialchars("\x8e\xa1", ENT_QUOTES, 'EUC-JP'))); ++var_dump(_bin2hex(htmlspecialchars("\x8f\xa1", ENT_QUOTES, 'EUC-JP'))); ++var_dump(_bin2hex(htmlspecialchars("\x8e\xa1\xa3", ENT_QUOTES, 'EUC-JP'))); ++var_dump(_bin2hex(htmlspecialchars("\x8f\xa1\xa3", ENT_QUOTES, 'EUC-JP'))); ++ ++echo "--\n"; ++// EUC-JP: incomplete / invalid multibyte sequences ++foreach (array_map('chr', array_merge(range(0xa1, 0xfe))) as $c) { ++ var_dump(_bin2hex(htmlspecialchars("$c", ENT_QUOTES, 'EUC-JP'))); ++ var_dump(_bin2hex(htmlspecialchars("$c\x26", ENT_QUOTES, 'EUC-JP'))); ++ var_dump(_bin2hex(htmlspecialchars("$c\x80", ENT_QUOTES, 'EUC-JP'))); ++ var_dump(_bin2hex(htmlspecialchars("$c\xa0", ENT_QUOTES, 'EUC-JP'))); ++ var_dump(_bin2hex(htmlspecialchars("$c\xa1", ENT_QUOTES, 'EUC-JP'))); ++ var_dump(_bin2hex(htmlspecialchars("$c\xfe", ENT_QUOTES, 'EUC-JP'))); ++ var_dump(_bin2hex(htmlspecialchars("$c\xff", ENT_QUOTES, 'EUC-JP'))); ++ var_dump(_bin2hex(htmlspecialchars("\x8e$c", ENT_QUOTES, 'EUC-JP'))); ++ var_dump(_bin2hex(htmlspecialchars("\x8e$c\x26", ENT_QUOTES, 'EUC-JP'))); ++ var_dump(_bin2hex(htmlspecialchars("\x8e$c\x80", ENT_QUOTES, 'EUC-JP'))); ++ var_dump(_bin2hex(htmlspecialchars("\x8e$c\xa0", ENT_QUOTES, 'EUC-JP'))); ++ var_dump(_bin2hex(htmlspecialchars("\x8e$c\xa1", ENT_QUOTES, 'EUC-JP'))); ++ var_dump(_bin2hex(htmlspecialchars("\x8e$c\xfe", ENT_QUOTES, 'EUC-JP'))); ++ var_dump(_bin2hex(htmlspecialchars("\x8e$c\xff", ENT_QUOTES, 'EUC-JP'))); ++ var_dump(_bin2hex(htmlspecialchars("\x8f$c", ENT_QUOTES, 'EUC-JP'))); ++ var_dump(_bin2hex(htmlspecialchars("\x8f$c\x26", ENT_QUOTES, 'EUC-JP'))); ++ var_dump(_bin2hex(htmlspecialchars("\x8f$c\x80", ENT_QUOTES, 'EUC-JP'))); ++ var_dump(_bin2hex(htmlspecialchars("\x8f$c\xa0", ENT_QUOTES, 'EUC-JP'))); ++ var_dump(_bin2hex(htmlspecialchars("\x8f$c\xa1", ENT_QUOTES, 'EUC-JP'))); ++ var_dump(_bin2hex(htmlspecialchars("\x8f$c\xfe", ENT_QUOTES, 'EUC-JP'))); ++ var_dump(_bin2hex(htmlspecialchars("\x8f$c\xff", ENT_QUOTES, 'EUC-JP'))); ++} ++ ++echo "--\n"; ++// BIG5: non-lead byte >= 0x80 ++var_dump(_bin2hex(htmlspecialchars("\x80", ENT_QUOTES, 'BIG5'))); ++var_dump(_bin2hex(htmlspecialchars("\xff", ENT_QUOTES, 'BIG5'))); ++ ++echo "--\n"; ++// BIG5: incomplete / invalid multibyte sequences ++foreach (array_map('chr', range(0x81, 0xfe)) as $c) { ++ var_dump(_bin2hex(htmlspecialchars("$c", ENT_QUOTES, 'BIG5'))); ++ var_dump(_bin2hex(htmlspecialchars("$c\x3f", ENT_QUOTES, 'BIG5'))); ++ var_dump(_bin2hex(htmlspecialchars("$c\x40", ENT_QUOTES, 'BIG5'))); ++ var_dump(_bin2hex(htmlspecialchars("$c\x7e", ENT_QUOTES, 'BIG5'))); ++ var_dump(_bin2hex(htmlspecialchars("$c\x7f", ENT_QUOTES, 'BIG5'))); ++ var_dump(_bin2hex(htmlspecialchars("$c\x80", ENT_QUOTES, 'BIG5'))); ++ var_dump(_bin2hex(htmlspecialchars("$c\xa0", ENT_QUOTES, 'BIG5'))); ++ var_dump(_bin2hex(htmlspecialchars("$c\xa1", ENT_QUOTES, 'BIG5'))); ++ var_dump(_bin2hex(htmlspecialchars("$c\xfe", ENT_QUOTES, 'BIG5'))); ++ var_dump(_bin2hex(htmlspecialchars("$c\xff", ENT_QUOTES, 'BIG5'))); ++} ++?> ++--EXPECT-- ++string(0) "" ++string(4) "c280" ++string(0) "" ++string(0) "" ++string(14) "26416c7068613b" ++string(14) "26616c7068613b" ++string(4) "dfbf" ++string(6) "e0a080" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(16) "266865617274733b" ++string(6) "efbfbf" ++string(0) "" ++string(0) "" ++string(0) "" ++string(8) "f0908080" ++string(8) "f7bfbfbf" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++-- ++string(0) "" ++string(0) "" ++string(0) "" ++string(6) "ecbfbf" ++string(0) "" ++string(0) "" ++string(6) "ee8080" ++string(2) "80" ++string(2) "a0" ++string(2) "a1" ++string(2) "a2" ++string(2) "a3" ++string(2) "a4" ++string(2) "a5" ++string(2) "a6" ++string(2) "a7" ++string(2) "a8" ++string(2) "a9" ++string(2) "aa" ++string(2) "ab" ++string(2) "ac" ++string(2) "ad" ++string(2) "ae" ++string(2) "af" ++string(2) "b0" ++string(2) "b1" ++string(2) "b2" ++string(2) "b3" ++string(2) "b4" ++string(2) "b5" ++string(2) "b6" ++string(2) "b7" ++string(2) "b8" ++string(2) "b9" ++string(2) "ba" ++string(2) "bb" ++string(2) "bc" ++string(2) "bd" ++string(2) "be" ++string(2) "bf" ++string(2) "c0" ++string(2) "c1" ++string(2) "c2" ++string(2) "c3" ++string(2) "c4" ++string(2) "c5" ++string(2) "c6" ++string(2) "c7" ++string(2) "c8" ++string(2) "c9" ++string(2) "ca" ++string(2) "cb" ++string(2) "cc" ++string(2) "cd" ++string(2) "ce" ++string(2) "cf" ++string(2) "d0" ++string(2) "d1" ++string(2) "d2" ++string(2) "d3" ++string(2) "d4" ++string(2) "d5" ++string(2) "d6" ++string(2) "d7" ++string(2) "d8" ++string(2) "d9" ++string(2) "da" ++string(2) "db" ++string(2) "dc" ++string(2) "dd" ++string(2) "de" ++string(2) "df" ++string(2) "fd" ++string(2) "fe" ++string(2) "ff" ++-- ++string(0) "" ++string(0) "" ++string(4) "8140" ++string(4) "817e" ++string(0) "" ++string(4) "8180" ++string(4) "81fc" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "8240" ++string(4) "827e" ++string(0) "" ++string(4) "8280" ++string(4) "82fc" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "8340" ++string(4) "837e" ++string(0) "" ++string(4) "8380" ++string(4) "83fc" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "8440" ++string(4) "847e" ++string(0) "" ++string(4) "8480" ++string(4) "84fc" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "8540" ++string(4) "857e" ++string(0) "" ++string(4) "8580" ++string(4) "85fc" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "8640" ++string(4) "867e" ++string(0) "" ++string(4) "8680" ++string(4) "86fc" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "8740" ++string(4) "877e" ++string(0) "" ++string(4) "8780" ++string(4) "87fc" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "8840" ++string(4) "887e" ++string(0) "" ++string(4) "8880" ++string(4) "88fc" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "8940" ++string(4) "897e" ++string(0) "" ++string(4) "8980" ++string(4) "89fc" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "8a40" ++string(4) "8a7e" ++string(0) "" ++string(4) "8a80" ++string(4) "8afc" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "8b40" ++string(4) "8b7e" ++string(0) "" ++string(4) "8b80" ++string(4) "8bfc" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "8c40" ++string(4) "8c7e" ++string(0) "" ++string(4) "8c80" ++string(4) "8cfc" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "8d40" ++string(4) "8d7e" ++string(0) "" ++string(4) "8d80" ++string(4) "8dfc" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "8e40" ++string(4) "8e7e" ++string(0) "" ++string(4) "8e80" ++string(4) "8efc" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "8f40" ++string(4) "8f7e" ++string(0) "" ++string(4) "8f80" ++string(4) "8ffc" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "9040" ++string(4) "907e" ++string(0) "" ++string(4) "9080" ++string(4) "90fc" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "9140" ++string(4) "917e" ++string(0) "" ++string(4) "9180" ++string(4) "91fc" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "9240" ++string(4) "927e" ++string(0) "" ++string(4) "9280" ++string(4) "92fc" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "9340" ++string(4) "937e" ++string(0) "" ++string(4) "9380" ++string(4) "93fc" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "9440" ++string(4) "947e" ++string(0) "" ++string(4) "9480" ++string(4) "94fc" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "9540" ++string(4) "957e" ++string(0) "" ++string(4) "9580" ++string(4) "95fc" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "9640" ++string(4) "967e" ++string(0) "" ++string(4) "9680" ++string(4) "96fc" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "9740" ++string(4) "977e" ++string(0) "" ++string(4) "9780" ++string(4) "97fc" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "9840" ++string(4) "987e" ++string(0) "" ++string(4) "9880" ++string(4) "98fc" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "9940" ++string(4) "997e" ++string(0) "" ++string(4) "9980" ++string(4) "99fc" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "9a40" ++string(4) "9a7e" ++string(0) "" ++string(4) "9a80" ++string(4) "9afc" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "9b40" ++string(4) "9b7e" ++string(0) "" ++string(4) "9b80" ++string(4) "9bfc" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "9c40" ++string(4) "9c7e" ++string(0) "" ++string(4) "9c80" ++string(4) "9cfc" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "9d40" ++string(4) "9d7e" ++string(0) "" ++string(4) "9d80" ++string(4) "9dfc" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "9e40" ++string(4) "9e7e" ++string(0) "" ++string(4) "9e80" ++string(4) "9efc" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "9f40" ++string(4) "9f7e" ++string(0) "" ++string(4) "9f80" ++string(4) "9ffc" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "e040" ++string(4) "e07e" ++string(0) "" ++string(4) "e080" ++string(4) "e0fc" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "e140" ++string(4) "e17e" ++string(0) "" ++string(4) "e180" ++string(4) "e1fc" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "e240" ++string(4) "e27e" ++string(0) "" ++string(4) "e280" ++string(4) "e2fc" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "e340" ++string(4) "e37e" ++string(0) "" ++string(4) "e380" ++string(4) "e3fc" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "e440" ++string(4) "e47e" ++string(0) "" ++string(4) "e480" ++string(4) "e4fc" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "e540" ++string(4) "e57e" ++string(0) "" ++string(4) "e580" ++string(4) "e5fc" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "e640" ++string(4) "e67e" ++string(0) "" ++string(4) "e680" ++string(4) "e6fc" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "e740" ++string(4) "e77e" ++string(0) "" ++string(4) "e780" ++string(4) "e7fc" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "e840" ++string(4) "e87e" ++string(0) "" ++string(4) "e880" ++string(4) "e8fc" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "e940" ++string(4) "e97e" ++string(0) "" ++string(4) "e980" ++string(4) "e9fc" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "ea40" ++string(4) "ea7e" ++string(0) "" ++string(4) "ea80" ++string(4) "eafc" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "eb40" ++string(4) "eb7e" ++string(0) "" ++string(4) "eb80" ++string(4) "ebfc" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "ec40" ++string(4) "ec7e" ++string(0) "" ++string(4) "ec80" ++string(4) "ecfc" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "ed40" ++string(4) "ed7e" ++string(0) "" ++string(4) "ed80" ++string(4) "edfc" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "ee40" ++string(4) "ee7e" ++string(0) "" ++string(4) "ee80" ++string(4) "eefc" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "ef40" ++string(4) "ef7e" ++string(0) "" ++string(4) "ef80" ++string(4) "effc" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "f040" ++string(4) "f07e" ++string(0) "" ++string(4) "f080" ++string(4) "f0fc" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "f140" ++string(4) "f17e" ++string(0) "" ++string(4) "f180" ++string(4) "f1fc" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "f240" ++string(4) "f27e" ++string(0) "" ++string(4) "f280" ++string(4) "f2fc" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "f340" ++string(4) "f37e" ++string(0) "" ++string(4) "f380" ++string(4) "f3fc" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "f440" ++string(4) "f47e" ++string(0) "" ++string(4) "f480" ++string(4) "f4fc" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "f540" ++string(4) "f57e" ++string(0) "" ++string(4) "f580" ++string(4) "f5fc" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "f640" ++string(4) "f67e" ++string(0) "" ++string(4) "f680" ++string(4) "f6fc" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "f740" ++string(4) "f77e" ++string(0) "" ++string(4) "f780" ++string(4) "f7fc" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "f840" ++string(4) "f87e" ++string(0) "" ++string(4) "f880" ++string(4) "f8fc" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "f940" ++string(4) "f97e" ++string(0) "" ++string(4) "f980" ++string(4) "f9fc" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "fa40" ++string(4) "fa7e" ++string(0) "" ++string(4) "fa80" ++string(4) "fafc" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "fb40" ++string(4) "fb7e" ++string(0) "" ++string(4) "fb80" ++string(4) "fbfc" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "fc40" ++string(4) "fc7e" ++string(0) "" ++string(4) "fc80" ++string(4) "fcfc" ++string(0) "" ++string(0) "" ++string(0) "" ++-- ++string(2) "80" ++string(2) "81" ++string(2) "82" ++string(2) "83" ++string(2) "84" ++string(2) "85" ++string(2) "86" ++string(2) "87" ++string(2) "88" ++string(2) "89" ++string(2) "8a" ++string(2) "8b" ++string(2) "8c" ++string(2) "8d" ++string(2) "90" ++string(2) "91" ++string(2) "92" ++string(2) "93" ++string(2) "94" ++string(2) "95" ++string(2) "96" ++string(2) "97" ++string(2) "98" ++string(2) "99" ++string(2) "9a" ++string(2) "9b" ++string(2) "9c" ++string(2) "9d" ++string(2) "9e" ++string(2) "9f" ++string(2) "ff" ++string(0) "" ++string(0) "" ++string(4) "8ea1" ++string(0) "" ++string(0) "" ++string(6) "8fa1a3" ++-- ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "a1a1" ++string(4) "a1fe" ++string(0) "" ++string(4) "8ea1" ++string(14) "8ea126616d703b" ++string(6) "8ea180" ++string(6) "8ea1a0" ++string(0) "" ++string(0) "" ++string(6) "8ea1ff" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(6) "8fa1a1" ++string(6) "8fa1fe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "a2a1" ++string(4) "a2fe" ++string(0) "" ++string(4) "8ea2" ++string(14) "8ea226616d703b" ++string(6) "8ea280" ++string(6) "8ea2a0" ++string(0) "" ++string(0) "" ++string(6) "8ea2ff" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(6) "8fa2a1" ++string(6) "8fa2fe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "a3a1" ++string(4) "a3fe" ++string(0) "" ++string(4) "8ea3" ++string(14) "8ea326616d703b" ++string(6) "8ea380" ++string(6) "8ea3a0" ++string(0) "" ++string(0) "" ++string(6) "8ea3ff" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(6) "8fa3a1" ++string(6) "8fa3fe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "a4a1" ++string(4) "a4fe" ++string(0) "" ++string(4) "8ea4" ++string(14) "8ea426616d703b" ++string(6) "8ea480" ++string(6) "8ea4a0" ++string(0) "" ++string(0) "" ++string(6) "8ea4ff" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(6) "8fa4a1" ++string(6) "8fa4fe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "a5a1" ++string(4) "a5fe" ++string(0) "" ++string(4) "8ea5" ++string(14) "8ea526616d703b" ++string(6) "8ea580" ++string(6) "8ea5a0" ++string(0) "" ++string(0) "" ++string(6) "8ea5ff" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(6) "8fa5a1" ++string(6) "8fa5fe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "a6a1" ++string(4) "a6fe" ++string(0) "" ++string(4) "8ea6" ++string(14) "8ea626616d703b" ++string(6) "8ea680" ++string(6) "8ea6a0" ++string(0) "" ++string(0) "" ++string(6) "8ea6ff" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(6) "8fa6a1" ++string(6) "8fa6fe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "a7a1" ++string(4) "a7fe" ++string(0) "" ++string(4) "8ea7" ++string(14) "8ea726616d703b" ++string(6) "8ea780" ++string(6) "8ea7a0" ++string(0) "" ++string(0) "" ++string(6) "8ea7ff" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(6) "8fa7a1" ++string(6) "8fa7fe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "a8a1" ++string(4) "a8fe" ++string(0) "" ++string(4) "8ea8" ++string(14) "8ea826616d703b" ++string(6) "8ea880" ++string(6) "8ea8a0" ++string(0) "" ++string(0) "" ++string(6) "8ea8ff" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(6) "8fa8a1" ++string(6) "8fa8fe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "a9a1" ++string(4) "a9fe" ++string(0) "" ++string(4) "8ea9" ++string(14) "8ea926616d703b" ++string(6) "8ea980" ++string(6) "8ea9a0" ++string(0) "" ++string(0) "" ++string(6) "8ea9ff" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(6) "8fa9a1" ++string(6) "8fa9fe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "aaa1" ++string(4) "aafe" ++string(0) "" ++string(4) "8eaa" ++string(14) "8eaa26616d703b" ++string(6) "8eaa80" ++string(6) "8eaaa0" ++string(0) "" ++string(0) "" ++string(6) "8eaaff" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(6) "8faaa1" ++string(6) "8faafe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "aba1" ++string(4) "abfe" ++string(0) "" ++string(4) "8eab" ++string(14) "8eab26616d703b" ++string(6) "8eab80" ++string(6) "8eaba0" ++string(0) "" ++string(0) "" ++string(6) "8eabff" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(6) "8faba1" ++string(6) "8fabfe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "aca1" ++string(4) "acfe" ++string(0) "" ++string(4) "8eac" ++string(14) "8eac26616d703b" ++string(6) "8eac80" ++string(6) "8eaca0" ++string(0) "" ++string(0) "" ++string(6) "8eacff" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(6) "8faca1" ++string(6) "8facfe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "ada1" ++string(4) "adfe" ++string(0) "" ++string(4) "8ead" ++string(14) "8ead26616d703b" ++string(6) "8ead80" ++string(6) "8eada0" ++string(0) "" ++string(0) "" ++string(6) "8eadff" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(6) "8fada1" ++string(6) "8fadfe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "aea1" ++string(4) "aefe" ++string(0) "" ++string(4) "8eae" ++string(14) "8eae26616d703b" ++string(6) "8eae80" ++string(6) "8eaea0" ++string(0) "" ++string(0) "" ++string(6) "8eaeff" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(6) "8faea1" ++string(6) "8faefe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "afa1" ++string(4) "affe" ++string(0) "" ++string(4) "8eaf" ++string(14) "8eaf26616d703b" ++string(6) "8eaf80" ++string(6) "8eafa0" ++string(0) "" ++string(0) "" ++string(6) "8eafff" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(6) "8fafa1" ++string(6) "8faffe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "b0a1" ++string(4) "b0fe" ++string(0) "" ++string(4) "8eb0" ++string(14) "8eb026616d703b" ++string(6) "8eb080" ++string(6) "8eb0a0" ++string(0) "" ++string(0) "" ++string(6) "8eb0ff" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(6) "8fb0a1" ++string(6) "8fb0fe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "b1a1" ++string(4) "b1fe" ++string(0) "" ++string(4) "8eb1" ++string(14) "8eb126616d703b" ++string(6) "8eb180" ++string(6) "8eb1a0" ++string(0) "" ++string(0) "" ++string(6) "8eb1ff" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(6) "8fb1a1" ++string(6) "8fb1fe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "b2a1" ++string(4) "b2fe" ++string(0) "" ++string(4) "8eb2" ++string(14) "8eb226616d703b" ++string(6) "8eb280" ++string(6) "8eb2a0" ++string(0) "" ++string(0) "" ++string(6) "8eb2ff" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(6) "8fb2a1" ++string(6) "8fb2fe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "b3a1" ++string(4) "b3fe" ++string(0) "" ++string(4) "8eb3" ++string(14) "8eb326616d703b" ++string(6) "8eb380" ++string(6) "8eb3a0" ++string(0) "" ++string(0) "" ++string(6) "8eb3ff" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(6) "8fb3a1" ++string(6) "8fb3fe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "b4a1" ++string(4) "b4fe" ++string(0) "" ++string(4) "8eb4" ++string(14) "8eb426616d703b" ++string(6) "8eb480" ++string(6) "8eb4a0" ++string(0) "" ++string(0) "" ++string(6) "8eb4ff" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(6) "8fb4a1" ++string(6) "8fb4fe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "b5a1" ++string(4) "b5fe" ++string(0) "" ++string(4) "8eb5" ++string(14) "8eb526616d703b" ++string(6) "8eb580" ++string(6) "8eb5a0" ++string(0) "" ++string(0) "" ++string(6) "8eb5ff" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(6) "8fb5a1" ++string(6) "8fb5fe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "b6a1" ++string(4) "b6fe" ++string(0) "" ++string(4) "8eb6" ++string(14) "8eb626616d703b" ++string(6) "8eb680" ++string(6) "8eb6a0" ++string(0) "" ++string(0) "" ++string(6) "8eb6ff" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(6) "8fb6a1" ++string(6) "8fb6fe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "b7a1" ++string(4) "b7fe" ++string(0) "" ++string(4) "8eb7" ++string(14) "8eb726616d703b" ++string(6) "8eb780" ++string(6) "8eb7a0" ++string(0) "" ++string(0) "" ++string(6) "8eb7ff" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(6) "8fb7a1" ++string(6) "8fb7fe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "b8a1" ++string(4) "b8fe" ++string(0) "" ++string(4) "8eb8" ++string(14) "8eb826616d703b" ++string(6) "8eb880" ++string(6) "8eb8a0" ++string(0) "" ++string(0) "" ++string(6) "8eb8ff" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(6) "8fb8a1" ++string(6) "8fb8fe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "b9a1" ++string(4) "b9fe" ++string(0) "" ++string(4) "8eb9" ++string(14) "8eb926616d703b" ++string(6) "8eb980" ++string(6) "8eb9a0" ++string(0) "" ++string(0) "" ++string(6) "8eb9ff" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(6) "8fb9a1" ++string(6) "8fb9fe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "baa1" ++string(4) "bafe" ++string(0) "" ++string(4) "8eba" ++string(14) "8eba26616d703b" ++string(6) "8eba80" ++string(6) "8ebaa0" ++string(0) "" ++string(0) "" ++string(6) "8ebaff" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(6) "8fbaa1" ++string(6) "8fbafe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "bba1" ++string(4) "bbfe" ++string(0) "" ++string(4) "8ebb" ++string(14) "8ebb26616d703b" ++string(6) "8ebb80" ++string(6) "8ebba0" ++string(0) "" ++string(0) "" ++string(6) "8ebbff" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(6) "8fbba1" ++string(6) "8fbbfe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "bca1" ++string(4) "bcfe" ++string(0) "" ++string(4) "8ebc" ++string(14) "8ebc26616d703b" ++string(6) "8ebc80" ++string(6) "8ebca0" ++string(0) "" ++string(0) "" ++string(6) "8ebcff" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(6) "8fbca1" ++string(6) "8fbcfe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "bda1" ++string(4) "bdfe" ++string(0) "" ++string(4) "8ebd" ++string(14) "8ebd26616d703b" ++string(6) "8ebd80" ++string(6) "8ebda0" ++string(0) "" ++string(0) "" ++string(6) "8ebdff" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(6) "8fbda1" ++string(6) "8fbdfe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "bea1" ++string(4) "befe" ++string(0) "" ++string(4) "8ebe" ++string(14) "8ebe26616d703b" ++string(6) "8ebe80" ++string(6) "8ebea0" ++string(0) "" ++string(0) "" ++string(6) "8ebeff" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(6) "8fbea1" ++string(6) "8fbefe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "bfa1" ++string(4) "bffe" ++string(0) "" ++string(4) "8ebf" ++string(14) "8ebf26616d703b" ++string(6) "8ebf80" ++string(6) "8ebfa0" ++string(0) "" ++string(0) "" ++string(6) "8ebfff" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(6) "8fbfa1" ++string(6) "8fbffe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "c0a1" ++string(4) "c0fe" ++string(0) "" ++string(4) "8ec0" ++string(14) "8ec026616d703b" ++string(6) "8ec080" ++string(6) "8ec0a0" ++string(0) "" ++string(0) "" ++string(6) "8ec0ff" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(6) "8fc0a1" ++string(6) "8fc0fe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "c1a1" ++string(4) "c1fe" ++string(0) "" ++string(4) "8ec1" ++string(14) "8ec126616d703b" ++string(6) "8ec180" ++string(6) "8ec1a0" ++string(0) "" ++string(0) "" ++string(6) "8ec1ff" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(6) "8fc1a1" ++string(6) "8fc1fe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "c2a1" ++string(4) "c2fe" ++string(0) "" ++string(4) "8ec2" ++string(14) "8ec226616d703b" ++string(6) "8ec280" ++string(6) "8ec2a0" ++string(0) "" ++string(0) "" ++string(6) "8ec2ff" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(6) "8fc2a1" ++string(6) "8fc2fe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "c3a1" ++string(4) "c3fe" ++string(0) "" ++string(4) "8ec3" ++string(14) "8ec326616d703b" ++string(6) "8ec380" ++string(6) "8ec3a0" ++string(0) "" ++string(0) "" ++string(6) "8ec3ff" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(6) "8fc3a1" ++string(6) "8fc3fe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "c4a1" ++string(4) "c4fe" ++string(0) "" ++string(4) "8ec4" ++string(14) "8ec426616d703b" ++string(6) "8ec480" ++string(6) "8ec4a0" ++string(0) "" ++string(0) "" ++string(6) "8ec4ff" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(6) "8fc4a1" ++string(6) "8fc4fe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "c5a1" ++string(4) "c5fe" ++string(0) "" ++string(4) "8ec5" ++string(14) "8ec526616d703b" ++string(6) "8ec580" ++string(6) "8ec5a0" ++string(0) "" ++string(0) "" ++string(6) "8ec5ff" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(6) "8fc5a1" ++string(6) "8fc5fe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "c6a1" ++string(4) "c6fe" ++string(0) "" ++string(4) "8ec6" ++string(14) "8ec626616d703b" ++string(6) "8ec680" ++string(6) "8ec6a0" ++string(0) "" ++string(0) "" ++string(6) "8ec6ff" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(6) "8fc6a1" ++string(6) "8fc6fe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "c7a1" ++string(4) "c7fe" ++string(0) "" ++string(4) "8ec7" ++string(14) "8ec726616d703b" ++string(6) "8ec780" ++string(6) "8ec7a0" ++string(0) "" ++string(0) "" ++string(6) "8ec7ff" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(6) "8fc7a1" ++string(6) "8fc7fe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "c8a1" ++string(4) "c8fe" ++string(0) "" ++string(4) "8ec8" ++string(14) "8ec826616d703b" ++string(6) "8ec880" ++string(6) "8ec8a0" ++string(0) "" ++string(0) "" ++string(6) "8ec8ff" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(6) "8fc8a1" ++string(6) "8fc8fe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "c9a1" ++string(4) "c9fe" ++string(0) "" ++string(4) "8ec9" ++string(14) "8ec926616d703b" ++string(6) "8ec980" ++string(6) "8ec9a0" ++string(0) "" ++string(0) "" ++string(6) "8ec9ff" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(6) "8fc9a1" ++string(6) "8fc9fe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "caa1" ++string(4) "cafe" ++string(0) "" ++string(4) "8eca" ++string(14) "8eca26616d703b" ++string(6) "8eca80" ++string(6) "8ecaa0" ++string(0) "" ++string(0) "" ++string(6) "8ecaff" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(6) "8fcaa1" ++string(6) "8fcafe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "cba1" ++string(4) "cbfe" ++string(0) "" ++string(4) "8ecb" ++string(14) "8ecb26616d703b" ++string(6) "8ecb80" ++string(6) "8ecba0" ++string(0) "" ++string(0) "" ++string(6) "8ecbff" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(6) "8fcba1" ++string(6) "8fcbfe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "cca1" ++string(4) "ccfe" ++string(0) "" ++string(4) "8ecc" ++string(14) "8ecc26616d703b" ++string(6) "8ecc80" ++string(6) "8ecca0" ++string(0) "" ++string(0) "" ++string(6) "8eccff" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(6) "8fcca1" ++string(6) "8fccfe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "cda1" ++string(4) "cdfe" ++string(0) "" ++string(4) "8ecd" ++string(14) "8ecd26616d703b" ++string(6) "8ecd80" ++string(6) "8ecda0" ++string(0) "" ++string(0) "" ++string(6) "8ecdff" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(6) "8fcda1" ++string(6) "8fcdfe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "cea1" ++string(4) "cefe" ++string(0) "" ++string(4) "8ece" ++string(14) "8ece26616d703b" ++string(6) "8ece80" ++string(6) "8ecea0" ++string(0) "" ++string(0) "" ++string(6) "8eceff" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(6) "8fcea1" ++string(6) "8fcefe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "cfa1" ++string(4) "cffe" ++string(0) "" ++string(4) "8ecf" ++string(14) "8ecf26616d703b" ++string(6) "8ecf80" ++string(6) "8ecfa0" ++string(0) "" ++string(0) "" ++string(6) "8ecfff" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(6) "8fcfa1" ++string(6) "8fcffe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "d0a1" ++string(4) "d0fe" ++string(0) "" ++string(4) "8ed0" ++string(14) "8ed026616d703b" ++string(6) "8ed080" ++string(6) "8ed0a0" ++string(0) "" ++string(0) "" ++string(6) "8ed0ff" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(6) "8fd0a1" ++string(6) "8fd0fe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "d1a1" ++string(4) "d1fe" ++string(0) "" ++string(4) "8ed1" ++string(14) "8ed126616d703b" ++string(6) "8ed180" ++string(6) "8ed1a0" ++string(0) "" ++string(0) "" ++string(6) "8ed1ff" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(6) "8fd1a1" ++string(6) "8fd1fe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "d2a1" ++string(4) "d2fe" ++string(0) "" ++string(4) "8ed2" ++string(14) "8ed226616d703b" ++string(6) "8ed280" ++string(6) "8ed2a0" ++string(0) "" ++string(0) "" ++string(6) "8ed2ff" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(6) "8fd2a1" ++string(6) "8fd2fe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "d3a1" ++string(4) "d3fe" ++string(0) "" ++string(4) "8ed3" ++string(14) "8ed326616d703b" ++string(6) "8ed380" ++string(6) "8ed3a0" ++string(0) "" ++string(0) "" ++string(6) "8ed3ff" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(6) "8fd3a1" ++string(6) "8fd3fe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "d4a1" ++string(4) "d4fe" ++string(0) "" ++string(4) "8ed4" ++string(14) "8ed426616d703b" ++string(6) "8ed480" ++string(6) "8ed4a0" ++string(0) "" ++string(0) "" ++string(6) "8ed4ff" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(6) "8fd4a1" ++string(6) "8fd4fe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "d5a1" ++string(4) "d5fe" ++string(0) "" ++string(4) "8ed5" ++string(14) "8ed526616d703b" ++string(6) "8ed580" ++string(6) "8ed5a0" ++string(0) "" ++string(0) "" ++string(6) "8ed5ff" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(6) "8fd5a1" ++string(6) "8fd5fe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "d6a1" ++string(4) "d6fe" ++string(0) "" ++string(4) "8ed6" ++string(14) "8ed626616d703b" ++string(6) "8ed680" ++string(6) "8ed6a0" ++string(0) "" ++string(0) "" ++string(6) "8ed6ff" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(6) "8fd6a1" ++string(6) "8fd6fe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "d7a1" ++string(4) "d7fe" ++string(0) "" ++string(4) "8ed7" ++string(14) "8ed726616d703b" ++string(6) "8ed780" ++string(6) "8ed7a0" ++string(0) "" ++string(0) "" ++string(6) "8ed7ff" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(6) "8fd7a1" ++string(6) "8fd7fe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "d8a1" ++string(4) "d8fe" ++string(0) "" ++string(4) "8ed8" ++string(14) "8ed826616d703b" ++string(6) "8ed880" ++string(6) "8ed8a0" ++string(0) "" ++string(0) "" ++string(6) "8ed8ff" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(6) "8fd8a1" ++string(6) "8fd8fe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "d9a1" ++string(4) "d9fe" ++string(0) "" ++string(4) "8ed9" ++string(14) "8ed926616d703b" ++string(6) "8ed980" ++string(6) "8ed9a0" ++string(0) "" ++string(0) "" ++string(6) "8ed9ff" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(6) "8fd9a1" ++string(6) "8fd9fe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "daa1" ++string(4) "dafe" ++string(0) "" ++string(4) "8eda" ++string(14) "8eda26616d703b" ++string(6) "8eda80" ++string(6) "8edaa0" ++string(0) "" ++string(0) "" ++string(6) "8edaff" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(6) "8fdaa1" ++string(6) "8fdafe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "dba1" ++string(4) "dbfe" ++string(0) "" ++string(4) "8edb" ++string(14) "8edb26616d703b" ++string(6) "8edb80" ++string(6) "8edba0" ++string(0) "" ++string(0) "" ++string(6) "8edbff" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(6) "8fdba1" ++string(6) "8fdbfe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "dca1" ++string(4) "dcfe" ++string(0) "" ++string(4) "8edc" ++string(14) "8edc26616d703b" ++string(6) "8edc80" ++string(6) "8edca0" ++string(0) "" ++string(0) "" ++string(6) "8edcff" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(6) "8fdca1" ++string(6) "8fdcfe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "dda1" ++string(4) "ddfe" ++string(0) "" ++string(4) "8edd" ++string(14) "8edd26616d703b" ++string(6) "8edd80" ++string(6) "8edda0" ++string(0) "" ++string(0) "" ++string(6) "8eddff" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(6) "8fdda1" ++string(6) "8fddfe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "dea1" ++string(4) "defe" ++string(0) "" ++string(4) "8ede" ++string(14) "8ede26616d703b" ++string(6) "8ede80" ++string(6) "8edea0" ++string(0) "" ++string(0) "" ++string(6) "8edeff" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(6) "8fdea1" ++string(6) "8fdefe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "dfa1" ++string(4) "dffe" ++string(0) "" ++string(4) "8edf" ++string(14) "8edf26616d703b" ++string(6) "8edf80" ++string(6) "8edfa0" ++string(0) "" ++string(0) "" ++string(6) "8edfff" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(6) "8fdfa1" ++string(6) "8fdffe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "e0a1" ++string(4) "e0fe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(6) "8fe0a1" ++string(6) "8fe0fe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "e1a1" ++string(4) "e1fe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(6) "8fe1a1" ++string(6) "8fe1fe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "e2a1" ++string(4) "e2fe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(6) "8fe2a1" ++string(6) "8fe2fe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "e3a1" ++string(4) "e3fe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(6) "8fe3a1" ++string(6) "8fe3fe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "e4a1" ++string(4) "e4fe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(6) "8fe4a1" ++string(6) "8fe4fe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "e5a1" ++string(4) "e5fe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(6) "8fe5a1" ++string(6) "8fe5fe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "e6a1" ++string(4) "e6fe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(6) "8fe6a1" ++string(6) "8fe6fe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "e7a1" ++string(4) "e7fe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(6) "8fe7a1" ++string(6) "8fe7fe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "e8a1" ++string(4) "e8fe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(6) "8fe8a1" ++string(6) "8fe8fe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "e9a1" ++string(4) "e9fe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(6) "8fe9a1" ++string(6) "8fe9fe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "eaa1" ++string(4) "eafe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(6) "8feaa1" ++string(6) "8feafe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "eba1" ++string(4) "ebfe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(6) "8feba1" ++string(6) "8febfe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "eca1" ++string(4) "ecfe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(6) "8feca1" ++string(6) "8fecfe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "eda1" ++string(4) "edfe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(6) "8feda1" ++string(6) "8fedfe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "eea1" ++string(4) "eefe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(6) "8feea1" ++string(6) "8feefe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "efa1" ++string(4) "effe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(6) "8fefa1" ++string(6) "8feffe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "f0a1" ++string(4) "f0fe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(6) "8ff0a1" ++string(6) "8ff0fe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "f1a1" ++string(4) "f1fe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(6) "8ff1a1" ++string(6) "8ff1fe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "f2a1" ++string(4) "f2fe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(6) "8ff2a1" ++string(6) "8ff2fe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "f3a1" ++string(4) "f3fe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(6) "8ff3a1" ++string(6) "8ff3fe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "f4a1" ++string(4) "f4fe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(6) "8ff4a1" ++string(6) "8ff4fe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "f5a1" ++string(4) "f5fe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(6) "8ff5a1" ++string(6) "8ff5fe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "f6a1" ++string(4) "f6fe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(6) "8ff6a1" ++string(6) "8ff6fe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "f7a1" ++string(4) "f7fe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(6) "8ff7a1" ++string(6) "8ff7fe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "f8a1" ++string(4) "f8fe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(6) "8ff8a1" ++string(6) "8ff8fe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "f9a1" ++string(4) "f9fe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(6) "8ff9a1" ++string(6) "8ff9fe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "faa1" ++string(4) "fafe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(6) "8ffaa1" ++string(6) "8ffafe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "fba1" ++string(4) "fbfe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(6) "8ffba1" ++string(6) "8ffbfe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "fca1" ++string(4) "fcfe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(6) "8ffca1" ++string(6) "8ffcfe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "fda1" ++string(4) "fdfe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(6) "8ffda1" ++string(6) "8ffdfe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "fea1" ++string(4) "fefe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(6) "8ffea1" ++string(6) "8ffefe" ++string(0) "" ++-- ++string(2) "80" ++string(2) "ff" ++-- ++string(0) "" ++string(0) "" ++string(4) "8140" ++string(4) "817e" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "81a1" ++string(4) "81fe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "8240" ++string(4) "827e" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "82a1" ++string(4) "82fe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "8340" ++string(4) "837e" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "83a1" ++string(4) "83fe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "8440" ++string(4) "847e" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "84a1" ++string(4) "84fe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "8540" ++string(4) "857e" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "85a1" ++string(4) "85fe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "8640" ++string(4) "867e" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "86a1" ++string(4) "86fe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "8740" ++string(4) "877e" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "87a1" ++string(4) "87fe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "8840" ++string(4) "887e" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "88a1" ++string(4) "88fe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "8940" ++string(4) "897e" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "89a1" ++string(4) "89fe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "8a40" ++string(4) "8a7e" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "8aa1" ++string(4) "8afe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "8b40" ++string(4) "8b7e" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "8ba1" ++string(4) "8bfe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "8c40" ++string(4) "8c7e" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "8ca1" ++string(4) "8cfe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "8d40" ++string(4) "8d7e" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "8da1" ++string(4) "8dfe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "8e40" ++string(4) "8e7e" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "8ea1" ++string(4) "8efe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "8f40" ++string(4) "8f7e" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "8fa1" ++string(4) "8ffe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "9040" ++string(4) "907e" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "90a1" ++string(4) "90fe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "9140" ++string(4) "917e" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "91a1" ++string(4) "91fe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "9240" ++string(4) "927e" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "92a1" ++string(4) "92fe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "9340" ++string(4) "937e" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "93a1" ++string(4) "93fe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "9440" ++string(4) "947e" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "94a1" ++string(4) "94fe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "9540" ++string(4) "957e" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "95a1" ++string(4) "95fe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "9640" ++string(4) "967e" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "96a1" ++string(4) "96fe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "9740" ++string(4) "977e" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "97a1" ++string(4) "97fe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "9840" ++string(4) "987e" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "98a1" ++string(4) "98fe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "9940" ++string(4) "997e" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "99a1" ++string(4) "99fe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "9a40" ++string(4) "9a7e" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "9aa1" ++string(4) "9afe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "9b40" ++string(4) "9b7e" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "9ba1" ++string(4) "9bfe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "9c40" ++string(4) "9c7e" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "9ca1" ++string(4) "9cfe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "9d40" ++string(4) "9d7e" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "9da1" ++string(4) "9dfe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "9e40" ++string(4) "9e7e" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "9ea1" ++string(4) "9efe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "9f40" ++string(4) "9f7e" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "9fa1" ++string(4) "9ffe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "a040" ++string(4) "a07e" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "a0a1" ++string(4) "a0fe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "a140" ++string(4) "a17e" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "a1a1" ++string(4) "a1fe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "a240" ++string(4) "a27e" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "a2a1" ++string(4) "a2fe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "a340" ++string(4) "a37e" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "a3a1" ++string(4) "a3fe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "a440" ++string(4) "a47e" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "a4a1" ++string(4) "a4fe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "a540" ++string(4) "a57e" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "a5a1" ++string(4) "a5fe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "a640" ++string(4) "a67e" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "a6a1" ++string(4) "a6fe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "a740" ++string(4) "a77e" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "a7a1" ++string(4) "a7fe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "a840" ++string(4) "a87e" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "a8a1" ++string(4) "a8fe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "a940" ++string(4) "a97e" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "a9a1" ++string(4) "a9fe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "aa40" ++string(4) "aa7e" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "aaa1" ++string(4) "aafe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "ab40" ++string(4) "ab7e" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "aba1" ++string(4) "abfe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "ac40" ++string(4) "ac7e" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "aca1" ++string(4) "acfe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "ad40" ++string(4) "ad7e" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "ada1" ++string(4) "adfe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "ae40" ++string(4) "ae7e" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "aea1" ++string(4) "aefe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "af40" ++string(4) "af7e" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "afa1" ++string(4) "affe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "b040" ++string(4) "b07e" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "b0a1" ++string(4) "b0fe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "b140" ++string(4) "b17e" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "b1a1" ++string(4) "b1fe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "b240" ++string(4) "b27e" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "b2a1" ++string(4) "b2fe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "b340" ++string(4) "b37e" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "b3a1" ++string(4) "b3fe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "b440" ++string(4) "b47e" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "b4a1" ++string(4) "b4fe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "b540" ++string(4) "b57e" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "b5a1" ++string(4) "b5fe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "b640" ++string(4) "b67e" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "b6a1" ++string(4) "b6fe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "b740" ++string(4) "b77e" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "b7a1" ++string(4) "b7fe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "b840" ++string(4) "b87e" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "b8a1" ++string(4) "b8fe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "b940" ++string(4) "b97e" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "b9a1" ++string(4) "b9fe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "ba40" ++string(4) "ba7e" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "baa1" ++string(4) "bafe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "bb40" ++string(4) "bb7e" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "bba1" ++string(4) "bbfe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "bc40" ++string(4) "bc7e" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "bca1" ++string(4) "bcfe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "bd40" ++string(4) "bd7e" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "bda1" ++string(4) "bdfe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "be40" ++string(4) "be7e" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "bea1" ++string(4) "befe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "bf40" ++string(4) "bf7e" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "bfa1" ++string(4) "bffe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "c040" ++string(4) "c07e" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "c0a1" ++string(4) "c0fe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "c140" ++string(4) "c17e" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "c1a1" ++string(4) "c1fe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "c240" ++string(4) "c27e" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "c2a1" ++string(4) "c2fe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "c340" ++string(4) "c37e" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "c3a1" ++string(4) "c3fe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "c440" ++string(4) "c47e" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "c4a1" ++string(4) "c4fe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "c540" ++string(4) "c57e" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "c5a1" ++string(4) "c5fe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "c640" ++string(4) "c67e" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "c6a1" ++string(4) "c6fe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "c740" ++string(4) "c77e" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "c7a1" ++string(4) "c7fe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "c840" ++string(4) "c87e" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "c8a1" ++string(4) "c8fe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "c940" ++string(4) "c97e" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "c9a1" ++string(4) "c9fe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "ca40" ++string(4) "ca7e" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "caa1" ++string(4) "cafe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "cb40" ++string(4) "cb7e" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "cba1" ++string(4) "cbfe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "cc40" ++string(4) "cc7e" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "cca1" ++string(4) "ccfe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "cd40" ++string(4) "cd7e" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "cda1" ++string(4) "cdfe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "ce40" ++string(4) "ce7e" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "cea1" ++string(4) "cefe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "cf40" ++string(4) "cf7e" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "cfa1" ++string(4) "cffe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "d040" ++string(4) "d07e" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "d0a1" ++string(4) "d0fe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "d140" ++string(4) "d17e" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "d1a1" ++string(4) "d1fe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "d240" ++string(4) "d27e" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "d2a1" ++string(4) "d2fe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "d340" ++string(4) "d37e" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "d3a1" ++string(4) "d3fe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "d440" ++string(4) "d47e" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "d4a1" ++string(4) "d4fe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "d540" ++string(4) "d57e" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "d5a1" ++string(4) "d5fe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "d640" ++string(4) "d67e" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "d6a1" ++string(4) "d6fe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "d740" ++string(4) "d77e" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "d7a1" ++string(4) "d7fe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "d840" ++string(4) "d87e" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "d8a1" ++string(4) "d8fe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "d940" ++string(4) "d97e" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "d9a1" ++string(4) "d9fe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "da40" ++string(4) "da7e" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "daa1" ++string(4) "dafe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "db40" ++string(4) "db7e" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "dba1" ++string(4) "dbfe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "dc40" ++string(4) "dc7e" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "dca1" ++string(4) "dcfe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "dd40" ++string(4) "dd7e" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "dda1" ++string(4) "ddfe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "de40" ++string(4) "de7e" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "dea1" ++string(4) "defe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "df40" ++string(4) "df7e" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "dfa1" ++string(4) "dffe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "e040" ++string(4) "e07e" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "e0a1" ++string(4) "e0fe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "e140" ++string(4) "e17e" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "e1a1" ++string(4) "e1fe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "e240" ++string(4) "e27e" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "e2a1" ++string(4) "e2fe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "e340" ++string(4) "e37e" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "e3a1" ++string(4) "e3fe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "e440" ++string(4) "e47e" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "e4a1" ++string(4) "e4fe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "e540" ++string(4) "e57e" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "e5a1" ++string(4) "e5fe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "e640" ++string(4) "e67e" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "e6a1" ++string(4) "e6fe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "e740" ++string(4) "e77e" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "e7a1" ++string(4) "e7fe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "e840" ++string(4) "e87e" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "e8a1" ++string(4) "e8fe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "e940" ++string(4) "e97e" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "e9a1" ++string(4) "e9fe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "ea40" ++string(4) "ea7e" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "eaa1" ++string(4) "eafe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "eb40" ++string(4) "eb7e" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "eba1" ++string(4) "ebfe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "ec40" ++string(4) "ec7e" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "eca1" ++string(4) "ecfe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "ed40" ++string(4) "ed7e" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "eda1" ++string(4) "edfe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "ee40" ++string(4) "ee7e" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "eea1" ++string(4) "eefe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "ef40" ++string(4) "ef7e" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "efa1" ++string(4) "effe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "f040" ++string(4) "f07e" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "f0a1" ++string(4) "f0fe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "f140" ++string(4) "f17e" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "f1a1" ++string(4) "f1fe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "f240" ++string(4) "f27e" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "f2a1" ++string(4) "f2fe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "f340" ++string(4) "f37e" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "f3a1" ++string(4) "f3fe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "f440" ++string(4) "f47e" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "f4a1" ++string(4) "f4fe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "f540" ++string(4) "f57e" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "f5a1" ++string(4) "f5fe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "f640" ++string(4) "f67e" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "f6a1" ++string(4) "f6fe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "f740" ++string(4) "f77e" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "f7a1" ++string(4) "f7fe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "f840" ++string(4) "f87e" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "f8a1" ++string(4) "f8fe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "f940" ++string(4) "f97e" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "f9a1" ++string(4) "f9fe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "fa40" ++string(4) "fa7e" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "faa1" ++string(4) "fafe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "fb40" ++string(4) "fb7e" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "fba1" ++string(4) "fbfe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "fc40" ++string(4) "fc7e" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "fca1" ++string(4) "fcfe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "fd40" ++string(4) "fd7e" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "fda1" ++string(4) "fdfe" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "fe40" ++string(4) "fe7e" ++string(0) "" ++string(0) "" ++string(0) "" ++string(4) "fea1" ++string(4) "fefe" ++string(0) "" --- php5-5.1.2.orig/debian/patches/006-debian_quirks.patch +++ php5-5.1.2/debian/patches/006-debian_quirks.patch @@ -0,0 +1,350 @@ +diff -uNr php-5.0.4.orig/configure.in php-5.0.4/configure.in +--- php-5.0.4.orig/configure.in 2005-03-30 23:43:12.000000000 +0200 ++++ php-5.0.4/configure.in 2005-04-27 11:15:29.276399240 +0200 +@@ -925,7 +925,7 @@ + fi + + PHP_ARG_WITH(pear, [whether to install PEAR], +-[ --with-pear=DIR Install PEAR in DIR [PREFIX/lib/php] ++[ --with-pear=DIR Install PEAR in DIR [PREFIX/lib/php5] + --without-pear Do not install PEAR], DEFAULT, yes) + + if test "$PHP_PEAR" != "no"; then +@@ -959,7 +959,7 @@ + if test "$PHP_PEAR" = "DEFAULT" || test "$PHP_PEAR" = "yes"; then + case $PHP_LAYOUT in + GNU) PEAR_INSTALLDIR=$datadir/pear;; +- *) PEAR_INSTALLDIR=$libdir/php;; ++ *) PEAR_INSTALLDIR=$libdir/php5;; + esac + fi + +@@ -1014,12 +1014,12 @@ + + case $libdir in + '${exec_prefix}/lib') +- libdir=$libdir/php ++ libdir=$libdir/php5 + ;; + esac + case $datadir in + '${prefix}/share') +- datadir=$datadir/php ++ datadir=$datadir/php5 + ;; + *) ;; + esac +@@ -1076,7 +1076,7 @@ + EXPANDED_DATADIR=$datadir + EXPANDED_PHP_CONFIG_FILE_PATH=`eval echo "$PHP_CONFIG_FILE_PATH"` + EXPANDED_PHP_CONFIG_FILE_SCAN_DIR=`eval echo "$PHP_CONFIG_FILE_SCAN_DIR"` +-INCLUDE_PATH=.:$EXPANDED_PEAR_INSTALLDIR ++INCLUDE_PATH=.:$EXPANDED_PEAR_INSTALLDIR:/usr/share/pear + + exec_prefix=$old_exec_prefix + libdir=$old_libdir +diff -uNr php-5.0.4.orig/ext/ext_skel php-5.0.4/ext/ext_skel +--- php-5.0.4.orig/ext/ext_skel 2004-05-16 14:10:35.000000000 +0200 ++++ php-5.0.4/ext/ext_skel 2005-04-27 11:14:32.914967480 +0200 +@@ -70,7 +70,7 @@ + fi + + if test -z "$skel_dir"; then +- skel_dir="skeleton" ++ skel_dir="/usr/lib/php5/skeleton" + fi + + ## convert skel_dir to full path +diff -uNr php-5.0.4.orig/ext/session/session.c php-5.0.4/ext/session/session.c +--- php-5.0.4.orig/ext/session/session.c 2005-03-24 01:17:53.000000000 +0100 ++++ php-5.0.4/ext/session/session.c 2005-04-27 11:14:32.923966112 +0200 +@@ -152,11 +152,11 @@ + PHP_INI_BEGIN() + STD_PHP_INI_BOOLEAN("session.bug_compat_42", "1", PHP_INI_ALL, OnUpdateBool, bug_compat, php_ps_globals, ps_globals) + STD_PHP_INI_BOOLEAN("session.bug_compat_warn", "1", PHP_INI_ALL, OnUpdateBool, bug_compat_warn, php_ps_globals, ps_globals) +- STD_PHP_INI_ENTRY("session.save_path", "", PHP_INI_ALL, OnUpdateSaveDir,save_path, php_ps_globals, ps_globals) ++ STD_PHP_INI_ENTRY("session.save_path", "/var/lib/php5", PHP_INI_ALL, OnUpdateString, save_path, php_ps_globals, ps_globals) + STD_PHP_INI_ENTRY("session.name", "PHPSESSID", PHP_INI_ALL, OnUpdateString, session_name, php_ps_globals, ps_globals) + PHP_INI_ENTRY("session.save_handler", "files", PHP_INI_ALL, OnUpdateSaveHandler) + STD_PHP_INI_BOOLEAN("session.auto_start", "0", PHP_INI_ALL, OnUpdateBool, auto_start, php_ps_globals, ps_globals) +- STD_PHP_INI_ENTRY("session.gc_probability", "1", PHP_INI_ALL, OnUpdateLong, gc_probability, php_ps_globals, ps_globals) ++ STD_PHP_INI_ENTRY("session.gc_probability", "0", PHP_INI_ALL, OnUpdateLong, gc_probability, php_ps_globals, ps_globals) + STD_PHP_INI_ENTRY("session.gc_divisor", "100", PHP_INI_ALL, OnUpdateLong, gc_divisor, php_ps_globals, ps_globals) + STD_PHP_INI_ENTRY("session.gc_maxlifetime", "1440", PHP_INI_ALL, OnUpdateLong, gc_maxlifetime, php_ps_globals, ps_globals) + PHP_INI_ENTRY("session.serialize_handler", "php", PHP_INI_ALL, OnUpdateSerializer) +diff -uNr php-5.0.4.orig/php.ini-dist php-5.0.4/php.ini-dist +--- php-5.0.4.orig/php.ini-dist 2005-03-01 01:25:09.000000000 +0100 ++++ php-5.0.4/php.ini-dist 2005-04-27 11:14:32.929965200 +0200 +@@ -441,7 +441,7 @@ + ;;;;;;;;;;;;;;;;;;;;;;;;; + + ; UNIX: "/path1:/path2" +-;include_path = ".:/php/includes" ++;include_path = ".:/usr/share/php" + ; + ; Windows: "\path1;\path2" + ;include_path = ".;c:\php\includes" +@@ -458,7 +458,7 @@ + user_dir = + + ; Directory in which the loadable extensions (modules) reside. +-extension_dir = "./" ++; extension_dir = "./" + + ; Whether or not to enable the dl() function. The dl() function does NOT work + ; properly in multithreaded servers, such as IIS or Zeus, and is automatically +@@ -560,46 +560,10 @@ + ; extension_dir directive above. + + +-; Windows Extensions +-; Note that ODBC support is built in, so no dll is needed for it. +-; Note that many DLL files are located in the extensions/ (PHP 4) ext/ (PHP 5) +-; extension folders as well as the separate PECL DLL download (PHP 5). +-; Be sure to appropriately set the extension_dir directive. +- +-;extension=php_mbstring.dll +-;extension=php_bz2.dll +-;extension=php_curl.dll +-;extension=php_dba.dll +-;extension=php_dbase.dll +-;extension=php_exif.dll +-;extension=php_fdf.dll +-;extension=php_filepro.dll +-;extension=php_gd2.dll +-;extension=php_gettext.dll +-;extension=php_ifx.dll +-;extension=php_imap.dll +-;extension=php_interbase.dll +-;extension=php_ldap.dll +-;extension=php_mcrypt.dll +-;extension=php_mhash.dll +-;extension=php_mime_magic.dll +-;extension=php_ming.dll +-;extension=php_mssql.dll +-;extension=php_msql.dll +-;extension=php_mysql.dll +-;extension=php_oci8.dll +-;extension=php_openssl.dll +-;extension=php_oracle.dll +-;extension=php_pgsql.dll +-;extension=php_shmop.dll +-;extension=php_snmp.dll +-;extension=php_sockets.dll +-;extension=php_sqlite.dll +-;extension=php_sybase_ct.dll +-;extension=php_tidy.dll +-;extension=php_xmlrpc.dll +-;extension=php_xsl.dll ++; Example lines: + ++;extension=mysql.so ++;extension=gd.so + + ;;;;;;;;;;;;;;;;;;; + ; Module Settings ; +@@ -878,7 +837,7 @@ + ; + ; where MODE is the octal representation of the mode. Note that this + ; does not overwrite the process's umask. +-;session.save_path = "/tmp" ++;session.save_path = /var/lib/php5 + + ; Whether to use cookies. + session.use_cookies = 1 +@@ -911,7 +870,10 @@ + ; e.g. 1/100 means there is a 1% chance that the GC process starts + ; on each request. + +-session.gc_probability = 1 ++; This is disabled in the Debian packages, due to the strict permissions ++; on /var/lib/php5. Instead of setting this here, see the cronjob at ++; /etc/cron.d/php5, which uses the session.gc_maxlifetime setting below ++;session.gc_probability = 0 + session.gc_divisor = 100 + + ; After this number of seconds, stored data will be seen as 'garbage' and +diff -uNr php-5.0.4.orig/php.ini-recommended php-5.0.4/php.ini-recommended +--- php-5.0.4.orig/php.ini-recommended 2005-03-01 01:25:09.000000000 +0100 ++++ php-5.0.4/php.ini-recommended 2005-04-27 11:14:32.930965048 +0200 +@@ -499,7 +499,7 @@ + ;;;;;;;;;;;;;;;;;;;;;;;;; + + ; UNIX: "/path1:/path2" +-;include_path = ".:/php/includes" ++;include_path = ".:/usr/share/php" + ; + ; Windows: "\path1;\path2" + ;include_path = ".;c:\php\includes" +@@ -516,7 +516,7 @@ + user_dir = + + ; Directory in which the loadable extensions (modules) reside. +-extension_dir = "./" ++;extension_dir = "./" + + ; Whether or not to enable the dl() function. The dl() function does NOT work + ; properly in multithreaded servers, such as IIS or Zeus, and is automatically +@@ -617,47 +617,10 @@ + ; needs to go here. Specify the location of the extension with the + ; extension_dir directive above. + ++; Example lines: + +-; Windows Extensions +-; Note that ODBC support is built in, so no dll is needed for it. +-; Note that many DLL files are located in the extensions/ (PHP 4) ext/ (PHP 5) +-; extension folders as well as the separate PECL DLL download (PHP 5). +-; Be sure to appropriately set the extension_dir directive. +- +-;extension=php_mbstring.dll +-;extension=php_bz2.dll +-;extension=php_curl.dll +-;extension=php_dba.dll +-;extension=php_dbase.dll +-;extension=php_exif.dll +-;extension=php_fdf.dll +-;extension=php_filepro.dll +-;extension=php_gd2.dll +-;extension=php_gettext.dll +-;extension=php_ifx.dll +-;extension=php_imap.dll +-;extension=php_interbase.dll +-;extension=php_ldap.dll +-;extension=php_mcrypt.dll +-;extension=php_mhash.dll +-;extension=php_mime_magic.dll +-;extension=php_ming.dll +-;extension=php_mssql.dll +-;extension=php_msql.dll +-;extension=php_mysql.dll +-;extension=php_oci8.dll +-;extension=php_openssl.dll +-;extension=php_oracle.dll +-;extension=php_pgsql.dll +-;extension=php_shmop.dll +-;extension=php_snmp.dll +-;extension=php_sockets.dll +-;extension=php_sqlite.dll +-;extension=php_sybase_ct.dll +-;extension=php_tidy.dll +-;extension=php_xmlrpc.dll +-;extension=php_xsl.dll +- ++;extension=mysql.so ++;extension=gd.so + + ;;;;;;;;;;;;;;;;;;; + ; Module Settings ; +@@ -936,7 +894,7 @@ + ; + ; where MODE is the octal representation of the mode. Note that this + ; does not overwrite the process's umask. +-;session.save_path = "/tmp" ++;session.save_path = /var/lib/php5 + + ; Whether to use cookies. + session.use_cookies = 1 +@@ -969,7 +927,10 @@ + ; e.g. 1/100 means there is a 1% chance that the GC process starts + ; on each request. + +-session.gc_probability = 1 ++; This is disabled in the Debian packages, due to the strict permissions ++; on /var/lib/php5. Instead of setting this here, see the cronjob at ++; /etc/cron.d/php5, which uses the session.gc_maxlifetime setting below ++;session.gc_probability = 0 + session.gc_divisor = 1000 + + ; After this number of seconds, stored data will be seen as 'garbage' and +diff -uNr php-5.0.4.orig/sapi/caudium/config.m4 php-5.0.4/sapi/caudium/config.m4 +--- php-5.0.4.orig/sapi/caudium/config.m4 2004-01-17 14:00:10.000000000 +0100 ++++ php-5.0.4/sapi/caudium/config.m4 2005-04-27 11:14:32.935964288 +0200 +@@ -24,8 +24,8 @@ + AC_MSG_ERROR(Couldn't find a pike in $withval/bin/) + fi + if $PIKE -e 'float v; int rel;sscanf(version(), "Pike v%f release %d", v, rel);v += rel/10000.0; if(v < 7.0268) exit(1); exit(0);'; then +- PIKE_MODULE_DIR=`$PIKE --show-paths 2>&1| grep '^Module' | sed -e 's/.*: //'` +- PIKE_INCLUDE_DIR=`echo $PIKE_MODULE_DIR | sed -e 's,lib/pike/modules,include/pike,' -e 's,lib/modules,include/pike,' ` ++ PIKE_MODULE_DIR=`$PIKE --show-paths 2>&1| grep '^Master file' | sed -e 's/.*: //' -e 's/master.pike/modules/'` ++ PIKE_INCLUDE_DIR=`echo $PIKE_MODULE_DIR | sed -e 's,lib/modules,,' -e 's,modules,include,' ` + if test -z "$PIKE_INCLUDE_DIR" || test -z "$PIKE_MODULE_DIR"; then + AC_MSG_ERROR(Failed to figure out Pike module and include directories) + fi +@@ -82,7 +82,9 @@ + PIKE_VERSION=`$PIKE -e 'string v; int rel;sscanf(version(), "Pike v%s release %d", v, rel); write(v+"."+rel);'` + AC_DEFINE(HAVE_CAUDIUM,1,[Whether to compile with Caudium support]) + PHP_SELECT_SAPI(caudium, shared, caudium.c) +- INSTALL_IT="\$(INSTALL) -m 0755 $SAPI_SHARED $withval/lib/$PIKE_VERSION/PHP5.so" ++ dnl FIXME: This is the ugliest hack in the world! ++ dnl INSTALL_IT="\$(mkinstalldirs) \$(INSTALL_ROOT)$withval/lib/$PIKE_VERSION/ && \$(INSTALL) -m 0755 $SAPI_SHARED \$(INSTALL_ROOT)$withval/lib/$PIKE_VERSION/php5.so" ++ INSTALL_IT="\$(mkinstalldirs) \$(INSTALL_ROOT)$withval/lib/$PIKE_VERSION/ && \$(INSTALL) -m 0755 .$SAPI_SHARED \$(INSTALL_ROOT)$withval/lib/$PIKE_VERSION/PHP5.so" + RESULT=" *** Pike binary used: $PIKE + *** Pike include dir(s) used: $PIKE_INCLUDE_DIR + *** Pike version: $PIKE_VERSION" +diff -uNr php-5.0.4.orig/sapi/cli/php.1.in php-5.0.4/sapi/cli/php.1.in +--- php-5.0.4.orig/sapi/cli/php.1.in 2004-05-02 11:14:02.000000000 +0200 ++++ php-5.0.4/sapi/cli/php.1.in 2005-04-27 11:14:32.936964136 +0200 +@@ -296,13 +296,17 @@ + .B name + .SH FILES + .TP 15 +-.B php\-cli.ini ++.B /etc/php5/cli/php.ini + The configuration file for the CLI version of PHP. + .TP +-.B php.ini +-The standard configuration file will only be used when +-.B php\-cli.ini +-cannot be found. ++.B /etc/php5/cgi/php.ini ++The configuration file for the CGI version of PHP. ++.TP ++.B /etc/php5/apache/php.ini ++The configuration file for the version of PHP that apache uses. ++.TP ++.B /etc/php5/apache2/php.ini ++The configuration file for the version of PHP that apache2 uses. + .SH EXAMPLES + .TP 5 + \fIphp -r 'echo "Hello World\\n";'\fP +diff -uNr php-5.0.4.orig/scripts/Makefile.frag php-5.0.4/scripts/Makefile.frag +--- php-5.0.4.orig/scripts/Makefile.frag 2005-02-28 06:28:25.000000000 +0100 ++++ php-5.0.4/scripts/Makefile.frag 2005-04-27 11:14:32.936964136 +0200 +@@ -3,8 +3,8 @@ + # Build environment install + # + +-phpincludedir = $(includedir)/php +-phpbuilddir = $(libdir)/build ++phpincludedir = $(includedir)/php5 ++phpbuilddir = $(prefix)/lib/php5/build + + BUILD_FILES = \ + scripts/phpize.m4 \ +diff -uNr php-5.0.4.orig/scripts/php-config.in php-5.0.4/scripts/php-config.in +--- php-5.0.4.orig/scripts/php-config.in 2005-03-16 07:36:54.000000000 +0100 ++++ php-5.0.4/scripts/php-config.in 2005-04-27 11:14:32.936964136 +0200 +@@ -3,7 +3,7 @@ + prefix="@prefix@" + exec_prefix="@exec_prefix@" + version="@PHP_VERSION@" +-includedir="@includedir@/php" ++includedir="@includedir@/php5" + includes="-I$includedir -I$includedir/main -I$includedir/TSRM -I$includedir/Zend -I$includedir/ext" + ldflags="@PHP_LDFLAGS@" + libs="@EXTRA_LIBS@" +diff -uNr php-5.0.4.orig/scripts/phpize.in php-5.0.4/scripts/phpize.in +--- php-5.0.4.orig/scripts/phpize.in 2005-01-25 13:54:57.000000000 +0100 ++++ php-5.0.4/scripts/phpize.in 2005-04-27 11:14:32.943963072 +0200 +@@ -3,8 +3,8 @@ + # Variable declaration + prefix='@prefix@' + exec_prefix="`eval echo @exec_prefix@`" +-phpdir="`eval echo @libdir@`/build" +-includedir="`eval echo @includedir@`/php" ++phpdir="$prefix/lib/php5/build" ++includedir="$prefix/include/php5" + builddir="`pwd`" + + FILES_BUILD="mkdep.awk scan_makefile_in.awk shtool libtool.m4" --- php5-5.1.2.orig/debian/patches/001-libtool_fixes.patch +++ php5-5.1.2/debian/patches/001-libtool_fixes.patch @@ -0,0 +1,26 @@ +diff -urN php4-4.3.4.orig/TSRM/configure.in php4-4.3.4/TSRM/configure.in +--- php4-4.3.4.orig/TSRM/configure.in 2001-08-08 06:26:21.000000000 -0400 ++++ php4-4.3.4/TSRM/configure.in 2004-02-16 00:57:50.000000000 -0500 +@@ -13,9 +13,6 @@ + TSRM_THREADS_CHECKS + + AM_PROG_LIBTOOL +-if test "$enable_debug" != "yes"; then +- AM_SET_LIBTOOL_VARIABLE([--silent]) +-fi + + dnl TSRM_PTHREAD + +diff -urN php4-4.3.4.orig/configure.in php4-4.3.4/configure.in +--- php4-4.3.4.orig/configure.in 2003-11-02 17:15:05.000000000 -0500 ++++ php4-4.3.4/configure.in 2004-02-16 01:00:52.000000000 -0500 +@@ -1226,9 +1226,6 @@ + + LDFLAGS="$LDFLAGS $PHP_AIX_LDFLAGS" + AC_PROG_LIBTOOL +-if test "$enable_debug" != "yes"; then +- PHP_SET_LIBTOOL_VARIABLE([--silent]) +-fi + + dnl libtool 1.4.3 needs this. + PHP_SET_LIBTOOL_VARIABLE([--preserve-dup-deps]) --- php5-5.1.2.orig/debian/patches/200-chdir_openbasedir_bypass.patch +++ php5-5.1.2/debian/patches/200-chdir_openbasedir_bypass.patch @@ -0,0 +1,12 @@ +diff -Nurp orig/ext/standard/dir.c new/ext/standard/dir.c +--- orig/ext/standard/dir.c 2006-11-02 10:05:59.000000000 +0000 ++++ new/ext/standard/dir.c 2006-11-02 10:06:40.000000000 +0000 +@@ -286,7 +286,7 @@ PHP_FUNCTION(chdir) + RETURN_FALSE; + } + +- if (PG(safe_mode) && !php_checkuid(str, NULL, CHECKUID_CHECK_FILE_AND_DIR)) { ++ if ((PG(safe_mode) && !php_checkuid(str, NULL, CHECKUID_CHECK_FILE_AND_DIR)) || php_check_open_basedir(str TSRMLS_CC)) { + RETURN_FALSE; + } + ret = VCWD_CHDIR(str); --- php5-5.1.2.orig/debian/patches/121-CVE-2007-2511_userfilters.patch +++ php5-5.1.2/debian/patches/121-CVE-2007-2511_userfilters.patch @@ -0,0 +1,36 @@ +--- old/ext/standard/user_filters.c 2007/01/19 14:50:11 1.31.2.4.2.5 ++++ new/ext/standard/user_filters.c 2007/01/25 00:27:19 1.31.2.4.2.6 +@@ -256,6 +256,7 @@ + zval *obj, *zfilter; + zval func_name; + zval *retval = NULL; ++ int len; + + /* some sanity checks */ + if (persistent) { +@@ -264,9 +265,10 @@ + return NULL; + } + ++ len = strlen(filtername); ++ + /* determine the classname/class entry */ +- if (FAILURE == zend_hash_find(BG(user_filter_map), (char*)filtername, +- strlen(filtername), (void**)&fdat)) { ++ if (FAILURE == zend_hash_find(BG(user_filter_map), (char*)filtername, len, (void**)&fdat)) { + char *period; + + /* Userspace Filters using ambiguous wildcards could cause problems. +@@ -275,10 +277,10 @@ + TODO: Allow failed userfilter creations to continue + scanning through the list */ + if ((period = strrchr(filtername, '.'))) { +- char *wildcard; ++ char *wildcard = emalloc(len + 3); + + /* Search for wildcard matches instead */ +- wildcard = estrdup(filtername); ++ memcpy(wildcard, filtername, len + 1); /* copy \0 */ + period = wildcard + (period - filtername); + while (period) { + *period = '\0'; --- php5-5.1.2.orig/debian/php5-module.prerm +++ php5-5.1.2/debian/php5-module.prerm @@ -0,0 +1,42 @@ +#!/bin/sh + +set -e + +#DEBHELPER# + +if [ "$1" != "remove" -a "$1" != "purge" ]; then + exit 0 +fi + +EXTENSIONRE="^[[:space:]]*extension[[:space:]]*=[[:space:]]*@dsoname@\.so" + +. /usr/share/debconf/confmodule + +for SAPI in `find /etc/php5/ -type d -maxdepth 1 -mindepth 1 | sed -e's#.*/##'` +do + # Use the same question for all extensions, because it's only + # used once per package: right here. + if [ -f "/etc/php5/$SAPI/php.ini" ] \ + && grep -q "$EXTENSIONRE" /etc/php5/$SAPI/php.ini + then + db_set php5/remove_extension true + db_title "PHP" + db_subst php5/remove_extension extname @extname@ + db_subst php5/remove_extension sapiconfig $SAPI + db_input low php5/remove_extension || true + db_go + + db_get php5/remove_extension + if [ "$RET" = "true" ]; then + grep -v "$EXTENSIONRE" < /etc/php5/$SAPI/php.ini \ + > /etc/php5/$SAPI/php.ini.@dsoname@remove + chmod --reference=/etc/php5/$SAPI/php.ini \ + /etc/php5/$SAPI/php.ini.@dsoname@remove + mv /etc/php5/$SAPI/php.ini.@dsoname@remove \ + /etc/php5/$SAPI/php.ini + fi + db_fset php5/remove_extension seen false + fi +done + +exit 0 --- php5-5.1.2.orig/debian/php5-common.README.Debian +++ php5-5.1.2/debian/php5-common.README.Debian @@ -0,0 +1,93 @@ +Using php5 with threaded webservers (eg. apache2-mpm-worker, caudium) +--------------------------------------------------------------------- + + After much back-and-forth with upstream (and even building our + packages thread-safe for a while), we're currently admitting defeat + on that front, and are NOT building any thread-safe versions of + PHP for any webservers. Our recommendation is that, if you need + to use a threaded webserver, you should use php5-cgi in either + 'normal' CGI mode, or in FastCGI mode. + +Adam Conrad Sun, 06 Feb 2005 08:24:56 -0700 + + +Problems starting apache with php5 +---------------------------------- + + At the time of writing, there are no *known* incompatibilities + between any of the php5 modules we ship. However, there have been + many bug reports in the past due to dynamically-loaded extensions, + and it's possible there are still bugs in the released packages. If + Apache fails to start after you install php5, check your list of + enabled extensions at the bottom of /etc/php5/apache/php.ini, and try + commenting out or reordering the extensions until you find a + combination that works. + + For example, in the past the mhash extension was incompatible with + some other common extensions. To work around this, you could list + the mhash extension first in php.ini. + + If you find an extension-related bug in the Debian packages, and you + are willing to help debug the problem, please send us a bug report + that lists all enabled PHP5 extensions (extension=), in the order + in which they appear in php.ini, as well as all enabled Apache modules + (LoadModule), with version numbers where possible. + +Steve Langasek Fri, 26 Apr 2002 13:39:00 -0500 + + +Session storage +--------------- + + Session files are stored in /var/lib/php5. For security purposes, this + directory is unreadable by non-root users. This means that php5 running + from apache, for example, will not be able to clean up stale session + files. Instead, we have a cron job run every 30 mins that cleans up + stale session files; /etc/cron.d/php5. You may need to modify how + often this runs, if you've modified session.gc_maxlifetime in your + php.ini; otherwise, it may be too lax or overly aggressive in cleaning + out stale session files. + +Andres Salomon Fri, 03 Sep 2004 03:12:54 -0400 + + +Other caveats +------------- + + * extension_dir and include_path should be commented out, if you don't need + special settings for them so php will look in compiled-in paths. If you set + them, you should also add appropriate php install directories there. + +php5-cgi and apache/apache2 +--------------------------- + +In 99% of cases, what you probably want isn't php5-cgi at all, but rather +the libapache-mod-php5 or libapache2-mod-php5 package, which will configure +themselves on installation and Just Work(tm). If, however, you have a need +to use the CGI version of php5 with apache/apache2, the following should +help get you going, though there are dozens of different ways to do this. + +Please note that this process will never be made automatic, as php5-cgi +is meant to be a webserver-agnostic package that can be used with any +httpd, and we don't want it to conflict with the httpd-specific packages +such as libapache-mod-php5. If both were installed side-by-side and both +were automatically enabled, the results would be a bit confusing, obviously. + +If you want to use php5-cgi in apache + 1) activate mod_action (apache-modconf apache enable mod_actions) + 2) Add the following to a config snippet in /etc/apache/conf.d + + Action application/x-httpd-php /cgi-bin/php5 + + +To use php5-cgi with apache2 + 1) activate CGI (it's on by default in default debian setups) + a) If using the prefork MPM, use 'a2enmod cgi' + b) If using a threaded MPM, use 'a2enmod cgid' + 2) activate mod_actions (a2enmod actions) + 3) Add the following to a config snippet in /etc/apache2/conf.d + + Action application/x-httpd-php /cgi-bin/php5 + + +Adam Conrad Sat, 04 Sep 2004 23:04:26 -0600 --- php5-5.1.2.orig/debian/watch +++ php5-5.1.2/debian/watch @@ -0,0 +1,2 @@ +version=2 +http://www.php.net/downloads.php /get/php-(5\.[0-9\.]*)\.tar\.gz/from/a/mirror --- php5-5.1.2.orig/debian/libapache2-mod-php5.postrm +++ php5-5.1.2/debian/libapache2-mod-php5.postrm @@ -0,0 +1,42 @@ +#! /bin/sh +# postrm script for #PACKAGE# +# +# see: dh_installdeb(1) + +set -e + +# summary of how this script can be called: +# * `remove' +# * `purge' +# * `upgrade' +# * `failed-upgrade' +# * `abort-install' +# * `abort-install' +# * `abort-upgrade' +# * `disappear' overwrit>r> +# for details, see /usr/share/doc/packaging-manual/ + +case "$1" in + remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear) + + + ;; + + purge) + rm -rf /etc/php5/apache2 + if [ -d /etc/php5 ]; then + rmdir --ignore-fail-on-non-empty /etc/php5 + fi + ;; + *) + echo "postrm called with unknown argument \`$1'" >&2 + exit 0 + +esac + +# dh_installdeb will replace this with shell code automatically +# generated by other debhelper scripts. + +#DEBHELPER# + +exit 0 --- php5-5.1.2.orig/debian/php5-common.TODO +++ php5-5.1.2/debian/php5-common.TODO @@ -0,0 +1,7 @@ +- Debconf: support removing of extension lines from php.ini on + dpkg-reconfigure, not just adding. Adjust wording of debconf template + to match. +- move default config files out of /usr/share/doc/php5/examples, per + policy +- more modules +- roxen support (oh my) --- php5-5.1.2.orig/debian/copyright.header +++ php5-5.1.2/debian/copyright.header @@ -0,0 +1,20 @@ +This package was debianized by Gergely Madarasz on +Tue, 16 Nov 1999 19:33:42 +0100. + +The last maintainer was Petr Cech , who did a LOT of +work on these packages. + +The current maintainer is Adam Conrad , who gets a +significant chunk of input and help from Steve Langasek +and Andres Salomon . + +It was downloaded from www.php.net/version5/downloads +Changes: removed ext/dbase dir (non-free) + +Upstream Authors: The PHP group for PHP5, Andi Gutmans and Zeev Suraski +for libzend + +Two different licences apply to this package, one for PHP5, the other for +libzend. Both licences are shown here below. + + --- php5-5.1.2.orig/debian/php5-common.postrm +++ php5-5.1.2/debian/php5-common.postrm @@ -0,0 +1,12 @@ +#! /bin/bash + +set -e + +if [ "$1" = "purge" ] +then + rm -rf /var/lib/php5 +fi + +#DEBHELPER# + +exit 0 --- php5-5.1.2.orig/ext/xml/tests/bug49687.phpt +++ php5-5.1.2/ext/xml/tests/bug49687.phpt @@ -0,0 +1,24 @@ +--TEST-- +Bug #49687 Several utf8_decode deficiencies and vulnerabilities +--SKIPIF-- + +--FILE-- += (chars_need)) +#define utf8_lead(c) ((c) < 0x80 || ((c) >= 0xC2 && (c) <= 0xF4)) +#define utf8_trail(c) ((c) >= 0x80 && (c) <= 0xBF) + +/* {{{ php_next_utf8_char + */ +static inline unsigned int php_next_utf8_char( + const unsigned char *str, + size_t str_len, + size_t *cursor, + int *status) +{ + size_t pos = *cursor; + unsigned int this_char = 0; + unsigned char c; + + *status = SUCCESS; + + if (!CHECK_LEN(pos, 1)) + MB_FAILURE(pos, 1); + + /* We'll follow strategy 2. from section 3.6.1 of UTR #36: + * "In a reported illegal byte sequence, do not include any + * non-initial byte that encodes a valid character or is a leading + * byte for a valid sequence. */ + c = str[pos]; + if (c < 0x80) { + this_char = c; + pos++; + } else if (c < 0xc2) { + MB_FAILURE(pos, 1); + } else if (c < 0xe0) { + if (!CHECK_LEN(pos, 2)) + MB_FAILURE(pos, 1); + + if (!utf8_trail(str[pos + 1])) { + MB_FAILURE(pos, utf8_lead(str[pos + 1]) ? 1 : 2); + } + this_char = ((c & 0x1f) << 6) | (str[pos + 1] & 0x3f); + if (this_char < 0x80) { /* non-shortest form */ + MB_FAILURE(pos, 2); + } + pos += 2; + } else if (c < 0xf0) { + size_t avail = str_len - pos; + + if (avail < 3 || + !utf8_trail(str[pos + 1]) || !utf8_trail(str[pos + 2])) { + if (avail < 2 || utf8_lead(str[pos + 1])) + MB_FAILURE(pos, 1); + else if (avail < 3 || utf8_lead(str[pos + 2])) + MB_FAILURE(pos, 2); + else + MB_FAILURE(pos, 3); + } + + this_char = ((c & 0x0f) << 12) | ((str[pos + 1] & 0x3f) << 6) | (str[pos + 2] & 0x3f); + if (this_char < 0x800) { /* non-shortest form */ + MB_FAILURE(pos, 3); + } else if (this_char >= 0xd800 && this_char <= 0xdfff) { /* surrogate */ + MB_FAILURE(pos, 3); + } + pos += 3; + } else if (c < 0xf5) { + size_t avail = str_len - pos; + + if (avail < 4 || + !utf8_trail(str[pos + 1]) || !utf8_trail(str[pos + 2]) || + !utf8_trail(str[pos + 3])) { + if (avail < 2 || utf8_lead(str[pos + 1])) + MB_FAILURE(pos, 1); + else if (avail < 3 || utf8_lead(str[pos + 2])) + MB_FAILURE(pos, 2); + else if (avail < 4 || utf8_lead(str[pos + 3])) + MB_FAILURE(pos, 3); + else + MB_FAILURE(pos, 4); + } + + this_char = ((c & 0x07) << 18) | ((str[pos + 1] & 0x3f) << 12) | ((str[pos + 2] & 0x3f) << 6) | (str[pos + 3] & 0x3f); + if (this_char < 0x10000 || this_char > 0x10FFFF) { /* non-shortest form or outside range */ + MB_FAILURE(pos, 4); + } + pos += 4; + } else { + MB_FAILURE(pos, 1); + } + + *cursor = pos; + return this_char; +} +/* }}} */ + + /* {{{ xml_utf8_decode */ PHPAPI char *xml_utf8_decode(const XML_Char *s, int len, int *newlen, const XML_Char *encoding) { - int pos = len; + size_t pos = 0; char *newbuf = emalloc(len + 1); - unsigned short c; + unsigned int c; char (*decoder)(unsigned short) = NULL; xml_encoding *enc = xml_get_encoding(encoding); @@ -579,24 +680,15 @@ newbuf[*newlen] = '\0'; return newbuf; } - while (pos > 0) { - c = (unsigned char)(*s); - if (c >= 0xf0) { /* four bytes encoded, 21 bits */ - c = ((s[0]&7)<<18) | ((s[1]&63)<<12) | ((s[2]&63)<<6) | (s[3]&63); - s += 4; - pos -= 4; - } else if (c >= 0xe0) { /* three bytes encoded, 16 bits */ - c = ((s[0]&63)<<12) | ((s[1]&63)<<6) | (s[2]&63); - s += 3; - pos -= 3; - } else if (c >= 0xc0) { /* two bytes encoded, 11 bits */ - c = ((s[0]&63)<<6) | (s[1]&63); - s += 2; - pos -= 2; - } else { - s++; - pos--; + + while (pos < (size_t)len) { + int status = FAILURE; + c = php_next_utf8_char((const unsigned char*)s, (size_t) len, &pos, &status); + + if (status == FAILURE || c > 0xFFU) { + c = '?'; } + newbuf[*newlen] = decoder ? decoder(c) : c; ++*newlen; }