--- php5-5.3.10.orig/install-sh +++ php5-5.3.10/install-sh @@ -0,0 +1,520 @@ +#!/bin/sh +# install - install a program, script, or datafile + +scriptversion=2009-04-28.21; # UTC + +# This originates from X11R5 (mit/util/scripts/install.sh), which was +# later released in X11R6 (xc/config/util/install.sh) with the +# following copyright and license. +# +# Copyright (C) 1994 X Consortium +# +# Permission is hereby granted, free of charge, to any person obtaining a copy +# of this software and associated documentation files (the "Software"), to +# deal in the Software without restriction, including without limitation the +# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or +# sell copies of the Software, and to permit persons to whom the Software is +# furnished to do so, subject to the following conditions: +# +# The above copyright notice and this permission notice shall be included in +# all copies or substantial portions of the Software. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +# X CONSORTIUM BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN +# AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNEC- +# TION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. +# +# Except as contained in this notice, the name of the X Consortium shall not +# be used in advertising or otherwise to promote the sale, use or other deal- +# ings in this Software without prior written authorization from the X Consor- +# tium. +# +# +# FSF changes to this file are in the public domain. +# +# Calling this script install-sh is preferred over install.sh, to prevent +# `make' implicit rules from creating a file called install from it +# when there is no Makefile. +# +# This script is compatible with the BSD install script, but was written +# from scratch. + +nl=' +' +IFS=" "" $nl" + +# set DOITPROG to echo to test this script + +# Don't use :- since 4.3BSD and earlier shells don't like it. +doit=${DOITPROG-} +if test -z "$doit"; then + doit_exec=exec +else + doit_exec=$doit +fi + +# Put in absolute file names if you don't have them in your path; +# or use environment vars. + +chgrpprog=${CHGRPPROG-chgrp} +chmodprog=${CHMODPROG-chmod} +chownprog=${CHOWNPROG-chown} +cmpprog=${CMPPROG-cmp} +cpprog=${CPPROG-cp} +mkdirprog=${MKDIRPROG-mkdir} +mvprog=${MVPROG-mv} +rmprog=${RMPROG-rm} +stripprog=${STRIPPROG-strip} + +posix_glob='?' +initialize_posix_glob=' + test "$posix_glob" != "?" || { + if (set -f) 2>/dev/null; then + posix_glob= + else + posix_glob=: + fi + } +' + +posix_mkdir= + +# Desired mode of installed file. +mode=0755 + +chgrpcmd= +chmodcmd=$chmodprog +chowncmd= +mvcmd=$mvprog +rmcmd="$rmprog -f" +stripcmd= + +src= +dst= +dir_arg= +dst_arg= + +copy_on_change=false +no_target_directory= + +usage="\ +Usage: $0 [OPTION]... [-T] SRCFILE DSTFILE + or: $0 [OPTION]... SRCFILES... DIRECTORY + or: $0 [OPTION]... -t DIRECTORY SRCFILES... + or: $0 [OPTION]... -d DIRECTORIES... + +In the 1st form, copy SRCFILE to DSTFILE. +In the 2nd and 3rd, copy all SRCFILES to DIRECTORY. +In the 4th, create DIRECTORIES. + +Options: + --help display this help and exit. + --version display version info and exit. + + -c (ignored) + -C install only if different (preserve the last data modification time) + -d create directories instead of installing files. + -g GROUP $chgrpprog installed files to GROUP. + -m MODE $chmodprog installed files to MODE. + -o USER $chownprog installed files to USER. + -s $stripprog installed files. + -t DIRECTORY install into DIRECTORY. + -T report an error if DSTFILE is a directory. + +Environment variables override the default commands: + CHGRPPROG CHMODPROG CHOWNPROG CMPPROG CPPROG MKDIRPROG MVPROG + RMPROG STRIPPROG +" + +while test $# -ne 0; do + case $1 in + -c) ;; + + -C) copy_on_change=true;; + + -d) dir_arg=true;; + + -g) chgrpcmd="$chgrpprog $2" + shift;; + + --help) echo "$usage"; exit $?;; + + -m) mode=$2 + case $mode in + *' '* | *' '* | *' +'* | *'*'* | *'?'* | *'['*) + echo "$0: invalid mode: $mode" >&2 + exit 1;; + esac + shift;; + + -o) chowncmd="$chownprog $2" + shift;; + + -s) stripcmd=$stripprog;; + + -t) dst_arg=$2 + shift;; + + -T) no_target_directory=true;; + + --version) echo "$0 $scriptversion"; exit $?;; + + --) shift + break;; + + -*) echo "$0: invalid option: $1" >&2 + exit 1;; + + *) break;; + esac + shift +done + +if test $# -ne 0 && test -z "$dir_arg$dst_arg"; then + # When -d is used, all remaining arguments are directories to create. + # When -t is used, the destination is already specified. + # Otherwise, the last argument is the destination. Remove it from $@. + for arg + do + if test -n "$dst_arg"; then + # $@ is not empty: it contains at least $arg. + set fnord "$@" "$dst_arg" + shift # fnord + fi + shift # arg + dst_arg=$arg + done +fi + +if test $# -eq 0; then + if test -z "$dir_arg"; then + echo "$0: no input file specified." >&2 + exit 1 + fi + # It's OK to call `install-sh -d' without argument. + # This can happen when creating conditional directories. + exit 0 +fi + +if test -z "$dir_arg"; then + trap '(exit $?); exit' 1 2 13 15 + + # Set umask so as not to create temps with too-generous modes. + # However, 'strip' requires both read and write access to temps. + case $mode in + # Optimize common cases. + *644) cp_umask=133;; + *755) cp_umask=22;; + + *[0-7]) + if test -z "$stripcmd"; then + u_plus_rw= + else + u_plus_rw='% 200' + fi + cp_umask=`expr '(' 777 - $mode % 1000 ')' $u_plus_rw`;; + *) + if test -z "$stripcmd"; then + u_plus_rw= + else + u_plus_rw=,u+rw + fi + cp_umask=$mode$u_plus_rw;; + esac +fi + +for src +do + # Protect names starting with `-'. + case $src in + -*) src=./$src;; + esac + + if test -n "$dir_arg"; then + dst=$src + dstdir=$dst + test -d "$dstdir" + dstdir_status=$? + else + + # Waiting for this to be detected by the "$cpprog $src $dsttmp" command + # might cause directories to be created, which would be especially bad + # if $src (and thus $dsttmp) contains '*'. + if test ! -f "$src" && test ! -d "$src"; then + echo "$0: $src does not exist." >&2 + exit 1 + fi + + if test -z "$dst_arg"; then + echo "$0: no destination specified." >&2 + exit 1 + fi + + dst=$dst_arg + # Protect names starting with `-'. + case $dst in + -*) dst=./$dst;; + esac + + # If destination is a directory, append the input filename; won't work + # if double slashes aren't ignored. + if test -d "$dst"; then + if test -n "$no_target_directory"; then + echo "$0: $dst_arg: Is a directory" >&2 + exit 1 + fi + dstdir=$dst + dst=$dstdir/`basename "$src"` + dstdir_status=0 + else + # Prefer dirname, but fall back on a substitute if dirname fails. + dstdir=` + (dirname "$dst") 2>/dev/null || + expr X"$dst" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$dst" : 'X\(//\)[^/]' \| \ + X"$dst" : 'X\(//\)$' \| \ + X"$dst" : 'X\(/\)' \| . 2>/dev/null || + echo X"$dst" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ + s//\1/ + q + } + /^X\(\/\/\)[^/].*/{ + s//\1/ + q + } + /^X\(\/\/\)$/{ + s//\1/ + q + } + /^X\(\/\).*/{ + s//\1/ + q + } + s/.*/./; q' + ` + + test -d "$dstdir" + dstdir_status=$? + fi + fi + + obsolete_mkdir_used=false + + if test $dstdir_status != 0; then + case $posix_mkdir in + '') + # Create intermediate dirs using mode 755 as modified by the umask. + # This is like FreeBSD 'install' as of 1997-10-28. + umask=`umask` + case $stripcmd.$umask in + # Optimize common cases. + *[2367][2367]) mkdir_umask=$umask;; + .*0[02][02] | .[02][02] | .[02]) mkdir_umask=22;; + + *[0-7]) + mkdir_umask=`expr $umask + 22 \ + - $umask % 100 % 40 + $umask % 20 \ + - $umask % 10 % 4 + $umask % 2 + `;; + *) mkdir_umask=$umask,go-w;; + esac + + # With -d, create the new directory with the user-specified mode. + # Otherwise, rely on $mkdir_umask. + if test -n "$dir_arg"; then + mkdir_mode=-m$mode + else + mkdir_mode= + fi + + posix_mkdir=false + case $umask in + *[123567][0-7][0-7]) + # POSIX mkdir -p sets u+wx bits regardless of umask, which + # is incompatible with FreeBSD 'install' when (umask & 300) != 0. + ;; + *) + tmpdir=${TMPDIR-/tmp}/ins$RANDOM-$$ + trap 'ret=$?; rmdir "$tmpdir/d" "$tmpdir" 2>/dev/null; exit $ret' 0 + + if (umask $mkdir_umask && + exec $mkdirprog $mkdir_mode -p -- "$tmpdir/d") >/dev/null 2>&1 + then + if test -z "$dir_arg" || { + # Check for POSIX incompatibilities with -m. + # HP-UX 11.23 and IRIX 6.5 mkdir -m -p sets group- or + # other-writeable bit of parent directory when it shouldn't. + # FreeBSD 6.1 mkdir -m -p sets mode of existing directory. + ls_ld_tmpdir=`ls -ld "$tmpdir"` + case $ls_ld_tmpdir in + d????-?r-*) different_mode=700;; + d????-?--*) different_mode=755;; + *) false;; + esac && + $mkdirprog -m$different_mode -p -- "$tmpdir" && { + ls_ld_tmpdir_1=`ls -ld "$tmpdir"` + test "$ls_ld_tmpdir" = "$ls_ld_tmpdir_1" + } + } + then posix_mkdir=: + fi + rmdir "$tmpdir/d" "$tmpdir" + else + # Remove any dirs left behind by ancient mkdir implementations. + rmdir ./$mkdir_mode ./-p ./-- 2>/dev/null + fi + trap '' 0;; + esac;; + esac + + if + $posix_mkdir && ( + umask $mkdir_umask && + $doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir" + ) + then : + else + + # The umask is ridiculous, or mkdir does not conform to POSIX, + # or it failed possibly due to a race condition. Create the + # directory the slow way, step by step, checking for races as we go. + + case $dstdir in + /*) prefix='/';; + -*) prefix='./';; + *) prefix='';; + esac + + eval "$initialize_posix_glob" + + oIFS=$IFS + IFS=/ + $posix_glob set -f + set fnord $dstdir + shift + $posix_glob set +f + IFS=$oIFS + + prefixes= + + for d + do + test -z "$d" && continue + + prefix=$prefix$d + if test -d "$prefix"; then + prefixes= + else + if $posix_mkdir; then + (umask=$mkdir_umask && + $doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir") && break + # Don't fail if two instances are running concurrently. + test -d "$prefix" || exit 1 + else + case $prefix in + *\'*) qprefix=`echo "$prefix" | sed "s/'/'\\\\\\\\''/g"`;; + *) qprefix=$prefix;; + esac + prefixes="$prefixes '$qprefix'" + fi + fi + prefix=$prefix/ + done + + if test -n "$prefixes"; then + # Don't fail if two instances are running concurrently. + (umask $mkdir_umask && + eval "\$doit_exec \$mkdirprog $prefixes") || + test -d "$dstdir" || exit 1 + obsolete_mkdir_used=true + fi + fi + fi + + if test -n "$dir_arg"; then + { test -z "$chowncmd" || $doit $chowncmd "$dst"; } && + { test -z "$chgrpcmd" || $doit $chgrpcmd "$dst"; } && + { test "$obsolete_mkdir_used$chowncmd$chgrpcmd" = false || + test -z "$chmodcmd" || $doit $chmodcmd $mode "$dst"; } || exit 1 + else + + # Make a couple of temp file names in the proper directory. + dsttmp=$dstdir/_inst.$$_ + rmtmp=$dstdir/_rm.$$_ + + # Trap to clean up those temp files at exit. + trap 'ret=$?; rm -f "$dsttmp" "$rmtmp" && exit $ret' 0 + + # Copy the file name to the temp name. + (umask $cp_umask && $doit_exec $cpprog "$src" "$dsttmp") && + + # and set any options; do chmod last to preserve setuid bits. + # + # If any of these fail, we abort the whole thing. If we want to + # ignore errors from any of these, just make sure not to ignore + # errors from the above "$doit $cpprog $src $dsttmp" command. + # + { test -z "$chowncmd" || $doit $chowncmd "$dsttmp"; } && + { test -z "$chgrpcmd" || $doit $chgrpcmd "$dsttmp"; } && + { test -z "$stripcmd" || $doit $stripcmd "$dsttmp"; } && + { test -z "$chmodcmd" || $doit $chmodcmd $mode "$dsttmp"; } && + + # If -C, don't bother to copy if it wouldn't change the file. + if $copy_on_change && + old=`LC_ALL=C ls -dlL "$dst" 2>/dev/null` && + new=`LC_ALL=C ls -dlL "$dsttmp" 2>/dev/null` && + + eval "$initialize_posix_glob" && + $posix_glob set -f && + set X $old && old=:$2:$4:$5:$6 && + set X $new && new=:$2:$4:$5:$6 && + $posix_glob set +f && + + test "$old" = "$new" && + $cmpprog "$dst" "$dsttmp" >/dev/null 2>&1 + then + rm -f "$dsttmp" + else + # Rename the file to the real destination. + $doit $mvcmd -f "$dsttmp" "$dst" 2>/dev/null || + + # The rename failed, perhaps because mv can't rename something else + # to itself, or perhaps because mv is so ancient that it does not + # support -f. + { + # Now remove or move aside any old file at destination location. + # We try this two ways since rm can't unlink itself on some + # systems and the destination file might be busy for other + # reasons. In this case, the final cleanup might fail but the new + # file should still install successfully. + { + test ! -f "$dst" || + $doit $rmcmd -f "$dst" 2>/dev/null || + { $doit $mvcmd -f "$dst" "$rmtmp" 2>/dev/null && + { $doit $rmcmd -f "$rmtmp" 2>/dev/null; :; } + } || + { echo "$0: cannot unlink or rename $dst" >&2 + (exit 1); exit 1 + } + } && + + # Now rename the file to the real destination. + $doit $mvcmd "$dsttmp" "$dst" + } + fi || exit 1 + + trap '' 0 + fi +done + +# Local variables: +# eval: (add-hook 'write-file-hooks 'time-stamp) +# time-stamp-start: "scriptversion=" +# time-stamp-format: "%:y-%02m-%02d.%02H" +# time-stamp-time-zone: "UTC" +# time-stamp-end: "; # UTC" +# End: --- php5-5.3.10.orig/ltmain.sh +++ php5-5.3.10/ltmain.sh @@ -1,52 +1,89 @@ -# ltmain.sh - Provide generalized library-building support services. -# NOTE: Changing this file will not affect anything until you rerun configure. -# + +# libtool (GNU libtool) 2.4 +# Written by Gordon Matzigkeit , 1996 + # Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2003, 2004, 2005, 2006, -# 2007, 2008 Free Software Foundation, Inc. -# Originally by Gordon Matzigkeit , 1996 -# -# This program is free software; you can redistribute it and/or modify +# 2007, 2008, 2009, 2010 Free Software Foundation, Inc. +# This is free software; see the source for copying conditions. There is NO +# warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + +# GNU Libtool is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # -# This program is distributed in the hope that it will be useful, but +# As a special exception to the GNU General Public License, +# if you distribute this file as part of a program or library that +# is built using GNU Libtool, you may include this file under the +# same distribution terms that you use for the rest of that program. +# +# GNU Libtool is distributed in the hope that it will be useful, but # WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU # General Public License for more details. # # You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. -# -# As a special exception to the GNU General Public License, if you -# distribute this file as part of a program that contains a -# configuration script generated by Autoconf, you may include it under -# the same distribution terms that you use for the rest of that program. - -basename="s,^.*/,,g" - -# Work around backward compatibility issue on IRIX 6.5. On IRIX 6.4+, sh -# is ksh but when the shell is invoked as "sh" and the current value of -# the _XPG environment variable is not equal to 1 (one), the special -# positional parameter $0, within a function call, is the name of the -# function. -progpath="$0" - -# The name of this program: -progname=`echo "$progpath" | $SED $basename` -modename="$progname" +# along with GNU Libtool; see the file COPYING. If not, a copy +# can be downloaded from http://www.gnu.org/licenses/gpl.html, +# or obtained by writing to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. -# Global variables: -EXIT_SUCCESS=0 -EXIT_FAILURE=1 +# Usage: $progname [OPTION]... [MODE-ARG]... +# +# Provide generalized library-building support services. +# +# --config show all configuration variables +# --debug enable verbose shell tracing +# -n, --dry-run display commands without modifying any files +# --features display basic configuration information and exit +# --mode=MODE use operation mode MODE +# --preserve-dup-deps don't remove duplicate dependency libraries +# --quiet, --silent don't print informational messages +# --no-quiet, --no-silent +# print informational messages (default) +# --tag=TAG use configuration variables from tag TAG +# -v, --verbose print more informational messages than default +# --no-verbose don't print the extra informational messages +# --version print version information +# -h, --help, --help-all print short, long, or detailed help message +# +# MODE must be one of the following: +# +# clean remove files from the build directory +# compile compile a source file into a libtool object +# execute automatically set library path, then run a program +# finish complete the installation of libtool libraries +# install install libraries or executables +# link create a library or an executable +# uninstall remove libraries from an installed directory +# +# MODE-ARGS vary depending on the MODE. When passed as first option, +# `--mode=MODE' may be abbreviated as `MODE' or a unique abbreviation of that. +# Try `$progname --help --mode=MODE' for a more detailed description of MODE. +# +# When reporting a bug, please describe a test case to reproduce it and +# include the following information: +# +# host-triplet: $host +# shell: $SHELL +# compiler: $LTCC +# compiler flags: $LTCFLAGS +# linker: $LD (gnu? $with_gnu_ld) +# $progname: (GNU libtool) 2.4 Debian-2.4-2ubuntu1 +# automake: $automake_version +# autoconf: $autoconf_version +# +# Report bugs to . +# GNU libtool home page: . +# General help using GNU software: . -PROGRAM=ltmain.sh +PROGRAM=libtool PACKAGE=libtool -VERSION=1.5.26 -TIMESTAMP=" (1.1220.2.492 2008/01/30 06:40:56)" +VERSION="2.4 Debian-2.4-2ubuntu1" +TIMESTAMP="" +package_revision=1.3293 -# Be Bourne compatible (taken from Autoconf:_AS_BOURNE_COMPATIBLE). +# Be Bourne compatible if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then emulate sh NULLCMD=: @@ -60,104 +97,462 @@ BIN_SH=xpg4; export BIN_SH # for Tru64 DUALCASE=1; export DUALCASE # for MKS sh -# Check that we have a working $echo. -if test "X$1" = X--no-reexec; then - # Discard the --no-reexec flag, and continue. - shift -elif test "X$1" = X--fallback-echo; then - # Avoid inline document here, it may be left over - : -elif test "X`($echo '\t') 2>/dev/null`" = 'X\t'; then - # Yippee, $echo works! - : -else - # Restart under the correct shell, and then maybe $echo will work. - exec $SHELL "$progpath" --no-reexec ${1+"$@"} -fi - -if test "X$1" = X--fallback-echo; then - # used as fallback echo - shift - cat <&2 - $echo "Fatal configuration error. See the $PACKAGE docs for more information." 1>&2 - exit $EXIT_FAILURE -fi +dirname="s,/[^/]*$,," +basename="s,^.*/,," -# Global variables. -mode=$default_mode -nonopt= -prev= -prevopt= -run= -show="$echo" -show_help= -execute_dlfiles= -duplicate_deps=no -preserve_args= -lo2o="s/\\.lo\$/.${objext}/" -o2lo="s/\\.${objext}\$/.lo/" -extracted_archives= -extracted_serial=0 +# func_dirname file append nondir_replacement +# Compute the dirname of FILE. If nonempty, add APPEND to the result, +# otherwise set result to NONDIR_REPLACEMENT. +func_dirname () +{ + func_dirname_result=`$ECHO "${1}" | $SED "$dirname"` + if test "X$func_dirname_result" = "X${1}"; then + func_dirname_result="${3}" + else + func_dirname_result="$func_dirname_result${2}" + fi +} # func_dirname may be replaced by extended shell implementation + + +# func_basename file +func_basename () +{ + func_basename_result=`$ECHO "${1}" | $SED "$basename"` +} # func_basename may be replaced by extended shell implementation + + +# func_dirname_and_basename file append nondir_replacement +# perform func_basename and func_dirname in a single function +# call: +# dirname: Compute the dirname of FILE. If nonempty, +# add APPEND to the result, otherwise set result +# to NONDIR_REPLACEMENT. +# value returned in "$func_dirname_result" +# basename: Compute filename of FILE. +# value retuned in "$func_basename_result" +# Implementation must be kept synchronized with func_dirname +# and func_basename. For efficiency, we do not delegate to +# those functions but instead duplicate the functionality here. +func_dirname_and_basename () +{ + # Extract subdirectory from the argument. + func_dirname_result=`$ECHO "${1}" | $SED -e "$dirname"` + if test "X$func_dirname_result" = "X${1}"; then + func_dirname_result="${3}" + else + func_dirname_result="$func_dirname_result${2}" + fi + func_basename_result=`$ECHO "${1}" | $SED -e "$basename"` +} # func_dirname_and_basename may be replaced by extended shell implementation + + +# func_stripname prefix suffix name +# strip PREFIX and SUFFIX off of NAME. +# PREFIX and SUFFIX must not contain globbing or regex special +# characters, hashes, percent signs, but SUFFIX may contain a leading +# dot (in which case that matches only a dot). +# func_strip_suffix prefix name +func_stripname () +{ + case ${2} in + .*) func_stripname_result=`$ECHO "${3}" | $SED "s%^${1}%%; s%\\\\${2}\$%%"`;; + *) func_stripname_result=`$ECHO "${3}" | $SED "s%^${1}%%; s%${2}\$%%"`;; + esac +} # func_stripname may be replaced by extended shell implementation + + +# These SED scripts presuppose an absolute path with a trailing slash. +pathcar='s,^/\([^/]*\).*$,\1,' +pathcdr='s,^/[^/]*,,' +removedotparts=':dotsl + s@/\./@/@g + t dotsl + s,/\.$,/,' +collapseslashes='s@/\{1,\}@/@g' +finalslash='s,/*$,/,' + +# func_normal_abspath PATH +# Remove doubled-up and trailing slashes, "." path components, +# and cancel out any ".." path components in PATH after making +# it an absolute path. +# value returned in "$func_normal_abspath_result" +func_normal_abspath () +{ + # Start from root dir and reassemble the path. + func_normal_abspath_result= + func_normal_abspath_tpath=$1 + func_normal_abspath_altnamespace= + case $func_normal_abspath_tpath in + "") + # Empty path, that just means $cwd. + func_stripname '' '/' "`pwd`" + func_normal_abspath_result=$func_stripname_result + return + ;; + # The next three entries are used to spot a run of precisely + # two leading slashes without using negated character classes; + # we take advantage of case's first-match behaviour. + ///*) + # Unusual form of absolute path, do nothing. + ;; + //*) + # Not necessarily an ordinary path; POSIX reserves leading '//' + # and for example Cygwin uses it to access remote file shares + # over CIFS/SMB, so we conserve a leading double slash if found. + func_normal_abspath_altnamespace=/ + ;; + /*) + # Absolute path, do nothing. + ;; + *) + # Relative path, prepend $cwd. + func_normal_abspath_tpath=`pwd`/$func_normal_abspath_tpath + ;; + esac + # Cancel out all the simple stuff to save iterations. We also want + # the path to end with a slash for ease of parsing, so make sure + # there is one (and only one) here. + func_normal_abspath_tpath=`$ECHO "$func_normal_abspath_tpath" | $SED \ + -e "$removedotparts" -e "$collapseslashes" -e "$finalslash"` + while :; do + # Processed it all yet? + if test "$func_normal_abspath_tpath" = / ; then + # If we ascended to the root using ".." the result may be empty now. + if test -z "$func_normal_abspath_result" ; then + func_normal_abspath_result=/ + fi + break + fi + func_normal_abspath_tcomponent=`$ECHO "$func_normal_abspath_tpath" | $SED \ + -e "$pathcar"` + func_normal_abspath_tpath=`$ECHO "$func_normal_abspath_tpath" | $SED \ + -e "$pathcdr"` + # Figure out what to do with it + case $func_normal_abspath_tcomponent in + "") + # Trailing empty path component, ignore it. + ;; + ..) + # Parent dir; strip last assembled component from result. + func_dirname "$func_normal_abspath_result" + func_normal_abspath_result=$func_dirname_result + ;; + *) + # Actual path component, append it. + func_normal_abspath_result=$func_normal_abspath_result/$func_normal_abspath_tcomponent + ;; + esac + done + # Restore leading double-slash if one was found on entry. + func_normal_abspath_result=$func_normal_abspath_altnamespace$func_normal_abspath_result +} + +# func_relative_path SRCDIR DSTDIR +# generates a relative path from SRCDIR to DSTDIR, with a trailing +# slash if non-empty, suitable for immediately appending a filename +# without needing to append a separator. +# value returned in "$func_relative_path_result" +func_relative_path () +{ + func_relative_path_result= + func_normal_abspath "$1" + func_relative_path_tlibdir=$func_normal_abspath_result + func_normal_abspath "$2" + func_relative_path_tbindir=$func_normal_abspath_result + + # Ascend the tree starting from libdir + while :; do + # check if we have found a prefix of bindir + case $func_relative_path_tbindir in + $func_relative_path_tlibdir) + # found an exact match + func_relative_path_tcancelled= + break + ;; + $func_relative_path_tlibdir*) + # found a matching prefix + func_stripname "$func_relative_path_tlibdir" '' "$func_relative_path_tbindir" + func_relative_path_tcancelled=$func_stripname_result + if test -z "$func_relative_path_result"; then + func_relative_path_result=. + fi + break + ;; + *) + func_dirname $func_relative_path_tlibdir + func_relative_path_tlibdir=${func_dirname_result} + if test "x$func_relative_path_tlibdir" = x ; then + # Have to descend all the way to the root! + func_relative_path_result=../$func_relative_path_result + func_relative_path_tcancelled=$func_relative_path_tbindir + break + fi + func_relative_path_result=../$func_relative_path_result + ;; + esac + done + + # Now calculate path; take care to avoid doubling-up slashes. + func_stripname '' '/' "$func_relative_path_result" + func_relative_path_result=$func_stripname_result + func_stripname '/' '/' "$func_relative_path_tcancelled" + if test "x$func_stripname_result" != x ; then + func_relative_path_result=${func_relative_path_result}/${func_stripname_result} + fi + + # Normalisation. If bindir is libdir, return empty string, + # else relative path ending with a slash; either way, target + # file name can be directly appended. + if test ! -z "$func_relative_path_result"; then + func_stripname './' '' "$func_relative_path_result/" + func_relative_path_result=$func_stripname_result + fi +} + +# The name of this program: +func_dirname_and_basename "$progpath" +progname=$func_basename_result + +# Make sure we have an absolute path for reexecution: +case $progpath in + [\\/]*|[A-Za-z]:\\*) ;; + *[\\/]*) + progdir=$func_dirname_result + progdir=`cd "$progdir" && pwd` + progpath="$progdir/$progname" + ;; + *) + save_IFS="$IFS" + IFS=: + for progdir in $PATH; do + IFS="$save_IFS" + test -x "$progdir/$progname" && break + done + IFS="$save_IFS" + test -n "$progdir" || progdir=`pwd` + progpath="$progdir/$progname" + ;; +esac + +# Sed substitution that helps us do robust quoting. It backslashifies +# metacharacters that are still active within double-quoted strings. +Xsed="${SED}"' -e 1s/^X//' +sed_quote_subst='s/\([`"$\\]\)/\\\1/g' + +# Same as above, but do not quote variable references. +double_quote_subst='s/\(["`\\]\)/\\\1/g' + +# Sed substitution that turns a string into a regex matching for the +# string literally. +sed_make_literal_regex='s,[].[^$\\*\/],\\&,g' + +# Sed substitution that converts a w32 file name or path +# which contains forward slashes, into one that contains +# (escaped) backslashes. A very naive implementation. +lt_sed_naive_backslashify='s|\\\\*|\\|g;s|/|\\|g;s|\\|\\\\|g' + +# Re-`\' parameter expansions in output of double_quote_subst that were +# `\'-ed in input to the same. If an odd number of `\' preceded a '$' +# in input to double_quote_subst, that '$' was protected from expansion. +# Since each input `\' is now two `\'s, look for any number of runs of +# four `\'s followed by two `\'s and then a '$'. `\' that '$'. +bs='\\' +bs2='\\\\' +bs4='\\\\\\\\' +dollar='\$' +sed_double_backslash="\ + s/$bs4/&\\ +/g + s/^$bs2$dollar/$bs&/ + s/\\([^$bs]\\)$bs2$dollar/\\1$bs2$bs$dollar/g + s/\n//g" + +# Standard options: +opt_dry_run=false +opt_help=false +opt_quiet=false +opt_verbose=false +opt_warning=: + +# func_echo arg... +# Echo program name prefixed message, along with the current mode +# name if it has been set yet. +func_echo () +{ + $ECHO "$progname: ${opt_mode+$opt_mode: }$*" +} + +# func_verbose arg... +# Echo program name prefixed message in verbose mode only. +func_verbose () +{ + $opt_verbose && func_echo ${1+"$@"} + + # A bug in bash halts the script if the last line of a function + # fails when set -e is in force, so we need another command to + # work around that: + : +} + +# func_echo_all arg... +# Invoke $ECHO with all args, space-separated. +func_echo_all () +{ + $ECHO "$*" +} + +# func_error arg... +# Echo program name prefixed message to standard error. +func_error () +{ + $ECHO "$progname: ${opt_mode+$opt_mode: }"${1+"$@"} 1>&2 +} + +# func_warning arg... +# Echo program name prefixed warning message to standard error. +func_warning () +{ + $opt_warning && $ECHO "$progname: ${opt_mode+$opt_mode: }warning: "${1+"$@"} 1>&2 + + # bash bug again: + : +} + +# func_fatal_error arg... +# Echo program name prefixed message to standard error, and exit. +func_fatal_error () +{ + func_error ${1+"$@"} + exit $EXIT_FAILURE +} + +# func_fatal_help arg... +# Echo program name prefixed message to standard error, followed by +# a help hint, and exit. +func_fatal_help () +{ + func_error ${1+"$@"} + func_fatal_error "$help" +} +help="Try \`$progname --help' for more information." ## default + + +# func_grep expression filename +# Check whether EXPRESSION matches any line of FILENAME, without output. +func_grep () +{ + $GREP "$1" "$2" >/dev/null 2>&1 +} + + +# func_mkdir_p directory-path +# Make sure the entire path to DIRECTORY-PATH is available. +func_mkdir_p () +{ + my_directory_path="$1" + my_dir_list= + + if test -n "$my_directory_path" && test "$opt_dry_run" != ":"; then + + # Protect directory names starting with `-' + case $my_directory_path in + -*) my_directory_path="./$my_directory_path" ;; + esac + + # While some portion of DIR does not yet exist... + while test ! -d "$my_directory_path"; do + # ...make a list in topmost first order. Use a colon delimited + # list incase some portion of path contains whitespace. + my_dir_list="$my_directory_path:$my_dir_list" + + # If the last portion added has no slash in it, the list is done + case $my_directory_path in */*) ;; *) break ;; esac + + # ...otherwise throw away the child directory and loop + my_directory_path=`$ECHO "$my_directory_path" | $SED -e "$dirname"` + done + my_dir_list=`$ECHO "$my_dir_list" | $SED 's,:*$,,'` + + save_mkdir_p_IFS="$IFS"; IFS=':' + for my_dir in $my_dir_list; do + IFS="$save_mkdir_p_IFS" + # mkdir can fail with a `File exist' error if two processes + # try to create one of the directories concurrently. Don't + # stop in that case! + $MKDIR "$my_dir" 2>/dev/null || : + done + IFS="$save_mkdir_p_IFS" + + # Bail out if we (or some other process) failed to create a directory. + test -d "$my_directory_path" || \ + func_fatal_error "Failed to create \`$1'" + fi +} -##################################### -# Shell function definitions: -# This seems to be the best place for them # func_mktempdir [string] # Make a temporary directory that won't clash with other running @@ -167,7 +562,7 @@ { my_template="${TMPDIR-/tmp}/${1-$progname}" - if test "$run" = ":"; then + if test "$opt_dry_run" = ":"; then # Return a directory name, but don't create it in dry-run mode my_tmpdir="${my_template}-$$" else @@ -176,6359 +571,8865 @@ my_tmpdir=`mktemp -d "${my_template}-XXXXXXXX" 2>/dev/null` if test ! -d "$my_tmpdir"; then - # Failing that, at least try and use $RANDOM to avoid a race - my_tmpdir="${my_template}-${RANDOM-0}$$" + # Failing that, at least try and use $RANDOM to avoid a race + my_tmpdir="${my_template}-${RANDOM-0}$$" - save_mktempdir_umask=`umask` - umask 0077 - $mkdir "$my_tmpdir" - umask $save_mktempdir_umask + save_mktempdir_umask=`umask` + umask 0077 + $MKDIR "$my_tmpdir" + umask $save_mktempdir_umask fi # If we're not in dry-run mode, bomb out on failure - test -d "$my_tmpdir" || { - $echo "cannot create temporary directory \`$my_tmpdir'" 1>&2 - exit $EXIT_FAILURE - } + test -d "$my_tmpdir" || \ + func_fatal_error "cannot create temporary directory \`$my_tmpdir'" fi - $echo "X$my_tmpdir" | $Xsed + $ECHO "$my_tmpdir" } -# func_win32_libid arg -# return the library type of file 'arg' -# -# Need a lot of goo to handle *both* DLLs and import libs -# Has to be a shell function in order to 'eat' the argument -# that is supplied when $file_magic_command is called. -func_win32_libid () +# func_quote_for_eval arg +# Aesthetically quote ARG to be evaled later. +# This function returns two values: FUNC_QUOTE_FOR_EVAL_RESULT +# is double-quoted, suitable for a subsequent eval, whereas +# FUNC_QUOTE_FOR_EVAL_UNQUOTED_RESULT has merely all characters +# which are still active within double quotes backslashified. +func_quote_for_eval () { - win32_libid_type="unknown" - win32_fileres=`file -L $1 2>/dev/null` - case $win32_fileres in - *ar\ archive\ import\ library*) # definitely import - win32_libid_type="x86 archive import" - ;; - *ar\ archive*) # could be an import, or static - if eval $OBJDUMP -f $1 | $SED -e '10q' 2>/dev/null | \ - $EGREP -e 'file format pe-i386(.*architecture: i386)?' >/dev/null ; then - win32_nmres=`eval $NM -f posix -A $1 | \ - $SED -n -e '1,100{ - / I /{ - s,.*,import, - p - q - } - }'` - case $win32_nmres in - import*) win32_libid_type="x86 archive import";; - *) win32_libid_type="x86 archive static";; - esac + case $1 in + *[\\\`\"\$]*) + func_quote_for_eval_unquoted_result=`$ECHO "$1" | $SED "$sed_quote_subst"` ;; + *) + func_quote_for_eval_unquoted_result="$1" ;; + esac + + case $func_quote_for_eval_unquoted_result in + # Double-quote args containing shell metacharacters to delay + # word splitting, command substitution and and variable + # expansion for a subsequent eval. + # Many Bourne shells cannot handle close brackets correctly + # in scan sets, so we specify it separately. + *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \ ]*|*]*|"") + func_quote_for_eval_result="\"$func_quote_for_eval_unquoted_result\"" + ;; + *) + func_quote_for_eval_result="$func_quote_for_eval_unquoted_result" + esac +} + + +# func_quote_for_expand arg +# Aesthetically quote ARG to be evaled later; same as above, +# but do not quote variable references. +func_quote_for_expand () +{ + case $1 in + *[\\\`\"]*) + my_arg=`$ECHO "$1" | $SED \ + -e "$double_quote_subst" -e "$sed_double_backslash"` ;; + *) + my_arg="$1" ;; + esac + + case $my_arg in + # Double-quote args containing shell metacharacters to delay + # word splitting and command substitution for a subsequent eval. + # Many Bourne shells cannot handle close brackets correctly + # in scan sets, so we specify it separately. + *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \ ]*|*]*|"") + my_arg="\"$my_arg\"" + ;; + esac + + func_quote_for_expand_result="$my_arg" +} + + +# func_show_eval cmd [fail_exp] +# Unless opt_silent is true, then output CMD. Then, if opt_dryrun is +# not true, evaluate CMD. If the evaluation of CMD fails, and FAIL_EXP +# is given, then evaluate it. +func_show_eval () +{ + my_cmd="$1" + my_fail_exp="${2-:}" + + ${opt_silent-false} || { + func_quote_for_expand "$my_cmd" + eval "func_echo $func_quote_for_expand_result" + } + + if ${opt_dry_run-false}; then :; else + eval "$my_cmd" + my_status=$? + if test "$my_status" -eq 0; then :; else + eval "(exit $my_status); $my_fail_exp" + fi fi +} + + +# func_show_eval_locale cmd [fail_exp] +# Unless opt_silent is true, then output CMD. Then, if opt_dryrun is +# not true, evaluate CMD. If the evaluation of CMD fails, and FAIL_EXP +# is given, then evaluate it. Use the saved locale for evaluation. +func_show_eval_locale () +{ + my_cmd="$1" + my_fail_exp="${2-:}" + + ${opt_silent-false} || { + func_quote_for_expand "$my_cmd" + eval "func_echo $func_quote_for_expand_result" + } + + if ${opt_dry_run-false}; then :; else + eval "$lt_user_locale + $my_cmd" + my_status=$? + eval "$lt_safe_locale" + if test "$my_status" -eq 0; then :; else + eval "(exit $my_status); $my_fail_exp" + fi + fi +} + +# func_tr_sh +# Turn $1 into a string suitable for a shell variable name. +# Result is stored in $func_tr_sh_result. All characters +# not in the set a-zA-Z0-9_ are replaced with '_'. Further, +# if $1 begins with a digit, a '_' is prepended as well. +func_tr_sh () +{ + case $1 in + [0-9]* | *[!a-zA-Z0-9_]*) + func_tr_sh_result=`$ECHO "$1" | $SED 's/^\([0-9]\)/_\1/; s/[^a-zA-Z0-9_]/_/g'` ;; - *DLL*) - win32_libid_type="x86 DLL" - ;; - *executable*) # but shell scripts are "executable" too... - case $win32_fileres in - *MS\ Windows\ PE\ Intel*) - win32_libid_type="x86 DLL" - ;; - esac + * ) + func_tr_sh_result=$1 ;; esac - $echo $win32_libid_type } -# func_infer_tag arg -# Infer tagged configuration to use if any are available and -# if one wasn't chosen via the "--tag" command line option. -# Only attempt this if the compiler in the base compile -# command doesn't match the default compiler. -# arg is usually of the form 'gcc ...' -func_infer_tag () +# func_version +# Echo version message to standard output and exit. +func_version () { - if test -n "$available_tags" && test -z "$tagname"; then - CC_quoted= - for arg in $CC; do - case $arg in - *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \ ]*|*]*|"") - arg="\"$arg\"" - ;; - esac - CC_quoted="$CC_quoted $arg" - done - case $@ in - # Blanks in the command may have been stripped by the calling shell, - # but not from the CC environment variable when configure was run. - " $CC "* | "$CC "* | " `$echo $CC` "* | "`$echo $CC` "* | " $CC_quoted"* | "$CC_quoted "* | " `$echo $CC_quoted` "* | "`$echo $CC_quoted` "*) ;; - # Blanks at the start of $base_compile will cause this to fail - # if we don't check for them as well. - *) - for z in $available_tags; do - if grep "^# ### BEGIN LIBTOOL TAG CONFIG: $z$" < "$progpath" > /dev/null; then - # Evaluate the configuration. - eval "`${SED} -n -e '/^# ### BEGIN LIBTOOL TAG CONFIG: '$z'$/,/^# ### END LIBTOOL TAG CONFIG: '$z'$/p' < $progpath`" - CC_quoted= - for arg in $CC; do - # Double-quote args containing other shell metacharacters. - case $arg in - *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \ ]*|*]*|"") - arg="\"$arg\"" - ;; - esac - CC_quoted="$CC_quoted $arg" - done - case "$@ " in - " $CC "* | "$CC "* | " `$echo $CC` "* | "`$echo $CC` "* | " $CC_quoted"* | "$CC_quoted "* | " `$echo $CC_quoted` "* | "`$echo $CC_quoted` "*) - # The compiler in the base compile command matches - # the one in the tagged configuration. - # Assume this is the tagged configuration we want. - tagname=$z - break - ;; - esac - fi - done - # If $tagname still isn't set, then no tagged configuration - # was found and let the user know that the "--tag" command - # line option must be used. - if test -z "$tagname"; then - $echo "$modename: unable to infer tagged configuration" - $echo "$modename: specify a tag with \`--tag'" 1>&2 - exit $EXIT_FAILURE -# else -# $echo "$modename: using $tagname tagged configuration" - fi - ;; - esac - fi -} + $opt_debug + $SED -n '/(C)/!b go + :more + /\./!{ + N + s/\n# / / + b more + } + :go + /^# '$PROGRAM' (GNU /,/# warranty; / { + s/^# // + s/^# *$// + s/\((C)\)[ 0-9,-]*\( [1-9][0-9]*\)/\1\2/ + p + }' < "$progpath" + exit $? +} -# func_extract_an_archive dir oldlib -func_extract_an_archive () +# func_usage +# Echo short help message to standard output and exit. +func_usage () { - f_ex_an_ar_dir="$1"; shift - f_ex_an_ar_oldlib="$1" + $opt_debug - $show "(cd $f_ex_an_ar_dir && $AR x $f_ex_an_ar_oldlib)" - $run eval "(cd \$f_ex_an_ar_dir && $AR x \$f_ex_an_ar_oldlib)" || exit $? - if ($AR t "$f_ex_an_ar_oldlib" | sort | sort -uc >/dev/null 2>&1); then - : - else - $echo "$modename: ERROR: object name conflicts: $f_ex_an_ar_dir/$f_ex_an_ar_oldlib" 1>&2 - exit $EXIT_FAILURE - fi + $SED -n '/^# Usage:/,/^# *.*--help/ { + s/^# // + s/^# *$// + s/\$progname/'$progname'/ + p + }' < "$progpath" + echo + $ECHO "run \`$progname --help | more' for full usage" + exit $? } -# func_extract_archives gentop oldlib ... -func_extract_archives () +# func_help [NOEXIT] +# Echo long help message to standard output and exit, +# unless 'noexit' is passed as argument. +func_help () { - my_gentop="$1"; shift - my_oldlibs=${1+"$@"} - my_oldobjs="" - my_xlib="" - my_xabs="" - my_xdir="" - my_status="" + $opt_debug - $show "${rm}r $my_gentop" - $run ${rm}r "$my_gentop" - $show "$mkdir $my_gentop" - $run $mkdir "$my_gentop" - my_status=$? - if test "$my_status" -ne 0 && test ! -d "$my_gentop"; then - exit $my_status + $SED -n '/^# Usage:/,/# Report bugs to/ { + :print + s/^# // + s/^# *$// + s*\$progname*'$progname'* + s*\$host*'"$host"'* + s*\$SHELL*'"$SHELL"'* + s*\$LTCC*'"$LTCC"'* + s*\$LTCFLAGS*'"$LTCFLAGS"'* + s*\$LD*'"$LD"'* + s/\$with_gnu_ld/'"$with_gnu_ld"'/ + s/\$automake_version/'"`(automake --version) 2>/dev/null |$SED 1q`"'/ + s/\$autoconf_version/'"`(autoconf --version) 2>/dev/null |$SED 1q`"'/ + p + d + } + /^# .* home page:/b print + /^# General help using/b print + ' < "$progpath" + ret=$? + if test -z "$1"; then + exit $ret fi +} - for my_xlib in $my_oldlibs; do - # Extract the objects. - case $my_xlib in - [\\/]* | [A-Za-z]:[\\/]*) my_xabs="$my_xlib" ;; - *) my_xabs=`pwd`"/$my_xlib" ;; - esac - my_xlib=`$echo "X$my_xlib" | $Xsed -e 's%^.*/%%'` - my_xlib_u=$my_xlib - while :; do - case " $extracted_archives " in - *" $my_xlib_u "*) - extracted_serial=`expr $extracted_serial + 1` - my_xlib_u=lt$extracted_serial-$my_xlib ;; - *) break ;; - esac - done - extracted_archives="$extracted_archives $my_xlib_u" - my_xdir="$my_gentop/$my_xlib_u" +# func_missing_arg argname +# Echo program name prefixed message to standard error and set global +# exit_cmd. +func_missing_arg () +{ + $opt_debug - $show "${rm}r $my_xdir" - $run ${rm}r "$my_xdir" - $show "$mkdir $my_xdir" - $run $mkdir "$my_xdir" - exit_status=$? - if test "$exit_status" -ne 0 && test ! -d "$my_xdir"; then - exit $exit_status - fi - case $host in - *-darwin*) - $show "Extracting $my_xabs" - # Do not bother doing anything if just a dry run - if test -z "$run"; then - darwin_orig_dir=`pwd` - cd $my_xdir || exit $? - darwin_archive=$my_xabs - darwin_curdir=`pwd` - darwin_base_archive=`$echo "X$darwin_archive" | $Xsed -e 's%^.*/%%'` - darwin_arches=`lipo -info "$darwin_archive" 2>/dev/null | $EGREP Architectures 2>/dev/null` - if test -n "$darwin_arches"; then - darwin_arches=`echo "$darwin_arches" | $SED -e 's/.*are://'` - darwin_arch= - $show "$darwin_base_archive has multiple architectures $darwin_arches" - for darwin_arch in $darwin_arches ; do - mkdir -p "unfat-$$/${darwin_base_archive}-${darwin_arch}" - lipo -thin $darwin_arch -output "unfat-$$/${darwin_base_archive}-${darwin_arch}/${darwin_base_archive}" "${darwin_archive}" - cd "unfat-$$/${darwin_base_archive}-${darwin_arch}" - func_extract_an_archive "`pwd`" "${darwin_base_archive}" - cd "$darwin_curdir" - $rm "unfat-$$/${darwin_base_archive}-${darwin_arch}/${darwin_base_archive}" - done # $darwin_arches - ## Okay now we have a bunch of thin objects, gotta fatten them up :) - darwin_filelist=`find unfat-$$ -type f -name \*.o -print -o -name \*.lo -print| xargs basename | sort -u | $NL2SP` - darwin_file= - darwin_files= - for darwin_file in $darwin_filelist; do - darwin_files=`find unfat-$$ -name $darwin_file -print | $NL2SP` - lipo -create -output "$darwin_file" $darwin_files - done # $darwin_filelist - ${rm}r unfat-$$ - cd "$darwin_orig_dir" - else - cd "$darwin_orig_dir" - func_extract_an_archive "$my_xdir" "$my_xabs" - fi # $darwin_arches - fi # $run - ;; - *) - func_extract_an_archive "$my_xdir" "$my_xabs" - ;; - esac - my_oldobjs="$my_oldobjs "`find $my_xdir -name \*.$objext -print -o -name \*.lo -print | $NL2SP` - done - func_extract_archives_result="$my_oldobjs" + func_error "missing argument for $1." + exit_cmd=exit } -# End of Shell function definitions -##################################### -# Darwin sucks -eval std_shrext=\"$shrext_cmds\" -disable_libs=no +# func_split_short_opt shortopt +# Set func_split_short_opt_name and func_split_short_opt_arg shell +# variables after splitting SHORTOPT after the 2nd character. +func_split_short_opt () +{ + my_sed_short_opt='1s/^\(..\).*$/\1/;q' + my_sed_short_rest='1s/^..\(.*\)$/\1/;q' -# Parse our command line options once, thoroughly. -while test "$#" -gt 0 -do - arg="$1" - shift + func_split_short_opt_name=`$ECHO "$1" | $SED "$my_sed_short_opt"` + func_split_short_opt_arg=`$ECHO "$1" | $SED "$my_sed_short_rest"` +} # func_split_short_opt may be replaced by extended shell implementation - case $arg in - -*=*) optarg=`$echo "X$arg" | $Xsed -e 's/[-_a-zA-Z0-9]*=//'` ;; - *) optarg= ;; - esac - # If the previous option needs an argument, assign it. - if test -n "$prev"; then - case $prev in - execute_dlfiles) - execute_dlfiles="$execute_dlfiles $arg" - ;; - tag) - tagname="$arg" - preserve_args="${preserve_args}=$arg" - - # Check whether tagname contains only valid characters - case $tagname in - *[!-_A-Za-z0-9,/]*) - $echo "$progname: invalid tag name: $tagname" 1>&2 - exit $EXIT_FAILURE - ;; - esac +# func_split_long_opt longopt +# Set func_split_long_opt_name and func_split_long_opt_arg shell +# variables after splitting LONGOPT at the `=' sign. +func_split_long_opt () +{ + my_sed_long_opt='1s/^\(--[^=]*\)=.*/\1/;q' + my_sed_long_arg='1s/^--[^=]*=//' - case $tagname in - CC) - # Don't test for the "default" C tag, as we know, it's there, but - # not specially marked. - ;; - *) - if grep "^# ### BEGIN LIBTOOL TAG CONFIG: $tagname$" < "$progpath" > /dev/null; then - taglist="$taglist $tagname" - # Evaluate the configuration. - eval "`${SED} -n -e '/^# ### BEGIN LIBTOOL TAG CONFIG: '$tagname'$/,/^# ### END LIBTOOL TAG CONFIG: '$tagname'$/p' < $progpath`" - else - $echo "$progname: ignoring unknown tag $tagname" 1>&2 - fi - ;; - esac - ;; - *) - eval "$prev=\$arg" - ;; - esac + func_split_long_opt_name=`$ECHO "$1" | $SED "$my_sed_long_opt"` + func_split_long_opt_arg=`$ECHO "$1" | $SED "$my_sed_long_arg"` +} # func_split_long_opt may be replaced by extended shell implementation - prev= - prevopt= - continue - fi +exit_cmd=: - # Have we seen a non-optional argument yet? - case $arg in - --help) - show_help=yes - ;; - --version) - echo "\ -$PROGRAM (GNU $PACKAGE) $VERSION$TIMESTAMP - -Copyright (C) 2008 Free Software Foundation, Inc. -This is free software; see the source for copying conditions. There is NO -warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." - exit $? - ;; - --config) - ${SED} -e '1,/^# ### BEGIN LIBTOOL CONFIG/d' -e '/^# ### END LIBTOOL CONFIG/,$d' $progpath + + +magic="%%%MAGIC variable%%%" +magic_exe="%%%MAGIC EXE variable%%%" + +# Global variables. +nonopt= +preserve_args= +lo2o="s/\\.lo\$/.${objext}/" +o2lo="s/\\.${objext}\$/.lo/" +extracted_archives= +extracted_serial=0 + +# If this variable is set in any of the actions, the command in it +# will be execed at the end. This prevents here-documents from being +# left over by shells. +exec_cmd= + +# func_append var value +# Append VALUE to the end of shell variable VAR. +func_append () +{ + eval "${1}=\$${1}\${2}" +} # func_append may be replaced by extended shell implementation + +# func_append_quoted var value +# Quote VALUE and append to the end of shell variable VAR, separated +# by a space. +func_append_quoted () +{ + func_quote_for_eval "${2}" + eval "${1}=\$${1}\\ \$func_quote_for_eval_result" +} # func_append_quoted may be replaced by extended shell implementation + + +# func_arith arithmetic-term... +func_arith () +{ + func_arith_result=`expr "${@}"` +} # func_arith may be replaced by extended shell implementation + + +# func_len string +# STRING may not start with a hyphen. +func_len () +{ + func_len_result=`expr "${1}" : ".*" 2>/dev/null || echo $max_cmd_len` +} # func_len may be replaced by extended shell implementation + + +# func_lo2o object +func_lo2o () +{ + func_lo2o_result=`$ECHO "${1}" | $SED "$lo2o"` +} # func_lo2o may be replaced by extended shell implementation + + +# func_xform libobj-or-source +func_xform () +{ + func_xform_result=`$ECHO "${1}" | $SED 's/\.[^.]*$/.lo/'` +} # func_xform may be replaced by extended shell implementation + + +# func_fatal_configuration arg... +# Echo program name prefixed message to standard error, followed by +# a configuration failure hint, and exit. +func_fatal_configuration () +{ + func_error ${1+"$@"} + func_error "See the $PACKAGE documentation for more information." + func_fatal_error "Fatal configuration error." +} + + +# func_config +# Display the configuration for all the tags in this script. +func_config () +{ + re_begincf='^# ### BEGIN LIBTOOL' + re_endcf='^# ### END LIBTOOL' + + # Default configuration. + $SED "1,/$re_begincf CONFIG/d;/$re_endcf CONFIG/,\$d" < "$progpath" + # Now print the configurations for the tags. for tagname in $taglist; do - ${SED} -n -e "/^# ### BEGIN LIBTOOL TAG CONFIG: $tagname$/,/^# ### END LIBTOOL TAG CONFIG: $tagname$/p" < "$progpath" + $SED -n "/$re_begincf TAG CONFIG: $tagname\$/,/$re_endcf TAG CONFIG: $tagname\$/p" < "$progpath" done - exit $? - ;; - --debug) - $echo "$progname: enabling shell trace mode" - set -x - preserve_args="$preserve_args $arg" - ;; - - --dry-run | -n) - run=: - ;; + exit $? +} - --features) - $echo "host: $host" +# func_features +# Display the features supported by this script. +func_features () +{ + echo "host: $host" if test "$build_libtool_libs" = yes; then - $echo "enable shared libraries" + echo "enable shared libraries" else - $echo "disable shared libraries" + echo "disable shared libraries" fi if test "$build_old_libs" = yes; then - $echo "enable static libraries" + echo "enable static libraries" else - $echo "disable static libraries" + echo "disable static libraries" fi - exit $? - ;; - --finish) mode="finish" ;; - - --mode) prevopt="--mode" prev=mode ;; - --mode=*) mode="$optarg" ;; + exit $? +} - --preserve-dup-deps) duplicate_deps="yes" ;; +# func_enable_tag tagname +# Verify that TAGNAME is valid, and either flag an error and exit, or +# enable the TAGNAME tag. We also add TAGNAME to the global $taglist +# variable here. +func_enable_tag () +{ + # Global variable: + tagname="$1" - --quiet | --silent) - show=: - preserve_args="$preserve_args $arg" - ;; + re_begincf="^# ### BEGIN LIBTOOL TAG CONFIG: $tagname\$" + re_endcf="^# ### END LIBTOOL TAG CONFIG: $tagname\$" + sed_extractcf="/$re_begincf/,/$re_endcf/p" + + # Validate tagname. + case $tagname in + *[!-_A-Za-z0-9,/]*) + func_fatal_error "invalid tag name: $tagname" + ;; + esac - --tag) - prevopt="--tag" - prev=tag - preserve_args="$preserve_args --tag" - ;; - --tag=*) - set tag "$optarg" ${1+"$@"} - shift - prev=tag - preserve_args="$preserve_args --tag" - ;; + # Don't test for the "default" C tag, as we know it's + # there but not specially marked. + case $tagname in + CC) ;; + *) + if $GREP "$re_begincf" "$progpath" >/dev/null 2>&1; then + taglist="$taglist $tagname" - -dlopen) - prevopt="-dlopen" - prev=execute_dlfiles - ;; + # Evaluate the configuration. Be careful to quote the path + # and the sed script, to avoid splitting on whitespace, but + # also don't use non-portable quotes within backquotes within + # quotes we have to do it in 2 steps: + extractedcf=`$SED -n -e "$sed_extractcf" < "$progpath"` + eval "$extractedcf" + else + func_error "ignoring unknown tag $tagname" + fi + ;; + esac +} - -*) - $echo "$modename: unrecognized option \`$arg'" 1>&2 - $echo "$help" 1>&2 - exit $EXIT_FAILURE - ;; +# func_check_version_match +# Ensure that we are using m4 macros, and libtool script from the same +# release of libtool. +func_check_version_match () +{ + if test "$package_revision" != "$macro_revision"; then + if test "$VERSION" != "$macro_version"; then + if test -z "$macro_version"; then + cat >&2 <<_LT_EOF +$progname: Version mismatch error. This is $PACKAGE $VERSION, but the +$progname: definition of this LT_INIT comes from an older release. +$progname: You should recreate aclocal.m4 with macros from $PACKAGE $VERSION +$progname: and run autoconf again. +_LT_EOF + else + cat >&2 <<_LT_EOF +$progname: Version mismatch error. This is $PACKAGE $VERSION, but the +$progname: definition of this LT_INIT comes from $PACKAGE $macro_version. +$progname: You should recreate aclocal.m4 with macros from $PACKAGE $VERSION +$progname: and run autoconf again. +_LT_EOF + fi + else + cat >&2 <<_LT_EOF +$progname: Version mismatch error. This is $PACKAGE $VERSION, revision $package_revision, +$progname: but the definition of this LT_INIT comes from revision $macro_revision. +$progname: You should recreate aclocal.m4 with macros from revision $package_revision +$progname: of $PACKAGE $VERSION and run autoconf again. +_LT_EOF + fi - *) - nonopt="$arg" - break - ;; - esac -done + exit $EXIT_MISMATCH + fi +} -if test -n "$prevopt"; then - $echo "$modename: option \`$prevopt' requires an argument" 1>&2 - $echo "$help" 1>&2 - exit $EXIT_FAILURE -fi -case $disable_libs in -no) +# Shorthand for --mode=foo, only valid as the first argument +case $1 in +clean|clea|cle|cl) + shift; set dummy --mode clean ${1+"$@"}; shift ;; -shared) - build_libtool_libs=no - build_old_libs=yes +compile|compil|compi|comp|com|co|c) + shift; set dummy --mode compile ${1+"$@"}; shift ;; -static) - build_old_libs=`case $build_libtool_libs in yes) echo no;; *) echo yes;; esac` +execute|execut|execu|exec|exe|ex|e) + shift; set dummy --mode execute ${1+"$@"}; shift + ;; +finish|finis|fini|fin|fi|f) + shift; set dummy --mode finish ${1+"$@"}; shift + ;; +install|instal|insta|inst|ins|in|i) + shift; set dummy --mode install ${1+"$@"}; shift + ;; +link|lin|li|l) + shift; set dummy --mode link ${1+"$@"}; shift + ;; +uninstall|uninstal|uninsta|uninst|unins|unin|uni|un|u) + shift; set dummy --mode uninstall ${1+"$@"}; shift ;; esac -# If this variable is set in any of the actions, the command in it -# will be execed at the end. This prevents here-documents from being -# left over by shells. -exec_cmd= -if test -z "$show_help"; then - # Infer the operation mode. - if test -z "$mode"; then - $echo "*** Warning: inferring the mode of operation is deprecated." 1>&2 - $echo "*** Future versions of Libtool will require --mode=MODE be specified." 1>&2 - case $nonopt in - *cc | cc* | *++ | gcc* | *-gcc* | g++* | xlc*) - mode=link - for arg - do - case $arg in - -c) - mode=compile - break - ;; - esac - done - ;; - *db | *dbx | *strace | *truss) - mode=execute - ;; - *install*|cp|mv) - mode=install - ;; - *rm) - mode=uninstall - ;; - *) - # If we have no mode, but dlfiles were specified, then do execute mode. - test -n "$execute_dlfiles" && mode=execute +# Option defaults: +opt_debug=: +opt_dry_run=false +opt_config=false +opt_preserve_dup_deps=false +opt_features=false +opt_finish=false +opt_help=false +opt_help_all=false +opt_silent=: +opt_verbose=: +opt_silent=false +opt_verbose=false - # Just use the default operation mode. - if test -z "$mode"; then - if test -n "$nonopt"; then - $echo "$modename: warning: cannot infer operation mode from \`$nonopt'" 1>&2 - else - $echo "$modename: warning: cannot infer operation mode without MODE-ARGS" 1>&2 - fi - fi - ;; - esac - fi - # Only execute mode is allowed to have -dlopen flags. - if test -n "$execute_dlfiles" && test "$mode" != execute; then - $echo "$modename: unrecognized option \`-dlopen'" 1>&2 - $echo "$help" 1>&2 - exit $EXIT_FAILURE - fi +# Parse options once, thoroughly. This comes as soon as possible in the +# script to make things like `--version' happen as quickly as we can. +{ + # this just eases exit handling + while test $# -gt 0; do + opt="$1" + shift + case $opt in + --debug|-x) opt_debug='set -x' + func_echo "enabling shell trace mode" + $opt_debug + ;; + --dry-run|--dryrun|-n) + opt_dry_run=: + ;; + --config) + opt_config=: +func_config + ;; + --dlopen|-dlopen) + optarg="$1" + opt_dlopen="${opt_dlopen+$opt_dlopen +}$optarg" + shift + ;; + --preserve-dup-deps) + opt_preserve_dup_deps=: + ;; + --features) + opt_features=: +func_features + ;; + --finish) + opt_finish=: +set dummy --mode finish ${1+"$@"}; shift + ;; + --help) + opt_help=: + ;; + --help-all) + opt_help_all=: +opt_help=': help-all' + ;; + --mode) + test $# = 0 && func_missing_arg $opt && break + optarg="$1" + opt_mode="$optarg" +case $optarg in + # Valid mode arguments: + clean|compile|execute|finish|install|link|relink|uninstall) ;; + + # Catch anything else as an error + *) func_error "invalid argument for $opt" + exit_cmd=exit + break + ;; +esac + shift + ;; + --no-silent|--no-quiet) + opt_silent=false +func_append preserve_args " $opt" + ;; + --no-verbose) + opt_verbose=false +func_append preserve_args " $opt" + ;; + --silent|--quiet) + opt_silent=: +func_append preserve_args " $opt" + opt_verbose=false + ;; + --verbose|-v) + opt_verbose=: +func_append preserve_args " $opt" +opt_silent=false + ;; + --tag) + test $# = 0 && func_missing_arg $opt && break + optarg="$1" + opt_tag="$optarg" +func_append preserve_args " $opt $optarg" +func_enable_tag "$optarg" + shift + ;; - # Change the help message to a mode-specific one. - generic_help="$help" - help="Try \`$modename --help --mode=$mode' for more information." - - # These modes are in order of execution frequency so that they run quickly. - case $mode in - # libtool compile mode - compile) - modename="$modename: compile" - # Get the compilation command and the source file. - base_compile= - srcfile="$nonopt" # always keep a non-empty value in "srcfile" - suppress_opt=yes - suppress_output= - arg_mode=normal - libobj= - later= + -\?|-h) func_usage ;; + --help) func_help ;; + --version) func_version ;; + + # Separate optargs to long options: + --*=*) + func_split_long_opt "$opt" + set dummy "$func_split_long_opt_name" "$func_split_long_opt_arg" ${1+"$@"} + shift + ;; - for arg - do - case $arg_mode in - arg ) - # do not "continue". Instead, add this to base_compile - lastarg="$arg" - arg_mode=normal - ;; + # Separate non-argument short options: + -\?*|-h*|-n*|-v*) + func_split_short_opt "$opt" + set dummy "$func_split_short_opt_name" "-$func_split_short_opt_arg" ${1+"$@"} + shift + ;; - target ) - libobj="$arg" - arg_mode=normal - continue - ;; + --) break ;; + -*) func_fatal_help "unrecognized option \`$opt'" ;; + *) set dummy "$opt" ${1+"$@"}; shift; break ;; + esac + done - normal ) - # Accept any command-line options. - case $arg in - -o) - if test -n "$libobj" ; then - $echo "$modename: you cannot specify \`-o' more than once" 1>&2 - exit $EXIT_FAILURE - fi - arg_mode=target - continue - ;; + # Validate options: - -static | -prefer-pic | -prefer-non-pic) - later="$later $arg" - continue - ;; + # save first non-option argument + if test "$#" -gt 0; then + nonopt="$opt" + shift + fi - -no-suppress) - suppress_opt=no - continue - ;; + # preserve --debug + test "$opt_debug" = : || func_append preserve_args " --debug" - -Xcompiler) - arg_mode=arg # the next one goes into the "base_compile" arg list - continue # The current "srcfile" will either be retained or - ;; # replaced later. I would guess that would be a bug. + case $host in + *cygwin* | *mingw* | *pw32* | *cegcc*) + # don't eliminate duplications in $postdeps and $predeps + opt_duplicate_compiler_generated_deps=: + ;; + *) + opt_duplicate_compiler_generated_deps=$opt_preserve_dup_deps + ;; + esac - -Wc,*) - args=`$echo "X$arg" | $Xsed -e "s/^-Wc,//"` - lastarg= - save_ifs="$IFS"; IFS=',' - for arg in $args; do - IFS="$save_ifs" + $opt_help || { + # Sanity checks first: + func_check_version_match - # Double-quote args containing other shell metacharacters. - # Many Bourne shells cannot handle close brackets correctly - # in scan sets, so we specify it separately. - case $arg in - *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \ ]*|*]*|"") - arg="\"$arg\"" - ;; - esac - lastarg="$lastarg $arg" - done - IFS="$save_ifs" - lastarg=`$echo "X$lastarg" | $Xsed -e "s/^ //"` + if test "$build_libtool_libs" != yes && test "$build_old_libs" != yes; then + func_fatal_configuration "not configured to build any kind of library" + fi - # Add the arguments to base_compile. - base_compile="$base_compile $lastarg" - continue - ;; + # Darwin sucks + eval std_shrext=\"$shrext_cmds\" - * ) - # Accept the current argument as the source file. - # The previous "srcfile" becomes the current argument. - # - lastarg="$srcfile" - srcfile="$arg" - ;; - esac # case $arg - ;; - esac # case $arg_mode + # Only execute mode is allowed to have -dlopen flags. + if test -n "$opt_dlopen" && test "$opt_mode" != execute; then + func_error "unrecognized option \`-dlopen'" + $ECHO "$help" 1>&2 + exit $EXIT_FAILURE + fi - # Aesthetically quote the previous argument. - lastarg=`$echo "X$lastarg" | $Xsed -e "$sed_quote_subst"` + # Change the help message to a mode-specific one. + generic_help="$help" + help="Try \`$progname --help --mode=$opt_mode' for more information." + } - case $lastarg in - # Double-quote args containing other shell metacharacters. - # Many Bourne shells cannot handle close brackets correctly - # in scan sets, and some SunOS ksh mistreat backslash-escaping - # in scan sets (worked around with variable expansion), - # and furthermore cannot handle '|' '&' '(' ')' in scan sets - # at all, so we specify them separately. - *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \ ]*|*]*|"") - lastarg="\"$lastarg\"" - ;; - esac - base_compile="$base_compile $lastarg" - done # for arg + # Bail if the options were screwed + $exit_cmd $EXIT_FAILURE +} - case $arg_mode in - arg) - $echo "$modename: you must specify an argument for -Xcompile" - exit $EXIT_FAILURE - ;; - target) - $echo "$modename: you must specify a target with \`-o'" 1>&2 - exit $EXIT_FAILURE - ;; - *) - # Get the name of the library object. - [ -z "$libobj" ] && libobj=`$echo "X$srcfile" | $Xsed -e 's%^.*/%%'` - ;; - esac - # Recognize several different file suffixes. - # If the user specifies -o file.o, it is replaced with file.lo - xform='[cCFSifmso]' - case $libobj in - *.ada) xform=ada ;; - *.adb) xform=adb ;; - *.ads) xform=ads ;; - *.asm) xform=asm ;; - *.c++) xform=c++ ;; - *.cc) xform=cc ;; - *.ii) xform=ii ;; - *.class) xform=class ;; - *.cpp) xform=cpp ;; - *.cxx) xform=cxx ;; - *.[fF][09]?) xform=[fF][09]. ;; - *.for) xform=for ;; - *.java) xform=java ;; - *.obj) xform=obj ;; - *.sx) xform=sx ;; - esac - libobj=`$echo "X$libobj" | $Xsed -e "s/\.$xform$/.lo/"` - case $libobj in - *.lo) obj=`$echo "X$libobj" | $Xsed -e "$lo2o"` ;; - *) - $echo "$modename: cannot determine name of library object from \`$libobj'" 1>&2 - exit $EXIT_FAILURE - ;; +## ----------- ## +## Main. ## +## ----------- ## + +# func_lalib_p file +# True iff FILE is a libtool `.la' library or `.lo' object file. +# This function is only a basic sanity check; it will hardly flush out +# determined imposters. +func_lalib_p () +{ + test -f "$1" && + $SED -e 4q "$1" 2>/dev/null \ + | $GREP "^# Generated by .*$PACKAGE" > /dev/null 2>&1 +} + +# func_lalib_unsafe_p file +# True iff FILE is a libtool `.la' library or `.lo' object file. +# This function implements the same check as func_lalib_p without +# resorting to external programs. To this end, it redirects stdin and +# closes it afterwards, without saving the original file descriptor. +# As a safety measure, use it only where a negative result would be +# fatal anyway. Works if `file' does not exist. +func_lalib_unsafe_p () +{ + lalib_p=no + if test -f "$1" && test -r "$1" && exec 5<&0 <"$1"; then + for lalib_p_l in 1 2 3 4 + do + read lalib_p_line + case "$lalib_p_line" in + \#\ Generated\ by\ *$PACKAGE* ) lalib_p=yes; break;; + esac + done + exec 0<&5 5<&- + fi + test "$lalib_p" = yes +} + +# func_ltwrapper_script_p file +# True iff FILE is a libtool wrapper script +# This function is only a basic sanity check; it will hardly flush out +# determined imposters. +func_ltwrapper_script_p () +{ + func_lalib_p "$1" +} + +# func_ltwrapper_executable_p file +# True iff FILE is a libtool wrapper executable +# This function is only a basic sanity check; it will hardly flush out +# determined imposters. +func_ltwrapper_executable_p () +{ + func_ltwrapper_exec_suffix= + case $1 in + *.exe) ;; + *) func_ltwrapper_exec_suffix=.exe ;; esac + $GREP "$magic_exe" "$1$func_ltwrapper_exec_suffix" >/dev/null 2>&1 +} - func_infer_tag $base_compile +# func_ltwrapper_scriptname file +# Assumes file is an ltwrapper_executable +# uses $file to determine the appropriate filename for a +# temporary ltwrapper_script. +func_ltwrapper_scriptname () +{ + func_dirname_and_basename "$1" "" "." + func_stripname '' '.exe' "$func_basename_result" + func_ltwrapper_scriptname_result="$func_dirname_result/$objdir/${func_stripname_result}_ltshwrapper" +} - for arg in $later; do - case $arg in - -static) - build_old_libs=yes - continue - ;; +# func_ltwrapper_p file +# True iff FILE is a libtool wrapper script or wrapper executable +# This function is only a basic sanity check; it will hardly flush out +# determined imposters. +func_ltwrapper_p () +{ + func_ltwrapper_script_p "$1" || func_ltwrapper_executable_p "$1" +} - -prefer-pic) - pic_mode=yes - continue - ;; - -prefer-non-pic) - pic_mode=no - continue - ;; - esac +# func_execute_cmds commands fail_cmd +# Execute tilde-delimited COMMANDS. +# If FAIL_CMD is given, eval that upon failure. +# FAIL_CMD may read-access the current command in variable CMD! +func_execute_cmds () +{ + $opt_debug + save_ifs=$IFS; IFS='~' + for cmd in $1; do + IFS=$save_ifs + eval cmd=\"$cmd\" + func_show_eval "$cmd" "${2-:}" done + IFS=$save_ifs +} - qlibobj=`$echo "X$libobj" | $Xsed -e "$sed_quote_subst"` - case $qlibobj in - *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \ ]*|*]*|"") - qlibobj="\"$qlibobj\"" ;; - esac - test "X$libobj" != "X$qlibobj" \ - && $echo "X$libobj" | grep '[]~#^*{};<>?"'"'"' &()|`$[]' \ - && $echo "$modename: libobj name \`$libobj' may not contain shell special characters." - objname=`$echo "X$obj" | $Xsed -e 's%^.*/%%'` - xdir=`$echo "X$obj" | $Xsed -e 's%/[^/]*$%%'` - if test "X$xdir" = "X$obj"; then - xdir= - else - xdir=$xdir/ - fi - lobj=${xdir}$objdir/$objname - if test -z "$base_compile"; then - $echo "$modename: you must specify a compilation command" 1>&2 - $echo "$help" 1>&2 - exit $EXIT_FAILURE - fi +# func_source file +# Source FILE, adding directory component if necessary. +# Note that it is not necessary on cygwin/mingw to append a dot to +# FILE even if both FILE and FILE.exe exist: automatic-append-.exe +# behavior happens only for exec(3), not for open(2)! Also, sourcing +# `FILE.' does not work on cygwin managed mounts. +func_source () +{ + $opt_debug + case $1 in + */* | *\\*) . "$1" ;; + *) . "./$1" ;; + esac +} - # Delete any leftover library objects. - if test "$build_old_libs" = yes; then - removelist="$obj $lobj $libobj ${libobj}T" - else - removelist="$lobj $libobj ${libobj}T" - fi - $run $rm $removelist - trap "$run $rm $removelist; exit $EXIT_FAILURE" 1 2 15 +# func_resolve_sysroot PATH +# Replace a leading = in PATH with a sysroot. Store the result into +# func_resolve_sysroot_result +func_resolve_sysroot () +{ + func_resolve_sysroot_result=$1 + case $func_resolve_sysroot_result in + =*) + func_stripname '=' '' "$func_resolve_sysroot_result" + func_resolve_sysroot_result=$lt_sysroot$func_stripname_result + ;; + esac +} - # On Cygwin there's no "real" PIC flag so we must build both object types - case $host_os in - cygwin* | mingw* | pw32* | os2*) - pic_mode=default - ;; - esac - if test "$pic_mode" = no && test "$deplibs_check_method" != pass_all; then - # non-PIC code in shared libraries is not supported - pic_mode=default - fi +# func_replace_sysroot PATH +# If PATH begins with the sysroot, replace it with = and +# store the result into func_replace_sysroot_result. +func_replace_sysroot () +{ + case "$lt_sysroot:$1" in + ?*:"$lt_sysroot"*) + func_stripname "$lt_sysroot" '' "$1" + func_replace_sysroot_result="=$func_stripname_result" + ;; + *) + # Including no sysroot. + func_replace_sysroot_result=$1 + ;; + esac +} - # Calculate the filename of the output object if compiler does - # not support -o with -c - if test "$compiler_c_o" = no; then - output_obj=`$echo "X$srcfile" | $Xsed -e 's%^.*/%%' -e 's%\.[^.]*$%%'`.${objext} - lockfile="$output_obj.lock" - removelist="$removelist $output_obj $lockfile" - trap "$run $rm $removelist; exit $EXIT_FAILURE" 1 2 15 - else - output_obj= - need_locks=no - lockfile= +# func_infer_tag arg +# Infer tagged configuration to use if any are available and +# if one wasn't chosen via the "--tag" command line option. +# Only attempt this if the compiler in the base compile +# command doesn't match the default compiler. +# arg is usually of the form 'gcc ...' +func_infer_tag () +{ + $opt_debug + if test -n "$available_tags" && test -z "$tagname"; then + CC_quoted= + for arg in $CC; do + func_append_quoted CC_quoted "$arg" + done + CC_expanded=`func_echo_all $CC` + CC_quoted_expanded=`func_echo_all $CC_quoted` + case $@ in + # Blanks in the command may have been stripped by the calling shell, + # but not from the CC environment variable when configure was run. + " $CC "* | "$CC "* | " $CC_expanded "* | "$CC_expanded "* | \ + " $CC_quoted"* | "$CC_quoted "* | " $CC_quoted_expanded "* | "$CC_quoted_expanded "*) ;; + # Blanks at the start of $base_compile will cause this to fail + # if we don't check for them as well. + *) + for z in $available_tags; do + if $GREP "^# ### BEGIN LIBTOOL TAG CONFIG: $z$" < "$progpath" > /dev/null; then + # Evaluate the configuration. + eval "`${SED} -n -e '/^# ### BEGIN LIBTOOL TAG CONFIG: '$z'$/,/^# ### END LIBTOOL TAG CONFIG: '$z'$/p' < $progpath`" + CC_quoted= + for arg in $CC; do + # Double-quote args containing other shell metacharacters. + func_append_quoted CC_quoted "$arg" + done + CC_expanded=`func_echo_all $CC` + CC_quoted_expanded=`func_echo_all $CC_quoted` + case "$@ " in + " $CC "* | "$CC "* | " $CC_expanded "* | "$CC_expanded "* | \ + " $CC_quoted"* | "$CC_quoted "* | " $CC_quoted_expanded "* | "$CC_quoted_expanded "*) + # The compiler in the base compile command matches + # the one in the tagged configuration. + # Assume this is the tagged configuration we want. + tagname=$z + break + ;; + esac + fi + done + # If $tagname still isn't set, then no tagged configuration + # was found and let the user know that the "--tag" command + # line option must be used. + if test -z "$tagname"; then + func_echo "unable to infer tagged configuration" + func_fatal_error "specify a tag with \`--tag'" +# else +# func_verbose "using $tagname tagged configuration" + fi + ;; + esac fi +} - # Lock this critical section if it is needed - # We use this script file to make the link, it avoids creating a new file - if test "$need_locks" = yes; then - until $run ln "$progpath" "$lockfile" 2>/dev/null; do - $show "Waiting for $lockfile to be removed" - sleep 2 - done - elif test "$need_locks" = warn; then - if test -f "$lockfile"; then - $echo "\ -*** ERROR, $lockfile exists and contains: -`cat $lockfile 2>/dev/null` -This indicates that another process is trying to use the same -temporary object file, and libtool could not work around it because -your compiler does not support \`-c' and \`-o' together. If you -repeat this compilation, it may succeed, by chance, but you had better -avoid parallel builds (make -j) in this platform, or get a better -compiler." - $run $rm $removelist - exit $EXIT_FAILURE - fi - $echo "$srcfile" > "$lockfile" +# func_write_libtool_object output_name pic_name nonpic_name +# Create a libtool object file (analogous to a ".la" file), +# but don't create it if we're doing a dry run. +func_write_libtool_object () +{ + write_libobj=${1} + if test "$build_libtool_libs" = yes; then + write_lobj=\'${2}\' + else + write_lobj=none fi - if test -n "$fix_srcfile_path"; then - eval srcfile=\"$fix_srcfile_path\" + if test "$build_old_libs" = yes; then + write_oldobj=\'${3}\' + else + write_oldobj=none fi - qsrcfile=`$echo "X$srcfile" | $Xsed -e "$sed_quote_subst"` - case $qsrcfile in - *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \ ]*|*]*|"") - qsrcfile="\"$qsrcfile\"" ;; - esac - $run $rm "$libobj" "${libobj}T" - - # Create a libtool object file (analogous to a ".la" file), - # but don't create it if we're doing a dry run. - test -z "$run" && cat > ${libobj}T <${write_libobj}T </dev/null` + if test "$?" -eq 0 && test -n "${func_convert_core_file_wine_to_w32_tmp}"; then + func_convert_core_file_wine_to_w32_result=`$ECHO "$func_convert_core_file_wine_to_w32_tmp" | + $SED -e "$lt_sed_naive_backslashify"` + else + func_convert_core_file_wine_to_w32_result= + fi + fi +} +# end: func_convert_core_file_wine_to_w32 - if test -z "$output_obj"; then - $run $rm "$lobj" - # Place PIC objects in $objdir - command="$command -o $lobj" - else - $run $rm "$lobj" "$output_obj" - fi - $show "$command" - if $run eval $lt_env "$command"; then : - else - test -n "$output_obj" && $run $rm $removelist - exit $EXIT_FAILURE +# func_convert_core_path_wine_to_w32 ARG +# Helper function used by path conversion functions when $build is *nix, and +# $host is mingw, cygwin, or some other w32 environment. Relies on a correctly +# configured wine environment available, with the winepath program in $build's +# $PATH. Assumes ARG has no leading or trailing path separator characters. +# +# ARG is path to be converted from $build format to win32. +# Result is available in $func_convert_core_path_wine_to_w32_result. +# Unconvertible file (directory) names in ARG are skipped; if no directory names +# are convertible, then the result may be empty. +func_convert_core_path_wine_to_w32 () +{ + $opt_debug + # unfortunately, winepath doesn't convert paths, only file names + func_convert_core_path_wine_to_w32_result="" + if test -n "$1"; then + oldIFS=$IFS + IFS=: + for func_convert_core_path_wine_to_w32_f in $1; do + IFS=$oldIFS + func_convert_core_file_wine_to_w32 "$func_convert_core_path_wine_to_w32_f" + if test -n "$func_convert_core_file_wine_to_w32_result" ; then + if test -z "$func_convert_core_path_wine_to_w32_result"; then + func_convert_core_path_wine_to_w32_result="$func_convert_core_file_wine_to_w32_result" + else + func_append func_convert_core_path_wine_to_w32_result ";$func_convert_core_file_wine_to_w32_result" + fi fi + done + IFS=$oldIFS + fi +} +# end: func_convert_core_path_wine_to_w32 - if test "$need_locks" = warn && - test "X`cat $lockfile 2>/dev/null`" != "X$srcfile"; then - $echo "\ -*** ERROR, $lockfile contains: -`cat $lockfile 2>/dev/null` -but it should contain: -$srcfile +# func_cygpath ARGS... +# Wrapper around calling the cygpath program via LT_CYGPATH. This is used when +# when (1) $build is *nix and Cygwin is hosted via a wine environment; or (2) +# $build is MSYS and $host is Cygwin, or (3) $build is Cygwin. In case (1) or +# (2), returns the Cygwin file name or path in func_cygpath_result (input +# file name or path is assumed to be in w32 format, as previously converted +# from $build's *nix or MSYS format). In case (3), returns the w32 file name +# or path in func_cygpath_result (input file name or path is assumed to be in +# Cygwin format). Returns an empty string on error. +# +# ARGS are passed to cygpath, with the last one being the file name or path to +# be converted. +# +# Specify the absolute *nix (or w32) name to cygpath in the LT_CYGPATH +# environment variable; do not put it in $PATH. +func_cygpath () +{ + $opt_debug + if test -n "$LT_CYGPATH" && test -f "$LT_CYGPATH"; then + func_cygpath_result=`$LT_CYGPATH "$@" 2>/dev/null` + if test "$?" -ne 0; then + # on failure, ensure result is empty + func_cygpath_result= + fi + else + func_cygpath_result= + func_error "LT_CYGPATH is empty or specifies non-existent file: \`$LT_CYGPATH'" + fi +} +#end: func_cygpath -This indicates that another process is trying to use the same -temporary object file, and libtool could not work around it because -your compiler does not support \`-c' and \`-o' together. If you -repeat this compilation, it may succeed, by chance, but you had better -avoid parallel builds (make -j) in this platform, or get a better -compiler." - $run $rm $removelist - exit $EXIT_FAILURE - fi +# func_convert_core_msys_to_w32 ARG +# Convert file name or path ARG from MSYS format to w32 format. Return +# result in func_convert_core_msys_to_w32_result. +func_convert_core_msys_to_w32 () +{ + $opt_debug + # awkward: cmd appends spaces to result + func_convert_core_msys_to_w32_result=`( cmd //c echo "$1" ) 2>/dev/null | + $SED -e 's/[ ]*$//' -e "$lt_sed_naive_backslashify"` +} +#end: func_convert_core_msys_to_w32 - # Just move the object if needed, then go on to compile the next one - if test -n "$output_obj" && test "X$output_obj" != "X$lobj"; then - $show "$mv $output_obj $lobj" - if $run $mv $output_obj $lobj; then : - else - error=$? - $run $rm $removelist - exit $error - fi - fi - # Append the name of the PIC object to the libtool object file. - test -z "$run" && cat >> ${libobj}T <> ${libobj}T </dev/null`" != "X$srcfile"; then - $echo "\ -*** ERROR, $lockfile contains: -`cat $lockfile 2>/dev/null` -but it should contain: -$srcfile +################################################## +# $build to $host FILE NAME CONVERSION FUNCTIONS # +################################################## +# invoked via `$to_host_file_cmd ARG' +# +# In each case, ARG is the path to be converted from $build to $host format. +# Result will be available in $func_to_host_file_result. -This indicates that another process is trying to use the same -temporary object file, and libtool could not work around it because -your compiler does not support \`-c' and \`-o' together. If you -repeat this compilation, it may succeed, by chance, but you had better -avoid parallel builds (make -j) in this platform, or get a better -compiler." - $run $rm $removelist - exit $EXIT_FAILURE - fi +# func_to_host_file ARG +# Converts the file name ARG from $build format to $host format. Return result +# in func_to_host_file_result. +func_to_host_file () +{ + $opt_debug + $to_host_file_cmd "$1" +} +# end func_to_host_file - # Just move the object if needed - if test -n "$output_obj" && test "X$output_obj" != "X$obj"; then - $show "$mv $output_obj $obj" - if $run $mv $output_obj $obj; then : - else - error=$? - $run $rm $removelist - exit $error - fi - fi - # Append the name of the non-PIC object the libtool object file. - # Only append if the libtool object file exists. - test -z "$run" && cat >> ${libobj}T <> ${libobj}T <&2 - fi - if test -n "$link_static_flag"; then - dlopen_self=$dlopen_self_static - fi - prefer_static_libs=yes - ;; - -static) - if test -z "$pic_flag" && test -n "$link_static_flag"; then - dlopen_self=$dlopen_self_static - fi - prefer_static_libs=built - ;; - -static-libtool-libs) - if test -z "$pic_flag" && test -n "$link_static_flag"; then - dlopen_self=$dlopen_self_static - fi - prefer_static_libs=yes - ;; - esac - build_libtool_libs=no - build_old_libs=yes - break - ;; - esac - done - # See if our shared archives depend on static archives. - test -n "$old_archive_from_new_cmds" && build_old_libs=yes +# func_convert_file_nix_to_cygwin ARG +# Convert file name ARG from *nix to Cygwin format. Requires Cygwin installed +# in a wine environment, working winepath, and LT_CYGPATH set. Returns result +# in func_to_host_file_result. +func_convert_file_nix_to_cygwin () +{ + $opt_debug + func_to_host_file_result="$1" + if test -n "$1"; then + # convert from *nix to w32, then use cygpath to convert from w32 to cygwin. + func_convert_core_file_wine_to_w32 "$1" + func_cygpath -u "$func_convert_core_file_wine_to_w32_result" + func_to_host_file_result="$func_cygpath_result" + fi + func_convert_file_check "$1" "$func_to_host_file_result" +} +# end func_convert_file_nix_to_cygwin - # Go through the arguments, transforming them on the way. - while test "$#" -gt 0; do - arg="$1" - shift - case $arg in - *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \ ]*|*]*|"") - qarg=\"`$echo "X$arg" | $Xsed -e "$sed_quote_subst"`\" ### testsuite: skip nested quoting test - ;; - *) qarg=$arg ;; - esac - libtool_args="$libtool_args $qarg" - # If the previous option needs an argument, assign it. - if test -n "$prev"; then - case $prev in - output) - compile_command="$compile_command @OUTPUT@" - finalize_command="$finalize_command @OUTPUT@" - ;; - esac +############################################# +# $build to $host PATH CONVERSION FUNCTIONS # +############################################# +# invoked via `$to_host_path_cmd ARG' +# +# In each case, ARG is the path to be converted from $build to $host format. +# The result will be available in $func_to_host_path_result. +# +# Path separators are also converted from $build format to $host format. If +# ARG begins or ends with a path separator character, it is preserved (but +# converted to $host format) on output. +# +# All path conversion functions are named using the following convention: +# file name conversion function : func_convert_file_X_to_Y () +# path conversion function : func_convert_path_X_to_Y () +# where, for any given $build/$host combination the 'X_to_Y' value is the +# same. If conversion functions are added for new $build/$host combinations, +# the two new functions must follow this pattern, or func_init_to_host_path_cmd +# will break. - case $prev in - dlfiles|dlprefiles) - if test "$preload" = no; then - # Add the symbol object into the linking commands. - compile_command="$compile_command @SYMFILE@" - finalize_command="$finalize_command @SYMFILE@" - preload=yes - fi - case $arg in - *.la | *.lo) ;; # We handle these cases below. - force) - if test "$dlself" = no; then - dlself=needless - export_dynamic=yes - fi - prev= - continue - ;; - self) - if test "$prev" = dlprefiles; then - dlself=yes - elif test "$prev" = dlfiles && test "$dlopen_self" != yes; then - dlself=yes - else - dlself=needless - export_dynamic=yes - fi - prev= - continue - ;; - *) - if test "$prev" = dlfiles; then - dlfiles="$dlfiles $arg" - else - dlprefiles="$dlprefiles $arg" - fi - prev= - continue - ;; - esac - ;; - expsyms) - export_symbols="$arg" - if test ! -f "$arg"; then - $echo "$modename: symbol file \`$arg' does not exist" - exit $EXIT_FAILURE - fi - prev= - continue - ;; - expsyms_regex) - export_symbols_regex="$arg" - prev= - continue - ;; - inst_prefix) - inst_prefix_dir="$arg" - prev= - continue - ;; - precious_regex) - precious_files_regex="$arg" - prev= - continue - ;; - release) - release="-$arg" - prev= - continue - ;; - objectlist) - if test -f "$arg"; then - save_arg=$arg - moreargs= - for fil in `cat $save_arg` - do -# moreargs="$moreargs $fil" - arg=$fil - # A libtool-controlled object. - # Check to see that this really is a libtool object. - if (${SED} -e '2q' $arg | grep "^# Generated by .*$PACKAGE") >/dev/null 2>&1; then - pic_object= - non_pic_object= +# func_init_to_host_path_cmd +# Ensures that function "pointer" variable $to_host_path_cmd is set to the +# appropriate value, based on the value of $to_host_file_cmd. +to_host_path_cmd= +func_init_to_host_path_cmd () +{ + $opt_debug + if test -z "$to_host_path_cmd"; then + func_stripname 'func_convert_file_' '' "$to_host_file_cmd" + to_host_path_cmd="func_convert_path_${func_stripname_result}" + fi +} - # Read the .lo file - # If there is no directory component, then add one. - case $arg in - */* | *\\*) . $arg ;; - *) . ./$arg ;; - esac - if test -z "$pic_object" || \ - test -z "$non_pic_object" || - test "$pic_object" = none && \ - test "$non_pic_object" = none; then - $echo "$modename: cannot find name of object for \`$arg'" 1>&2 - exit $EXIT_FAILURE - fi +# func_to_host_path ARG +# Converts the path ARG from $build format to $host format. Return result +# in func_to_host_path_result. +func_to_host_path () +{ + $opt_debug + func_init_to_host_path_cmd + $to_host_path_cmd "$1" +} +# end func_to_host_path - # Extract subdirectory from the argument. - xdir=`$echo "X$arg" | $Xsed -e 's%/[^/]*$%%'` - if test "X$xdir" = "X$arg"; then - xdir= - else - xdir="$xdir/" - fi - if test "$pic_object" != none; then - # Prepend the subdirectory the object is found in. - pic_object="$xdir$pic_object" +# func_convert_path_noop ARG +# Copy ARG to func_to_host_path_result. +func_convert_path_noop () +{ + func_to_host_path_result="$1" +} +# end func_convert_path_noop - if test "$prev" = dlfiles; then - if test "$build_libtool_libs" = yes && test "$dlopen_support" = yes; then - dlfiles="$dlfiles $pic_object" - prev= - continue - else - # If libtool objects are unsupported, then we need to preload. - prev=dlprefiles - fi - fi - # CHECK ME: I think I busted this. -Ossama - if test "$prev" = dlprefiles; then - # Preload the old-style object. - dlprefiles="$dlprefiles $pic_object" - prev= - fi +# func_convert_path_msys_to_w32 ARG +# Convert path ARG from (mingw) MSYS to (mingw) w32 format; automatic +# conversion to w32 is not available inside the cwrapper. Returns result in +# func_to_host_path_result. +func_convert_path_msys_to_w32 () +{ + $opt_debug + func_to_host_path_result="$1" + if test -n "$1"; then + # Remove leading and trailing path separator characters from ARG. MSYS + # behavior is inconsistent here; cygpath turns them into '.;' and ';.'; + # and winepath ignores them completely. + func_stripname : : "$1" + func_to_host_path_tmp1=$func_stripname_result + func_convert_core_msys_to_w32 "$func_to_host_path_tmp1" + func_to_host_path_result="$func_convert_core_msys_to_w32_result" + func_convert_path_check : ";" \ + "$func_to_host_path_tmp1" "$func_to_host_path_result" + func_convert_path_front_back_pathsep ":*" "*:" ";" "$1" + fi +} +# end func_convert_path_msys_to_w32 - # A PIC object. - libobjs="$libobjs $pic_object" - arg="$pic_object" - fi - # Non-PIC object. - if test "$non_pic_object" != none; then - # Prepend the subdirectory the object is found in. - non_pic_object="$xdir$non_pic_object" +# func_convert_path_cygwin_to_w32 ARG +# Convert path ARG from Cygwin to w32 format. Returns result in +# func_to_host_file_result. +func_convert_path_cygwin_to_w32 () +{ + $opt_debug + func_to_host_path_result="$1" + if test -n "$1"; then + # See func_convert_path_msys_to_w32: + func_stripname : : "$1" + func_to_host_path_tmp1=$func_stripname_result + func_to_host_path_result=`cygpath -m -p "$func_to_host_path_tmp1"` + func_convert_path_check : ";" \ + "$func_to_host_path_tmp1" "$func_to_host_path_result" + func_convert_path_front_back_pathsep ":*" "*:" ";" "$1" + fi +} +# end func_convert_path_cygwin_to_w32 - # A standard non-PIC object - non_pic_objects="$non_pic_objects $non_pic_object" - if test -z "$pic_object" || test "$pic_object" = none ; then - arg="$non_pic_object" - fi - else - # If the PIC object exists, use it instead. - # $xdir was prepended to $pic_object above. - non_pic_object="$pic_object" - non_pic_objects="$non_pic_objects $non_pic_object" - fi - else - # Only an error if not doing a dry-run. - if test -z "$run"; then - $echo "$modename: \`$arg' is not a valid libtool object" 1>&2 - exit $EXIT_FAILURE - else - # Dry-run case. - # Extract subdirectory from the argument. - xdir=`$echo "X$arg" | $Xsed -e 's%/[^/]*$%%'` - if test "X$xdir" = "X$arg"; then - xdir= - else - xdir="$xdir/" - fi +# func_convert_path_nix_to_w32 ARG +# Convert path ARG from *nix to w32 format. Requires a wine environment and +# a working winepath. Returns result in func_to_host_file_result. +func_convert_path_nix_to_w32 () +{ + $opt_debug + func_to_host_path_result="$1" + if test -n "$1"; then + # See func_convert_path_msys_to_w32: + func_stripname : : "$1" + func_to_host_path_tmp1=$func_stripname_result + func_convert_core_path_wine_to_w32 "$func_to_host_path_tmp1" + func_to_host_path_result="$func_convert_core_path_wine_to_w32_result" + func_convert_path_check : ";" \ + "$func_to_host_path_tmp1" "$func_to_host_path_result" + func_convert_path_front_back_pathsep ":*" "*:" ";" "$1" + fi +} +# end func_convert_path_nix_to_w32 - pic_object=`$echo "X${xdir}${objdir}/${arg}" | $Xsed -e "$lo2o"` - non_pic_object=`$echo "X${xdir}${arg}" | $Xsed -e "$lo2o"` - libobjs="$libobjs $pic_object" - non_pic_objects="$non_pic_objects $non_pic_object" - fi - fi - done - else - $echo "$modename: link input file \`$save_arg' does not exist" - exit $EXIT_FAILURE - fi - arg=$save_arg - prev= - continue - ;; - rpath | xrpath) - # We need an absolute path. - case $arg in - [\\/]* | [A-Za-z]:[\\/]*) ;; - *) - $echo "$modename: only absolute run-paths are allowed" 1>&2 - exit $EXIT_FAILURE - ;; - esac - if test "$prev" = rpath; then - case "$rpath " in - *" $arg "*) ;; - *) rpath="$rpath $arg" ;; - esac - else - case "$xrpath " in - *" $arg "*) ;; - *) xrpath="$xrpath $arg" ;; - esac - fi - prev= - continue - ;; - xcompiler) - compiler_flags="$compiler_flags $qarg" - prev= - compile_command="$compile_command $qarg" - finalize_command="$finalize_command $qarg" + +# func_convert_path_msys_to_cygwin ARG +# Convert path ARG from MSYS to Cygwin format. Requires LT_CYGPATH set. +# Returns result in func_to_host_file_result. +func_convert_path_msys_to_cygwin () +{ + $opt_debug + func_to_host_path_result="$1" + if test -n "$1"; then + # See func_convert_path_msys_to_w32: + func_stripname : : "$1" + func_to_host_path_tmp1=$func_stripname_result + func_convert_core_msys_to_w32 "$func_to_host_path_tmp1" + func_cygpath -u -p "$func_convert_core_msys_to_w32_result" + func_to_host_path_result="$func_cygpath_result" + func_convert_path_check : : \ + "$func_to_host_path_tmp1" "$func_to_host_path_result" + func_convert_path_front_back_pathsep ":*" "*:" : "$1" + fi +} +# end func_convert_path_msys_to_cygwin + + +# func_convert_path_nix_to_cygwin ARG +# Convert path ARG from *nix to Cygwin format. Requires Cygwin installed in a +# a wine environment, working winepath, and LT_CYGPATH set. Returns result in +# func_to_host_file_result. +func_convert_path_nix_to_cygwin () +{ + $opt_debug + func_to_host_path_result="$1" + if test -n "$1"; then + # Remove leading and trailing path separator characters from + # ARG. msys behavior is inconsistent here, cygpath turns them + # into '.;' and ';.', and winepath ignores them completely. + func_stripname : : "$1" + func_to_host_path_tmp1=$func_stripname_result + func_convert_core_path_wine_to_w32 "$func_to_host_path_tmp1" + func_cygpath -u -p "$func_convert_core_path_wine_to_w32_result" + func_to_host_path_result="$func_cygpath_result" + func_convert_path_check : : \ + "$func_to_host_path_tmp1" "$func_to_host_path_result" + func_convert_path_front_back_pathsep ":*" "*:" : "$1" + fi +} +# end func_convert_path_nix_to_cygwin + + +# func_mode_compile arg... +func_mode_compile () +{ + $opt_debug + # Get the compilation command and the source file. + base_compile= + srcfile="$nonopt" # always keep a non-empty value in "srcfile" + suppress_opt=yes + suppress_output= + arg_mode=normal + libobj= + later= + pie_flag= + + for arg + do + case $arg_mode in + arg ) + # do not "continue". Instead, add this to base_compile + lastarg="$arg" + arg_mode=normal + ;; + + target ) + libobj="$arg" + arg_mode=normal + continue + ;; + + normal ) + # Accept any command-line options. + case $arg in + -o) + test -n "$libobj" && \ + func_fatal_error "you cannot specify \`-o' more than once" + arg_mode=target continue ;; - xlinker) - linker_flags="$linker_flags $qarg" - compiler_flags="$compiler_flags $wl$qarg" - prev= - compile_command="$compile_command $wl$qarg" - finalize_command="$finalize_command $wl$qarg" + + -pie | -fpie | -fPIE) + func_append pie_flag " $arg" continue ;; - xcclinker) - linker_flags="$linker_flags $qarg" - compiler_flags="$compiler_flags $qarg" - prev= - compile_command="$compile_command $qarg" - finalize_command="$finalize_command $qarg" + + -shared | -static | -prefer-pic | -prefer-non-pic) + func_append later " $arg" continue ;; - shrext) - shrext_cmds="$arg" - prev= + + -no-suppress) + suppress_opt=no continue ;; - darwin_framework|darwin_framework_skip) - test "$prev" = "darwin_framework" && compiler_flags="$compiler_flags $arg" - compile_command="$compile_command $arg" - finalize_command="$finalize_command $arg" - prev= + + -Xcompiler) + arg_mode=arg # the next one goes into the "base_compile" arg list + continue # The current "srcfile" will either be retained or + ;; # replaced later. I would guess that would be a bug. + + -Wc,*) + func_stripname '-Wc,' '' "$arg" + args=$func_stripname_result + lastarg= + save_ifs="$IFS"; IFS=',' + for arg in $args; do + IFS="$save_ifs" + func_append_quoted lastarg "$arg" + done + IFS="$save_ifs" + func_stripname ' ' '' "$lastarg" + lastarg=$func_stripname_result + + # Add the arguments to base_compile. + func_append base_compile " $lastarg" continue ;; + *) - eval "$prev=\"\$arg\"" - prev= - continue + # Accept the current argument as the source file. + # The previous "srcfile" becomes the current argument. + # + lastarg="$srcfile" + srcfile="$arg" ;; - esac - fi # test -n "$prev" - - prevarg="$arg" - - case $arg in - -all-static) - if test -n "$link_static_flag"; then - compile_command="$compile_command $link_static_flag" - finalize_command="$finalize_command $link_static_flag" - fi - continue + esac # case $arg ;; + esac # case $arg_mode - -allow-undefined) - # FIXME: remove this flag sometime in the future. - $echo "$modename: \`-allow-undefined' is deprecated because it is the default" 1>&2 - continue - ;; + # Aesthetically quote the previous argument. + func_append_quoted base_compile "$lastarg" + done # for arg - -avoid-version) - avoid_version=yes - continue - ;; + case $arg_mode in + arg) + func_fatal_error "you must specify an argument for -Xcompile" + ;; + target) + func_fatal_error "you must specify a target with \`-o'" + ;; + *) + # Get the name of the library object. + test -z "$libobj" && { + func_basename "$srcfile" + libobj="$func_basename_result" + } + ;; + esac - -dlopen) - prev=dlfiles - continue - ;; + # Recognize several different file suffixes. + # If the user specifies -o file.o, it is replaced with file.lo + case $libobj in + *.[cCFSifmso] | \ + *.ada | *.adb | *.ads | *.asm | \ + *.c++ | *.cc | *.ii | *.class | *.cpp | *.cxx | \ + *.[fF][09]? | *.for | *.java | *.obj | *.sx | *.cu | *.cup) + func_xform "$libobj" + libobj=$func_xform_result + ;; + esac - -dlpreopen) - prev=dlprefiles - continue - ;; + case $libobj in + *.lo) func_lo2o "$libobj"; obj=$func_lo2o_result ;; + *) + func_fatal_error "cannot determine name of library object from \`$libobj'" + ;; + esac - -export-dynamic) - export_dynamic=yes - continue - ;; + func_infer_tag $base_compile - -export-symbols | -export-symbols-regex) - if test -n "$export_symbols" || test -n "$export_symbols_regex"; then - $echo "$modename: more than one -exported-symbols argument is not allowed" - exit $EXIT_FAILURE - fi - if test "X$arg" = "X-export-symbols"; then - prev=expsyms - else - prev=expsyms_regex - fi + for arg in $later; do + case $arg in + -shared) + test "$build_libtool_libs" != yes && \ + func_fatal_configuration "can not build a shared library" + build_old_libs=no continue ;; - -framework|-arch|-isysroot) - case " $CC " in - *" ${arg} ${1} "* | *" ${arg} ${1} "*) - prev=darwin_framework_skip ;; - *) compiler_flags="$compiler_flags $arg" - prev=darwin_framework ;; - esac - compile_command="$compile_command $arg" - finalize_command="$finalize_command $arg" + -static) + build_libtool_libs=no + build_old_libs=yes continue ;; - -inst-prefix-dir) - prev=inst_prefix + -prefer-pic) + pic_mode=yes continue ;; - # The native IRIX linker understands -LANG:*, -LIST:* and -LNO:* - # so, if we see these flags be careful not to treat them like -L - -L[A-Z][A-Z]*:*) - case $with_gcc/$host in - no/*-*-irix* | /*-*-irix*) - compile_command="$compile_command $arg" - finalize_command="$finalize_command $arg" - ;; - esac + -prefer-non-pic) + pic_mode=no continue ;; + esac + done - -L*) - dir=`$echo "X$arg" | $Xsed -e 's/^-L//'` - # We need an absolute path. - case $dir in - [\\/]* | [A-Za-z]:[\\/]*) ;; - *) - absdir=`cd "$dir" && pwd` - if test -z "$absdir"; then - $echo "$modename: cannot determine absolute directory name of \`$dir'" 1>&2 - absdir="$dir" - notinst_path="$notinst_path $dir" - fi - dir="$absdir" - ;; - esac - case "$deplibs " in - *" -L$dir "*) ;; - *) - deplibs="$deplibs -L$dir" - lib_search_path="$lib_search_path $dir" - ;; - esac - case $host in - *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2*) - testbindir=`$echo "X$dir" | $Xsed -e 's*/lib$*/bin*'` - case :$dllsearchpath: in - *":$dir:"*) ;; - *) dllsearchpath="$dllsearchpath:$dir";; - esac - case :$dllsearchpath: in - *":$testbindir:"*) ;; - *) dllsearchpath="$dllsearchpath:$testbindir";; - esac - ;; - esac - continue - ;; + func_quote_for_eval "$libobj" + test "X$libobj" != "X$func_quote_for_eval_result" \ + && $ECHO "X$libobj" | $GREP '[]~#^*{};<>?"'"'"' &()|`$[]' \ + && func_warning "libobj name \`$libobj' may not contain shell special characters." + func_dirname_and_basename "$obj" "/" "" + objname="$func_basename_result" + xdir="$func_dirname_result" + lobj=${xdir}$objdir/$objname - -l*) - if test "X$arg" = "X-lc" || test "X$arg" = "X-lm"; then - case $host in - *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-beos*) - # These systems don't actually have a C or math library (as such) - continue - ;; - *-*-os2*) - # These systems don't actually have a C library (as such) - test "X$arg" = "X-lc" && continue - ;; - *-*-openbsd* | *-*-freebsd* | *-*-dragonfly*) - # Do not include libc due to us having libc/libc_r. - test "X$arg" = "X-lc" && continue - ;; - *-*-rhapsody* | *-*-darwin1.[012]) - # Rhapsody C and math libraries are in the System framework - deplibs="$deplibs -framework System" - continue - ;; - *-*-sco3.2v5* | *-*-sco5v6*) - # Causes problems with __ctype - test "X$arg" = "X-lc" && continue - ;; - *-*-sysv4.2uw2* | *-*-sysv5* | *-*-unixware* | *-*-OpenUNIX*) - # Compiler inserts libc in the correct place for threads to work - test "X$arg" = "X-lc" && continue - ;; - esac - elif test "X$arg" = "X-lc_r"; then - case $host in - *-*-openbsd* | *-*-freebsd* | *-*-dragonfly*) - # Do not include libc_r directly, use -pthread flag. - continue - ;; - esac - fi - deplibs="$deplibs $arg" - continue - ;; + test -z "$base_compile" && \ + func_fatal_help "you must specify a compilation command" - # Tru64 UNIX uses -model [arg] to determine the layout of C++ - # classes, name mangling, and exception handling. - -model) - compile_command="$compile_command $arg" - compiler_flags="$compiler_flags $arg" - finalize_command="$finalize_command $arg" - prev=xcompiler - continue - ;; + # Delete any leftover library objects. + if test "$build_old_libs" = yes; then + removelist="$obj $lobj $libobj ${libobj}T" + else + removelist="$lobj $libobj ${libobj}T" + fi - -mt|-mthreads|-kthread|-Kthread|-pthread|-pthreads|--thread-safe|-threads) - compiler_flags="$compiler_flags $arg" - compile_command="$compile_command $arg" - finalize_command="$finalize_command $arg" - continue - ;; + # On Cygwin there's no "real" PIC flag so we must build both object types + case $host_os in + cygwin* | mingw* | pw32* | os2* | cegcc*) + pic_mode=default + ;; + esac + if test "$pic_mode" = no && test "$deplibs_check_method" != pass_all; then + # non-PIC code in shared libraries is not supported + pic_mode=default + fi - -multi_module) - single_module="${wl}-multi_module" - continue - ;; + # Calculate the filename of the output object if compiler does + # not support -o with -c + if test "$compiler_c_o" = no; then + output_obj=`$ECHO "$srcfile" | $SED 's%^.*/%%; s%\.[^.]*$%%'`.${objext} + lockfile="$output_obj.lock" + else + output_obj= + need_locks=no + lockfile= + fi - -module) - module=yes - continue - ;; + # Lock this critical section if it is needed + # We use this script file to make the link, it avoids creating a new file + if test "$need_locks" = yes; then + until $opt_dry_run || ln "$progpath" "$lockfile" 2>/dev/null; do + func_echo "Waiting for $lockfile to be removed" + sleep 2 + done + elif test "$need_locks" = warn; then + if test -f "$lockfile"; then + $ECHO "\ +*** ERROR, $lockfile exists and contains: +`cat $lockfile 2>/dev/null` - # -64, -mips[0-9] enable 64-bit mode on the SGI compiler - # -r[0-9][0-9]* specifies the processor on the SGI compiler - # -xarch=*, -xtarget=* enable 64-bit mode on the Sun compiler - # +DA*, +DD* enable 64-bit mode on the HP compiler - # -q* pass through compiler args for the IBM compiler - # -m* pass through architecture-specific compiler args for GCC - # -m*, -t[45]*, -txscale* pass through architecture-specific - # compiler args for GCC - # -p, -pg, --coverage, -fprofile-* pass through profiling flag for GCC - # -F/path gives path to uninstalled frameworks, gcc on darwin - # @file GCC response files - -64|-mips[0-9]|-r[0-9][0-9]*|-xarch=*|-xtarget=*|+DA*|+DD*|-q*|-m*| \ - -t[45]*|-txscale*|-p|-pg|--coverage|-fprofile-*|-F*|@*) +This indicates that another process is trying to use the same +temporary object file, and libtool could not work around it because +your compiler does not support \`-c' and \`-o' together. If you +repeat this compilation, it may succeed, by chance, but you had better +avoid parallel builds (make -j) in this platform, or get a better +compiler." - # Unknown arguments in both finalize_command and compile_command need - # to be aesthetically quoted because they are evaled later. - arg=`$echo "X$arg" | $Xsed -e "$sed_quote_subst"` - case $arg in - *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \ ]*|*]*|"") - arg="\"$arg\"" - ;; - esac - compile_command="$compile_command $arg" - finalize_command="$finalize_command $arg" - compiler_flags="$compiler_flags $arg" - continue - ;; + $opt_dry_run || $RM $removelist + exit $EXIT_FAILURE + fi + func_append removelist " $output_obj" + $ECHO "$srcfile" > "$lockfile" + fi - -shrext) - prev=shrext - continue - ;; + $opt_dry_run || $RM $removelist + func_append removelist " $lockfile" + trap '$opt_dry_run || $RM $removelist; exit $EXIT_FAILURE' 1 2 15 + + func_to_tool_file "$srcfile" func_convert_file_msys_to_w32 + srcfile=$func_to_tool_file_result + func_quote_for_eval "$srcfile" + qsrcfile=$func_quote_for_eval_result - -no-fast-install) - fast_install=no - continue - ;; + # Only build a PIC object if we are building libtool libraries. + if test "$build_libtool_libs" = yes; then + # Without this assignment, base_compile gets emptied. + fbsd_hideous_sh_bug=$base_compile - -no-install) - case $host in - *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2* | *-*-darwin*) - # The PATH hackery in wrapper scripts is required on Windows - # and Darwin in order for the loader to find any dlls it needs. - $echo "$modename: warning: \`-no-install' is ignored for $host" 1>&2 - $echo "$modename: warning: assuming \`-no-fast-install' instead" 1>&2 - fast_install=no - ;; - *) no_install=yes ;; - esac - continue - ;; + if test "$pic_mode" != no; then + command="$base_compile $qsrcfile $pic_flag" + else + # Don't build PIC code + command="$base_compile $qsrcfile" + fi - -no-undefined) - allow_undefined=no - continue - ;; + func_mkdir_p "$xdir$objdir" - -objectlist) - prev=objectlist - continue - ;; + if test -z "$output_obj"; then + # Place PIC objects in $objdir + func_append command " -o $lobj" + fi - -o) prev=output ;; + func_show_eval_locale "$command" \ + 'test -n "$output_obj" && $RM $removelist; exit $EXIT_FAILURE' - -precious-files-regex) - prev=precious_regex - continue - ;; + if test "$need_locks" = warn && + test "X`cat $lockfile 2>/dev/null`" != "X$srcfile"; then + $ECHO "\ +*** ERROR, $lockfile contains: +`cat $lockfile 2>/dev/null` - -release) - prev=release - continue - ;; +but it should contain: +$srcfile - -rpath) - prev=rpath - continue - ;; +This indicates that another process is trying to use the same +temporary object file, and libtool could not work around it because +your compiler does not support \`-c' and \`-o' together. If you +repeat this compilation, it may succeed, by chance, but you had better +avoid parallel builds (make -j) in this platform, or get a better +compiler." - -R) - prev=xrpath - continue - ;; + $opt_dry_run || $RM $removelist + exit $EXIT_FAILURE + fi - -R*) - dir=`$echo "X$arg" | $Xsed -e 's/^-R//'` - # We need an absolute path. - case $dir in - [\\/]* | [A-Za-z]:[\\/]*) ;; - *) - $echo "$modename: only absolute run-paths are allowed" 1>&2 - exit $EXIT_FAILURE - ;; - esac - case "$xrpath " in - *" $dir "*) ;; - *) xrpath="$xrpath $dir" ;; - esac - continue - ;; + # Just move the object if needed, then go on to compile the next one + if test -n "$output_obj" && test "X$output_obj" != "X$lobj"; then + func_show_eval '$MV "$output_obj" "$lobj"' \ + 'error=$?; $opt_dry_run || $RM $removelist; exit $error' + fi - -static | -static-libtool-libs) - # The effects of -static are defined in a previous loop. - # We used to do the same as -all-static on platforms that - # didn't have a PIC flag, but the assumption that the effects - # would be equivalent was wrong. It would break on at least - # Digital Unix and AIX. - continue - ;; + # Allow error messages only from the first compilation. + if test "$suppress_opt" = yes; then + suppress_output=' >/dev/null 2>&1' + fi + fi - -thread-safe) - thread_safe=yes - continue - ;; + # Only build a position-dependent object if we build old libraries. + if test "$build_old_libs" = yes; then + if test "$pic_mode" != yes; then + # Don't build PIC code + command="$base_compile $qsrcfile$pie_flag" + else + command="$base_compile $qsrcfile $pic_flag" + fi + if test "$compiler_c_o" = yes; then + func_append command " -o $obj" + fi - -version-info) - prev=vinfo - continue - ;; - -version-number) - prev=vinfo - vinfo_number=yes - continue - ;; + # Suppress compiler output if we already did a PIC compilation. + func_append command "$suppress_output" + func_show_eval_locale "$command" \ + '$opt_dry_run || $RM $removelist; exit $EXIT_FAILURE' - -Wc,*) - args=`$echo "X$arg" | $Xsed -e "$sed_quote_subst" -e 's/^-Wc,//'` - arg= - save_ifs="$IFS"; IFS=',' - for flag in $args; do - IFS="$save_ifs" - case $flag in - *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \ ]*|*]*|"") - flag="\"$flag\"" - ;; - esac - arg="$arg $wl$flag" - compiler_flags="$compiler_flags $flag" - done - IFS="$save_ifs" - arg=`$echo "X$arg" | $Xsed -e "s/^ //"` - ;; + if test "$need_locks" = warn && + test "X`cat $lockfile 2>/dev/null`" != "X$srcfile"; then + $ECHO "\ +*** ERROR, $lockfile contains: +`cat $lockfile 2>/dev/null` - -Wl,*) - args=`$echo "X$arg" | $Xsed -e "$sed_quote_subst" -e 's/^-Wl,//'` - arg= - save_ifs="$IFS"; IFS=',' - for flag in $args; do - IFS="$save_ifs" - case $flag in - *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \ ]*|*]*|"") - flag="\"$flag\"" - ;; - esac - arg="$arg $wl$flag" - compiler_flags="$compiler_flags $wl$flag" - linker_flags="$linker_flags $flag" - done - IFS="$save_ifs" - arg=`$echo "X$arg" | $Xsed -e "s/^ //"` - ;; +but it should contain: +$srcfile - -Xcompiler) - prev=xcompiler - continue - ;; +This indicates that another process is trying to use the same +temporary object file, and libtool could not work around it because +your compiler does not support \`-c' and \`-o' together. If you +repeat this compilation, it may succeed, by chance, but you had better +avoid parallel builds (make -j) in this platform, or get a better +compiler." - -Xlinker) - prev=xlinker - continue - ;; + $opt_dry_run || $RM $removelist + exit $EXIT_FAILURE + fi - -XCClinker) - prev=xcclinker - continue - ;; + # Just move the object if needed + if test -n "$output_obj" && test "X$output_obj" != "X$obj"; then + func_show_eval '$MV "$output_obj" "$obj"' \ + 'error=$?; $opt_dry_run || $RM $removelist; exit $error' + fi + fi - # Some other compiler flag. - -* | +*) - # Unknown arguments in both finalize_command and compile_command need - # to be aesthetically quoted because they are evaled later. - arg=`$echo "X$arg" | $Xsed -e "$sed_quote_subst"` - case $arg in - *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \ ]*|*]*|"") - arg="\"$arg\"" - ;; - esac - ;; + $opt_dry_run || { + func_write_libtool_object "$libobj" "$objdir/$objname" "$objname" - *.$objext) - # A standard object. - objs="$objs $arg" - ;; + # Unlock the critical section if it was locked + if test "$need_locks" != no; then + removelist=$lockfile + $RM "$lockfile" + fi + } - *.lo) - # A libtool-controlled object. + exit $EXIT_SUCCESS +} - # Check to see that this really is a libtool object. - if (${SED} -e '2q' $arg | grep "^# Generated by .*$PACKAGE") >/dev/null 2>&1; then - pic_object= - non_pic_object= +$opt_help || { + test "$opt_mode" = compile && func_mode_compile ${1+"$@"} +} - # Read the .lo file - # If there is no directory component, then add one. - case $arg in - */* | *\\*) . $arg ;; - *) . ./$arg ;; - esac +func_mode_help () +{ + # We need to display help for each of the modes. + case $opt_mode in + "") + # Generic help is extracted from the usage comments + # at the start of this file. + func_help + ;; - if test -z "$pic_object" || \ - test -z "$non_pic_object" || - test "$pic_object" = none && \ - test "$non_pic_object" = none; then - $echo "$modename: cannot find name of object for \`$arg'" 1>&2 - exit $EXIT_FAILURE - fi + clean) + $ECHO \ +"Usage: $progname [OPTION]... --mode=clean RM [RM-OPTION]... FILE... - # Extract subdirectory from the argument. - xdir=`$echo "X$arg" | $Xsed -e 's%/[^/]*$%%'` - if test "X$xdir" = "X$arg"; then - xdir= - else - xdir="$xdir/" - fi +Remove files from the build directory. - if test "$pic_object" != none; then - # Prepend the subdirectory the object is found in. - pic_object="$xdir$pic_object" +RM is the name of the program to use to delete files associated with each FILE +(typically \`/bin/rm'). RM-OPTIONS are options (such as \`-f') to be passed +to RM. - if test "$prev" = dlfiles; then - if test "$build_libtool_libs" = yes && test "$dlopen_support" = yes; then - dlfiles="$dlfiles $pic_object" - prev= - continue - else - # If libtool objects are unsupported, then we need to preload. - prev=dlprefiles - fi - fi +If FILE is a libtool library, object or program, all the files associated +with it are deleted. Otherwise, only FILE itself is deleted using RM." + ;; - # CHECK ME: I think I busted this. -Ossama - if test "$prev" = dlprefiles; then - # Preload the old-style object. - dlprefiles="$dlprefiles $pic_object" - prev= - fi + compile) + $ECHO \ +"Usage: $progname [OPTION]... --mode=compile COMPILE-COMMAND... SOURCEFILE - # A PIC object. - libobjs="$libobjs $pic_object" - arg="$pic_object" - fi +Compile a source file into a libtool library object. - # Non-PIC object. - if test "$non_pic_object" != none; then - # Prepend the subdirectory the object is found in. - non_pic_object="$xdir$non_pic_object" +This mode accepts the following additional options: - # A standard non-PIC object - non_pic_objects="$non_pic_objects $non_pic_object" - if test -z "$pic_object" || test "$pic_object" = none ; then - arg="$non_pic_object" - fi - else - # If the PIC object exists, use it instead. - # $xdir was prepended to $pic_object above. - non_pic_object="$pic_object" - non_pic_objects="$non_pic_objects $non_pic_object" - fi - else - # Only an error if not doing a dry-run. - if test -z "$run"; then - $echo "$modename: \`$arg' is not a valid libtool object" 1>&2 - exit $EXIT_FAILURE - else - # Dry-run case. + -o OUTPUT-FILE set the output file name to OUTPUT-FILE + -no-suppress do not suppress compiler output for multiple passes + -prefer-pic try to build PIC objects only + -prefer-non-pic try to build non-PIC objects only + -shared do not build a \`.o' file suitable for static linking + -static only build a \`.o' file suitable for static linking + -Wc,FLAG pass FLAG directly to the compiler - # Extract subdirectory from the argument. - xdir=`$echo "X$arg" | $Xsed -e 's%/[^/]*$%%'` - if test "X$xdir" = "X$arg"; then - xdir= - else - xdir="$xdir/" - fi +COMPILE-COMMAND is a command to be used in creating a \`standard' object file +from the given SOURCEFILE. - pic_object=`$echo "X${xdir}${objdir}/${arg}" | $Xsed -e "$lo2o"` - non_pic_object=`$echo "X${xdir}${arg}" | $Xsed -e "$lo2o"` - libobjs="$libobjs $pic_object" - non_pic_objects="$non_pic_objects $non_pic_object" - fi - fi - ;; +The output file name is determined by removing the directory component from +SOURCEFILE, then substituting the C source code suffix \`.c' with the +library object suffix, \`.lo'." + ;; - *.$libext) - # An archive. - deplibs="$deplibs $arg" - old_deplibs="$old_deplibs $arg" - continue - ;; + execute) + $ECHO \ +"Usage: $progname [OPTION]... --mode=execute COMMAND [ARGS]... - *.la) - # A libtool-controlled library. +Automatically set library path, then run a program. - if test "$prev" = dlfiles; then - # This library was specified with -dlopen. - dlfiles="$dlfiles $arg" - prev= - elif test "$prev" = dlprefiles; then - # The library was specified with -dlpreopen. - dlprefiles="$dlprefiles $arg" - prev= - else - deplibs="$deplibs $arg" - fi - continue - ;; +This mode accepts the following additional options: - # Some other compiler argument. - *) - # Unknown arguments in both finalize_command and compile_command need - # to be aesthetically quoted because they are evaled later. - arg=`$echo "X$arg" | $Xsed -e "$sed_quote_subst"` - case $arg in - *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \ ]*|*]*|"") - arg="\"$arg\"" - ;; - esac - ;; - esac # arg + -dlopen FILE add the directory containing FILE to the library path - # Now actually substitute the argument into the commands. - if test -n "$arg"; then - compile_command="$compile_command $arg" - finalize_command="$finalize_command $arg" - fi - done # argument parsing loop +This mode sets the library path environment variable according to \`-dlopen' +flags. - if test -n "$prev"; then - $echo "$modename: the \`$prevarg' option requires an argument" 1>&2 - $echo "$help" 1>&2 - exit $EXIT_FAILURE - fi +If any of the ARGS are libtool executable wrappers, then they are translated +into their corresponding uninstalled binary, and any of their required library +directories are added to the library path. - if test "$export_dynamic" = yes && test -n "$export_dynamic_flag_spec"; then - eval arg=\"$export_dynamic_flag_spec\" - compile_command="$compile_command $arg" - finalize_command="$finalize_command $arg" - fi +Then, COMMAND is executed, with ARGS as arguments." + ;; - oldlibs= - # calculate the name of the file, without its directory - outputname=`$echo "X$output" | $Xsed -e 's%^.*/%%'` - libobjs_save="$libobjs" + finish) + $ECHO \ +"Usage: $progname [OPTION]... --mode=finish [LIBDIR]... - if test -n "$shlibpath_var"; then - # get the directories listed in $shlibpath_var - eval shlib_search_path=\`\$echo \"X\${$shlibpath_var}\" \| \$Xsed -e \'s/:/ /g\'\` - else - shlib_search_path= - fi - eval sys_lib_search_path=\"$sys_lib_search_path_spec\" - eval sys_lib_dlsearch_path=\"$sys_lib_dlsearch_path_spec\" +Complete the installation of libtool libraries. - output_objdir=`$echo "X$output" | $Xsed -e 's%/[^/]*$%%'` - if test "X$output_objdir" = "X$output"; then - output_objdir="$objdir" - else - output_objdir="$output_objdir/$objdir" - fi - # Create the object directory. - if test ! -d "$output_objdir"; then - $show "$mkdir $output_objdir" - $run $mkdir $output_objdir - exit_status=$? - if test "$exit_status" -ne 0 && test ! -d "$output_objdir"; then - exit $exit_status - fi - fi +Each LIBDIR is a directory that contains libtool libraries. - # Determine the type of output - case $output in - "") - $echo "$modename: you must specify an output file" 1>&2 - $echo "$help" 1>&2 - exit $EXIT_FAILURE - ;; - *.$libext) linkmode=oldlib ;; - *.lo | *.$objext) linkmode=obj ;; - *.la) linkmode=lib ;; - *) linkmode=prog ;; # Anything else should be a program. - esac +The commands that this mode executes may require superuser privileges. Use +the \`--dry-run' option if you just want to see what would be executed." + ;; - case $host in - *cygwin* | *mingw* | *pw32*) - # don't eliminate duplications in $postdeps and $predeps - duplicate_compiler_generated_deps=yes - ;; - *) - duplicate_compiler_generated_deps=$duplicate_deps - ;; + install) + $ECHO \ +"Usage: $progname [OPTION]... --mode=install INSTALL-COMMAND... + +Install executables or libraries. + +INSTALL-COMMAND is the installation command. The first component should be +either the \`install' or \`cp' program. + +The following components of INSTALL-COMMAND are treated specially: + + -inst-prefix-dir PREFIX-DIR Use PREFIX-DIR as a staging area for installation + +The rest of the components are interpreted as arguments to that command (only +BSD-compatible install options are recognized)." + ;; + + link) + $ECHO \ +"Usage: $progname [OPTION]... --mode=link LINK-COMMAND... + +Link object files or libraries together to form another library, or to +create an executable program. + +LINK-COMMAND is a command using the C compiler that you would use to create +a program from several object files. + +The following components of LINK-COMMAND are treated specially: + + -all-static do not do any dynamic linking at all + -avoid-version do not add a version suffix if possible + -bindir BINDIR specify path to binaries directory (for systems where + libraries must be found in the PATH setting at runtime) + -dlopen FILE \`-dlpreopen' FILE if it cannot be dlopened at runtime + -dlpreopen FILE link in FILE and add its symbols to lt_preloaded_symbols + -export-dynamic allow symbols from OUTPUT-FILE to be resolved with dlsym(3) + -export-symbols SYMFILE + try to export only the symbols listed in SYMFILE + -export-symbols-regex REGEX + try to export only the symbols matching REGEX + -LLIBDIR search LIBDIR for required installed libraries + -lNAME OUTPUT-FILE requires the installed library libNAME + -module build a library that can dlopened + -no-fast-install disable the fast-install mode + -no-install link a not-installable executable + -no-undefined declare that a library does not refer to external symbols + -o OUTPUT-FILE create OUTPUT-FILE from the specified objects + -objectlist FILE Use a list of object files found in FILE to specify objects + -precious-files-regex REGEX + don't remove output files matching REGEX + -release RELEASE specify package release information + -rpath LIBDIR the created library will eventually be installed in LIBDIR + -R[ ]LIBDIR add LIBDIR to the runtime path of programs and libraries + -shared only do dynamic linking of libtool libraries + -shrext SUFFIX override the standard shared library file extension + -static do not do any dynamic linking of uninstalled libtool libraries + -static-libtool-libs + do not do any dynamic linking of libtool libraries + -version-info CURRENT[:REVISION[:AGE]] + specify library version info [each variable defaults to 0] + -weak LIBNAME declare that the target provides the LIBNAME interface + -Wc,FLAG + -Xcompiler FLAG pass linker-specific FLAG directly to the compiler + -Wl,FLAG + -Xlinker FLAG pass linker-specific FLAG directly to the linker + -XCClinker FLAG pass link-specific FLAG to the compiler driver (CC) + +All other options (arguments beginning with \`-') are ignored. + +Every other argument is treated as a filename. Files ending in \`.la' are +treated as uninstalled libtool libraries, other files are standard or library +object files. + +If the OUTPUT-FILE ends in \`.la', then a libtool library is created, +only library objects (\`.lo' files) may be specified, and \`-rpath' is +required, except when creating a convenience library. + +If OUTPUT-FILE ends in \`.a' or \`.lib', then a standard library is created +using \`ar' and \`ranlib', or on Windows using \`lib'. + +If OUTPUT-FILE ends in \`.lo' or \`.${objext}', then a reloadable object file +is created, otherwise an executable program is created." + ;; + + uninstall) + $ECHO \ +"Usage: $progname [OPTION]... --mode=uninstall RM [RM-OPTION]... FILE... + +Remove libraries from an installation directory. + +RM is the name of the program to use to delete files associated with each FILE +(typically \`/bin/rm'). RM-OPTIONS are options (such as \`-f') to be passed +to RM. + +If FILE is a libtool library, all the files associated with it are deleted. +Otherwise, only FILE itself is deleted using RM." + ;; + + *) + func_fatal_help "invalid operation mode \`$opt_mode'" + ;; esac - specialdeplibs= - libs= - # Find all interdependent deplibs by searching for libraries - # that are linked more than once (e.g. -la -lb -la) - for deplib in $deplibs; do - if test "X$duplicate_deps" = "Xyes" ; then - case "$libs " in - *" $deplib "*) specialdeplibs="$specialdeplibs $deplib" ;; - esac - fi - libs="$libs $deplib" - done + echo + $ECHO "Try \`$progname --help' for more information about other modes." +} - if test "$linkmode" = lib; then - libs="$predeps $libs $compiler_lib_search_path $postdeps" +# Now that we've collected a possible --mode arg, show help if necessary +if $opt_help; then + if test "$opt_help" = :; then + func_mode_help + else + { + func_help noexit + for opt_mode in compile link execute install finish uninstall clean; do + func_mode_help + done + } | sed -n '1p; 2,$s/^Usage:/ or: /p' + { + func_help noexit + for opt_mode in compile link execute install finish uninstall clean; do + echo + func_mode_help + done + } | + sed '1d + /^When reporting/,/^Report/{ + H + d + } + $x + /information about other modes/d + /more detailed .*MODE/d + s/^Usage:.*--mode=\([^ ]*\) .*/Description of \1 mode:/' + fi + exit $? +fi - # Compute libraries that are listed more than once in $predeps - # $postdeps and mark them as special (i.e., whose duplicates are - # not to be eliminated). - pre_post_deps= - if test "X$duplicate_compiler_generated_deps" = "Xyes" ; then - for pre_post_dep in $predeps $postdeps; do - case "$pre_post_deps " in - *" $pre_post_dep "*) specialdeplibs="$specialdeplibs $pre_post_deps" ;; - esac - pre_post_deps="$pre_post_deps $pre_post_dep" - done - fi - pre_post_deps= - fi - deplibs= - newdependency_libs= - newlib_search_path= - need_relink=no # whether we're linking any uninstalled libtool libraries - notinst_deplibs= # not-installed libtool libraries - case $linkmode in - lib) - passes="conv link" - for file in $dlfiles $dlprefiles; do - case $file in - *.la) ;; - *) - $echo "$modename: libraries can \`-dlopen' only libtool libraries: $file" 1>&2 - exit $EXIT_FAILURE - ;; - esac - done +# func_mode_execute arg... +func_mode_execute () +{ + $opt_debug + # The first argument is the command name. + cmd="$nonopt" + test -z "$cmd" && \ + func_fatal_help "you must specify a COMMAND" + + # Handle -dlopen flags immediately. + for file in $opt_dlopen; do + test -f "$file" \ + || func_fatal_help "\`$file' is not a file" + + dir= + case $file in + *.la) + func_resolve_sysroot "$file" + file=$func_resolve_sysroot_result + + # Check to see that this really is a libtool archive. + func_lalib_unsafe_p "$file" \ + || func_fatal_help "\`$lib' is not a valid libtool archive" + + # Read the libtool library. + dlname= + library_names= + func_source "$file" + + # Skip this library if it cannot be dlopened. + if test -z "$dlname"; then + # Warn if it was a shared library. + test -n "$library_names" && \ + func_warning "\`$file' was not linked with \`-export-dynamic'" + continue + fi + + func_dirname "$file" "" "." + dir="$func_dirname_result" + + if test -f "$dir/$objdir/$dlname"; then + func_append dir "/$objdir" + else + if test ! -f "$dir/$dlname"; then + func_fatal_error "cannot find \`$dlname' in \`$dir' or \`$dir/$objdir'" + fi + fi ;; - prog) - compile_deplibs= - finalize_deplibs= - alldeplibs=no - newdlfiles= - newdlprefiles= - passes="conv scan dlopen dlpreopen link" + + *.lo) + # Just add the directory containing the .lo file. + func_dirname "$file" "" "." + dir="$func_dirname_result" ;; - *) passes="conv" + + *) + func_warning "\`-dlopen' is ignored for non-libtool libraries and objects" + continue ;; - esac - for pass in $passes; do - if test "$linkmode,$pass" = "lib,link" || - test "$linkmode,$pass" = "prog,scan"; then - libs="$deplibs" - deplibs= + esac + + # Get the absolute pathname. + absdir=`cd "$dir" && pwd` + test -n "$absdir" && dir="$absdir" + + # Now add the directory to shlibpath_var. + if eval "test -z \"\$$shlibpath_var\""; then + eval "$shlibpath_var=\"\$dir\"" + else + eval "$shlibpath_var=\"\$dir:\$$shlibpath_var\"" fi - if test "$linkmode" = prog; then - case $pass in - dlopen) libs="$dlfiles" ;; - dlpreopen) libs="$dlprefiles" ;; - link) libs="$deplibs %DEPLIBS% $dependency_libs" ;; - esac + done + + # This variable tells wrapper scripts just to set shlibpath_var + # rather than running their programs. + libtool_execute_magic="$magic" + + # Check if any of the arguments is a wrapper script. + args= + for file + do + case $file in + -* | *.la | *.lo ) ;; + *) + # Do a test to see if this is really a libtool program. + if func_ltwrapper_script_p "$file"; then + func_source "$file" + # Transform arg to wrapped name. + file="$progdir/$program" + elif func_ltwrapper_executable_p "$file"; then + func_ltwrapper_scriptname "$file" + func_source "$func_ltwrapper_scriptname_result" + # Transform arg to wrapped name. + file="$progdir/$program" + fi + ;; + esac + # Quote arguments (to preserve shell metacharacters). + func_append_quoted args "$file" + done + + if test "X$opt_dry_run" = Xfalse; then + if test -n "$shlibpath_var"; then + # Export the shlibpath_var. + eval "export $shlibpath_var" fi - if test "$pass" = dlopen; then - # Collect dlpreopened libraries - save_deplibs="$deplibs" - deplibs= + + # Restore saved environment variables + for lt_var in LANG LANGUAGE LC_ALL LC_CTYPE LC_COLLATE LC_MESSAGES + do + eval "if test \"\${save_$lt_var+set}\" = set; then + $lt_var=\$save_$lt_var; export $lt_var + else + $lt_unset $lt_var + fi" + done + + # Now prepare to actually exec the command. + exec_cmd="\$cmd$args" + else + # Display what would be done. + if test -n "$shlibpath_var"; then + eval "\$ECHO \"\$shlibpath_var=\$$shlibpath_var\"" + echo "export $shlibpath_var" fi - for deplib in $libs; do - lib= - found=no - case $deplib in - -mt|-mthreads|-kthread|-Kthread|-pthread|-pthreads|--thread-safe|-threads) - if test "$linkmode,$pass" = "prog,link"; then - compile_deplibs="$deplib $compile_deplibs" - finalize_deplibs="$deplib $finalize_deplibs" - else - compiler_flags="$compiler_flags $deplib" - fi - continue - ;; - -l*) - if test "$linkmode" != lib && test "$linkmode" != prog; then - $echo "$modename: warning: \`-l' is ignored for archives/objects" 1>&2 - continue - fi - name=`$echo "X$deplib" | $Xsed -e 's/^-l//'` - if test "$linkmode" = lib; then - searchdirs="$newlib_search_path $lib_search_path $compiler_lib_search_dirs $sys_lib_search_path $shlib_search_path" - else - searchdirs="$newlib_search_path $lib_search_path $sys_lib_search_path $shlib_search_path" - fi - for searchdir in $searchdirs; do - for search_ext in .la $std_shrext .so .a; do - # Search the libtool library - lib="$searchdir/lib${name}${search_ext}" - if test -f "$lib"; then - if test "$search_ext" = ".la"; then - found=yes - else - found=no - fi - break 2 - fi - done - done - if test "$found" != yes; then - # deplib doesn't seem to be a libtool library - if test "$linkmode,$pass" = "prog,link"; then - compile_deplibs="$deplib $compile_deplibs" - finalize_deplibs="$deplib $finalize_deplibs" - else - deplibs="$deplib $deplibs" - test "$linkmode" = lib && newdependency_libs="$deplib $newdependency_libs" - fi - continue - else # deplib is a libtool library - # If $allow_libtool_libs_with_static_runtimes && $deplib is a stdlib, - # We need to do some special things here, and not later. - if test "X$allow_libtool_libs_with_static_runtimes" = "Xyes" ; then - case " $predeps $postdeps " in - *" $deplib "*) - if (${SED} -e '2q' $lib | - grep "^# Generated by .*$PACKAGE") >/dev/null 2>&1; then - library_names= - old_library= - case $lib in - */* | *\\*) . $lib ;; - *) . ./$lib ;; - esac - for l in $old_library $library_names; do - ll="$l" - done - if test "X$ll" = "X$old_library" ; then # only static version available - found=no - ladir=`$echo "X$lib" | $Xsed -e 's%/[^/]*$%%'` - test "X$ladir" = "X$lib" && ladir="." - lib=$ladir/$old_library - if test "$linkmode,$pass" = "prog,link"; then - compile_deplibs="$deplib $compile_deplibs" - finalize_deplibs="$deplib $finalize_deplibs" - else - deplibs="$deplib $deplibs" - test "$linkmode" = lib && newdependency_libs="$deplib $newdependency_libs" - fi - continue - fi - fi - ;; - *) ;; - esac - fi - fi - ;; # -l - -L*) - case $linkmode in - lib) - deplibs="$deplib $deplibs" - test "$pass" = conv && continue - newdependency_libs="$deplib $newdependency_libs" - newlib_search_path="$newlib_search_path "`$echo "X$deplib" | $Xsed -e 's/^-L//'` - ;; - prog) - if test "$pass" = conv; then - deplibs="$deplib $deplibs" - continue - fi - if test "$pass" = scan; then - deplibs="$deplib $deplibs" - else - compile_deplibs="$deplib $compile_deplibs" - finalize_deplibs="$deplib $finalize_deplibs" - fi - newlib_search_path="$newlib_search_path "`$echo "X$deplib" | $Xsed -e 's/^-L//'` - ;; - *) - $echo "$modename: warning: \`-L' is ignored for archives/objects" 1>&2 - ;; - esac # linkmode - continue - ;; # -L - -R*) - if test "$pass" = link; then - dir=`$echo "X$deplib" | $Xsed -e 's/^-R//'` - # Make sure the xrpath contains only unique directories. - case "$xrpath " in - *" $dir "*) ;; - *) xrpath="$xrpath $dir" ;; - esac - fi - deplibs="$deplib $deplibs" - continue - ;; - *.la) lib="$deplib" ;; - *.$libext) - if test "$pass" = conv; then - deplibs="$deplib $deplibs" - continue - fi - case $linkmode in - lib) - valid_a_lib=no - case $deplibs_check_method in - match_pattern*) - set dummy $deplibs_check_method - match_pattern_regex=`expr "$deplibs_check_method" : "$2 \(.*\)"` - if eval $echo \"$deplib\" 2>/dev/null \ - | $SED 10q \ - | $EGREP "$match_pattern_regex" > /dev/null; then - valid_a_lib=yes - fi - ;; - pass_all) - valid_a_lib=yes - ;; - esac - if test "$valid_a_lib" != yes; then - $echo - $echo "*** Warning: Trying to link with static lib archive $deplib." - $echo "*** I have the capability to make that library automatically link in when" - $echo "*** you link to this library. But I can only do this if you have a" - $echo "*** shared version of the library, which you do not appear to have" - $echo "*** because the file extensions .$libext of this argument makes me believe" - $echo "*** that it is just a static archive that I should not used here." - else - $echo - $echo "*** Warning: Linking the shared library $output against the" - $echo "*** static library $deplib is not portable!" - deplibs="$deplib $deplibs" - fi - continue - ;; - prog) - if test "$pass" != link; then - deplibs="$deplib $deplibs" - else - compile_deplibs="$deplib $compile_deplibs" - finalize_deplibs="$deplib $finalize_deplibs" - fi - continue - ;; - esac # linkmode - ;; # *.$libext - *.lo | *.$objext) - if test "$pass" = conv; then - deplibs="$deplib $deplibs" - elif test "$linkmode" = prog; then - if test "$pass" = dlpreopen || test "$dlopen_support" != yes || test "$build_libtool_libs" = no; then - # If there is no dlopen support or we're linking statically, - # we need to preload. - newdlprefiles="$newdlprefiles $deplib" - compile_deplibs="$deplib $compile_deplibs" - finalize_deplibs="$deplib $finalize_deplibs" - else - newdlfiles="$newdlfiles $deplib" - fi - fi - continue - ;; - %DEPLIBS%) - alldeplibs=yes - continue - ;; - esac # case $deplib - if test "$found" = yes || test -f "$lib"; then : - else - $echo "$modename: cannot find the library \`$lib' or unhandled argument \`$deplib'" 1>&2 - exit $EXIT_FAILURE - fi - - # Check to see that this really is a libtool archive. - if (${SED} -e '2q' $lib | grep "^# Generated by .*$PACKAGE") >/dev/null 2>&1; then : - else - $echo "$modename: \`$lib' is not a valid libtool archive" 1>&2 - exit $EXIT_FAILURE - fi + $ECHO "$cmd$args" + exit $EXIT_SUCCESS + fi +} - ladir=`$echo "X$lib" | $Xsed -e 's%/[^/]*$%%'` - test "X$ladir" = "X$lib" && ladir="." +test "$opt_mode" = execute && func_mode_execute ${1+"$@"} - dlname= - dlopen= - dlpreopen= - libdir= - library_names= - old_library= - # If the library was installed with an old release of libtool, - # it will not redefine variables installed, or shouldnotlink - installed=yes - shouldnotlink=no - avoidtemprpath= +# func_mode_finish arg... +func_mode_finish () +{ + $opt_debug + libs= + libdirs= + admincmds= - # Read the .la file - case $lib in - */* | *\\*) . $lib ;; - *) . ./$lib ;; - esac + for opt in "$nonopt" ${1+"$@"} + do + if test -d "$opt"; then + func_append libdirs " $opt" - if test "$linkmode,$pass" = "lib,link" || - test "$linkmode,$pass" = "prog,scan" || - { test "$linkmode" != prog && test "$linkmode" != lib; }; then - test -n "$dlopen" && dlfiles="$dlfiles $dlopen" - test -n "$dlpreopen" && dlprefiles="$dlprefiles $dlpreopen" + elif test -f "$opt"; then + if func_lalib_unsafe_p "$opt"; then + func_append libs " $opt" + else + func_warning "\`$opt' is not a valid libtool archive" fi - if test "$pass" = conv; then - # Only check for convenience libraries - deplibs="$lib $deplibs" - if test -z "$libdir"; then - if test -z "$old_library"; then - $echo "$modename: cannot find name of link library for \`$lib'" 1>&2 - exit $EXIT_FAILURE - fi - # It is a libtool convenience library, so add in its objects. - convenience="$convenience $ladir/$objdir/$old_library" - old_convenience="$old_convenience $ladir/$objdir/$old_library" - tmp_libs= - for deplib in $dependency_libs; do - deplibs="$deplib $deplibs" - if test "X$duplicate_deps" = "Xyes" ; then - case "$tmp_libs " in - *" $deplib "*) specialdeplibs="$specialdeplibs $deplib" ;; - esac - fi - tmp_libs="$tmp_libs $deplib" - done - elif test "$linkmode" != prog && test "$linkmode" != lib; then - $echo "$modename: \`$lib' is not a convenience library" 1>&2 - exit $EXIT_FAILURE - fi - continue - fi # $pass = conv + else + func_fatal_error "invalid argument \`$opt'" + fi + done + if test -n "$libs"; then + if test -n "$lt_sysroot"; then + sysroot_regex=`$ECHO "$lt_sysroot" | $SED "$sed_make_literal_regex"` + sysroot_cmd="s/\([ ']\)$sysroot_regex/\1/g;" + else + sysroot_cmd= + fi - # Get the name of the library we link against. - linklib= - for l in $old_library $library_names; do - linklib="$l" + # Remove sysroot references + if $opt_dry_run; then + for lib in $libs; do + echo "removing references to $lt_sysroot and \`=' prefixes from $lib" + done + else + tmpdir=`func_mktempdir` + for lib in $libs; do + sed -e "${sysroot_cmd} s/\([ ']-[LR]\)=/\1/g; s/\([ ']\)=/\1/g" $lib \ + > $tmpdir/tmp-la + mv -f $tmpdir/tmp-la $lib done - if test -z "$linklib"; then - $echo "$modename: cannot find name of link library for \`$lib'" 1>&2 - exit $EXIT_FAILURE + ${RM}r "$tmpdir" + fi + fi + + if test -n "$finish_cmds$finish_eval" && test -n "$libdirs"; then + for libdir in $libdirs; do + if test -n "$finish_cmds"; then + # Do each command in the finish commands. + func_execute_cmds "$finish_cmds" 'admincmds="$admincmds +'"$cmd"'"' + fi + if test -n "$finish_eval"; then + # Do the single finish_eval. + eval cmds=\"$finish_eval\" + $opt_dry_run || eval "$cmds" || func_append admincmds " + $cmds" fi + done + fi - # This library was specified with -dlopen. - if test "$pass" = dlopen; then - if test -z "$libdir"; then - $echo "$modename: cannot -dlopen a convenience library: \`$lib'" 1>&2 - exit $EXIT_FAILURE - fi - if test -z "$dlname" || - test "$dlopen_support" != yes || - test "$build_libtool_libs" = no; then - # If there is no dlname, no dlopen support or we're linking - # statically, we need to preload. We also need to preload any - # dependent libraries so libltdl's deplib preloader doesn't - # bomb out in the load deplibs phase. - dlprefiles="$dlprefiles $lib $dependency_libs" - else - newdlfiles="$newdlfiles $lib" - fi - continue - fi # $pass = dlopen + # Exit here if they wanted silent mode. + $opt_silent && exit $EXIT_SUCCESS - # We need an absolute path. - case $ladir in - [\\/]* | [A-Za-z]:[\\/]*) abs_ladir="$ladir" ;; + if test -n "$finish_cmds$finish_eval" && test -n "$libdirs"; then + echo "----------------------------------------------------------------------" + echo "Libraries have been installed in:" + for libdir in $libdirs; do + $ECHO " $libdir" + done + echo + echo "If you ever happen to want to link against installed libraries" + echo "in a given directory, LIBDIR, you must either use libtool, and" + echo "specify the full pathname of the library, or use the \`-LLIBDIR'" + echo "flag during linking and do at least one of the following:" + if test -n "$shlibpath_var"; then + echo " - add LIBDIR to the \`$shlibpath_var' environment variable" + echo " during execution" + fi + if test -n "$runpath_var"; then + echo " - add LIBDIR to the \`$runpath_var' environment variable" + echo " during linking" + fi + if test -n "$hardcode_libdir_flag_spec"; then + libdir=LIBDIR + eval flag=\"$hardcode_libdir_flag_spec\" + + $ECHO " - use the \`$flag' linker flag" + fi + if test -n "$admincmds"; then + $ECHO " - have your system administrator run these commands:$admincmds" + fi + if test -f /etc/ld.so.conf; then + echo " - have your system administrator add LIBDIR to \`/etc/ld.so.conf'" + fi + echo + + echo "See any operating system documentation about shared libraries for" + case $host in + solaris2.[6789]|solaris2.1[0-9]) + echo "more information, such as the ld(1), crle(1) and ld.so(8) manual" + echo "pages." + ;; *) - abs_ladir=`cd "$ladir" && pwd` - if test -z "$abs_ladir"; then - $echo "$modename: warning: cannot determine absolute directory name of \`$ladir'" 1>&2 - $echo "$modename: passing it literally to the linker, although it might fail" 1>&2 - abs_ladir="$ladir" - fi + echo "more information, such as the ld(1) and ld.so(8) manual pages." ;; - esac - laname=`$echo "X$lib" | $Xsed -e 's%^.*/%%'` + esac + echo "----------------------------------------------------------------------" + fi + exit $EXIT_SUCCESS +} - # Find the relevant object directory and library name. - if test "X$installed" = Xyes; then - if test ! -f "$libdir/$linklib" && test -f "$abs_ladir/$linklib"; then - $echo "$modename: warning: library \`$lib' was moved." 1>&2 - dir="$ladir" - absdir="$abs_ladir" - libdir="$abs_ladir" - else - dir="$libdir" - absdir="$libdir" - fi - test "X$hardcode_automatic" = Xyes && avoidtemprpath=yes - else - if test ! -f "$ladir/$objdir/$linklib" && test -f "$abs_ladir/$linklib"; then - dir="$ladir" - absdir="$abs_ladir" - # Remove this search path later - notinst_path="$notinst_path $abs_ladir" - else - dir="$ladir/$objdir" - absdir="$abs_ladir/$objdir" - # Remove this search path later - notinst_path="$notinst_path $abs_ladir" - fi - fi # $installed = yes - name=`$echo "X$laname" | $Xsed -e 's/\.la$//' -e 's/^lib//'` +test "$opt_mode" = finish && func_mode_finish ${1+"$@"} - # This library was specified with -dlpreopen. - if test "$pass" = dlpreopen; then - if test -z "$libdir"; then - $echo "$modename: cannot -dlpreopen a convenience library: \`$lib'" 1>&2 - exit $EXIT_FAILURE - fi - # Prefer using a static library (so that no silly _DYNAMIC symbols - # are required to link). - if test -n "$old_library"; then - newdlprefiles="$newdlprefiles $dir/$old_library" - # Otherwise, use the dlname, so that lt_dlopen finds it. - elif test -n "$dlname"; then - newdlprefiles="$newdlprefiles $dir/$dlname" - else - newdlprefiles="$newdlprefiles $dir/$linklib" - fi - fi # $pass = dlpreopen - if test -z "$libdir"; then - # Link the convenience library - if test "$linkmode" = lib; then - deplibs="$dir/$old_library $deplibs" - elif test "$linkmode,$pass" = "prog,link"; then - compile_deplibs="$dir/$old_library $compile_deplibs" - finalize_deplibs="$dir/$old_library $finalize_deplibs" - else - deplibs="$lib $deplibs" # used for prog,scan pass +# func_mode_install arg... +func_mode_install () +{ + $opt_debug + # There may be an optional sh(1) argument at the beginning of + # install_prog (especially on Windows NT). + if test "$nonopt" = "$SHELL" || test "$nonopt" = /bin/sh || + # Allow the use of GNU shtool's install command. + case $nonopt in *shtool*) :;; *) false;; esac; then + # Aesthetically quote it. + func_quote_for_eval "$nonopt" + install_prog="$func_quote_for_eval_result " + arg=$1 + shift + else + install_prog= + arg=$nonopt + fi + + # The real first argument should be the name of the installation program. + # Aesthetically quote it. + func_quote_for_eval "$arg" + func_append install_prog "$func_quote_for_eval_result" + install_shared_prog=$install_prog + case " $install_prog " in + *[\\\ /]cp\ *) install_cp=: ;; + *) install_cp=false ;; + esac + + # We need to accept at least all the BSD install flags. + dest= + files= + opts= + prev= + install_type= + isdir=no + stripme= + no_mode=: + for arg + do + arg2= + if test -n "$dest"; then + func_append files " $dest" + dest=$arg + continue + fi + + case $arg in + -d) isdir=yes ;; + -f) + if $install_cp; then :; else + prev=$arg + fi + ;; + -g | -m | -o) + prev=$arg + ;; + -s) + stripme=" -s" + continue + ;; + -*) + ;; + *) + # If the previous option needed an argument, then skip it. + if test -n "$prev"; then + if test "x$prev" = x-m && test -n "$install_override_mode"; then + arg2=$install_override_mode + no_mode=false fi + prev= + else + dest=$arg continue fi + ;; + esac + # Aesthetically quote the argument. + func_quote_for_eval "$arg" + func_append install_prog " $func_quote_for_eval_result" + if test -n "$arg2"; then + func_quote_for_eval "$arg2" + fi + func_append install_shared_prog " $func_quote_for_eval_result" + done - if test "$linkmode" = prog && test "$pass" != link; then - newlib_search_path="$newlib_search_path $ladir" - deplibs="$lib $deplibs" + test -z "$install_prog" && \ + func_fatal_help "you must specify an install program" - linkalldeplibs=no - if test "$link_all_deplibs" != no || test -z "$library_names" || - test "$build_libtool_libs" = no; then - linkalldeplibs=yes - fi + test -n "$prev" && \ + func_fatal_help "the \`$prev' option requires an argument" - tmp_libs= - for deplib in $dependency_libs; do - case $deplib in - -L*) newlib_search_path="$newlib_search_path "`$echo "X$deplib" | $Xsed -e 's/^-L//'`;; ### testsuite: skip nested quoting test - esac - # Need to link against all dependency_libs? - if test "$linkalldeplibs" = yes; then - deplibs="$deplib $deplibs" - else - # Need to hardcode shared library paths - # or/and link against static libraries - newdependency_libs="$deplib $newdependency_libs" - fi - if test "X$duplicate_deps" = "Xyes" ; then - case "$tmp_libs " in - *" $deplib "*) specialdeplibs="$specialdeplibs $deplib" ;; - esac - fi - tmp_libs="$tmp_libs $deplib" - done # for deplib - continue - fi # $linkmode = prog... + if test -n "$install_override_mode" && $no_mode; then + if $install_cp; then :; else + func_quote_for_eval "$install_override_mode" + func_append install_shared_prog " -m $func_quote_for_eval_result" + fi + fi - if test "$linkmode,$pass" = "prog,link"; then - if test -n "$library_names" && - { { test "$prefer_static_libs" = no || - test "$prefer_static_libs,$installed" = "built,yes"; } || - test -z "$old_library"; }; then - # We need to hardcode the library path - if test -n "$shlibpath_var" && test -z "$avoidtemprpath" ; then - # Make sure the rpath contains only unique directories. - case "$temp_rpath " in - *" $dir "*) ;; - *" $absdir "*) ;; - *) temp_rpath="$temp_rpath $absdir" ;; - esac - fi + if test -z "$files"; then + if test -z "$dest"; then + func_fatal_help "no file or destination specified" + else + func_fatal_help "you must specify a destination" + fi + fi - # Hardcode the library path. - # Skip directories that are in the system default run-time - # search path. - case " $sys_lib_dlsearch_path " in - *" $absdir "*) ;; - *) - case "$compile_rpath " in - *" $absdir "*) ;; - *) compile_rpath="$compile_rpath $absdir" - esac - ;; - esac - case " $sys_lib_dlsearch_path " in - *" $libdir "*) ;; - *) - case "$finalize_rpath " in - *" $libdir "*) ;; - *) finalize_rpath="$finalize_rpath $libdir" - esac - ;; - esac - fi # $linkmode,$pass = prog,link... + # Strip any trailing slash from the destination. + func_stripname '' '/' "$dest" + dest=$func_stripname_result - if test "$alldeplibs" = yes && - { test "$deplibs_check_method" = pass_all || - { test "$build_libtool_libs" = yes && - test -n "$library_names"; }; }; then - # We only need to search for static libraries - continue - fi - fi + # Check to see that the destination is a directory. + test -d "$dest" && isdir=yes + if test "$isdir" = yes; then + destdir="$dest" + destname= + else + func_dirname_and_basename "$dest" "" "." + destdir="$func_dirname_result" + destname="$func_basename_result" - link_static=no # Whether the deplib will be linked statically - use_static_libs=$prefer_static_libs - if test "$use_static_libs" = built && test "$installed" = yes ; then - use_static_libs=no - fi - if test -n "$library_names" && - { test "$use_static_libs" = no || test -z "$old_library"; }; then - if test "$installed" = no; then - notinst_deplibs="$notinst_deplibs $lib" - need_relink=yes - fi - # This is a shared library + # Not a directory, so check to see that there is only one file specified. + set dummy $files; shift + test "$#" -gt 1 && \ + func_fatal_help "\`$dest' is not a directory" + fi + case $destdir in + [\\/]* | [A-Za-z]:[\\/]*) ;; + *) + for file in $files; do + case $file in + *.lo) ;; + *) + func_fatal_help "\`$destdir' must be an absolute directory name" + ;; + esac + done + ;; + esac - # Warn about portability, can't link against -module's on - # some systems (darwin) - if test "$shouldnotlink" = yes && test "$pass" = link ; then - $echo - if test "$linkmode" = prog; then - $echo "*** Warning: Linking the executable $output against the loadable module" - else - $echo "*** Warning: Linking the shared library $output against the loadable module" - fi - $echo "*** $linklib is not portable!" - fi - if test "$linkmode" = lib && - test "$hardcode_into_libs" = yes; then - # Hardcode the library path. - # Skip directories that are in the system default run-time - # search path. - case " $sys_lib_dlsearch_path " in - *" $absdir "*) ;; - *) - case "$compile_rpath " in - *" $absdir "*) ;; - *) compile_rpath="$compile_rpath $absdir" - esac - ;; - esac - case " $sys_lib_dlsearch_path " in - *" $libdir "*) ;; - *) - case "$finalize_rpath " in - *" $libdir "*) ;; - *) finalize_rpath="$finalize_rpath $libdir" - esac - ;; - esac - fi + # This variable tells wrapper scripts just to set variables rather + # than running their programs. + libtool_install_magic="$magic" - if test -n "$old_archive_from_expsyms_cmds"; then - # figure out the soname - set dummy $library_names - realname="$2" - shift; shift - libname=`eval \\$echo \"$libname_spec\"` - # use dlname if we got it. it's perfectly good, no? - if test -n "$dlname"; then - soname="$dlname" - elif test -n "$soname_spec"; then - # bleh windows - case $host in - *cygwin* | mingw*) - major=`expr $current - $age` - versuffix="-$major" - ;; - esac - eval soname=\"$soname_spec\" - else - soname="$realname" - fi + staticlibs= + future_libdirs= + current_libdirs= + for file in $files; do - # Make a new name for the extract_expsyms_cmds to use - soroot="$soname" - soname=`$echo $soroot | ${SED} -e 's/^.*\///'` - newlib="libimp-`$echo $soname | ${SED} 's/^lib//;s/\.dll$//'`.a" + # Do each installation. + case $file in + *.$libext) + # Do the static libraries later. + func_append staticlibs " $file" + ;; - # If the library has no export list, then create one now - if test -f "$output_objdir/$soname-def"; then : - else - $show "extracting exported symbol list from \`$soname'" - save_ifs="$IFS"; IFS='~' - cmds=$extract_expsyms_cmds - for cmd in $cmds; do - IFS="$save_ifs" - eval cmd=\"$cmd\" - $show "$cmd" - $run eval "$cmd" || exit $? - done - IFS="$save_ifs" - fi + *.la) + func_resolve_sysroot "$file" + file=$func_resolve_sysroot_result - # Create $newlib - if test -f "$output_objdir/$newlib"; then :; else - $show "generating import library for \`$soname'" - save_ifs="$IFS"; IFS='~' - cmds=$old_archive_from_expsyms_cmds - for cmd in $cmds; do - IFS="$save_ifs" - eval cmd=\"$cmd\" - $show "$cmd" - $run eval "$cmd" || exit $? - done - IFS="$save_ifs" - fi - # make sure the library variables are pointing to the new library - dir=$output_objdir - linklib=$newlib - fi # test -n "$old_archive_from_expsyms_cmds" + # Check to see that this really is a libtool archive. + func_lalib_unsafe_p "$file" \ + || func_fatal_help "\`$file' is not a valid libtool archive" - if test "$linkmode" = prog || test "$mode" != relink; then - add_shlibpath= - add_dir= - add= - lib_linked=yes - case $hardcode_action in - immediate | unsupported) - if test "$hardcode_direct" = no; then - add="$dir/$linklib" - case $host in - *-*-sco3.2v5.0.[024]*) add_dir="-L$dir" ;; - *-*-sysv4*uw2*) add_dir="-L$dir" ;; - *-*-sysv5OpenUNIX* | *-*-sysv5UnixWare7.[01].[10]* | \ - *-*-unixware7*) add_dir="-L$dir" ;; - *-*-darwin* ) - # if the lib is a module then we can not link against - # it, someone is ignoring the new warnings I added - if /usr/bin/file -L $add 2> /dev/null | - $EGREP ": [^:]* bundle" >/dev/null ; then - $echo "** Warning, lib $linklib is a module, not a shared library" - if test -z "$old_library" ; then - $echo - $echo "** And there doesn't seem to be a static archive available" - $echo "** The link will probably fail, sorry" - else - add="$dir/$old_library" - fi - fi - esac - elif test "$hardcode_minus_L" = no; then - case $host in - *-*-sunos*) add_shlibpath="$dir" ;; - esac - add_dir="-L$dir" - add="-l$name" - elif test "$hardcode_shlibpath_var" = no; then - add_shlibpath="$dir" - add="-l$name" - else - lib_linked=no - fi - ;; - relink) - if test "$hardcode_direct" = yes; then - add="$dir/$linklib" - elif test "$hardcode_minus_L" = yes; then - add_dir="-L$dir" - # Try looking first in the location we're being installed to. - if test -n "$inst_prefix_dir"; then - case $libdir in - [\\/]*) - add_dir="$add_dir -L$inst_prefix_dir$libdir" - ;; - esac - fi - add="-l$name" - elif test "$hardcode_shlibpath_var" = yes; then - add_shlibpath="$dir" - add="-l$name" - else - lib_linked=no - fi - ;; - *) lib_linked=no ;; - esac + library_names= + old_library= + relink_command= + func_source "$file" - if test "$lib_linked" != yes; then - $echo "$modename: configuration error: unsupported hardcode properties" - exit $EXIT_FAILURE - fi + # Add the libdir to current_libdirs if it is the destination. + if test "X$destdir" = "X$libdir"; then + case "$current_libdirs " in + *" $libdir "*) ;; + *) func_append current_libdirs " $libdir" ;; + esac + else + # Note the libdir as a future libdir. + case "$future_libdirs " in + *" $libdir "*) ;; + *) func_append future_libdirs " $libdir" ;; + esac + fi - if test -n "$add_shlibpath"; then - case :$compile_shlibpath: in - *":$add_shlibpath:"*) ;; - *) compile_shlibpath="$compile_shlibpath$add_shlibpath:" ;; - esac - fi - if test "$linkmode" = prog; then - test -n "$add_dir" && compile_deplibs="$add_dir $compile_deplibs" - test -n "$add" && compile_deplibs="$add $compile_deplibs" - else - test -n "$add_dir" && deplibs="$add_dir $deplibs" - test -n "$add" && deplibs="$add $deplibs" - if test "$hardcode_direct" != yes && \ - test "$hardcode_minus_L" != yes && \ - test "$hardcode_shlibpath_var" = yes; then - case :$finalize_shlibpath: in - *":$libdir:"*) ;; - *) finalize_shlibpath="$finalize_shlibpath$libdir:" ;; - esac - fi - fi - fi + func_dirname "$file" "/" "" + dir="$func_dirname_result" + func_append dir "$objdir" - if test "$linkmode" = prog || test "$mode" = relink; then - add_shlibpath= - add_dir= - add= - # Finalize command for both is simple: just hardcode it. - if test "$hardcode_direct" = yes; then - add="$libdir/$linklib" - elif test "$hardcode_minus_L" = yes; then - add_dir="-L$libdir" - add="-l$name" - elif test "$hardcode_shlibpath_var" = yes; then - case :$finalize_shlibpath: in - *":$libdir:"*) ;; - *) finalize_shlibpath="$finalize_shlibpath$libdir:" ;; - esac - add="-l$name" - elif test "$hardcode_automatic" = yes; then - if test -n "$inst_prefix_dir" && - test -f "$inst_prefix_dir$libdir/$linklib" ; then - add="$inst_prefix_dir$libdir/$linklib" - else - add="$libdir/$linklib" - fi - else - # We cannot seem to hardcode it, guess we'll fake it. - add_dir="-L$libdir" - # Try looking first in the location we're being installed to. - if test -n "$inst_prefix_dir"; then - case $libdir in - [\\/]*) - add_dir="$add_dir -L$inst_prefix_dir$libdir" - ;; - esac - fi - add="-l$name" - fi + if test -n "$relink_command"; then + # Determine the prefix the user has applied to our future dir. + inst_prefix_dir=`$ECHO "$destdir" | $SED -e "s%$libdir\$%%"` - if test "$linkmode" = prog; then - test -n "$add_dir" && finalize_deplibs="$add_dir $finalize_deplibs" - test -n "$add" && finalize_deplibs="$add $finalize_deplibs" - else - test -n "$add_dir" && deplibs="$add_dir $deplibs" - test -n "$add" && deplibs="$add $deplibs" - fi - fi - elif test "$linkmode" = prog; then - # Here we assume that one of hardcode_direct or hardcode_minus_L - # is not unsupported. This is valid on all known static and - # shared platforms. - if test "$hardcode_direct" != unsupported; then - test -n "$old_library" && linklib="$old_library" - compile_deplibs="$dir/$linklib $compile_deplibs" - finalize_deplibs="$dir/$linklib $finalize_deplibs" + # Don't allow the user to place us outside of our expected + # location b/c this prevents finding dependent libraries that + # are installed to the same prefix. + # At present, this check doesn't affect windows .dll's that + # are installed into $libdir/../bin (currently, that works fine) + # but it's something to keep an eye on. + test "$inst_prefix_dir" = "$destdir" && \ + func_fatal_error "error: cannot install \`$file' to a directory not ending in $libdir" + + if test -n "$inst_prefix_dir"; then + # Stick the inst_prefix_dir data into the link command. + relink_command=`$ECHO "$relink_command" | $SED "s%@inst_prefix_dir@%-inst-prefix-dir $inst_prefix_dir%"` else - compile_deplibs="-l$name -L$dir $compile_deplibs" - finalize_deplibs="-l$name -L$dir $finalize_deplibs" + relink_command=`$ECHO "$relink_command" | $SED "s%@inst_prefix_dir@%%"` fi - elif test "$build_libtool_libs" = yes; then - # Not a shared library - if test "$deplibs_check_method" != pass_all; then - # We're trying link a shared library against a static one - # but the system doesn't support it. - # Just print a warning and add the library to dependency_libs so - # that the program can be linked against the static library. - $echo - $echo "*** Warning: This system can not link to static lib archive $lib." - $echo "*** I have the capability to make that library automatically link in when" - $echo "*** you link to this library. But I can only do this if you have a" - $echo "*** shared version of the library, which you do not appear to have." - if test "$module" = yes; then - $echo "*** But as you try to build a module library, libtool will still create " - $echo "*** a static module, that should work as long as the dlopening application" - $echo "*** is linked with the -dlopen flag to resolve symbols at runtime." - if test -z "$global_symbol_pipe"; then - $echo - $echo "*** However, this would only work if libtool was able to extract symbol" - $echo "*** lists from a program, using \`nm' or equivalent, but libtool could" - $echo "*** not find such a program. So, this module is probably useless." - $echo "*** \`nm' from GNU binutils and a full rebuild may help." - fi - if test "$build_old_libs" = no; then - build_libtool_libs=module - build_old_libs=yes - else - build_libtool_libs=no - fi - fi - else - deplibs="$dir/$old_library $deplibs" - link_static=yes + func_warning "relinking \`$file'" + func_show_eval "$relink_command" \ + 'func_fatal_error "error: relink \`$file'\'' with the above command before installing it"' + fi + + # See the names of the shared library. + set dummy $library_names; shift + if test -n "$1"; then + realname="$1" + shift + + srcname="$realname" + test -n "$relink_command" && srcname="$realname"T + + # Install the shared library and build the symlinks. + func_show_eval "$install_shared_prog $dir/$srcname $destdir/$realname" \ + 'exit $?' + tstripme="$stripme" + case $host_os in + cygwin* | mingw* | pw32* | cegcc*) + case $realname in + *.dll.a) + tstripme="" + ;; + esac + ;; + esac + if test -n "$tstripme" && test -n "$striplib"; then + func_show_eval "$striplib $destdir/$realname" 'exit $?' fi - fi # link shared/static library? - if test "$linkmode" = lib; then - if test -n "$dependency_libs" && - { test "$hardcode_into_libs" != yes || - test "$build_old_libs" = yes || - test "$link_static" = yes; }; then - # Extract -R from dependency_libs - temp_deplibs= - for libdir in $dependency_libs; do - case $libdir in - -R*) temp_xrpath=`$echo "X$libdir" | $Xsed -e 's/^-R//'` - case " $xrpath " in - *" $temp_xrpath "*) ;; - *) xrpath="$xrpath $temp_xrpath";; - esac;; - *) temp_deplibs="$temp_deplibs $libdir";; - esac + if test "$#" -gt 0; then + # Delete the old symlinks, and create new ones. + # Try `ln -sf' first, because the `ln' binary might depend on + # the symlink we replace! Solaris /bin/ln does not understand -f, + # so we also need to try rm && ln -s. + for linkname + do + test "$linkname" != "$realname" \ + && func_show_eval "(cd $destdir && { $LN_S -f $realname $linkname || { $RM $linkname && $LN_S $realname $linkname; }; })" done - dependency_libs="$temp_deplibs" fi - newlib_search_path="$newlib_search_path $absdir" - # Link against this library - test "$link_static" = no && newdependency_libs="$abs_ladir/$laname $newdependency_libs" - # ... and its dependency_libs - tmp_libs= - for deplib in $dependency_libs; do - newdependency_libs="$deplib $newdependency_libs" - if test "X$duplicate_deps" = "Xyes" ; then - case "$tmp_libs " in - *" $deplib "*) specialdeplibs="$specialdeplibs $deplib" ;; - esac - fi - tmp_libs="$tmp_libs $deplib" - done + # Do each command in the postinstall commands. + lib="$destdir/$realname" + func_execute_cmds "$postinstall_cmds" 'exit $?' + fi - if test "$link_all_deplibs" != no; then - # Add the search paths of all dependency libraries - for deplib in $dependency_libs; do - case $deplib in - -L*) path="$deplib" ;; - *.la) - dir=`$echo "X$deplib" | $Xsed -e 's%/[^/]*$%%'` - test "X$dir" = "X$deplib" && dir="." - # We need an absolute path. - case $dir in - [\\/]* | [A-Za-z]:[\\/]*) absdir="$dir" ;; - *) - absdir=`cd "$dir" && pwd` - if test -z "$absdir"; then - $echo "$modename: warning: cannot determine absolute directory name of \`$dir'" 1>&2 - absdir="$dir" - fi - ;; - esac - if grep "^installed=no" $deplib > /dev/null; then - path="$absdir/$objdir" - else - eval libdir=`${SED} -n -e 's/^libdir=\(.*\)$/\1/p' $deplib` - if test -z "$libdir"; then - $echo "$modename: \`$deplib' is not a valid libtool archive" 1>&2 - exit $EXIT_FAILURE - fi - if test "$absdir" != "$libdir"; then - $echo "$modename: warning: \`$deplib' seems to be moved" 1>&2 - fi - path="$absdir" - fi - depdepl= - case $host in - *-*-darwin*) - # we do not want to link against static libs, - # but need to link against shared - eval deplibrary_names=`${SED} -n -e 's/^library_names=\(.*\)$/\1/p' $deplib` - eval deplibdir=`${SED} -n -e 's/^libdir=\(.*\)$/\1/p' $deplib` - if test -n "$deplibrary_names" ; then - for tmp in $deplibrary_names ; do - depdepl=$tmp - done - if test -f "$deplibdir/$depdepl" ; then - depdepl="$deplibdir/$depdepl" - elif test -f "$path/$depdepl" ; then - depdepl="$path/$depdepl" - else - # Can't find it, oh well... - depdepl= - fi - # do not add paths which are already there - case " $newlib_search_path " in - *" $path "*) ;; - *) newlib_search_path="$newlib_search_path $path";; - esac - fi - path="" - ;; - *) - path="-L$path" - ;; - esac - ;; - -l*) - case $host in - *-*-darwin*) - # Again, we only want to link against shared libraries - eval tmp_libs=`$echo "X$deplib" | $Xsed -e "s,^\-l,,"` - for tmp in $newlib_search_path ; do - if test -f "$tmp/lib$tmp_libs.dylib" ; then - eval depdepl="$tmp/lib$tmp_libs.dylib" - break - fi - done - path="" - ;; - *) continue ;; - esac - ;; - *) continue ;; - esac - case " $deplibs " in - *" $path "*) ;; - *) deplibs="$path $deplibs" ;; - esac - case " $deplibs " in - *" $depdepl "*) ;; - *) deplibs="$depdepl $deplibs" ;; - esac - done - fi # link_all_deplibs != no - fi # linkmode = lib - done # for deplib in $libs - dependency_libs="$newdependency_libs" - if test "$pass" = dlpreopen; then - # Link the dlpreopened libraries before other libraries - for deplib in $save_deplibs; do - deplibs="$deplib $deplibs" - done - fi - if test "$pass" != dlopen; then - if test "$pass" != conv; then - # Make sure lib_search_path contains only unique directories. - lib_search_path= - for dir in $newlib_search_path; do - case "$lib_search_path " in - *" $dir "*) ;; - *) lib_search_path="$lib_search_path $dir" ;; - esac - done - newlib_search_path= - fi + # Install the pseudo-library for information purposes. + func_basename "$file" + name="$func_basename_result" + instname="$dir/$name"i + func_show_eval "$install_prog $instname $destdir/$name" 'exit $?' - if test "$linkmode,$pass" != "prog,link"; then - vars="deplibs" + # Maybe install the static library, too. + test -n "$old_library" && func_append staticlibs " $dir/$old_library" + ;; + + *.lo) + # Install (i.e. copy) a libtool object. + + # Figure out destination file name, if it wasn't already specified. + if test -n "$destname"; then + destfile="$destdir/$destname" else - vars="compile_deplibs finalize_deplibs" + func_basename "$file" + destfile="$func_basename_result" + destfile="$destdir/$destfile" fi - for var in $vars dependency_libs; do - # Add libraries to $var in reverse order - eval tmp_libs=\"\$$var\" - new_libs= - for deplib in $tmp_libs; do - # FIXME: Pedantically, this is the right thing to do, so - # that some nasty dependency loop isn't accidentally - # broken: - #new_libs="$deplib $new_libs" - # Pragmatically, this seems to cause very few problems in - # practice: - case $deplib in - -L*) new_libs="$deplib $new_libs" ;; - -R*) ;; - *) - # And here is the reason: when a library appears more - # than once as an explicit dependence of a library, or - # is implicitly linked in more than once by the - # compiler, it is considered special, and multiple - # occurrences thereof are not removed. Compare this - # with having the same library being listed as a - # dependency of multiple other libraries: in this case, - # we know (pedantically, we assume) the library does not - # need to be listed more than once, so we keep only the - # last copy. This is not always right, but it is rare - # enough that we require users that really mean to play - # such unportable linking tricks to link the library - # using -Wl,-lname, so that libtool does not consider it - # for duplicate removal. - case " $specialdeplibs " in - *" $deplib "*) new_libs="$deplib $new_libs" ;; - *) - case " $new_libs " in - *" $deplib "*) ;; - *) new_libs="$deplib $new_libs" ;; - esac - ;; - esac - ;; - esac - done - tmp_libs= - for deplib in $new_libs; do - case $deplib in - -L*) - case " $tmp_libs " in - *" $deplib "*) ;; - *) tmp_libs="$tmp_libs $deplib" ;; - esac - ;; - *) tmp_libs="$tmp_libs $deplib" ;; - esac - done - eval $var=\"$tmp_libs\" - done # for var - fi - # Last step: remove runtime libs from dependency_libs - # (they stay in deplibs) - tmp_libs= - for i in $dependency_libs ; do - case " $predeps $postdeps $compiler_lib_search_path " in - *" $i "*) - i="" + + # Deduce the name of the destination old-style object file. + case $destfile in + *.lo) + func_lo2o "$destfile" + staticdest=$func_lo2o_result + ;; + *.$objext) + staticdest="$destfile" + destfile= + ;; + *) + func_fatal_help "cannot copy a libtool object to \`$destfile'" ;; esac - if test -n "$i" ; then - tmp_libs="$tmp_libs $i" - fi - done - dependency_libs=$tmp_libs - done # for pass - if test "$linkmode" = prog; then - dlfiles="$newdlfiles" - dlprefiles="$newdlprefiles" - fi - case $linkmode in - oldlib) - case " $deplibs" in - *\ -l* | *\ -L*) - $echo "$modename: warning: \`-l' and \`-L' are ignored for archives" 1>&2 ;; - esac + # Install the libtool object if requested. + test -n "$destfile" && \ + func_show_eval "$install_prog $file $destfile" 'exit $?' - if test -n "$dlfiles$dlprefiles" || test "$dlself" != no; then - $echo "$modename: warning: \`-dlopen' is ignored for archives" 1>&2 - fi + # Install the old object if enabled. + if test "$build_old_libs" = yes; then + # Deduce the name of the old-style object file. + func_lo2o "$file" + staticobj=$func_lo2o_result + func_show_eval "$install_prog \$staticobj \$staticdest" 'exit $?' + fi + exit $EXIT_SUCCESS + ;; - if test -n "$rpath"; then - $echo "$modename: warning: \`-rpath' is ignored for archives" 1>&2 - fi + *) + # Figure out destination file name, if it wasn't already specified. + if test -n "$destname"; then + destfile="$destdir/$destname" + else + func_basename "$file" + destfile="$func_basename_result" + destfile="$destdir/$destfile" + fi - if test -n "$xrpath"; then - $echo "$modename: warning: \`-R' is ignored for archives" 1>&2 - fi + # If the file is missing, and there is a .exe on the end, strip it + # because it is most likely a libtool script we actually want to + # install + stripped_ext="" + case $file in + *.exe) + if test ! -f "$file"; then + func_stripname '' '.exe' "$file" + file=$func_stripname_result + stripped_ext=".exe" + fi + ;; + esac - if test -n "$vinfo"; then - $echo "$modename: warning: \`-version-info/-version-number' is ignored for archives" 1>&2 - fi + # Do a test to see if this is really a libtool program. + case $host in + *cygwin* | *mingw*) + if func_ltwrapper_executable_p "$file"; then + func_ltwrapper_scriptname "$file" + wrapper=$func_ltwrapper_scriptname_result + else + func_stripname '' '.exe' "$file" + wrapper=$func_stripname_result + fi + ;; + *) + wrapper=$file + ;; + esac + if func_ltwrapper_script_p "$wrapper"; then + notinst_deplibs= + relink_command= - if test -n "$release"; then - $echo "$modename: warning: \`-release' is ignored for archives" 1>&2 - fi + func_source "$wrapper" - if test -n "$export_symbols" || test -n "$export_symbols_regex"; then - $echo "$modename: warning: \`-export-symbols' is ignored for archives" 1>&2 - fi + # Check the variables that should have been set. + test -z "$generated_by_libtool_version" && \ + func_fatal_error "invalid libtool wrapper script \`$wrapper'" - # Now set the variables for building old libraries. - build_libtool_libs=no - oldlibs="$output" - objs="$objs$old_deplibs" - ;; + finalize=yes + for lib in $notinst_deplibs; do + # Check to see that each library is installed. + libdir= + if test -f "$lib"; then + func_source "$lib" + fi + libfile="$libdir/"`$ECHO "$lib" | $SED 's%^.*/%%g'` ### testsuite: skip nested quoting test + if test -n "$libdir" && test ! -f "$libfile"; then + func_warning "\`$lib' has not been installed in \`$libdir'" + finalize=no + fi + done - lib) - # Make sure we only generate libraries of the form `libNAME.la'. - case $outputname in - lib*) - name=`$echo "X$outputname" | $Xsed -e 's/\.la$//' -e 's/^lib//'` - eval shared_ext=\"$shrext_cmds\" - eval libname=\"$libname_spec\" - ;; - *) - if test "$module" = no; then - $echo "$modename: libtool library \`$output' must begin with \`lib'" 1>&2 - $echo "$help" 1>&2 - exit $EXIT_FAILURE + relink_command= + func_source "$wrapper" + + outputname= + if test "$fast_install" = no && test -n "$relink_command"; then + $opt_dry_run || { + if test "$finalize" = yes; then + tmpdir=`func_mktempdir` + func_basename "$file$stripped_ext" + file="$func_basename_result" + outputname="$tmpdir/$file" + # Replace the output file specification. + relink_command=`$ECHO "$relink_command" | $SED 's%@OUTPUT@%'"$outputname"'%g'` + + $opt_silent || { + func_quote_for_expand "$relink_command" + eval "func_echo $func_quote_for_expand_result" + } + if eval "$relink_command"; then : + else + func_error "error: relink \`$file' with the above command before installing it" + $opt_dry_run || ${RM}r "$tmpdir" + continue + fi + file="$outputname" + else + func_warning "cannot relink \`$file'" + fi + } + else + # Install the binary that we compiled earlier. + file=`$ECHO "$file$stripped_ext" | $SED "s%\([^/]*\)$%$objdir/\1%"` + fi fi - if test "$need_lib_prefix" != no; then - # Add the "lib" prefix for modules if required - name=`$echo "X$outputname" | $Xsed -e 's/\.la$//'` - eval shared_ext=\"$shrext_cmds\" - eval libname=\"$libname_spec\" - else - libname=`$echo "X$outputname" | $Xsed -e 's/\.la$//'` + + # remove .exe since cygwin /usr/bin/install will append another + # one anyway + case $install_prog,$host in + */usr/bin/install*,*cygwin*) + case $file:$destfile in + *.exe:*.exe) + # this is ok + ;; + *.exe:*) + destfile=$destfile.exe + ;; + *:*.exe) + func_stripname '' '.exe' "$destfile" + destfile=$func_stripname_result + ;; + esac + ;; + esac + func_show_eval "$install_prog\$stripme \$file \$destfile" 'exit $?' + $opt_dry_run || if test -n "$outputname"; then + ${RM}r "$tmpdir" fi ;; esac + done - if test -n "$objs"; then - if test "$deplibs_check_method" != pass_all; then - $echo "$modename: cannot build libtool library \`$output' from non-libtool objects on this host:$objs" 2>&1 - exit $EXIT_FAILURE - else - $echo - $echo "*** Warning: Linking the shared library $output against the non-libtool" - $echo "*** objects $objs is not portable!" - libobjs="$libobjs $objs" - fi - fi + for file in $staticlibs; do + func_basename "$file" + name="$func_basename_result" - if test "$dlself" != no; then - $echo "$modename: warning: \`-dlopen self' is ignored for libtool libraries" 1>&2 - fi + # Set up the ranlib parameters. + oldlib="$destdir/$name" - set dummy $rpath - if test "$#" -gt 2; then - $echo "$modename: warning: ignoring multiple \`-rpath's for a libtool library" 1>&2 + func_show_eval "$install_prog \$file \$oldlib" 'exit $?' + + if test -n "$stripme" && test -n "$old_striplib"; then + func_show_eval "$old_striplib $oldlib" 'exit $?' fi - install_libdir="$2" - oldlibs= - if test -z "$rpath"; then - if test "$build_libtool_libs" = yes; then - # Building a libtool convenience library. - # Some compilers have problems with a `.al' extension so - # convenience libraries should have the same extension an - # archive normally would. - oldlibs="$output_objdir/$libname.$libext $oldlibs" - build_libtool_libs=convenience - build_old_libs=yes - fi + # Do each command in the postinstall commands. + func_execute_cmds "$old_postinstall_cmds" 'exit $?' + done - if test -n "$vinfo"; then - $echo "$modename: warning: \`-version-info/-version-number' is ignored for convenience libraries" 1>&2 - fi + test -n "$future_libdirs" && \ + func_warning "remember to run \`$progname --finish$future_libdirs'" - if test -n "$release"; then - $echo "$modename: warning: \`-release' is ignored for convenience libraries" 1>&2 - fi - else + if test -n "$current_libdirs"; then + # Maybe just do a dry run. + $opt_dry_run && current_libdirs=" -n$current_libdirs" + exec_cmd='$SHELL $progpath $preserve_args --finish$current_libdirs' + else + exit $EXIT_SUCCESS + fi +} - # Parse the version information argument. - save_ifs="$IFS"; IFS=':' - set dummy $vinfo 0 0 0 - IFS="$save_ifs" +test "$opt_mode" = install && func_mode_install ${1+"$@"} - if test -n "$8"; then - $echo "$modename: too many parameters to \`-version-info'" 1>&2 - $echo "$help" 1>&2 - exit $EXIT_FAILURE - fi - # convert absolute version numbers to libtool ages - # this retains compatibility with .la files and attempts - # to make the code below a bit more comprehensible +# func_generate_dlsyms outputname originator pic_p +# Extract symbols from dlprefiles and create ${outputname}S.o with +# a dlpreopen symbol table. +func_generate_dlsyms () +{ + $opt_debug + my_outputname="$1" + my_originator="$2" + my_pic_p="${3-no}" + my_prefix=`$ECHO "$my_originator" | sed 's%[^a-zA-Z0-9]%_%g'` + my_dlsyms= + + if test -n "$dlfiles$dlprefiles" || test "$dlself" != no; then + if test -n "$NM" && test -n "$global_symbol_pipe"; then + my_dlsyms="${my_outputname}S.c" + else + func_error "not configured to extract global symbols from dlpreopened files" + fi + fi - case $vinfo_number in - yes) - number_major="$2" - number_minor="$3" - number_revision="$4" - # - # There are really only two kinds -- those that - # use the current revision as the major version - # and those that subtract age and use age as - # a minor version. But, then there is irix - # which has an extra 1 added just for fun - # - case $version_type in - darwin|linux|osf|windows|none) - current=`expr $number_major + $number_minor` - age="$number_minor" - revision="$number_revision" - ;; - freebsd-aout|freebsd-elf|sunos) - current="$number_major" - revision="$number_minor" - age="0" - ;; - irix|nonstopux) - current=`expr $number_major + $number_minor` - age="$number_minor" - revision="$number_minor" - lt_irix_increment=no - ;; - esac - ;; - no) - current="$2" - revision="$3" - age="$4" - ;; - esac + if test -n "$my_dlsyms"; then + case $my_dlsyms in + "") ;; + *.c) + # Discover the nlist of each of the dlfiles. + nlist="$output_objdir/${my_outputname}.nm" - # Check that each of the things are valid numbers. - case $current in - 0|[1-9]|[1-9][0-9]|[1-9][0-9][0-9]|[1-9][0-9][0-9][0-9]|[1-9][0-9][0-9][0-9][0-9]) ;; - *) - $echo "$modename: CURRENT \`$current' must be a nonnegative integer" 1>&2 - $echo "$modename: \`$vinfo' is not valid version information" 1>&2 - exit $EXIT_FAILURE - ;; - esac + func_show_eval "$RM $nlist ${nlist}S ${nlist}T" - case $revision in - 0|[1-9]|[1-9][0-9]|[1-9][0-9][0-9]|[1-9][0-9][0-9][0-9]|[1-9][0-9][0-9][0-9][0-9]) ;; - *) - $echo "$modename: REVISION \`$revision' must be a nonnegative integer" 1>&2 - $echo "$modename: \`$vinfo' is not valid version information" 1>&2 - exit $EXIT_FAILURE - ;; - esac + # Parse the name list into a source file. + func_verbose "creating $output_objdir/$my_dlsyms" - case $age in - 0|[1-9]|[1-9][0-9]|[1-9][0-9][0-9]|[1-9][0-9][0-9][0-9]|[1-9][0-9][0-9][0-9][0-9]) ;; - *) - $echo "$modename: AGE \`$age' must be a nonnegative integer" 1>&2 - $echo "$modename: \`$vinfo' is not valid version information" 1>&2 - exit $EXIT_FAILURE - ;; - esac + $opt_dry_run || $ECHO > "$output_objdir/$my_dlsyms" "\ +/* $my_dlsyms - symbol resolution table for \`$my_outputname' dlsym emulation. */ +/* Generated by $PROGRAM (GNU $PACKAGE$TIMESTAMP) $VERSION */ - if test "$age" -gt "$current"; then - $echo "$modename: AGE \`$age' is greater than the current interface number \`$current'" 1>&2 - $echo "$modename: \`$vinfo' is not valid version information" 1>&2 - exit $EXIT_FAILURE - fi +#ifdef __cplusplus +extern \"C\" { +#endif - # Calculate the version variables. - major= - versuffix= - verstring= - case $version_type in - none) ;; +#if defined(__GNUC__) && (((__GNUC__ == 4) && (__GNUC_MINOR__ >= 4)) || (__GNUC__ > 4)) +#pragma GCC diagnostic ignored \"-Wstrict-prototypes\" +#endif - darwin) - # Like Linux, but with the current version available in - # verstring for coding it into the library header - major=.`expr $current - $age` - versuffix="$major.$age.$revision" - # Darwin ld doesn't like 0 for these options... - minor_current=`expr $current + 1` - xlcverstring="${wl}-compatibility_version ${wl}$minor_current ${wl}-current_version ${wl}$minor_current.$revision" - verstring="-compatibility_version $minor_current -current_version $minor_current.$revision" - ;; +/* Keep this code in sync between libtool.m4, ltmain, lt_system.h, and tests. */ +#if defined(_WIN32) || defined(__CYGWIN__) || defined(_WIN32_WCE) +/* DATA imports from DLLs on WIN32 con't be const, because runtime + relocations are performed -- see ld's documentation on pseudo-relocs. */ +# define LT_DLSYM_CONST +#elif defined(__osf__) +/* This system does not cope well with relocations in const data. */ +# define LT_DLSYM_CONST +#else +# define LT_DLSYM_CONST const +#endif - freebsd-aout) - major=".$current" - versuffix=".$current.$revision"; - ;; +/* External symbol declarations for the compiler. */\ +" - freebsd-elf) - major=".$current" - versuffix=".$current"; - ;; + if test "$dlself" = yes; then + func_verbose "generating symbol list for \`$output'" - irix | nonstopux) - if test "X$lt_irix_increment" = "Xno"; then - major=`expr $current - $age` - else - major=`expr $current - $age + 1` - fi - case $version_type in - nonstopux) verstring_prefix=nonstopux ;; - *) verstring_prefix=sgi ;; - esac - verstring="$verstring_prefix$major.$revision" + $opt_dry_run || echo ': @PROGRAM@ ' > "$nlist" - # Add in all the interfaces that we are compatible with. - loop=$revision - while test "$loop" -ne 0; do - iface=`expr $revision - $loop` - loop=`expr $loop - 1` - verstring="$verstring_prefix$major.$iface:$verstring" + # Add our own program objects to the symbol list. + progfiles=`$ECHO "$objs$old_deplibs" | $SP2NL | $SED "$lo2o" | $NL2SP` + for progfile in $progfiles; do + func_to_tool_file "$progfile" func_convert_file_msys_to_w32 + func_verbose "extracting global C symbols from \`$func_to_tool_file_result'" + $opt_dry_run || eval "$NM $func_to_tool_file_result | $global_symbol_pipe >> '$nlist'" done - # Before this point, $major must not contain `.'. - major=.$major - versuffix="$major.$revision" - ;; + if test -n "$exclude_expsyms"; then + $opt_dry_run || { + eval '$EGREP -v " ($exclude_expsyms)$" "$nlist" > "$nlist"T' + eval '$MV "$nlist"T "$nlist"' + } + fi - linux) - major=.`expr $current - $age` - versuffix="$major.$age.$revision" - ;; + if test -n "$export_symbols_regex"; then + $opt_dry_run || { + eval '$EGREP -e "$export_symbols_regex" "$nlist" > "$nlist"T' + eval '$MV "$nlist"T "$nlist"' + } + fi - osf) - major=.`expr $current - $age` - versuffix=".$current.$age.$revision" - verstring="$current.$age.$revision" + # Prepare the list of exported symbols + if test -z "$export_symbols"; then + export_symbols="$output_objdir/$outputname.exp" + $opt_dry_run || { + $RM $export_symbols + eval "${SED} -n -e '/^: @PROGRAM@ $/d' -e 's/^.* \(.*\)$/\1/p' "'< "$nlist" > "$export_symbols"' + case $host in + *cygwin* | *mingw* | *cegcc* ) + eval "echo EXPORTS "'> "$output_objdir/$outputname.def"' + eval 'cat "$export_symbols" >> "$output_objdir/$outputname.def"' + ;; + esac + } + else + $opt_dry_run || { + eval "${SED} -e 's/\([].[*^$]\)/\\\\\1/g' -e 's/^/ /' -e 's/$/$/'"' < "$export_symbols" > "$output_objdir/$outputname.exp"' + eval '$GREP -f "$output_objdir/$outputname.exp" < "$nlist" > "$nlist"T' + eval '$MV "$nlist"T "$nlist"' + case $host in + *cygwin* | *mingw* | *cegcc* ) + eval "echo EXPORTS "'> "$output_objdir/$outputname.def"' + eval 'cat "$nlist" >> "$output_objdir/$outputname.def"' + ;; + esac + } + fi + fi - # Add in all the interfaces that we are compatible with. - loop=$age - while test "$loop" -ne 0; do - iface=`expr $current - $loop` - loop=`expr $loop - 1` - verstring="$verstring:${iface}.0" - done + for dlprefile in $dlprefiles; do + func_verbose "extracting global C symbols from \`$dlprefile'" + func_basename "$dlprefile" + name="$func_basename_result" + case $host in + *cygwin* | *mingw* | *cegcc* ) + # if an import library, we need to obtain dlname + if func_win32_import_lib_p "$dlprefile"; then + func_tr_sh "$dlprefile" + eval "curr_lafile=\$libfile_$func_tr_sh_result" + dlprefile_dlbasename="" + if test -n "$curr_lafile" && func_lalib_p "$curr_lafile"; then + # Use subshell, to avoid clobbering current variable values + dlprefile_dlname=`source "$curr_lafile" && echo "$dlname"` + if test -n "$dlprefile_dlname" ; then + func_basename "$dlprefile_dlname" + dlprefile_dlbasename="$func_basename_result" + else + # no lafile. user explicitly requested -dlpreopen . + $sharedlib_from_linklib_cmd "$dlprefile" + dlprefile_dlbasename=$sharedlib_from_linklib_result + fi + fi + $opt_dry_run || { + if test -n "$dlprefile_dlbasename" ; then + eval '$ECHO ": $dlprefile_dlbasename" >> "$nlist"' + else + func_warning "Could not compute DLL name from $name" + eval '$ECHO ": $name " >> "$nlist"' + fi + func_to_tool_file "$dlprefile" func_convert_file_msys_to_w32 + eval "$NM \"$func_to_tool_file_result\" 2>/dev/null | $global_symbol_pipe | + $SED -e '/I __imp/d' -e 's/I __nm_/D /;s/_nm__//' >> '$nlist'" + } + else # not an import lib + $opt_dry_run || { + eval '$ECHO ": $name " >> "$nlist"' + func_to_tool_file "$dlprefile" func_convert_file_msys_to_w32 + eval "$NM \"$func_to_tool_file_result\" 2>/dev/null | $global_symbol_pipe >> '$nlist'" + } + fi + ;; + *) + $opt_dry_run || { + eval '$ECHO ": $name " >> "$nlist"' + func_to_tool_file "$dlprefile" func_convert_file_msys_to_w32 + eval "$NM \"$func_to_tool_file_result\" 2>/dev/null | $global_symbol_pipe >> '$nlist'" + } + ;; + esac + done - # Make executables depend on our current version. - verstring="$verstring:${current}.0" - ;; + $opt_dry_run || { + # Make sure we have at least an empty file. + test -f "$nlist" || : > "$nlist" + + if test -n "$exclude_expsyms"; then + $EGREP -v " ($exclude_expsyms)$" "$nlist" > "$nlist"T + $MV "$nlist"T "$nlist" + fi - sunos) - major=".$current" - versuffix=".$current.$revision" - ;; + # Try sorting and uniquifying the output. + if $GREP -v "^: " < "$nlist" | + if sort -k 3 /dev/null 2>&1; then + sort -k 3 + else + sort +2 + fi | + uniq > "$nlist"S; then + : + else + $GREP -v "^: " < "$nlist" > "$nlist"S + fi - windows) - # Use '-' rather than '.', since we only want one - # extension on DOS 8.3 filesystems. - major=`expr $current - $age` - versuffix="-$major" - ;; + if test -f "$nlist"S; then + eval "$global_symbol_to_cdecl"' < "$nlist"S >> "$output_objdir/$my_dlsyms"' + else + echo '/* NONE */' >> "$output_objdir/$my_dlsyms" + fi - *) - $echo "$modename: unknown library version type \`$version_type'" 1>&2 - $echo "Fatal configuration error. See the $PACKAGE docs for more information." 1>&2 - exit $EXIT_FAILURE - ;; - esac + echo >> "$output_objdir/$my_dlsyms" "\ - # Clear the version info if we defaulted, and they specified a release. - if test -z "$vinfo" && test -n "$release"; then - major= - case $version_type in - darwin) - # we can't check for "0.0" in archive_cmds due to quoting - # problems, so we reset it completely - verstring= +/* The mapping between symbol names and symbols. */ +typedef struct { + const char *name; + void *address; +} lt_dlsymlist; +extern LT_DLSYM_CONST lt_dlsymlist +lt_${my_prefix}_LTX_preloaded_symbols[]; +LT_DLSYM_CONST lt_dlsymlist +lt_${my_prefix}_LTX_preloaded_symbols[] = +{\ + { \"$my_originator\", (void *) 0 }," + + case $need_lib_prefix in + no) + eval "$global_symbol_to_c_name_address" < "$nlist" >> "$output_objdir/$my_dlsyms" ;; *) - verstring="0.0" + eval "$global_symbol_to_c_name_address_lib_prefix" < "$nlist" >> "$output_objdir/$my_dlsyms" ;; esac - if test "$need_version" = no; then - versuffix= - else - versuffix=".0.0" - fi - fi + echo >> "$output_objdir/$my_dlsyms" "\ + {0, (void *) 0} +}; - # Remove version info from name if versioning should be avoided - if test "$avoid_version" = yes && test "$need_version" = no; then - major= - versuffix= - verstring="" - fi +/* This works around a problem in FreeBSD linker */ +#ifdef FREEBSD_WORKAROUND +static const void *lt_preloaded_setup() { + return lt_${my_prefix}_LTX_preloaded_symbols; +} +#endif - # Check to see if the archive will have undefined symbols. - if test "$allow_undefined" = yes; then - if test "$allow_undefined_flag" = unsupported; then - $echo "$modename: warning: undefined symbols not allowed in $host shared libraries" 1>&2 - build_libtool_libs=no - build_old_libs=yes - fi - else - # Don't allow undefined symbols. - allow_undefined_flag="$no_undefined_flag" - fi - fi +#ifdef __cplusplus +} +#endif\ +" + } # !$opt_dry_run - if test "$mode" != relink; then - # Remove our outputs, but don't remove object files since they - # may have been created when compiling PIC objects. - removelist= - tempremovelist=`$echo "$output_objdir/*"` - for p in $tempremovelist; do - case $p in - *.$objext) - ;; - $output_objdir/$outputname | $output_objdir/$libname.* | $output_objdir/${libname}${release}.*) - if test "X$precious_files_regex" != "X"; then - if echo $p | $EGREP -e "$precious_files_regex" >/dev/null 2>&1 - then - continue - fi - fi - removelist="$removelist $p" - ;; - *) ;; + pic_flag_for_symtable= + case "$compile_command " in + *" -static "*) ;; + *) + case $host in + # compiling the symbol table file with pic_flag works around + # a FreeBSD bug that causes programs to crash when -lm is + # linked before any other PIC object. But we must not use + # pic_flag when linking with -static. The problem exists in + # FreeBSD 2.2.6 and is fixed in FreeBSD 3.1. + *-*-freebsd2*|*-*-freebsd3.0*|*-*-freebsdelf3.0*) + pic_flag_for_symtable=" $pic_flag -DFREEBSD_WORKAROUND" ;; + *-*-hpux*) + pic_flag_for_symtable=" $pic_flag" ;; + *) + if test "X$my_pic_p" != Xno; then + pic_flag_for_symtable=" $pic_flag" + fi + ;; + esac + ;; + esac + symtab_cflags= + for arg in $LTCFLAGS; do + case $arg in + -pie | -fpie | -fPIE) ;; + *) func_append symtab_cflags " $arg" ;; esac done - if test -n "$removelist"; then - $show "${rm}r $removelist" - $run ${rm}r $removelist - fi - fi - # Now set the variables for building old libraries. - if test "$build_old_libs" = yes && test "$build_libtool_libs" != convenience ; then - oldlibs="$oldlibs $output_objdir/$libname.$libext" + # Now compile the dynamic symbol file. + func_show_eval '(cd $output_objdir && $LTCC$symtab_cflags -c$no_builtin_flag$pic_flag_for_symtable "$my_dlsyms")' 'exit $?' - # Transform .lo files to .o files. - oldobjs="$objs "`$echo "X$libobjs" | $SP2NL | $Xsed -e '/\.'${libext}'$/d' -e "$lo2o" | $NL2SP` - fi + # Clean up the generated files. + func_show_eval '$RM "$output_objdir/$my_dlsyms" "$nlist" "${nlist}S" "${nlist}T"' - # Eliminate all temporary directories. - #for path in $notinst_path; do - # lib_search_path=`$echo "$lib_search_path " | ${SED} -e "s% $path % %g"` - # deplibs=`$echo "$deplibs " | ${SED} -e "s% -L$path % %g"` - # dependency_libs=`$echo "$dependency_libs " | ${SED} -e "s% -L$path % %g"` - #done + # Transform the symbol file into the correct name. + symfileobj="$output_objdir/${my_outputname}S.$objext" + case $host in + *cygwin* | *mingw* | *cegcc* ) + if test -f "$output_objdir/$my_outputname.def"; then + compile_command=`$ECHO "$compile_command" | $SED "s%@SYMFILE@%$output_objdir/$my_outputname.def $symfileobj%"` + finalize_command=`$ECHO "$finalize_command" | $SED "s%@SYMFILE@%$output_objdir/$my_outputname.def $symfileobj%"` + else + compile_command=`$ECHO "$compile_command" | $SED "s%@SYMFILE@%$symfileobj%"` + finalize_command=`$ECHO "$finalize_command" | $SED "s%@SYMFILE@%$symfileobj%"` + fi + ;; + *) + compile_command=`$ECHO "$compile_command" | $SED "s%@SYMFILE@%$symfileobj%"` + finalize_command=`$ECHO "$finalize_command" | $SED "s%@SYMFILE@%$symfileobj%"` + ;; + esac + ;; + *) + func_fatal_error "unknown suffix for \`$my_dlsyms'" + ;; + esac + else + # We keep going just in case the user didn't refer to + # lt_preloaded_symbols. The linker will fail if global_symbol_pipe + # really was required. + + # Nullify the symbol file. + compile_command=`$ECHO "$compile_command" | $SED "s% @SYMFILE@%%"` + finalize_command=`$ECHO "$finalize_command" | $SED "s% @SYMFILE@%%"` + fi +} - if test -n "$xrpath"; then - # If the user specified any rpath flags, then add them. - temp_xrpath= - for libdir in $xrpath; do - temp_xrpath="$temp_xrpath -R$libdir" - case "$finalize_rpath " in - *" $libdir "*) ;; - *) finalize_rpath="$finalize_rpath $libdir" ;; - esac - done - if test "$hardcode_into_libs" != yes || test "$build_old_libs" = yes; then - dependency_libs="$temp_xrpath $dependency_libs" - fi - fi +# func_win32_libid arg +# return the library type of file 'arg' +# +# Need a lot of goo to handle *both* DLLs and import libs +# Has to be a shell function in order to 'eat' the argument +# that is supplied when $file_magic_command is called. +# Despite the name, also deal with 64 bit binaries. +func_win32_libid () +{ + $opt_debug + win32_libid_type="unknown" + win32_fileres=`file -L $1 2>/dev/null` + case $win32_fileres in + *ar\ archive\ import\ library*) # definitely import + win32_libid_type="x86 archive import" + ;; + *ar\ archive*) # could be an import, or static + # Keep the egrep pattern in sync with the one in _LT_CHECK_MAGIC_METHOD. + if eval $OBJDUMP -f $1 | $SED -e '10q' 2>/dev/null | + $EGREP 'file format (pei*-i386(.*architecture: i386)?|pe-arm-wince|pe-x86-64)' >/dev/null; then + func_to_tool_file "$1" func_convert_file_msys_to_w32 + win32_nmres=`eval $NM -f posix -A \"$func_to_tool_file_result\" | + $SED -n -e ' + 1,100{ + / I /{ + s,.*,import, + p + q + } + }'` + case $win32_nmres in + import*) win32_libid_type="x86 archive import";; + *) win32_libid_type="x86 archive static";; + esac + fi + ;; + *DLL*) + win32_libid_type="x86 DLL" + ;; + *executable*) # but shell scripts are "executable" too... + case $win32_fileres in + *MS\ Windows\ PE\ Intel*) + win32_libid_type="x86 DLL" + ;; + esac + ;; + esac + $ECHO "$win32_libid_type" +} - # Make sure dlfiles contains only unique files that won't be dlpreopened - old_dlfiles="$dlfiles" - dlfiles= - for lib in $old_dlfiles; do - case " $dlprefiles $dlfiles " in - *" $lib "*) ;; - *) dlfiles="$dlfiles $lib" ;; - esac +# func_cygming_dll_for_implib ARG +# +# Platform-specific function to extract the +# name of the DLL associated with the specified +# import library ARG. +# Invoked by eval'ing the libtool variable +# $sharedlib_from_linklib_cmd +# Result is available in the variable +# $sharedlib_from_linklib_result +func_cygming_dll_for_implib () +{ + $opt_debug + sharedlib_from_linklib_result=`$DLLTOOL --identify-strict --identify "$1"` +} + +# func_cygming_dll_for_implib_fallback_core SECTION_NAME LIBNAMEs +# +# The is the core of a fallback implementation of a +# platform-specific function to extract the name of the +# DLL associated with the specified import library LIBNAME. +# +# SECTION_NAME is either .idata$6 or .idata$7, depending +# on the platform and compiler that created the implib. +# +# Echos the name of the DLL associated with the +# specified import library. +func_cygming_dll_for_implib_fallback_core () +{ + $opt_debug + match_literal=`$ECHO "$1" | $SED "$sed_make_literal_regex"` + $OBJDUMP -s --section "$1" "$2" 2>/dev/null | + $SED '/^Contents of section '"$match_literal"':/{ + # Place marker at beginning of archive member dllname section + s/.*/====MARK====/ + p + d + } + # These lines can sometimes be longer than 43 characters, but + # are always uninteresting + /:[ ]*file format pe[i]\{,1\}-/d + /^In archive [^:]*:/d + # Ensure marker is printed + /^====MARK====/p + # Remove all lines with less than 43 characters + /^.\{43\}/!d + # From remaining lines, remove first 43 characters + s/^.\{43\}//' | + $SED -n ' + # Join marker and all lines until next marker into a single line + /^====MARK====/ b para + H + $ b para + b + :para + x + s/\n//g + # Remove the marker + s/^====MARK====// + # Remove trailing dots and whitespace + s/[\. \t]*$// + # Print + /./p' | + # we now have a list, one entry per line, of the stringified + # contents of the appropriate section of all members of the + # archive which possess that section. Heuristic: eliminate + # all those which have a first or second character that is + # a '.' (that is, objdump's representation of an unprintable + # character.) This should work for all archives with less than + # 0x302f exports -- but will fail for DLLs whose name actually + # begins with a literal '.' or a single character followed by + # a '.'. + # + # Of those that remain, print the first one. + $SED -e '/^\./d;/^.\./d;q' +} + +# func_cygming_gnu_implib_p ARG +# This predicate returns with zero status (TRUE) if +# ARG is a GNU/binutils-style import library. Returns +# with nonzero status (FALSE) otherwise. +func_cygming_gnu_implib_p () +{ + $opt_debug + func_to_tool_file "$1" func_convert_file_msys_to_w32 + func_cygming_gnu_implib_tmp=`$NM "$func_to_tool_file_result" | eval "$global_symbol_pipe" | $EGREP ' (_head_[A-Za-z0-9_]+_[ad]l*|[A-Za-z0-9_]+_[ad]l*_iname)$'` + test -n "$func_cygming_gnu_implib_tmp" +} + +# func_cygming_ms_implib_p ARG +# This predicate returns with zero status (TRUE) if +# ARG is an MS-style import library. Returns +# with nonzero status (FALSE) otherwise. +func_cygming_ms_implib_p () +{ + $opt_debug + func_to_tool_file "$1" func_convert_file_msys_to_w32 + func_cygming_ms_implib_tmp=`$NM "$func_to_tool_file_result" | eval "$global_symbol_pipe" | $GREP '_NULL_IMPORT_DESCRIPTOR'` + test -n "$func_cygming_ms_implib_tmp" +} + +# func_cygming_dll_for_implib_fallback ARG +# Platform-specific function to extract the +# name of the DLL associated with the specified +# import library ARG. +# +# This fallback implementation is for use when $DLLTOOL +# does not support the --identify-strict option. +# Invoked by eval'ing the libtool variable +# $sharedlib_from_linklib_cmd +# Result is available in the variable +# $sharedlib_from_linklib_result +func_cygming_dll_for_implib_fallback () +{ + $opt_debug + if func_cygming_gnu_implib_p "$1" ; then + # binutils import library + sharedlib_from_linklib_result=`func_cygming_dll_for_implib_fallback_core '.idata$7' "$1"` + elif func_cygming_ms_implib_p "$1" ; then + # ms-generated import library + sharedlib_from_linklib_result=`func_cygming_dll_for_implib_fallback_core '.idata$6' "$1"` + else + # unknown + sharedlib_from_linklib_result="" + fi +} + + +# func_extract_an_archive dir oldlib +func_extract_an_archive () +{ + $opt_debug + f_ex_an_ar_dir="$1"; shift + f_ex_an_ar_oldlib="$1" + if test "$lock_old_archive_extraction" = yes; then + lockfile=$f_ex_an_ar_oldlib.lock + until $opt_dry_run || ln "$progpath" "$lockfile" 2>/dev/null; do + func_echo "Waiting for $lockfile to be removed" + sleep 2 done + fi + func_show_eval "(cd \$f_ex_an_ar_dir && $AR x \"\$f_ex_an_ar_oldlib\")" \ + 'stat=$?; rm -f "$lockfile"; exit $stat' + if test "$lock_old_archive_extraction" = yes; then + $opt_dry_run || rm -f "$lockfile" + fi + if ($AR t "$f_ex_an_ar_oldlib" | sort | sort -uc >/dev/null 2>&1); then + : + else + func_fatal_error "object name conflicts in archive: $f_ex_an_ar_dir/$f_ex_an_ar_oldlib" + fi +} - # Make sure dlprefiles contains only unique files - old_dlprefiles="$dlprefiles" - dlprefiles= - for lib in $old_dlprefiles; do - case "$dlprefiles " in - *" $lib "*) ;; - *) dlprefiles="$dlprefiles $lib" ;; + +# func_extract_archives gentop oldlib ... +func_extract_archives () +{ + $opt_debug + my_gentop="$1"; shift + my_oldlibs=${1+"$@"} + my_oldobjs="" + my_xlib="" + my_xabs="" + my_xdir="" + + for my_xlib in $my_oldlibs; do + # Extract the objects. + case $my_xlib in + [\\/]* | [A-Za-z]:[\\/]*) my_xabs="$my_xlib" ;; + *) my_xabs=`pwd`"/$my_xlib" ;; + esac + func_basename "$my_xlib" + my_xlib="$func_basename_result" + my_xlib_u=$my_xlib + while :; do + case " $extracted_archives " in + *" $my_xlib_u "*) + func_arith $extracted_serial + 1 + extracted_serial=$func_arith_result + my_xlib_u=lt$extracted_serial-$my_xlib ;; + *) break ;; esac done + extracted_archives="$extracted_archives $my_xlib_u" + my_xdir="$my_gentop/$my_xlib_u" - if test "$build_libtool_libs" = yes; then - if test -n "$rpath"; then - case $host in - *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2* | *-*-beos*) - # these systems don't actually have a c library (as such)! - ;; - *-*-rhapsody* | *-*-darwin1.[012]) - # Rhapsody C library is in the System framework - deplibs="$deplibs -framework System" - ;; - *-*-netbsd*) - # Don't link with libc until the a.out ld.so is fixed. - ;; - *-*-openbsd* | *-*-freebsd* | *-*-dragonfly*) - # Do not include libc due to us having libc/libc_r. - ;; - *-*-sco3.2v5* | *-*-sco5v6*) - # Causes problems with __ctype - ;; - *-*-sysv4.2uw2* | *-*-sysv5* | *-*-unixware* | *-*-OpenUNIX*) - # Compiler inserts libc in the correct place for threads to work - ;; - *) - # Add libc to deplibs on all other systems if necessary. - if test "$build_libtool_need_lc" = "yes"; then - deplibs="$deplibs -lc" - fi - ;; - esac - fi + func_mkdir_p "$my_xdir" - # Transform deplibs into only deplibs that can be linked in shared. - name_save=$name - libname_save=$libname - release_save=$release - versuffix_save=$versuffix - major_save=$major - # I'm not sure if I'm treating the release correctly. I think - # release should show up in the -l (ie -lgmp5) so we don't want to - # add it in twice. Is that correct? - release="" - versuffix="" - major="" - newdeplibs= - droppeddeps=no - case $deplibs_check_method in - pass_all) - # Don't check for shared/static. Everything works. - # This might be a little naive. We might want to check - # whether the library exists or not. But this is on - # osf3 & osf4 and I'm not really sure... Just - # implementing what was already the behavior. - newdeplibs=$deplibs - ;; - test_compile) - # This code stresses the "libraries are programs" paradigm to its - # limits. Maybe even breaks it. We compile a program, linking it - # against the deplibs as a proxy for the library. Then we can check - # whether they linked in statically or dynamically with ldd. - $rm conftest.c - cat > conftest.c </dev/null | $GREP Architectures 2>/dev/null || true` + if test -n "$darwin_arches"; then + darwin_arches=`$ECHO "$darwin_arches" | $SED -e 's/.*are://'` + darwin_arch= + func_verbose "$darwin_base_archive has multiple architectures $darwin_arches" + for darwin_arch in $darwin_arches ; do + func_mkdir_p "unfat-$$/${darwin_base_archive}-${darwin_arch}" + $LIPO -thin $darwin_arch -output "unfat-$$/${darwin_base_archive}-${darwin_arch}/${darwin_base_archive}" "${darwin_archive}" + cd "unfat-$$/${darwin_base_archive}-${darwin_arch}" + func_extract_an_archive "`pwd`" "${darwin_base_archive}" + cd "$darwin_curdir" + $RM "unfat-$$/${darwin_base_archive}-${darwin_arch}/${darwin_base_archive}" + done # $darwin_arches + ## Okay now we've a bunch of thin objects, gotta fatten them up :) + darwin_filelist=`find unfat-$$ -type f -name \*.o -print -o -name \*.lo -print | $SED -e "$basename" | sort -u` + darwin_file= + darwin_files= + for darwin_file in $darwin_filelist; do + darwin_files=`find unfat-$$ -name $darwin_file -print | sort | $NL2SP` + $LIPO -create -output "$darwin_file" $darwin_files + done # $darwin_filelist + $RM -rf unfat-$$ + cd "$darwin_orig_dir" else - # Error occurred in the first compile. Let's try to salvage - # the situation: Compile a separate program for each library. - for i in $deplibs; do - name=`expr $i : '-l\(.*\)'` - # If $name is empty we are operating on a -L argument. - if test "$name" != "" && test "$name" != "0"; then - $rm conftest - if $LTCC $LTCFLAGS -o conftest conftest.c $i; then - ldd_output=`ldd conftest` - if test "X$allow_libtool_libs_with_static_runtimes" = "Xyes" ; then - case " $predeps $postdeps " in - *" $i "*) - newdeplibs="$newdeplibs $i" - i="" - ;; - esac - fi - if test -n "$i" ; then - libname=`eval \\$echo \"$libname_spec\"` - deplib_matches=`eval \\$echo \"$library_names_spec\"` - set dummy $deplib_matches - deplib_match=$2 - if test `expr "$ldd_output" : ".*$deplib_match"` -ne 0 ; then - newdeplibs="$newdeplibs $i" - else - droppeddeps=yes - $echo - $echo "*** Warning: dynamic linker does not accept needed library $i." - $echo "*** I have the capability to make that library automatically link in when" - $echo "*** you link to this library. But I can only do this if you have a" - $echo "*** shared version of the library, which you do not appear to have" - $echo "*** because a test_compile did reveal that the linker did not use this one" - $echo "*** as a dynamic dependency that programs can get resolved with at runtime." - fi - fi - else - droppeddeps=yes - $echo - $echo "*** Warning! Library $i is needed by this library but I was not able to" - $echo "*** make it link in! You will probably need to install it or some" - $echo "*** library that it depends on before this library will be fully" - $echo "*** functional. Installing it before continuing would be even better." - fi - else - newdeplibs="$newdeplibs $i" - fi - done - fi - ;; - file_magic*) - set dummy $deplibs_check_method - file_magic_regex=`expr "$deplibs_check_method" : "$2 \(.*\)"` - for a_deplib in $deplibs; do - name=`expr $a_deplib : '-l\(.*\)'` - # If $name is empty we are operating on a -L argument. - if test "$name" != "" && test "$name" != "0"; then - if test "X$allow_libtool_libs_with_static_runtimes" = "Xyes" ; then - case " $predeps $postdeps " in - *" $a_deplib "*) - newdeplibs="$newdeplibs $a_deplib" - a_deplib="" - ;; - esac - fi - if test -n "$a_deplib" ; then - libname=`eval \\$echo \"$libname_spec\"` - for i in $lib_search_path $sys_lib_search_path $shlib_search_path; do - potential_libs=`ls $i/$libname[.-]* 2>/dev/null` - for potent_lib in $potential_libs; do - # Follow soft links. - if ls -lLd "$potent_lib" 2>/dev/null \ - | grep " -> " >/dev/null; then - continue - fi - # The statement above tries to avoid entering an - # endless loop below, in case of cyclic links. - # We might still enter an endless loop, since a link - # loop can be closed while we follow links, - # but so what? - potlib="$potent_lib" - while test -h "$potlib" 2>/dev/null; do - potliblink=`ls -ld $potlib | ${SED} 's/.* -> //'` - case $potliblink in - [\\/]* | [A-Za-z]:[\\/]*) potlib="$potliblink";; - *) potlib=`$echo "X$potlib" | $Xsed -e 's,[^/]*$,,'`"$potliblink";; - esac - done - if eval $file_magic_cmd \"\$potlib\" 2>/dev/null \ - | ${SED} 10q \ - | $EGREP "$file_magic_regex" > /dev/null; then - newdeplibs="$newdeplibs $a_deplib" - a_deplib="" - break 2 - fi - done - done - fi - if test -n "$a_deplib" ; then - droppeddeps=yes - $echo - $echo "*** Warning: linker path does not have real file for library $a_deplib." - $echo "*** I have the capability to make that library automatically link in when" - $echo "*** you link to this library. But I can only do this if you have a" - $echo "*** shared version of the library, which you do not appear to have" - $echo "*** because I did check the linker path looking for a file starting" - if test -z "$potlib" ; then - $echo "*** with $libname but no candidates were found. (...for file magic test)" - else - $echo "*** with $libname and none of the candidates passed a file format test" - $echo "*** using a file magic. Last file checked: $potlib" - fi - fi - else - # Add a -L argument. - newdeplibs="$newdeplibs $a_deplib" - fi - done # Gone through all deplibs. - ;; - match_pattern*) - set dummy $deplibs_check_method - match_pattern_regex=`expr "$deplibs_check_method" : "$2 \(.*\)"` - for a_deplib in $deplibs; do - name=`expr $a_deplib : '-l\(.*\)'` - # If $name is empty we are operating on a -L argument. - if test -n "$name" && test "$name" != "0"; then - if test "X$allow_libtool_libs_with_static_runtimes" = "Xyes" ; then - case " $predeps $postdeps " in - *" $a_deplib "*) - newdeplibs="$newdeplibs $a_deplib" - a_deplib="" - ;; - esac - fi - if test -n "$a_deplib" ; then - libname=`eval \\$echo \"$libname_spec\"` - for i in $lib_search_path $sys_lib_search_path $shlib_search_path; do - potential_libs=`ls $i/$libname[.-]* 2>/dev/null` - for potent_lib in $potential_libs; do - potlib="$potent_lib" # see symlink-check above in file_magic test - if eval $echo \"$potent_lib\" 2>/dev/null \ - | ${SED} 10q \ - | $EGREP "$match_pattern_regex" > /dev/null; then - newdeplibs="$newdeplibs $a_deplib" - a_deplib="" - break 2 - fi - done - done - fi - if test -n "$a_deplib" ; then - droppeddeps=yes - $echo - $echo "*** Warning: linker path does not have real file for library $a_deplib." - $echo "*** I have the capability to make that library automatically link in when" - $echo "*** you link to this library. But I can only do this if you have a" - $echo "*** shared version of the library, which you do not appear to have" - $echo "*** because I did check the linker path looking for a file starting" - if test -z "$potlib" ; then - $echo "*** with $libname but no candidates were found. (...for regex pattern test)" - else - $echo "*** with $libname and none of the candidates passed a file format test" - $echo "*** using a regex pattern. Last file checked: $potlib" - fi - fi - else - # Add a -L argument. - newdeplibs="$newdeplibs $a_deplib" - fi - done # Gone through all deplibs. - ;; - none | unknown | *) - newdeplibs="" - tmp_deplibs=`$echo "X $deplibs" | $Xsed -e 's/ -lc$//' \ - -e 's/ -[LR][^ ]*//g'` - if test "X$allow_libtool_libs_with_static_runtimes" = "Xyes" ; then - for i in $predeps $postdeps ; do - # can't use Xsed below, because $i might contain '/' - tmp_deplibs=`$echo "X $tmp_deplibs" | ${SED} -e "1s,^X,," -e "s,$i,,"` - done - fi - if $echo "X $tmp_deplibs" | $Xsed -e 's/[ ]//g' \ - | grep . >/dev/null; then - $echo - if test "X$deplibs_check_method" = "Xnone"; then - $echo "*** Warning: inter-library dependencies are not supported in this platform." - else - $echo "*** Warning: inter-library dependencies are not known to be supported." - fi - $echo "*** All declared inter-library dependencies are being dropped." - droppeddeps=yes - fi - ;; - esac - versuffix=$versuffix_save - major=$major_save - release=$release_save - libname=$libname_save - name=$name_save + cd $darwin_orig_dir + func_extract_an_archive "$my_xdir" "$my_xabs" + fi # $darwin_arches + } # !$opt_dry_run + ;; + *) + func_extract_an_archive "$my_xdir" "$my_xabs" + ;; + esac + my_oldobjs="$my_oldobjs "`find $my_xdir -name \*.$objext -print -o -name \*.lo -print | sort | $NL2SP` + done - case $host in - *-*-rhapsody* | *-*-darwin1.[012]) - # On Rhapsody replace the C library is the System framework - newdeplibs=`$echo "X $newdeplibs" | $Xsed -e 's/ -lc / -framework System /'` - ;; - esac + func_extract_archives_result="$my_oldobjs" +} - if test "$droppeddeps" = yes; then - if test "$module" = yes; then - $echo - $echo "*** Warning: libtool could not satisfy all declared inter-library" - $echo "*** dependencies of module $libname. Therefore, libtool will create" - $echo "*** a static module, that should work as long as the dlopening" - $echo "*** application is linked with the -dlopen flag." - if test -z "$global_symbol_pipe"; then - $echo - $echo "*** However, this would only work if libtool was able to extract symbol" - $echo "*** lists from a program, using \`nm' or equivalent, but libtool could" - $echo "*** not find such a program. So, this module is probably useless." - $echo "*** \`nm' from GNU binutils and a full rebuild may help." - fi - if test "$build_old_libs" = no; then - oldlibs="$output_objdir/$libname.$libext" - build_libtool_libs=module - build_old_libs=yes - else - build_libtool_libs=no - fi - else - $echo "*** The inter-library dependencies that have been dropped here will be" - $echo "*** automatically added whenever a program is linked with this library" - $echo "*** or is declared to -dlopen it." - if test "$allow_undefined" = no; then - $echo - $echo "*** Since this library must not contain undefined symbols," - $echo "*** because either the platform does not support them or" - $echo "*** it was explicitly requested with -no-undefined," - $echo "*** libtool will only create a static version of it." - if test "$build_old_libs" = no; then - oldlibs="$output_objdir/$libname.$libext" - build_libtool_libs=module - build_old_libs=yes - else - build_libtool_libs=no - fi - fi - fi - fi - # Done checking deplibs! - deplibs=$newdeplibs - fi +# func_emit_wrapper [arg=no] +# +# Emit a libtool wrapper script on stdout. +# Don't directly open a file because we may want to +# incorporate the script contents within a cygwin/mingw +# wrapper executable. Must ONLY be called from within +# func_mode_link because it depends on a number of variables +# set therein. +# +# ARG is the value that the WRAPPER_SCRIPT_BELONGS_IN_OBJDIR +# variable will take. If 'yes', then the emitted script +# will assume that the directory in which it is stored is +# the $objdir directory. This is a cygwin/mingw-specific +# behavior. +func_emit_wrapper () +{ + func_emit_wrapper_arg1=${1-no} + $ECHO "\ +#! $SHELL - # move library search paths that coincide with paths to not yet - # installed libraries to the beginning of the library search list - new_libs= - for path in $notinst_path; do - case " $new_libs " in - *" -L$path/$objdir "*) ;; - *) - case " $deplibs " in - *" -L$path/$objdir "*) - new_libs="$new_libs -L$path/$objdir" ;; - esac - ;; - esac - done - for deplib in $deplibs; do - case $deplib in - -L*) - case " $new_libs " in - *" $deplib "*) ;; - *) new_libs="$new_libs $deplib" ;; - esac - ;; - *) new_libs="$new_libs $deplib" ;; - esac - done - deplibs="$new_libs" +# $output - temporary wrapper script for $objdir/$outputname +# Generated by $PROGRAM (GNU $PACKAGE$TIMESTAMP) $VERSION +# +# The $output program cannot be directly executed until all the libtool +# libraries that it depends on are installed. +# +# This wrapper script should never be moved out of the build directory. +# If it is, it will not operate correctly. +# Sed substitution that helps us do robust quoting. It backslashifies +# metacharacters that are still active within double-quoted strings. +sed_quote_subst='$sed_quote_subst' - # All the library-specific variables (install_libdir is set above). - library_names= - old_library= - dlname= +# Be Bourne compatible +if test -n \"\${ZSH_VERSION+set}\" && (emulate sh) >/dev/null 2>&1; then + emulate sh + NULLCMD=: + # Zsh 3.x and 4.x performs word splitting on \${1+\"\$@\"}, which + # is contrary to our usage. Disable this feature. + alias -g '\${1+\"\$@\"}'='\"\$@\"' + setopt NO_GLOB_SUBST +else + case \`(set -o) 2>/dev/null\` in *posix*) set -o posix;; esac +fi +BIN_SH=xpg4; export BIN_SH # for Tru64 +DUALCASE=1; export DUALCASE # for MKS sh - # Test again, we may have decided not to build it any more - if test "$build_libtool_libs" = yes; then - if test "$hardcode_into_libs" = yes; then - # Hardcode the library paths - hardcode_libdirs= - dep_rpath= - rpath="$finalize_rpath" - test "$mode" != relink && rpath="$compile_rpath$rpath" - for libdir in $rpath; do - if test -n "$hardcode_libdir_flag_spec"; then - if test -n "$hardcode_libdir_separator"; then - if test -z "$hardcode_libdirs"; then - hardcode_libdirs="$libdir" - else - # Just accumulate the unique libdirs. - case $hardcode_libdir_separator$hardcode_libdirs$hardcode_libdir_separator in - *"$hardcode_libdir_separator$libdir$hardcode_libdir_separator"*) - ;; - *) - hardcode_libdirs="$hardcode_libdirs$hardcode_libdir_separator$libdir" - ;; - esac - fi - else - eval flag=\"$hardcode_libdir_flag_spec\" - dep_rpath="$dep_rpath $flag" - fi - elif test -n "$runpath_var"; then - case "$perm_rpath " in - *" $libdir "*) ;; - *) perm_rpath="$perm_rpath $libdir" ;; - esac - fi - done - # Substitute the hardcoded libdirs into the rpath. - if test -n "$hardcode_libdir_separator" && - test -n "$hardcode_libdirs"; then - libdir="$hardcode_libdirs" - if test -n "$hardcode_libdir_flag_spec_ld"; then - case $archive_cmds in - *\$LD*) eval dep_rpath=\"$hardcode_libdir_flag_spec_ld\" ;; - *) eval dep_rpath=\"$hardcode_libdir_flag_spec\" ;; - esac - else - eval dep_rpath=\"$hardcode_libdir_flag_spec\" - fi - fi - if test -n "$runpath_var" && test -n "$perm_rpath"; then - # We should set the runpath_var. - rpath= - for dir in $perm_rpath; do - rpath="$rpath$dir:" - done - eval "$runpath_var='$rpath\$$runpath_var'; export $runpath_var" - fi - test -n "$dep_rpath" && deplibs="$dep_rpath $deplibs" - fi +# The HP-UX ksh and POSIX shell print the target directory to stdout +# if CDPATH is set. +(unset CDPATH) >/dev/null 2>&1 && unset CDPATH - shlibpath="$finalize_shlibpath" - test "$mode" != relink && shlibpath="$compile_shlibpath$shlibpath" - if test -n "$shlibpath"; then - eval "$shlibpath_var='$shlibpath\$$shlibpath_var'; export $shlibpath_var" - fi +relink_command=\"$relink_command\" - # Get the real and link names of the library. - eval shared_ext=\"$shrext_cmds\" - eval library_names=\"$library_names_spec\" - set dummy $library_names - realname="$2" - shift; shift +# This environment variable determines our operation mode. +if test \"\$libtool_install_magic\" = \"$magic\"; then + # install mode needs the following variables: + generated_by_libtool_version='$macro_version' + notinst_deplibs='$notinst_deplibs' +else + # When we are sourced in execute mode, \$file and \$ECHO are already set. + if test \"\$libtool_execute_magic\" != \"$magic\"; then + file=\"\$0\"" - if test -n "$soname_spec"; then - eval soname=\"$soname_spec\" - else - soname="$realname" - fi - if test -z "$dlname"; then - dlname=$soname - fi + qECHO=`$ECHO "$ECHO" | $SED "$sed_quote_subst"` + $ECHO "\ - lib="$output_objdir/$realname" - linknames= - for link - do - linknames="$linknames $link" - done +# A function that is used when there is no print builtin or printf. +func_fallback_echo () +{ + eval 'cat <<_LTECHO_EOF +\$1 +_LTECHO_EOF' +} + ECHO=\"$qECHO\" + fi - # Use standard objects if they are pic - test -z "$pic_flag" && libobjs=`$echo "X$libobjs" | $SP2NL | $Xsed -e "$lo2o" | $NL2SP` +# Very basic option parsing. These options are (a) specific to +# the libtool wrapper, (b) are identical between the wrapper +# /script/ and the wrapper /executable/ which is used only on +# windows platforms, and (c) all begin with the string "--lt-" +# (application programs are unlikely to have options which match +# this pattern). +# +# There are only two supported options: --lt-debug and +# --lt-dump-script. There is, deliberately, no --lt-help. +# +# The first argument to this parsing function should be the +# script's $0 value, followed by "$@". +lt_option_debug= +func_parse_lt_options () +{ + lt_script_arg0=\$0 + shift + for lt_opt + do + case \"\$lt_opt\" in + --lt-debug) lt_option_debug=1 ;; + --lt-dump-script) + lt_dump_D=\`\$ECHO \"X\$lt_script_arg0\" | $SED -e 's/^X//' -e 's%/[^/]*$%%'\` + test \"X\$lt_dump_D\" = \"X\$lt_script_arg0\" && lt_dump_D=. + lt_dump_F=\`\$ECHO \"X\$lt_script_arg0\" | $SED -e 's/^X//' -e 's%^.*/%%'\` + cat \"\$lt_dump_D/\$lt_dump_F\" + exit 0 + ;; + --lt-*) + \$ECHO \"Unrecognized --lt- option: '\$lt_opt'\" 1>&2 + exit 1 + ;; + esac + done - # Prepare the list of exported symbols - if test -z "$export_symbols"; then - if test "$always_export_symbols" = yes || test -n "$export_symbols_regex"; then - $show "generating symbol list for \`$libname.la'" - export_symbols="$output_objdir/$libname.exp" - $run $rm $export_symbols - cmds=$export_symbols_cmds - save_ifs="$IFS"; IFS='~' - for cmd in $cmds; do - IFS="$save_ifs" - eval cmd=\"$cmd\" - if len=`expr "X$cmd" : ".*"` && - test "$len" -le "$max_cmd_len" || test "$max_cmd_len" -le -1; then - $show "$cmd" - $run eval "$cmd" || exit $? - skipped_export=false - else - # The command line is too long to execute in one step. - $show "using reloadable object file for export list..." - skipped_export=: - # Break out early, otherwise skipped_export may be - # set to false by a later but shorter cmd. - break - fi - done - IFS="$save_ifs" - if test -n "$export_symbols_regex"; then - $show "$EGREP -e \"$export_symbols_regex\" \"$export_symbols\" > \"${export_symbols}T\"" - $run eval '$EGREP -e "$export_symbols_regex" "$export_symbols" > "${export_symbols}T"' - $show "$mv \"${export_symbols}T\" \"$export_symbols\"" - $run eval '$mv "${export_symbols}T" "$export_symbols"' - fi - fi - fi + # Print the debug banner immediately: + if test -n \"\$lt_option_debug\"; then + echo \"${outputname}:${output}:\${LINENO}: libtool wrapper (GNU $PACKAGE$TIMESTAMP) $VERSION\" 1>&2 + fi +} - if test -n "$export_symbols" && test -n "$include_expsyms"; then - $run eval '$echo "X$include_expsyms" | $SP2NL >> "$export_symbols"' - fi +# Used when --lt-debug. Prints its arguments to stdout +# (redirection is the responsibility of the caller) +func_lt_dump_args () +{ + lt_dump_args_N=1; + for lt_arg + do + \$ECHO \"${outputname}:${output}:\${LINENO}: newargv[\$lt_dump_args_N]: \$lt_arg\" + lt_dump_args_N=\`expr \$lt_dump_args_N + 1\` + done +} - tmp_deplibs= - for test_deplib in $deplibs; do - case " $convenience " in - *" $test_deplib "*) ;; - *) - tmp_deplibs="$tmp_deplibs $test_deplib" - ;; - esac - done - deplibs="$tmp_deplibs" +# Core function for launching the target application +func_exec_program_core () +{ +" + case $host in + # Backslashes separate directories on plain windows + *-*-mingw | *-*-os2* | *-cegcc*) + $ECHO "\ + if test -n \"\$lt_option_debug\"; then + \$ECHO \"${outputname}:${output}:\${LINENO}: newargv[0]: \$progdir\\\\\$program\" 1>&2 + func_lt_dump_args \${1+\"\$@\"} 1>&2 + fi + exec \"\$progdir\\\\\$program\" \${1+\"\$@\"} +" + ;; - if test -n "$convenience"; then - if test -n "$whole_archive_flag_spec"; then - save_libobjs=$libobjs - eval libobjs=\"\$libobjs $whole_archive_flag_spec\" - else - gentop="$output_objdir/${outputname}x" - generated="$generated $gentop" + *) + $ECHO "\ + if test -n \"\$lt_option_debug\"; then + \$ECHO \"${outputname}:${output}:\${LINENO}: newargv[0]: \$progdir/\$program\" 1>&2 + func_lt_dump_args \${1+\"\$@\"} 1>&2 + fi + exec \"\$progdir/\$program\" \${1+\"\$@\"} +" + ;; + esac + $ECHO "\ + \$ECHO \"\$0: cannot exec \$program \$*\" 1>&2 + exit 1 +} - func_extract_archives $gentop $convenience - libobjs="$libobjs $func_extract_archives_result" - fi - fi - - if test "$thread_safe" = yes && test -n "$thread_safe_flag_spec"; then - eval flag=\"$thread_safe_flag_spec\" - linker_flags="$linker_flags $flag" - fi +# A function to encapsulate launching the target application +# Strips options in the --lt-* namespace from \$@ and +# launches target application with the remaining arguments. +func_exec_program () +{ + for lt_wr_arg + do + case \$lt_wr_arg in + --lt-*) ;; + *) set x \"\$@\" \"\$lt_wr_arg\"; shift;; + esac + shift + done + func_exec_program_core \${1+\"\$@\"} +} - # Make a backup of the uninstalled library when relinking - if test "$mode" = relink; then - $run eval '(cd $output_objdir && $rm ${realname}U && $mv $realname ${realname}U)' || exit $? - fi + # Parse options + func_parse_lt_options \"\$0\" \${1+\"\$@\"} - # Do each of the archive commands. - if test "$module" = yes && test -n "$module_cmds" ; then - if test -n "$export_symbols" && test -n "$module_expsym_cmds"; then - eval test_cmds=\"$module_expsym_cmds\" - cmds=$module_expsym_cmds - else - eval test_cmds=\"$module_cmds\" - cmds=$module_cmds - fi - else - if test -n "$export_symbols" && test -n "$archive_expsym_cmds"; then - eval test_cmds=\"$archive_expsym_cmds\" - cmds=$archive_expsym_cmds - else - eval test_cmds=\"$archive_cmds\" - cmds=$archive_cmds - fi - fi + # Find the directory that this script lives in. + thisdir=\`\$ECHO \"\$file\" | $SED 's%/[^/]*$%%'\` + test \"x\$thisdir\" = \"x\$file\" && thisdir=. - if test "X$skipped_export" != "X:" && - len=`expr "X$test_cmds" : ".*" 2>/dev/null` && - test "$len" -le "$max_cmd_len" || test "$max_cmd_len" -le -1; then - : - else - # The command line is too long to link in one step, link piecewise. - $echo "creating reloadable object files..." + # Follow symbolic links until we get to the real thisdir. + file=\`ls -ld \"\$file\" | $SED -n 's/.*-> //p'\` + while test -n \"\$file\"; do + destdir=\`\$ECHO \"\$file\" | $SED 's%/[^/]*\$%%'\` - # Save the value of $output and $libobjs because we want to - # use them later. If we have whole_archive_flag_spec, we - # want to use save_libobjs as it was before - # whole_archive_flag_spec was expanded, because we can't - # assume the linker understands whole_archive_flag_spec. - # This may have to be revisited, in case too many - # convenience libraries get linked in and end up exceeding - # the spec. - if test -z "$convenience" || test -z "$whole_archive_flag_spec"; then - save_libobjs=$libobjs - fi - save_output=$output - output_la=`$echo "X$output" | $Xsed -e "$basename"` + # If there was a directory component, then change thisdir. + if test \"x\$destdir\" != \"x\$file\"; then + case \"\$destdir\" in + [\\\\/]* | [A-Za-z]:[\\\\/]*) thisdir=\"\$destdir\" ;; + *) thisdir=\"\$thisdir/\$destdir\" ;; + esac + fi - # Clear the reloadable object creation command queue and - # initialize k to one. - test_cmds= - concat_cmds= - objlist= - delfiles= - last_robj= - k=1 - output=$output_objdir/$output_la-${k}.$objext - # Loop over the list of objects to be linked. - for obj in $save_libobjs - do - eval test_cmds=\"$reload_cmds $objlist $last_robj\" - if test "X$objlist" = X || - { len=`expr "X$test_cmds" : ".*" 2>/dev/null` && - test "$len" -le "$max_cmd_len"; }; then - objlist="$objlist $obj" - else - # The command $test_cmds is almost too long, add a - # command to the queue. - if test "$k" -eq 1 ; then - # The first file doesn't have a previous command to add. - eval concat_cmds=\"$reload_cmds $objlist $last_robj\" - else - # All subsequent reloadable object files will link in - # the last one created. - eval concat_cmds=\"\$concat_cmds~$reload_cmds $objlist $last_robj\" - fi - last_robj=$output_objdir/$output_la-${k}.$objext - k=`expr $k + 1` - output=$output_objdir/$output_la-${k}.$objext - objlist=$obj - len=1 - fi - done - # Handle the remaining objects by creating one last - # reloadable object file. All subsequent reloadable object - # files will link in the last one created. - test -z "$concat_cmds" || concat_cmds=$concat_cmds~ - eval concat_cmds=\"\${concat_cmds}$reload_cmds $objlist $last_robj\" + file=\`\$ECHO \"\$file\" | $SED 's%^.*/%%'\` + file=\`ls -ld \"\$thisdir/\$file\" | $SED -n 's/.*-> //p'\` + done - if ${skipped_export-false}; then - $show "generating symbol list for \`$libname.la'" - export_symbols="$output_objdir/$libname.exp" - $run $rm $export_symbols - libobjs=$output - # Append the command to create the export file. - eval concat_cmds=\"\$concat_cmds~$export_symbols_cmds\" - fi - - # Set up a command to remove the reloadable object files - # after they are used. - i=0 - while test "$i" -lt "$k" - do - i=`expr $i + 1` - delfiles="$delfiles $output_objdir/$output_la-${i}.$objext" - done + # Usually 'no', except on cygwin/mingw when embedded into + # the cwrapper. + WRAPPER_SCRIPT_BELONGS_IN_OBJDIR=$func_emit_wrapper_arg1 + if test \"\$WRAPPER_SCRIPT_BELONGS_IN_OBJDIR\" = \"yes\"; then + # special case for '.' + if test \"\$thisdir\" = \".\"; then + thisdir=\`pwd\` + fi + # remove .libs from thisdir + case \"\$thisdir\" in + *[\\\\/]$objdir ) thisdir=\`\$ECHO \"\$thisdir\" | $SED 's%[\\\\/][^\\\\/]*$%%'\` ;; + $objdir ) thisdir=. ;; + esac + fi - $echo "creating a temporary reloadable object file: $output" + # Try to get the absolute directory name. + absdir=\`cd \"\$thisdir\" && pwd\` + test -n \"\$absdir\" && thisdir=\"\$absdir\" +" - # Loop through the commands generated above and execute them. - save_ifs="$IFS"; IFS='~' - for cmd in $concat_cmds; do - IFS="$save_ifs" - $show "$cmd" - $run eval "$cmd" || exit $? - done - IFS="$save_ifs" + if test "$fast_install" = yes; then + $ECHO "\ + program=lt-'$outputname'$exeext + progdir=\"\$thisdir/$objdir\" - libobjs=$output - # Restore the value of output. - output=$save_output + if test ! -f \"\$progdir/\$program\" || + { file=\`ls -1dt \"\$progdir/\$program\" \"\$progdir/../\$program\" 2>/dev/null | ${SED} 1q\`; \\ + test \"X\$file\" != \"X\$progdir/\$program\"; }; then - if test -n "$convenience" && test -n "$whole_archive_flag_spec"; then - eval libobjs=\"\$libobjs $whole_archive_flag_spec\" - fi - # Expand the library linking commands again to reset the - # value of $libobjs for piecewise linking. + file=\"\$\$-\$program\" - # Do each of the archive commands. - if test "$module" = yes && test -n "$module_cmds" ; then - if test -n "$export_symbols" && test -n "$module_expsym_cmds"; then - cmds=$module_expsym_cmds - else - cmds=$module_cmds - fi - else - if test -n "$export_symbols" && test -n "$archive_expsym_cmds"; then - cmds=$archive_expsym_cmds - else - cmds=$archive_cmds - fi - fi + if test ! -d \"\$progdir\"; then + $MKDIR \"\$progdir\" + else + $RM \"\$progdir/\$file\" + fi" - # Append the command to remove the reloadable object files - # to the just-reset $cmds. - eval cmds=\"\$cmds~\$rm $delfiles\" - fi - save_ifs="$IFS"; IFS='~' - for cmd in $cmds; do - IFS="$save_ifs" - eval cmd=\"$cmd\" - $show "$cmd" - $run eval "$cmd" || { - lt_exit=$? + $ECHO "\ - # Restore the uninstalled library and exit - if test "$mode" = relink; then - $run eval '(cd $output_objdir && $rm ${realname}T && $mv ${realname}U $realname)' - fi + # relink executable if necessary + if test -n \"\$relink_command\"; then + if relink_command_output=\`eval \$relink_command 2>&1\`; then : + else + $ECHO \"\$relink_command_output\" >&2 + $RM \"\$progdir/\$file\" + exit 1 + fi + fi - exit $lt_exit - } - done - IFS="$save_ifs" + $MV \"\$progdir/\$file\" \"\$progdir/\$program\" 2>/dev/null || + { $RM \"\$progdir/\$program\"; + $MV \"\$progdir/\$file\" \"\$progdir/\$program\"; } + $RM \"\$progdir/\$file\" + fi" + else + $ECHO "\ + program='$outputname' + progdir=\"\$thisdir/$objdir\" +" + fi - # Restore the uninstalled library and exit - if test "$mode" = relink; then - $run eval '(cd $output_objdir && $rm ${realname}T && $mv $realname ${realname}T && $mv "$realname"U $realname)' || exit $? + $ECHO "\ - if test -n "$convenience"; then - if test -z "$whole_archive_flag_spec"; then - $show "${rm}r $gentop" - $run ${rm}r "$gentop" - fi - fi + if test -f \"\$progdir/\$program\"; then" - exit $EXIT_SUCCESS + # fixup the dll searchpath if we need to. + # + # Fix the DLL searchpath if we need to. Do this before prepending + # to shlibpath, because on Windows, both are PATH and uninstalled + # libraries must come first. + if test -n "$dllsearchpath"; then + $ECHO "\ + # Add the dll search path components to the executable PATH + PATH=$dllsearchpath:\$PATH +" fi - # Create links to the real library. - for linkname in $linknames; do - if test "$realname" != "$linkname"; then - $show "(cd $output_objdir && $rm $linkname && $LN_S $realname $linkname)" - $run eval '(cd $output_objdir && $rm $linkname && $LN_S $realname $linkname)' || exit $? - fi - done + # Export our shlibpath_var if we have one. + if test "$shlibpath_overrides_runpath" = yes && test -n "$shlibpath_var" && test -n "$temp_rpath"; then + $ECHO "\ + # Add our own library path to $shlibpath_var + $shlibpath_var=\"$temp_rpath\$$shlibpath_var\" - # If -module or -export-dynamic was specified, set the dlname. - if test "$module" = yes || test "$export_dynamic" = yes; then - # On all known operating systems, these are identical. - dlname="$soname" + # Some systems cannot cope with colon-terminated $shlibpath_var + # The second colon is a workaround for a bug in BeOS R4 sed + $shlibpath_var=\`\$ECHO \"\$$shlibpath_var\" | $SED 's/::*\$//'\` + + export $shlibpath_var +" fi - fi - ;; - obj) - case " $deplibs" in - *\ -l* | *\ -L*) - $echo "$modename: warning: \`-l' and \`-L' are ignored for objects" 1>&2 ;; - esac + $ECHO "\ + if test \"\$libtool_execute_magic\" != \"$magic\"; then + # Run the actual program with our arguments. + func_exec_program \${1+\"\$@\"} + fi + else + # The program doesn't exist. + \$ECHO \"\$0: error: \\\`\$progdir/\$program' does not exist\" 1>&2 + \$ECHO \"This script is just a wrapper for \$program.\" 1>&2 + \$ECHO \"See the $PACKAGE documentation for more information.\" 1>&2 + exit 1 + fi +fi\ +" +} - if test -n "$dlfiles$dlprefiles" || test "$dlself" != no; then - $echo "$modename: warning: \`-dlopen' is ignored for objects" 1>&2 - fi - if test -n "$rpath"; then - $echo "$modename: warning: \`-rpath' is ignored for objects" 1>&2 - fi +# func_emit_cwrapperexe_src +# emit the source code for a wrapper executable on stdout +# Must ONLY be called from within func_mode_link because +# it depends on a number of variable set therein. +func_emit_cwrapperexe_src () +{ + cat <&2 - fi +/* $cwrappersource - temporary wrapper executable for $objdir/$outputname + Generated by $PROGRAM (GNU $PACKAGE$TIMESTAMP) $VERSION - if test -n "$vinfo"; then - $echo "$modename: warning: \`-version-info' is ignored for objects" 1>&2 - fi + The $output program cannot be directly executed until all the libtool + libraries that it depends on are installed. - if test -n "$release"; then - $echo "$modename: warning: \`-release' is ignored for objects" 1>&2 - fi + This wrapper executable should never be moved out of the build directory. + If it is, it will not operate correctly. +*/ +EOF + cat <<"EOF" +#ifdef _MSC_VER +# define _CRT_SECURE_NO_DEPRECATE 1 +#endif +#include +#include +#ifdef _MSC_VER +# include +# include +# include +#else +# include +# include +# ifdef __CYGWIN__ +# include +# endif +#endif +#include +#include +#include +#include +#include +#include +#include +#include - case $output in - *.lo) - if test -n "$objs$old_deplibs"; then - $echo "$modename: cannot build library object \`$output' from non-libtool objects" 1>&2 - exit $EXIT_FAILURE - fi - libobj="$output" - obj=`$echo "X$output" | $Xsed -e "$lo2o"` - ;; - *) - libobj= - obj="$output" - ;; - esac +/* declarations of non-ANSI functions */ +#if defined(__MINGW32__) +# ifdef __STRICT_ANSI__ +int _putenv (const char *); +# endif +#elif defined(__CYGWIN__) +# ifdef __STRICT_ANSI__ +char *realpath (const char *, char *); +int putenv (char *); +int setenv (const char *, const char *, int); +# endif +/* #elif defined (other platforms) ... */ +#endif - # Delete the old objects. - $run $rm $obj $libobj +/* portability defines, excluding path handling macros */ +#if defined(_MSC_VER) +# define setmode _setmode +# define stat _stat +# define chmod _chmod +# define getcwd _getcwd +# define putenv _putenv +# define S_IXUSR _S_IEXEC +# ifndef _INTPTR_T_DEFINED +# define _INTPTR_T_DEFINED +# define intptr_t int +# endif +#elif defined(__MINGW32__) +# define setmode _setmode +# define stat _stat +# define chmod _chmod +# define getcwd _getcwd +# define putenv _putenv +#elif defined(__CYGWIN__) +# define HAVE_SETENV +# define FOPEN_WB "wb" +/* #elif defined (other platforms) ... */ +#endif - # Objects from convenience libraries. This assumes - # single-version convenience libraries. Whenever we create - # different ones for PIC/non-PIC, this we'll have to duplicate - # the extraction. - reload_conv_objs= - gentop= - # reload_cmds runs $LD directly, so let us get rid of - # -Wl from whole_archive_flag_spec and hope we can get by with - # turning comma into space.. - wl= +#if defined(PATH_MAX) +# define LT_PATHMAX PATH_MAX +#elif defined(MAXPATHLEN) +# define LT_PATHMAX MAXPATHLEN +#else +# define LT_PATHMAX 1024 +#endif - if test -n "$convenience"; then - if test -n "$whole_archive_flag_spec"; then - eval tmp_whole_archive_flags=\"$whole_archive_flag_spec\" - reload_conv_objs=$reload_objs\ `$echo "X$tmp_whole_archive_flags" | $Xsed -e 's|,| |g'` - else - gentop="$output_objdir/${obj}x" - generated="$generated $gentop" +#ifndef S_IXOTH +# define S_IXOTH 0 +#endif +#ifndef S_IXGRP +# define S_IXGRP 0 +#endif - func_extract_archives $gentop $convenience - reload_conv_objs="$reload_objs $func_extract_archives_result" - fi - fi +/* path handling portability macros */ +#ifndef DIR_SEPARATOR +# define DIR_SEPARATOR '/' +# define PATH_SEPARATOR ':' +#endif - # Create the old-style object. - reload_objs="$objs$old_deplibs "`$echo "X$libobjs" | $SP2NL | $Xsed -e '/\.'${libext}$'/d' -e '/\.lib$/d' -e "$lo2o" | $NL2SP`" $reload_conv_objs" ### testsuite: skip nested quoting test +#if defined (_WIN32) || defined (__MSDOS__) || defined (__DJGPP__) || \ + defined (__OS2__) +# define HAVE_DOS_BASED_FILE_SYSTEM +# define FOPEN_WB "wb" +# ifndef DIR_SEPARATOR_2 +# define DIR_SEPARATOR_2 '\\' +# endif +# ifndef PATH_SEPARATOR_2 +# define PATH_SEPARATOR_2 ';' +# endif +#endif - output="$obj" - cmds=$reload_cmds - save_ifs="$IFS"; IFS='~' - for cmd in $cmds; do - IFS="$save_ifs" - eval cmd=\"$cmd\" - $show "$cmd" - $run eval "$cmd" || exit $? - done - IFS="$save_ifs" +#ifndef DIR_SEPARATOR_2 +# define IS_DIR_SEPARATOR(ch) ((ch) == DIR_SEPARATOR) +#else /* DIR_SEPARATOR_2 */ +# define IS_DIR_SEPARATOR(ch) \ + (((ch) == DIR_SEPARATOR) || ((ch) == DIR_SEPARATOR_2)) +#endif /* DIR_SEPARATOR_2 */ - # Exit if we aren't doing a library object file. - if test -z "$libobj"; then - if test -n "$gentop"; then - $show "${rm}r $gentop" - $run ${rm}r $gentop - fi +#ifndef PATH_SEPARATOR_2 +# define IS_PATH_SEPARATOR(ch) ((ch) == PATH_SEPARATOR) +#else /* PATH_SEPARATOR_2 */ +# define IS_PATH_SEPARATOR(ch) ((ch) == PATH_SEPARATOR_2) +#endif /* PATH_SEPARATOR_2 */ - exit $EXIT_SUCCESS - fi +#ifndef FOPEN_WB +# define FOPEN_WB "w" +#endif +#ifndef _O_BINARY +# define _O_BINARY 0 +#endif - if test "$build_libtool_libs" != yes; then - if test -n "$gentop"; then - $show "${rm}r $gentop" - $run ${rm}r $gentop - fi +#define XMALLOC(type, num) ((type *) xmalloc ((num) * sizeof(type))) +#define XFREE(stale) do { \ + if (stale) { free ((void *) stale); stale = 0; } \ +} while (0) - # Create an invalid libtool object if no PIC, so that we don't - # accidentally link it into a program. - # $show "echo timestamp > $libobj" - # $run eval "echo timestamp > $libobj" || exit $? - exit $EXIT_SUCCESS - fi +#if defined(LT_DEBUGWRAPPER) +static int lt_debug = 1; +#else +static int lt_debug = 0; +#endif - if test -n "$pic_flag" || test "$pic_mode" != default; then - # Only do commands if we really have different PIC objects. - reload_objs="$libobjs $reload_conv_objs" - output="$libobj" - cmds=$reload_cmds - save_ifs="$IFS"; IFS='~' - for cmd in $cmds; do - IFS="$save_ifs" - eval cmd=\"$cmd\" - $show "$cmd" - $run eval "$cmd" || exit $? - done - IFS="$save_ifs" - fi +const char *program_name = "libtool-wrapper"; /* in case xstrdup fails */ - if test -n "$gentop"; then - $show "${rm}r $gentop" - $run ${rm}r $gentop - fi +void *xmalloc (size_t num); +char *xstrdup (const char *string); +const char *base_name (const char *name); +char *find_executable (const char *wrapper); +char *chase_symlinks (const char *pathspec); +int make_executable (const char *path); +int check_executable (const char *path); +char *strendzap (char *str, const char *pat); +void lt_debugprintf (const char *file, int line, const char *fmt, ...); +void lt_fatal (const char *file, int line, const char *message, ...); +static const char *nonnull (const char *s); +static const char *nonempty (const char *s); +void lt_setenv (const char *name, const char *value); +char *lt_extend_str (const char *orig_value, const char *add, int to_end); +void lt_update_exe_path (const char *name, const char *value); +void lt_update_lib_path (const char *name, const char *value); +char **prepare_spawn (char **argv); +void lt_dump_script (FILE *f); +EOF - exit $EXIT_SUCCESS - ;; + cat <&2 - fi + if test "$shlibpath_overrides_runpath" = yes && test -n "$shlibpath_var" && test -n "$temp_rpath"; then + func_to_host_path "$temp_rpath" + cat <&2 - fi + if test -n "$dllsearchpath"; then + func_to_host_path "$dllsearchpath:" + cat <&2 - fi - fi + cat < "$output_objdir/$dlsyms" "\ -/* $dlsyms - symbol resolution table for \`$outputname' dlsym emulation. */ -/* Generated by $PROGRAM - GNU $PACKAGE $VERSION$TIMESTAMP */ +EOF -#ifdef __cplusplus -extern \"C\" { -#endif + case $host_os in + mingw*) + cat <<"EOF" + /* execv doesn't actually work on mingw as expected on unix */ + newargz = prepare_spawn (newargz); + rval = _spawnv (_P_WAIT, lt_argv_zero, (const char * const *) newargz); + if (rval == -1) + { + /* failed to start process */ + lt_debugprintf (__FILE__, __LINE__, + "(main) failed to launch target \"%s\": %s\n", + lt_argv_zero, nonnull (strerror (errno))); + return 127; + } + return rval; +EOF + ;; + *) + cat <<"EOF" + execv (lt_argv_zero, newargz); + return rval; /* =127, but avoids unused variable warning */ +EOF + ;; + esac -/* Prevent the only kind of declaration conflicts we can make. */ -#define lt_preloaded_symbols some_other_symbol + cat <<"EOF" +} -/* External symbol declarations for the compiler. */\ -" +void * +xmalloc (size_t num) +{ + void *p = (void *) malloc (num); + if (!p) + lt_fatal (__FILE__, __LINE__, "memory exhausted"); - if test "$dlself" = yes; then - $show "generating symbol list for \`$output'" + return p; +} - test -z "$run" && $echo ': @PROGRAM@ ' > "$nlist" +char * +xstrdup (const char *string) +{ + return string ? strcpy ((char *) xmalloc (strlen (string) + 1), + string) : NULL; +} - # Add our own program objects to the symbol list. - progfiles=`$echo "X$objs$old_deplibs" | $SP2NL | $Xsed -e "$lo2o" | $NL2SP` - for arg in $progfiles; do - $show "extracting global C symbols from \`$arg'" - $run eval "$NM $arg | $global_symbol_pipe >> '$nlist'" - done +const char * +base_name (const char *name) +{ + const char *base; - if test -n "$exclude_expsyms"; then - $run eval '$EGREP -v " ($exclude_expsyms)$" "$nlist" > "$nlist"T' - $run eval '$mv "$nlist"T "$nlist"' - fi - - if test -n "$export_symbols_regex"; then - $run eval '$EGREP -e "$export_symbols_regex" "$nlist" > "$nlist"T' - $run eval '$mv "$nlist"T "$nlist"' - fi - - # Prepare the list of exported symbols - if test -z "$export_symbols"; then - export_symbols="$output_objdir/$outputname.exp" - $run $rm $export_symbols - $run eval "${SED} -n -e '/^: @PROGRAM@ $/d' -e 's/^.* \(.*\)$/\1/p' "'< "$nlist" > "$export_symbols"' - case $host in - *cygwin* | *mingw* ) - $run eval "echo EXPORTS "'> "$output_objdir/$outputname.def"' - $run eval 'cat "$export_symbols" >> "$output_objdir/$outputname.def"' - ;; - esac - else - $run eval "${SED} -e 's/\([].[*^$]\)/\\\\\1/g' -e 's/^/ /' -e 's/$/$/'"' < "$export_symbols" > "$output_objdir/$outputname.exp"' - $run eval 'grep -f "$output_objdir/$outputname.exp" < "$nlist" > "$nlist"T' - $run eval 'mv "$nlist"T "$nlist"' - case $host in - *cygwin* | *mingw* ) - $run eval "echo EXPORTS "'> "$output_objdir/$outputname.def"' - $run eval 'cat "$nlist" >> "$output_objdir/$outputname.def"' - ;; - esac - fi - fi +#if defined (HAVE_DOS_BASED_FILE_SYSTEM) + /* Skip over the disk name in MSDOS pathnames. */ + if (isalpha ((unsigned char) name[0]) && name[1] == ':') + name += 2; +#endif - for arg in $dlprefiles; do - $show "extracting global C symbols from \`$arg'" - name=`$echo "$arg" | ${SED} -e 's%^.*/%%'` - $run eval '$echo ": $name " >> "$nlist"' - $run eval "$NM $arg | $global_symbol_pipe >> '$nlist'" - done + for (base = name; *name; name++) + if (IS_DIR_SEPARATOR (*name)) + base = name + 1; + return base; +} - if test -z "$run"; then - # Make sure we have at least an empty file. - test -f "$nlist" || : > "$nlist" - - if test -n "$exclude_expsyms"; then - $EGREP -v " ($exclude_expsyms)$" "$nlist" > "$nlist"T - $mv "$nlist"T "$nlist" - fi +int +check_executable (const char *path) +{ + struct stat st; - # Try sorting and uniquifying the output. - if grep -v "^: " < "$nlist" | - if sort -k 3 /dev/null 2>&1; then - sort -k 3 - else - sort +2 - fi | - uniq > "$nlist"S; then - : - else - grep -v "^: " < "$nlist" > "$nlist"S - fi + lt_debugprintf (__FILE__, __LINE__, "(check_executable): %s\n", + nonempty (path)); + if ((!path) || (!*path)) + return 0; - if test -f "$nlist"S; then - eval "$global_symbol_to_cdecl"' < "$nlist"S >> "$output_objdir/$dlsyms"' - else - $echo '/* NONE */' >> "$output_objdir/$dlsyms" - fi + if ((stat (path, &st) >= 0) + && (st.st_mode & (S_IXUSR | S_IXGRP | S_IXOTH))) + return 1; + else + return 0; +} - $echo >> "$output_objdir/$dlsyms" "\ +int +make_executable (const char *path) +{ + int rval = 0; + struct stat st; -#undef lt_preloaded_symbols + lt_debugprintf (__FILE__, __LINE__, "(make_executable): %s\n", + nonempty (path)); + if ((!path) || (!*path)) + return 0; -#if defined (__STDC__) && __STDC__ -# define lt_ptr void * -#else -# define lt_ptr char * -# define const -#endif + if (stat (path, &st) >= 0) + { + rval = chmod (path, st.st_mode | S_IXOTH | S_IXGRP | S_IXUSR); + } + return rval; +} -/* The mapping between symbol names and symbols. */ -" +/* Searches for the full path of the wrapper. Returns + newly allocated full path name if found, NULL otherwise + Does not chase symlinks, even on platforms that support them. +*/ +char * +find_executable (const char *wrapper) +{ + int has_slash = 0; + const char *p; + const char *p_next; + /* static buffer for getcwd */ + char tmp[LT_PATHMAX + 1]; + int tmp_len; + char *concat_name; - case $host in - *cygwin* | *mingw* ) - $echo >> "$output_objdir/$dlsyms" "\ -/* DATA imports from DLLs on WIN32 can't be const, because - runtime relocations are performed -- see ld's documentation - on pseudo-relocs */ -struct { -" - ;; - * ) - $echo >> "$output_objdir/$dlsyms" "\ -const struct { -" - ;; - esac + lt_debugprintf (__FILE__, __LINE__, "(find_executable): %s\n", + nonempty (wrapper)); + if ((wrapper == NULL) || (*wrapper == '\0')) + return NULL; - $echo >> "$output_objdir/$dlsyms" "\ - const char *name; - lt_ptr address; + /* Absolute path? */ +#if defined (HAVE_DOS_BASED_FILE_SYSTEM) + if (isalpha ((unsigned char) wrapper[0]) && wrapper[1] == ':') + { + concat_name = xstrdup (wrapper); + if (check_executable (concat_name)) + return concat_name; + XFREE (concat_name); + } + else + { +#endif + if (IS_DIR_SEPARATOR (wrapper[0])) + { + concat_name = xstrdup (wrapper); + if (check_executable (concat_name)) + return concat_name; + XFREE (concat_name); + } +#if defined (HAVE_DOS_BASED_FILE_SYSTEM) + } +#endif + + for (p = wrapper; *p; p++) + if (*p == '/') + { + has_slash = 1; + break; + } + if (!has_slash) + { + /* no slashes; search PATH */ + const char *path = getenv ("PATH"); + if (path != NULL) + { + for (p = path; *p; p = p_next) + { + const char *q; + size_t p_len; + for (q = p; *q; q++) + if (IS_PATH_SEPARATOR (*q)) + break; + p_len = q - p; + p_next = (*q == '\0' ? q : q + 1); + if (p_len == 0) + { + /* empty path: current directory */ + if (getcwd (tmp, LT_PATHMAX) == NULL) + lt_fatal (__FILE__, __LINE__, "getcwd failed: %s", + nonnull (strerror (errno))); + tmp_len = strlen (tmp); + concat_name = + XMALLOC (char, tmp_len + 1 + strlen (wrapper) + 1); + memcpy (concat_name, tmp, tmp_len); + concat_name[tmp_len] = '/'; + strcpy (concat_name + tmp_len + 1, wrapper); + } + else + { + concat_name = + XMALLOC (char, p_len + 1 + strlen (wrapper) + 1); + memcpy (concat_name, p, p_len); + concat_name[p_len] = '/'; + strcpy (concat_name + p_len + 1, wrapper); + } + if (check_executable (concat_name)) + return concat_name; + XFREE (concat_name); + } + } + /* not found in PATH; assume curdir */ + } + /* Relative path | not found in path: prepend cwd */ + if (getcwd (tmp, LT_PATHMAX) == NULL) + lt_fatal (__FILE__, __LINE__, "getcwd failed: %s", + nonnull (strerror (errno))); + tmp_len = strlen (tmp); + concat_name = XMALLOC (char, tmp_len + 1 + strlen (wrapper) + 1); + memcpy (concat_name, tmp, tmp_len); + concat_name[tmp_len] = '/'; + strcpy (concat_name + tmp_len + 1, wrapper); + + if (check_executable (concat_name)) + return concat_name; + XFREE (concat_name); + return NULL; } -lt_preloaded_symbols[] = -{\ -" - eval "$global_symbol_to_c_name_address" < "$nlist" >> "$output_objdir/$dlsyms" +char * +chase_symlinks (const char *pathspec) +{ +#ifndef S_ISLNK + return xstrdup (pathspec); +#else + char buf[LT_PATHMAX]; + struct stat s; + char *tmp_pathspec = xstrdup (pathspec); + char *p; + int has_symlinks = 0; + while (strlen (tmp_pathspec) && !has_symlinks) + { + lt_debugprintf (__FILE__, __LINE__, + "checking path component for symlinks: %s\n", + tmp_pathspec); + if (lstat (tmp_pathspec, &s) == 0) + { + if (S_ISLNK (s.st_mode) != 0) + { + has_symlinks = 1; + break; + } - $echo >> "$output_objdir/$dlsyms" "\ - {0, (lt_ptr) 0} -}; + /* search backwards for last DIR_SEPARATOR */ + p = tmp_pathspec + strlen (tmp_pathspec) - 1; + while ((p > tmp_pathspec) && (!IS_DIR_SEPARATOR (*p))) + p--; + if ((p == tmp_pathspec) && (!IS_DIR_SEPARATOR (*p))) + { + /* no more DIR_SEPARATORS left */ + break; + } + *p = '\0'; + } + else + { + lt_fatal (__FILE__, __LINE__, + "error accessing file \"%s\": %s", + tmp_pathspec, nonnull (strerror (errno))); + } + } + XFREE (tmp_pathspec); -/* This works around a problem in FreeBSD linker */ -#ifdef FREEBSD_WORKAROUND -static const void *lt_preloaded_setup() { - return lt_preloaded_symbols; -} -#endif + if (!has_symlinks) + { + return xstrdup (pathspec); + } -#ifdef __cplusplus + tmp_pathspec = realpath (pathspec, buf); + if (tmp_pathspec == 0) + { + lt_fatal (__FILE__, __LINE__, + "could not follow symlinks for %s", pathspec); + } + return xstrdup (tmp_pathspec); +#endif } -#endif\ -" - fi - pic_flag_for_symtable= - case $host in - # compiling the symbol table file with pic_flag works around - # a FreeBSD bug that causes programs to crash when -lm is - # linked before any other PIC object. But we must not use - # pic_flag when linking with -static. The problem exists in - # FreeBSD 2.2.6 and is fixed in FreeBSD 3.1. - *-*-freebsd2*|*-*-freebsd3.0*|*-*-freebsdelf3.0*) - case "$compile_command " in - *" -static "*) ;; - *) pic_flag_for_symtable=" $pic_flag -DFREEBSD_WORKAROUND";; - esac;; - *-*-hpux*) - case "$compile_command " in - *" -static "*) ;; - *) pic_flag_for_symtable=" $pic_flag";; - esac - esac +char * +strendzap (char *str, const char *pat) +{ + size_t len, patlen; - # Now compile the dynamic symbol file. - $show "(cd $output_objdir && $LTCC $LTCFLAGS -c$no_builtin_flag$pic_flag_for_symtable \"$dlsyms\")" - $run eval '(cd $output_objdir && $LTCC $LTCFLAGS -c$no_builtin_flag$pic_flag_for_symtable "$dlsyms")' || exit $? - - # Clean up the generated files. - $show "$rm $output_objdir/$dlsyms $nlist ${nlist}S ${nlist}T" - $run $rm "$output_objdir/$dlsyms" "$nlist" "${nlist}S" "${nlist}T" + assert (str != NULL); + assert (pat != NULL); - # Transform the symbol file into the correct name. - case $host in - *cygwin* | *mingw* ) - if test -f "$output_objdir/${outputname}.def" ; then - compile_command=`$echo "X$compile_command" | $SP2NL | $Xsed -e "s%@SYMFILE@%$output_objdir/${outputname}.def $output_objdir/${outputname}S.${objext}%" | $NL2SP` - finalize_command=`$echo "X$finalize_command" | $SP2NL | $Xsed -e "s%@SYMFILE@%$output_objdir/${outputname}.def $output_objdir/${outputname}S.${objext}%" | $NL2SP` - else - compile_command=`$echo "X$compile_command" | $SP2NL | $Xsed -e "s%@SYMFILE@%$output_objdir/${outputname}S.${objext}%" | $NL2SP` - finalize_command=`$echo "X$finalize_command" | $SP2NL | $Xsed -e "s%@SYMFILE@%$output_objdir/${outputname}S.${objext}%" | $NL2SP` - fi - ;; - * ) - compile_command=`$echo "X$compile_command" | $SP2NL | $Xsed -e "s%@SYMFILE@%$output_objdir/${outputname}S.${objext}%" | $NL2SP` - finalize_command=`$echo "X$finalize_command" | $SP2NL | $Xsed -e "s%@SYMFILE@%$output_objdir/${outputname}S.${objext}%" | $NL2SP` - ;; - esac - ;; - *) - $echo "$modename: unknown suffix for \`$dlsyms'" 1>&2 - exit $EXIT_FAILURE - ;; - esac - else - # We keep going just in case the user didn't refer to - # lt_preloaded_symbols. The linker will fail if global_symbol_pipe - # really was required. + len = strlen (str); + patlen = strlen (pat); - # Nullify the symbol file. - compile_command=`$echo "X$compile_command" | $SP2NL | $Xsed -e "s% @SYMFILE@%%" | $NL2SP` - finalize_command=`$echo "X$finalize_command" | $SP2NL | $Xsed -e "s% @SYMFILE@%%" | $NL2SP` - fi + if (patlen <= len) + { + str += len - patlen; + if (strcmp (str, pat) == 0) + *str = '\0'; + } + return str; +} - if test "$need_relink" = no || test "$build_libtool_libs" != yes; then - # Replace the output file specification. - compile_command=`$echo "X$compile_command" | $SP2NL | $Xsed -e 's%@OUTPUT@%'"$output"'%g' | $NL2SP` - link_command="$compile_command$compile_rpath" +void +lt_debugprintf (const char *file, int line, const char *fmt, ...) +{ + va_list args; + if (lt_debug) + { + (void) fprintf (stderr, "%s:%s:%d: ", program_name, file, line); + va_start (args, fmt); + (void) vfprintf (stderr, fmt, args); + va_end (args); + } +} - # We have no uninstalled library dependencies, so finalize right now. - $show "$link_command" - $run eval "$link_command" - exit_status=$? +static void +lt_error_core (int exit_status, const char *file, + int line, const char *mode, + const char *message, va_list ap) +{ + fprintf (stderr, "%s:%s:%d: %s: ", program_name, file, line, mode); + vfprintf (stderr, message, ap); + fprintf (stderr, ".\n"); - # Delete the generated files. - if test -n "$dlsyms"; then - $show "$rm $output_objdir/${outputname}S.${objext}" - $run $rm "$output_objdir/${outputname}S.${objext}" - fi + if (exit_status >= 0) + exit (exit_status); +} - exit $exit_status - fi +void +lt_fatal (const char *file, int line, const char *message, ...) +{ + va_list ap; + va_start (ap, message); + lt_error_core (EXIT_FAILURE, file, line, "FATAL", message, ap); + va_end (ap); +} - if test -n "$shlibpath_var"; then - # We should set the shlibpath_var - rpath= - for dir in $temp_rpath; do - case $dir in - [\\/]* | [A-Za-z]:[\\/]*) - # Absolute path. - rpath="$rpath$dir:" - ;; - *) - # Relative path: add a thisdir entry. - rpath="$rpath\$thisdir/$dir:" - ;; - esac - done - temp_rpath="$rpath" - fi +static const char * +nonnull (const char *s) +{ + return s ? s : "(null)"; +} - if test -n "$compile_shlibpath$finalize_shlibpath"; then - compile_command="$shlibpath_var=\"$compile_shlibpath$finalize_shlibpath\$$shlibpath_var\" $compile_command" - fi - if test -n "$finalize_shlibpath"; then - finalize_command="$shlibpath_var=\"$finalize_shlibpath\$$shlibpath_var\" $finalize_command" - fi +static const char * +nonempty (const char *s) +{ + return (s && !*s) ? "(empty)" : nonnull (s); +} - compile_var= - finalize_var= - if test -n "$runpath_var"; then - if test -n "$perm_rpath"; then - # We should set the runpath_var. - rpath= - for dir in $perm_rpath; do - rpath="$rpath$dir:" - done - compile_var="$runpath_var=\"$rpath\$$runpath_var\" " - fi - if test -n "$finalize_perm_rpath"; then - # We should set the runpath_var. - rpath= - for dir in $finalize_perm_rpath; do - rpath="$rpath$dir:" - done - finalize_var="$runpath_var=\"$rpath\$$runpath_var\" " - fi - fi - - if test "$no_install" = yes; then - # We don't need to create a wrapper script. - link_command="$compile_var$compile_command$compile_rpath" - # Replace the output file specification. - link_command=`$echo "X$link_command" | $Xsed -e 's%@OUTPUT@%'"$output"'%g'` - # Delete the old output file. - $run $rm $output - # Link the executable and exit - $show "$link_command" - $run eval "$link_command" || exit $? - exit $EXIT_SUCCESS - fi - - if test "$hardcode_action" = relink; then - # Fast installation is not supported - link_command="$compile_var$compile_command$compile_rpath" - relink_command="$finalize_var$finalize_command$finalize_rpath" - - $echo "$modename: warning: this platform does not like uninstalled shared libraries" 1>&2 - $echo "$modename: \`$output' will be relinked during installation" 1>&2 - else - if test "$fast_install" != no; then - link_command="$finalize_var$compile_command$finalize_rpath" - if test "$fast_install" = yes; then - relink_command=`$echo "X$compile_var$compile_command$compile_rpath" | $SP2NL | $Xsed -e 's%@OUTPUT@%\$progdir/\$file%g' | $NL2SP` - else - # fast_install is set to needless - relink_command= - fi - else - link_command="$compile_var$compile_command$compile_rpath" - relink_command="$finalize_var$finalize_command$finalize_rpath" - fi - fi - - # Replace the output file specification. - link_command=`$echo "X$link_command" | $Xsed -e 's%@OUTPUT@%'"$output_objdir/$outputname"'%g'` - - # Delete the old output files. - $run $rm $output $output_objdir/$outputname $output_objdir/lt-$outputname - - $show "$link_command" - $run eval "$link_command" || exit $? - - # Now create the wrapper script. - $show "creating $output" - - # Quote the relink command for shipping. - if test -n "$relink_command"; then - # Preserve any variables that may affect compiler behavior - for var in $variables_saved_for_relink; do - if eval test -z \"\${$var+set}\"; then - relink_command="{ test -z \"\${$var+set}\" || unset $var || { $var=; export $var; }; }; $relink_command" - elif eval var_value=\$$var; test -z "$var_value"; then - relink_command="$var=; export $var; $relink_command" - else - var_value=`$echo "X$var_value" | $Xsed -e "$sed_quote_subst"` - relink_command="$var=\"$var_value\"; export $var; $relink_command" - fi - done - relink_command="(cd `pwd`; $relink_command)" - relink_command=`$echo "X$relink_command" | $SP2NL | $Xsed -e "$sed_quote_subst" | $NL2SP` - fi - - # Quote $echo for shipping. - if test "X$echo" = "X$SHELL $progpath --fallback-echo"; then - case $progpath in - [\\/]* | [A-Za-z]:[\\/]*) qecho="$SHELL $progpath --fallback-echo";; - *) qecho="$SHELL `pwd`/$progpath --fallback-echo";; - esac - qecho=`$echo "X$qecho" | $Xsed -e "$sed_quote_subst"` - else - qecho=`$echo "X$echo" | $Xsed -e "$sed_quote_subst"` - fi - - # Only actually do things if our run command is non-null. - if test -z "$run"; then - # win32 will think the script is a binary if it has - # a .exe suffix, so we strip it off here. - case $output in - *.exe) output=`$echo $output|${SED} 's,.exe$,,'` ;; - esac - # test for cygwin because mv fails w/o .exe extensions - case $host in - *cygwin*) - exeext=.exe - outputname=`$echo $outputname|${SED} 's,.exe$,,'` ;; - *) exeext= ;; - esac - case $host in - *cygwin* | *mingw* ) - output_name=`basename $output` - output_path=`dirname $output` - cwrappersource="$output_path/$objdir/lt-$output_name.c" - cwrapper="$output_path/$output_name.exe" - $rm $cwrappersource $cwrapper - trap "$rm $cwrappersource $cwrapper; exit $EXIT_FAILURE" 1 2 15 - - cat > $cwrappersource <> $cwrappersource<<"EOF" -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#if defined(PATH_MAX) -# define LT_PATHMAX PATH_MAX -#elif defined(MAXPATHLEN) -# define LT_PATHMAX MAXPATHLEN +void +lt_setenv (const char *name, const char *value) +{ + lt_debugprintf (__FILE__, __LINE__, + "(lt_setenv) setting '%s' to '%s'\n", + nonnull (name), nonnull (value)); + { +#ifdef HAVE_SETENV + /* always make a copy, for consistency with !HAVE_SETENV */ + char *str = xstrdup (value); + setenv (name, str, 1); #else -# define LT_PATHMAX 1024 + int len = strlen (name) + 1 + strlen (value) + 1; + char *str = XMALLOC (char, len); + sprintf (str, "%s=%s", name, value); + if (putenv (str) != EXIT_SUCCESS) + { + XFREE (str); + } #endif + } +} -#ifndef DIR_SEPARATOR -# define DIR_SEPARATOR '/' -# define PATH_SEPARATOR ':' -#endif +char * +lt_extend_str (const char *orig_value, const char *add, int to_end) +{ + char *new_value; + if (orig_value && *orig_value) + { + int orig_value_len = strlen (orig_value); + int add_len = strlen (add); + new_value = XMALLOC (char, add_len + orig_value_len + 1); + if (to_end) + { + strcpy (new_value, orig_value); + strcpy (new_value + orig_value_len, add); + } + else + { + strcpy (new_value, add); + strcpy (new_value + add_len, orig_value); + } + } + else + { + new_value = xstrdup (add); + } + return new_value; +} -#if defined (_WIN32) || defined (__MSDOS__) || defined (__DJGPP__) || \ - defined (__OS2__) -# define HAVE_DOS_BASED_FILE_SYSTEM -# ifndef DIR_SEPARATOR_2 -# define DIR_SEPARATOR_2 '\\' -# endif -# ifndef PATH_SEPARATOR_2 -# define PATH_SEPARATOR_2 ';' -# endif -#endif +void +lt_update_exe_path (const char *name, const char *value) +{ + lt_debugprintf (__FILE__, __LINE__, + "(lt_update_exe_path) modifying '%s' by prepending '%s'\n", + nonnull (name), nonnull (value)); -#ifndef DIR_SEPARATOR_2 -# define IS_DIR_SEPARATOR(ch) ((ch) == DIR_SEPARATOR) -#else /* DIR_SEPARATOR_2 */ -# define IS_DIR_SEPARATOR(ch) \ - (((ch) == DIR_SEPARATOR) || ((ch) == DIR_SEPARATOR_2)) -#endif /* DIR_SEPARATOR_2 */ + if (name && *name && value && *value) + { + char *new_value = lt_extend_str (getenv (name), value, 0); + /* some systems can't cope with a ':'-terminated path #' */ + int len = strlen (new_value); + while (((len = strlen (new_value)) > 0) && IS_PATH_SEPARATOR (new_value[len-1])) + { + new_value[len-1] = '\0'; + } + lt_setenv (name, new_value); + XFREE (new_value); + } +} -#ifndef PATH_SEPARATOR_2 -# define IS_PATH_SEPARATOR(ch) ((ch) == PATH_SEPARATOR) -#else /* PATH_SEPARATOR_2 */ -# define IS_PATH_SEPARATOR(ch) ((ch) == PATH_SEPARATOR_2) -#endif /* PATH_SEPARATOR_2 */ +void +lt_update_lib_path (const char *name, const char *value) +{ + lt_debugprintf (__FILE__, __LINE__, + "(lt_update_lib_path) modifying '%s' by prepending '%s'\n", + nonnull (name), nonnull (value)); -#define XMALLOC(type, num) ((type *) xmalloc ((num) * sizeof(type))) -#define XFREE(stale) do { \ - if (stale) { free ((void *) stale); stale = 0; } \ -} while (0) + if (name && *name && value && *value) + { + char *new_value = lt_extend_str (getenv (name), value, 0); + lt_setenv (name, new_value); + XFREE (new_value); + } +} -/* -DDEBUG is fairly common in CFLAGS. */ -#undef DEBUG -#if defined DEBUGWRAPPER -# define DEBUG(format, ...) fprintf(stderr, format, __VA_ARGS__) -#else -# define DEBUG(format, ...) -#endif +EOF + case $host_os in + mingw*) + cat <<"EOF" + +/* Prepares an argument vector before calling spawn(). + Note that spawn() does not by itself call the command interpreter + (getenv ("COMSPEC") != NULL ? getenv ("COMSPEC") : + ({ OSVERSIONINFO v; v.dwOSVersionInfoSize = sizeof(OSVERSIONINFO); + GetVersionEx(&v); + v.dwPlatformId == VER_PLATFORM_WIN32_NT; + }) ? "cmd.exe" : "command.com"). + Instead it simply concatenates the arguments, separated by ' ', and calls + CreateProcess(). We must quote the arguments since Win32 CreateProcess() + interprets characters like ' ', '\t', '\\', '"' (but not '<' and '>') in a + special way: + - Space and tab are interpreted as delimiters. They are not treated as + delimiters if they are surrounded by double quotes: "...". + - Unescaped double quotes are removed from the input. Their only effect is + that within double quotes, space and tab are treated like normal + characters. + - Backslashes not followed by double quotes are not special. + - But 2*n+1 backslashes followed by a double quote become + n backslashes followed by a double quote (n >= 0): + \" -> " + \\\" -> \" + \\\\\" -> \\" + */ +#define SHELL_SPECIAL_CHARS "\"\\ \001\002\003\004\005\006\007\010\011\012\013\014\015\016\017\020\021\022\023\024\025\026\027\030\031\032\033\034\035\036\037" +#define SHELL_SPACE_CHARS " \001\002\003\004\005\006\007\010\011\012\013\014\015\016\017\020\021\022\023\024\025\026\027\030\031\032\033\034\035\036\037" +char ** +prepare_spawn (char **argv) +{ + size_t argc; + char **new_argv; + size_t i; -const char *program_name = NULL; + /* Count number of arguments. */ + for (argc = 0; argv[argc] != NULL; argc++) + ; -void * xmalloc (size_t num); -char * xstrdup (const char *string); -const char * base_name (const char *name); -char * find_executable(const char *wrapper); -int check_executable(const char *path); -char * strendzap(char *str, const char *pat); -void lt_fatal (const char *message, ...); + /* Allocate new argument vector. */ + new_argv = XMALLOC (char *, argc + 1); -int -main (int argc, char *argv[]) -{ - char **newargz; - int i; + /* Put quoted arguments into the new argument vector. */ + for (i = 0; i < argc; i++) + { + const char *string = argv[i]; - program_name = (char *) xstrdup (base_name (argv[0])); - DEBUG("(main) argv[0] : %s\n",argv[0]); - DEBUG("(main) program_name : %s\n",program_name); - newargz = XMALLOC(char *, argc+2); -EOF + if (string[0] == '\0') + new_argv[i] = xstrdup ("\"\""); + else if (strpbrk (string, SHELL_SPECIAL_CHARS) != NULL) + { + int quote_around = (strpbrk (string, SHELL_SPACE_CHARS) != NULL); + size_t length; + unsigned int backslashes; + const char *s; + char *quoted_string; + char *p; + + length = 0; + backslashes = 0; + if (quote_around) + length++; + for (s = string; *s != '\0'; s++) + { + char c = *s; + if (c == '"') + length += backslashes + 1; + length++; + if (c == '\\') + backslashes++; + else + backslashes = 0; + } + if (quote_around) + length += backslashes + 1; - cat >> $cwrappersource <> $cwrappersource <<"EOF" - newargz[1] = find_executable(argv[0]); - if (newargz[1] == NULL) - lt_fatal("Couldn't find %s", argv[0]); - DEBUG("(main) found exe at : %s\n",newargz[1]); - /* we know the script has the same name, without the .exe */ - /* so make sure newargz[1] doesn't end in .exe */ - strendzap(newargz[1],".exe"); - for (i = 1; i < argc; i++) - newargz[i+1] = xstrdup(argv[i]); - newargz[argc+1] = NULL; + p = quoted_string; + backslashes = 0; + if (quote_around) + *p++ = '"'; + for (s = string; *s != '\0'; s++) + { + char c = *s; + if (c == '"') + { + unsigned int j; + for (j = backslashes + 1; j > 0; j--) + *p++ = '\\'; + } + *p++ = c; + if (c == '\\') + backslashes++; + else + backslashes = 0; + } + if (quote_around) + { + unsigned int j; + for (j = backslashes; j > 0; j--) + *p++ = '\\'; + *p++ = '"'; + } + *p = '\0'; - for (i=0; i> $cwrappersource <> $cwrappersource <> $cwrappersource <<"EOF" - return 127; + cat <<"EOF" } - -void * -xmalloc (size_t num) -{ - void * p = (void *) malloc (num); - if (!p) - lt_fatal ("Memory exhausted"); - - return p; +EOF } +# end: func_emit_cwrapperexe_src -char * -xstrdup (const char *string) +# func_win32_import_lib_p ARG +# True if ARG is an import lib, as indicated by $file_magic_cmd +func_win32_import_lib_p () { - return string ? strcpy ((char *) xmalloc (strlen (string) + 1), string) : NULL -; + $opt_debug + case `eval $file_magic_cmd \"\$1\" 2>/dev/null | $SED -e 10q` in + *import*) : ;; + *) false ;; + esac } -const char * -base_name (const char *name) +# func_mode_link arg... +func_mode_link () { - const char *base; + $opt_debug + case $host in + *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2* | *-cegcc*) + # It is impossible to link a dll without this setting, and + # we shouldn't force the makefile maintainer to figure out + # which system we are compiling for in order to pass an extra + # flag for every libtool invocation. + # allow_undefined=no -#if defined (HAVE_DOS_BASED_FILE_SYSTEM) - /* Skip over the disk name in MSDOS pathnames. */ - if (isalpha ((unsigned char)name[0]) && name[1] == ':') - name += 2; -#endif + # FIXME: Unfortunately, there are problems with the above when trying + # to make a dll which has undefined symbols, in which case not + # even a static library is built. For now, we need to specify + # -no-undefined on the libtool link line when we can be certain + # that all symbols are satisfied, otherwise we get a static library. + allow_undefined=yes + ;; + *) + allow_undefined=yes + ;; + esac + libtool_args=$nonopt + base_compile="$nonopt $@" + compile_command=$nonopt + finalize_command=$nonopt - for (base = name; *name; name++) - if (IS_DIR_SEPARATOR (*name)) - base = name + 1; - return base; -} + compile_rpath= + finalize_rpath= + compile_shlibpath= + finalize_shlibpath= + convenience= + old_convenience= + deplibs= + old_deplibs= + compiler_flags= + linker_flags= + dllsearchpath= + lib_search_path=`pwd` + inst_prefix_dir= + new_inherited_linker_flags= -int -check_executable(const char * path) -{ - struct stat st; - - DEBUG("(check_executable) : %s\n", path ? (*path ? path : "EMPTY!") : "NULL!"); - if ((!path) || (!*path)) - return 0; - - if ((stat (path, &st) >= 0) && - ( - /* MinGW & native WIN32 do not support S_IXOTH or S_IXGRP */ -#if defined (S_IXOTH) - ((st.st_mode & S_IXOTH) == S_IXOTH) || -#endif -#if defined (S_IXGRP) - ((st.st_mode & S_IXGRP) == S_IXGRP) || -#endif - ((st.st_mode & S_IXUSR) == S_IXUSR)) - ) - return 1; - else - return 0; -} + avoid_version=no + bindir= + dlfiles= + dlprefiles= + dlself=no + export_dynamic=no + export_symbols= + export_symbols_regex= + generated= + libobjs= + ltlibs= + module=no + no_install=no + objs= + non_pic_objects= + precious_files_regex= + prefer_static_libs=no + preload=no + prev= + prevarg= + release= + rpath= + xrpath= + perm_rpath= + temp_rpath= + thread_safe=no + vinfo= + vinfo_number=no + weak_libs= + single_module="${wl}-single_module" + func_infer_tag $base_compile -/* Searches for the full path of the wrapper. Returns - newly allocated full path name if found, NULL otherwise */ -char * -find_executable (const char* wrapper) -{ - int has_slash = 0; - const char* p; - const char* p_next; - /* static buffer for getcwd */ - char tmp[LT_PATHMAX + 1]; - int tmp_len; - char* concat_name; + # We need to know -static, to get the right output filenames. + for arg + do + case $arg in + -shared) + test "$build_libtool_libs" != yes && \ + func_fatal_configuration "can not build a shared library" + build_old_libs=no + break + ;; + -all-static | -static | -static-libtool-libs) + case $arg in + -all-static) + if test "$build_libtool_libs" = yes && test -z "$link_static_flag"; then + func_warning "complete static linking is impossible in this configuration" + fi + if test -n "$link_static_flag"; then + dlopen_self=$dlopen_self_static + fi + prefer_static_libs=yes + ;; + -static) + if test -z "$pic_flag" && test -n "$link_static_flag"; then + dlopen_self=$dlopen_self_static + fi + prefer_static_libs=built + ;; + -static-libtool-libs) + if test -z "$pic_flag" && test -n "$link_static_flag"; then + dlopen_self=$dlopen_self_static + fi + prefer_static_libs=yes + ;; + esac + build_libtool_libs=no + build_old_libs=yes + break + ;; + esac + done - DEBUG("(find_executable) : %s\n", wrapper ? (*wrapper ? wrapper : "EMPTY!") : "NULL!"); + # See if our shared archives depend on static archives. + test -n "$old_archive_from_new_cmds" && build_old_libs=yes - if ((wrapper == NULL) || (*wrapper == '\0')) - return NULL; + # Go through the arguments, transforming them on the way. + while test "$#" -gt 0; do + arg="$1" + shift + func_quote_for_eval "$arg" + qarg=$func_quote_for_eval_unquoted_result + func_append libtool_args " $func_quote_for_eval_result" - /* Absolute path? */ -#if defined (HAVE_DOS_BASED_FILE_SYSTEM) - if (isalpha ((unsigned char)wrapper[0]) && wrapper[1] == ':') - { - concat_name = xstrdup (wrapper); - if (check_executable(concat_name)) - return concat_name; - XFREE(concat_name); - } - else - { -#endif - if (IS_DIR_SEPARATOR (wrapper[0])) - { - concat_name = xstrdup (wrapper); - if (check_executable(concat_name)) - return concat_name; - XFREE(concat_name); - } -#if defined (HAVE_DOS_BASED_FILE_SYSTEM) - } -#endif + # If the previous option needs an argument, assign it. + if test -n "$prev"; then + case $prev in + output) + func_append compile_command " @OUTPUT@" + func_append finalize_command " @OUTPUT@" + ;; + esac - for (p = wrapper; *p; p++) - if (*p == '/') - { - has_slash = 1; - break; - } - if (!has_slash) - { - /* no slashes; search PATH */ - const char* path = getenv ("PATH"); - if (path != NULL) - { - for (p = path; *p; p = p_next) - { - const char* q; - size_t p_len; - for (q = p; *q; q++) - if (IS_PATH_SEPARATOR(*q)) - break; - p_len = q - p; - p_next = (*q == '\0' ? q : q + 1); - if (p_len == 0) - { - /* empty path: current directory */ - if (getcwd (tmp, LT_PATHMAX) == NULL) - lt_fatal ("getcwd failed"); - tmp_len = strlen(tmp); - concat_name = XMALLOC(char, tmp_len + 1 + strlen(wrapper) + 1); - memcpy (concat_name, tmp, tmp_len); - concat_name[tmp_len] = '/'; - strcpy (concat_name + tmp_len + 1, wrapper); - } - else - { - concat_name = XMALLOC(char, p_len + 1 + strlen(wrapper) + 1); - memcpy (concat_name, p, p_len); - concat_name[p_len] = '/'; - strcpy (concat_name + p_len + 1, wrapper); - } - if (check_executable(concat_name)) - return concat_name; - XFREE(concat_name); - } - } - /* not found in PATH; assume curdir */ - } - /* Relative path | not found in path: prepend cwd */ - if (getcwd (tmp, LT_PATHMAX) == NULL) - lt_fatal ("getcwd failed"); - tmp_len = strlen(tmp); - concat_name = XMALLOC(char, tmp_len + 1 + strlen(wrapper) + 1); - memcpy (concat_name, tmp, tmp_len); - concat_name[tmp_len] = '/'; - strcpy (concat_name + tmp_len + 1, wrapper); + case $prev in + bindir) + bindir="$arg" + prev= + continue + ;; + dlfiles|dlprefiles) + if test "$preload" = no; then + # Add the symbol object into the linking commands. + func_append compile_command " @SYMFILE@" + func_append finalize_command " @SYMFILE@" + preload=yes + fi + case $arg in + *.la | *.lo) ;; # We handle these cases below. + force) + if test "$dlself" = no; then + dlself=needless + export_dynamic=yes + fi + prev= + continue + ;; + self) + if test "$prev" = dlprefiles; then + dlself=yes + elif test "$prev" = dlfiles && test "$dlopen_self" != yes; then + dlself=yes + else + dlself=needless + export_dynamic=yes + fi + prev= + continue + ;; + *) + if test "$prev" = dlfiles; then + func_append dlfiles " $arg" + else + func_append dlprefiles " $arg" + fi + prev= + continue + ;; + esac + ;; + expsyms) + export_symbols="$arg" + test -f "$arg" \ + || func_fatal_error "symbol file \`$arg' does not exist" + prev= + continue + ;; + expsyms_regex) + export_symbols_regex="$arg" + prev= + continue + ;; + framework) + case $host in + *-*-darwin*) + case "$deplibs " in + *" $qarg.ltframework "*) ;; + *) func_append deplibs " $qarg.ltframework" # this is fixed later + ;; + esac + ;; + esac + prev= + continue + ;; + inst_prefix) + inst_prefix_dir="$arg" + prev= + continue + ;; + objectlist) + if test -f "$arg"; then + save_arg=$arg + moreargs= + for fil in `cat "$save_arg"` + do +# func_append moreargs " $fil" + arg=$fil + # A libtool-controlled object. - if (check_executable(concat_name)) - return concat_name; - XFREE(concat_name); - return NULL; -} + # Check to see that this really is a libtool object. + if func_lalib_unsafe_p "$arg"; then + pic_object= + non_pic_object= -char * -strendzap(char *str, const char *pat) -{ - size_t len, patlen; + # Read the .lo file + func_source "$arg" - assert(str != NULL); - assert(pat != NULL); + if test -z "$pic_object" || + test -z "$non_pic_object" || + test "$pic_object" = none && + test "$non_pic_object" = none; then + func_fatal_error "cannot find name of object for \`$arg'" + fi - len = strlen(str); - patlen = strlen(pat); + # Extract subdirectory from the argument. + func_dirname "$arg" "/" "" + xdir="$func_dirname_result" - if (patlen <= len) - { - str += len - patlen; - if (strcmp(str, pat) == 0) - *str = '\0'; - } - return str; -} + if test "$pic_object" != none; then + # Prepend the subdirectory the object is found in. + pic_object="$xdir$pic_object" -static void -lt_error_core (int exit_status, const char * mode, - const char * message, va_list ap) -{ - fprintf (stderr, "%s: %s: ", program_name, mode); - vfprintf (stderr, message, ap); - fprintf (stderr, ".\n"); + if test "$prev" = dlfiles; then + if test "$build_libtool_libs" = yes && test "$dlopen_support" = yes; then + func_append dlfiles " $pic_object" + prev= + continue + else + # If libtool objects are unsupported, then we need to preload. + prev=dlprefiles + fi + fi - if (exit_status >= 0) - exit (exit_status); -} + # CHECK ME: I think I busted this. -Ossama + if test "$prev" = dlprefiles; then + # Preload the old-style object. + func_append dlprefiles " $pic_object" + prev= + fi -void -lt_fatal (const char *message, ...) -{ - va_list ap; - va_start (ap, message); - lt_error_core (EXIT_FAILURE, "FATAL", message, ap); - va_end (ap); -} -EOF - # we should really use a build-platform specific compiler - # here, but OTOH, the wrappers (shell script and this C one) - # are only useful if you want to execute the "real" binary. - # Since the "real" binary is built for $host, then this - # wrapper might as well be built for $host, too. - $run $LTCC $LTCFLAGS -s -o $cwrapper $cwrappersource - ;; - esac - $rm $output - trap "$rm $output; exit $EXIT_FAILURE" 1 2 15 + # A PIC object. + func_append libobjs " $pic_object" + arg="$pic_object" + fi - $echo > $output "\ -#! $SHELL + # Non-PIC object. + if test "$non_pic_object" != none; then + # Prepend the subdirectory the object is found in. + non_pic_object="$xdir$non_pic_object" -# $output - temporary wrapper script for $objdir/$outputname -# Generated by $PROGRAM - GNU $PACKAGE $VERSION$TIMESTAMP -# -# The $output program cannot be directly executed until all the libtool -# libraries that it depends on are installed. -# -# This wrapper script should never be moved out of the build directory. -# If it is, it will not operate correctly. + # A standard non-PIC object + func_append non_pic_objects " $non_pic_object" + if test -z "$pic_object" || test "$pic_object" = none ; then + arg="$non_pic_object" + fi + else + # If the PIC object exists, use it instead. + # $xdir was prepended to $pic_object above. + non_pic_object="$pic_object" + func_append non_pic_objects " $non_pic_object" + fi + else + # Only an error if not doing a dry-run. + if $opt_dry_run; then + # Extract subdirectory from the argument. + func_dirname "$arg" "/" "" + xdir="$func_dirname_result" -# Sed substitution that helps us do robust quoting. It backslashifies -# metacharacters that are still active within double-quoted strings. -Xsed='${SED} -e 1s/^X//' -sed_quote_subst='$sed_quote_subst' + func_lo2o "$arg" + pic_object=$xdir$objdir/$func_lo2o_result + non_pic_object=$xdir$func_lo2o_result + func_append libobjs " $pic_object" + func_append non_pic_objects " $non_pic_object" + else + func_fatal_error "\`$arg' is not a valid libtool object" + fi + fi + done + else + func_fatal_error "link input file \`$arg' does not exist" + fi + arg=$save_arg + prev= + continue + ;; + precious_regex) + precious_files_regex="$arg" + prev= + continue + ;; + release) + release="-$arg" + prev= + continue + ;; + rpath | xrpath) + # We need an absolute path. + case $arg in + [\\/]* | [A-Za-z]:[\\/]*) ;; + *) + func_fatal_error "only absolute run-paths are allowed" + ;; + esac + if test "$prev" = rpath; then + case "$rpath " in + *" $arg "*) ;; + *) func_append rpath " $arg" ;; + esac + else + case "$xrpath " in + *" $arg "*) ;; + *) func_append xrpath " $arg" ;; + esac + fi + prev= + continue + ;; + shrext) + shrext_cmds="$arg" + prev= + continue + ;; + weak) + func_append weak_libs " $arg" + prev= + continue + ;; + xcclinker) + func_append linker_flags " $qarg" + func_append compiler_flags " $qarg" + prev= + func_append compile_command " $qarg" + func_append finalize_command " $qarg" + continue + ;; + xcompiler) + func_append compiler_flags " $qarg" + prev= + func_append compile_command " $qarg" + func_append finalize_command " $qarg" + continue + ;; + xlinker) + func_append linker_flags " $qarg" + func_append compiler_flags " $wl$qarg" + prev= + func_append compile_command " $wl$qarg" + func_append finalize_command " $wl$qarg" + continue + ;; + *) + eval "$prev=\"\$arg\"" + prev= + continue + ;; + esac + fi # test -n "$prev" -# Be Bourne compatible (taken from Autoconf:_AS_BOURNE_COMPATIBLE). -if test -n \"\${ZSH_VERSION+set}\" && (emulate sh) >/dev/null 2>&1; then - emulate sh - NULLCMD=: - # Zsh 3.x and 4.x performs word splitting on \${1+\"\$@\"}, which - # is contrary to our usage. Disable this feature. - alias -g '\${1+\"\$@\"}'='\"\$@\"' - setopt NO_GLOB_SUBST -else - case \`(set -o) 2>/dev/null\` in *posix*) set -o posix;; esac -fi -BIN_SH=xpg4; export BIN_SH # for Tru64 -DUALCASE=1; export DUALCASE # for MKS sh + prevarg="$arg" -# The HP-UX ksh and POSIX shell print the target directory to stdout -# if CDPATH is set. -(unset CDPATH) >/dev/null 2>&1 && unset CDPATH + case $arg in + -all-static) + if test -n "$link_static_flag"; then + # See comment for -static flag below, for more details. + func_append compile_command " $link_static_flag" + func_append finalize_command " $link_static_flag" + fi + continue + ;; -relink_command=\"$relink_command\" + -allow-undefined) + # FIXME: remove this flag sometime in the future. + func_fatal_error "\`-allow-undefined' must not be used because it is the default" + ;; -# This environment variable determines our operation mode. -if test \"\$libtool_install_magic\" = \"$magic\"; then - # install mode needs the following variable: - notinst_deplibs='$notinst_deplibs' -else - # When we are sourced in execute mode, \$file and \$echo are already set. - if test \"\$libtool_execute_magic\" != \"$magic\"; then - echo=\"$qecho\" - file=\"\$0\" - # Make sure echo works. - if test \"X\$1\" = X--no-reexec; then - # Discard the --no-reexec flag, and continue. - shift - elif test \"X\`(\$echo '\t') 2>/dev/null\`\" = 'X\t'; then - # Yippee, \$echo works! - : - else - # Restart under the correct shell, and then maybe \$echo will work. - exec $SHELL \"\$0\" --no-reexec \${1+\"\$@\"} - fi - fi\ -" - $echo >> $output "\ + -avoid-version) + avoid_version=yes + continue + ;; - # Find the directory that this script lives in. - thisdir=\`\$echo \"X\$file\" | \$Xsed -e 's%/[^/]*$%%'\` - test \"x\$thisdir\" = \"x\$file\" && thisdir=. + -bindir) + prev=bindir + continue + ;; + + -dlopen) + prev=dlfiles + continue + ;; + + -dlpreopen) + prev=dlprefiles + continue + ;; + + -export-dynamic) + export_dynamic=yes + continue + ;; + + -export-symbols | -export-symbols-regex) + if test -n "$export_symbols" || test -n "$export_symbols_regex"; then + func_fatal_error "more than one -exported-symbols argument is not allowed" + fi + if test "X$arg" = "X-export-symbols"; then + prev=expsyms + else + prev=expsyms_regex + fi + continue + ;; + + -framework) + prev=framework + continue + ;; + + -inst-prefix-dir) + prev=inst_prefix + continue + ;; + + # The native IRIX linker understands -LANG:*, -LIST:* and -LNO:* + # so, if we see these flags be careful not to treat them like -L + -L[A-Z][A-Z]*:*) + case $with_gcc/$host in + no/*-*-irix* | /*-*-irix*) + func_append compile_command " $arg" + func_append finalize_command " $arg" + ;; + esac + continue + ;; + + -L*) + func_stripname "-L" '' "$arg" + if test -z "$func_stripname_result"; then + if test "$#" -gt 0; then + func_fatal_error "require no space between \`-L' and \`$1'" + else + func_fatal_error "need path for \`-L' option" + fi + fi + func_resolve_sysroot "$func_stripname_result" + dir=$func_resolve_sysroot_result + # We need an absolute path. + case $dir in + [\\/]* | [A-Za-z]:[\\/]*) ;; + *) + absdir=`cd "$dir" && pwd` + test -z "$absdir" && \ + func_fatal_error "cannot determine absolute directory name of \`$dir'" + dir="$absdir" + ;; + esac + case "$deplibs " in + *" -L$dir "* | *" $arg "*) + # Will only happen for absolute or sysroot arguments + ;; + *) + # Preserve sysroot, but never include relative directories + case $dir in + [\\/]* | [A-Za-z]:[\\/]* | =*) func_append deplibs " $arg" ;; + *) func_append deplibs " -L$dir" ;; + esac + func_append lib_search_path " $dir" + ;; + esac + case $host in + *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2* | *-cegcc*) + testbindir=`$ECHO "$dir" | $SED 's*/lib$*/bin*'` + case :$dllsearchpath: in + *":$dir:"*) ;; + ::) dllsearchpath=$dir;; + *) func_append dllsearchpath ":$dir";; + esac + case :$dllsearchpath: in + *":$testbindir:"*) ;; + ::) dllsearchpath=$testbindir;; + *) func_append dllsearchpath ":$testbindir";; + esac + ;; + esac + continue + ;; + + -l*) + if test "X$arg" = "X-lc" || test "X$arg" = "X-lm"; then + case $host in + *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-beos* | *-cegcc* | *-*-haiku*) + # These systems don't actually have a C or math library (as such) + continue + ;; + *-*-os2*) + # These systems don't actually have a C library (as such) + test "X$arg" = "X-lc" && continue + ;; + *-*-openbsd* | *-*-freebsd* | *-*-dragonfly*) + # Do not include libc due to us having libc/libc_r. + test "X$arg" = "X-lc" && continue + ;; + *-*-rhapsody* | *-*-darwin1.[012]) + # Rhapsody C and math libraries are in the System framework + func_append deplibs " System.ltframework" + continue + ;; + *-*-sco3.2v5* | *-*-sco5v6*) + # Causes problems with __ctype + test "X$arg" = "X-lc" && continue + ;; + *-*-sysv4.2uw2* | *-*-sysv5* | *-*-unixware* | *-*-OpenUNIX*) + # Compiler inserts libc in the correct place for threads to work + test "X$arg" = "X-lc" && continue + ;; + esac + elif test "X$arg" = "X-lc_r"; then + case $host in + *-*-openbsd* | *-*-freebsd* | *-*-dragonfly*) + # Do not include libc_r directly, use -pthread flag. + continue + ;; + esac + fi + func_append deplibs " $arg" + continue + ;; + + -module) + module=yes + continue + ;; + + # Tru64 UNIX uses -model [arg] to determine the layout of C++ + # classes, name mangling, and exception handling. + # Darwin uses the -arch flag to determine output architecture. + -model|-arch|-isysroot|--sysroot) + func_append compiler_flags " $arg" + func_append compile_command " $arg" + func_append finalize_command " $arg" + prev=xcompiler + continue + ;; + + -mt|-mthreads|-kthread|-Kthread|-pthread|-pthreads|--thread-safe|-threads) + func_append compiler_flags " $arg" + func_append compile_command " $arg" + func_append finalize_command " $arg" + case "$new_inherited_linker_flags " in + *" $arg "*) ;; + * ) func_append new_inherited_linker_flags " $arg" ;; + esac + continue + ;; + + -multi_module) + single_module="${wl}-multi_module" + continue + ;; + + -no-fast-install) + fast_install=no + continue + ;; + + -no-install) + case $host in + *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2* | *-*-darwin* | *-cegcc*) + # The PATH hackery in wrapper scripts is required on Windows + # and Darwin in order for the loader to find any dlls it needs. + func_warning "\`-no-install' is ignored for $host" + func_warning "assuming \`-no-fast-install' instead" + fast_install=no + ;; + *) no_install=yes ;; + esac + continue + ;; + + -no-undefined) + allow_undefined=no + continue + ;; + + -objectlist) + prev=objectlist + continue + ;; + + -o) prev=output ;; + + -precious-files-regex) + prev=precious_regex + continue + ;; + + -release) + prev=release + continue + ;; + + -rpath) + prev=rpath + continue + ;; + + -R) + prev=xrpath + continue + ;; + + -R*) + func_stripname '-R' '' "$arg" + dir=$func_stripname_result + # We need an absolute path. + case $dir in + [\\/]* | [A-Za-z]:[\\/]*) ;; + =*) + func_stripname '=' '' "$dir" + dir=$lt_sysroot$func_stripname_result + ;; + *) + func_fatal_error "only absolute run-paths are allowed" + ;; + esac + case "$xrpath " in + *" $dir "*) ;; + *) func_append xrpath " $dir" ;; + esac + continue + ;; + + -shared) + # The effects of -shared are defined in a previous loop. + continue + ;; + + -shrext) + prev=shrext + continue + ;; + + -static | -static-libtool-libs) + # The effects of -static are defined in a previous loop. + # We used to do the same as -all-static on platforms that + # didn't have a PIC flag, but the assumption that the effects + # would be equivalent was wrong. It would break on at least + # Digital Unix and AIX. + continue + ;; + + -thread-safe) + thread_safe=yes + continue + ;; + + -version-info) + prev=vinfo + continue + ;; + + -version-number) + prev=vinfo + vinfo_number=yes + continue + ;; + + -weak) + prev=weak + continue + ;; + + -Wc,*) + func_stripname '-Wc,' '' "$arg" + args=$func_stripname_result + arg= + save_ifs="$IFS"; IFS=',' + for flag in $args; do + IFS="$save_ifs" + func_quote_for_eval "$flag" + func_append arg " $func_quote_for_eval_result" + func_append compiler_flags " $func_quote_for_eval_result" + done + IFS="$save_ifs" + func_stripname ' ' '' "$arg" + arg=$func_stripname_result + ;; + + -Wl,*) + func_stripname '-Wl,' '' "$arg" + args=$func_stripname_result + arg= + save_ifs="$IFS"; IFS=',' + for flag in $args; do + IFS="$save_ifs" + func_quote_for_eval "$flag" + func_append arg " $wl$func_quote_for_eval_result" + func_append compiler_flags " $wl$func_quote_for_eval_result" + func_append linker_flags " $func_quote_for_eval_result" + done + IFS="$save_ifs" + func_stripname ' ' '' "$arg" + arg=$func_stripname_result + ;; + + -Xcompiler) + prev=xcompiler + continue + ;; + + -Xlinker) + prev=xlinker + continue + ;; + + -XCClinker) + prev=xcclinker + continue + ;; + + # -msg_* for osf cc + -msg_*) + func_quote_for_eval "$arg" + arg="$func_quote_for_eval_result" + ;; + + # Flags to be passed through unchanged, with rationale: + # -64, -mips[0-9] enable 64-bit mode for the SGI compiler + # -r[0-9][0-9]* specify processor for the SGI compiler + # -xarch=*, -xtarget=* enable 64-bit mode for the Sun compiler + # +DA*, +DD* enable 64-bit mode for the HP compiler + # -q* compiler args for the IBM compiler + # -m*, -t[45]*, -txscale* architecture-specific flags for GCC + # -F/path path to uninstalled frameworks, gcc on darwin + # -p, -pg, --coverage, -fprofile-* profiling flags for GCC + # @file GCC response files + # -tp=* Portland pgcc target processor selection + # --sysroot=* for sysroot support + # -O*, -flto*, -fwhopr*, -fuse-linker-plugin GCC link-time optimization + -64|-mips[0-9]|-r[0-9][0-9]*|-xarch=*|-xtarget=*|+DA*|+DD*|-q*|-m*| \ + -t[45]*|-txscale*|-p|-pg|--coverage|-fprofile-*|-F*|@*|-tp=*|--sysroot=*| \ + -O*|-flto*|-fwhopr*|-fuse-linker-plugin) + func_quote_for_eval "$arg" + arg="$func_quote_for_eval_result" + func_append compile_command " $arg" + func_append finalize_command " $arg" + func_append compiler_flags " $arg" + continue + ;; + + # Some other compiler flag. + -* | +*) + func_quote_for_eval "$arg" + arg="$func_quote_for_eval_result" + ;; + + *.$objext) + # A standard object. + func_append objs " $arg" + ;; + + *.lo) + # A libtool-controlled object. + + # Check to see that this really is a libtool object. + if func_lalib_unsafe_p "$arg"; then + pic_object= + non_pic_object= + + # Read the .lo file + func_source "$arg" + + if test -z "$pic_object" || + test -z "$non_pic_object" || + test "$pic_object" = none && + test "$non_pic_object" = none; then + func_fatal_error "cannot find name of object for \`$arg'" + fi + + # Extract subdirectory from the argument. + func_dirname "$arg" "/" "" + xdir="$func_dirname_result" + + if test "$pic_object" != none; then + # Prepend the subdirectory the object is found in. + pic_object="$xdir$pic_object" + + if test "$prev" = dlfiles; then + if test "$build_libtool_libs" = yes && test "$dlopen_support" = yes; then + func_append dlfiles " $pic_object" + prev= + continue + else + # If libtool objects are unsupported, then we need to preload. + prev=dlprefiles + fi + fi + + # CHECK ME: I think I busted this. -Ossama + if test "$prev" = dlprefiles; then + # Preload the old-style object. + func_append dlprefiles " $pic_object" + prev= + fi + + # A PIC object. + func_append libobjs " $pic_object" + arg="$pic_object" + fi + + # Non-PIC object. + if test "$non_pic_object" != none; then + # Prepend the subdirectory the object is found in. + non_pic_object="$xdir$non_pic_object" + + # A standard non-PIC object + func_append non_pic_objects " $non_pic_object" + if test -z "$pic_object" || test "$pic_object" = none ; then + arg="$non_pic_object" + fi + else + # If the PIC object exists, use it instead. + # $xdir was prepended to $pic_object above. + non_pic_object="$pic_object" + func_append non_pic_objects " $non_pic_object" + fi + else + # Only an error if not doing a dry-run. + if $opt_dry_run; then + # Extract subdirectory from the argument. + func_dirname "$arg" "/" "" + xdir="$func_dirname_result" + + func_lo2o "$arg" + pic_object=$xdir$objdir/$func_lo2o_result + non_pic_object=$xdir$func_lo2o_result + func_append libobjs " $pic_object" + func_append non_pic_objects " $non_pic_object" + else + func_fatal_error "\`$arg' is not a valid libtool object" + fi + fi + ;; + + *.$libext) + # An archive. + func_append deplibs " $arg" + func_append old_deplibs " $arg" + continue + ;; + + *.la) + # A libtool-controlled library. + + func_resolve_sysroot "$arg" + if test "$prev" = dlfiles; then + # This library was specified with -dlopen. + func_append dlfiles " $func_resolve_sysroot_result" + prev= + elif test "$prev" = dlprefiles; then + # The library was specified with -dlpreopen. + func_append dlprefiles " $func_resolve_sysroot_result" + prev= + else + func_append deplibs " $func_resolve_sysroot_result" + fi + continue + ;; + + # Some other compiler argument. + *) + # Unknown arguments in both finalize_command and compile_command need + # to be aesthetically quoted because they are evaled later. + func_quote_for_eval "$arg" + arg="$func_quote_for_eval_result" + ;; + esac # arg + + # Now actually substitute the argument into the commands. + if test -n "$arg"; then + func_append compile_command " $arg" + func_append finalize_command " $arg" + fi + done # argument parsing loop + + test -n "$prev" && \ + func_fatal_help "the \`$prevarg' option requires an argument" + + if test "$export_dynamic" = yes && test -n "$export_dynamic_flag_spec"; then + eval arg=\"$export_dynamic_flag_spec\" + func_append compile_command " $arg" + func_append finalize_command " $arg" + fi + + oldlibs= + # calculate the name of the file, without its directory + func_basename "$output" + outputname="$func_basename_result" + libobjs_save="$libobjs" + + if test -n "$shlibpath_var"; then + # get the directories listed in $shlibpath_var + eval shlib_search_path=\`\$ECHO \"\${$shlibpath_var}\" \| \$SED \'s/:/ /g\'\` + else + shlib_search_path= + fi + eval sys_lib_search_path=\"$sys_lib_search_path_spec\" + eval sys_lib_dlsearch_path=\"$sys_lib_dlsearch_path_spec\" + + func_dirname "$output" "/" "" + output_objdir="$func_dirname_result$objdir" + func_to_tool_file "$output_objdir/" + tool_output_objdir=$func_to_tool_file_result + # Create the object directory. + func_mkdir_p "$output_objdir" + + # Determine the type of output + case $output in + "") + func_fatal_help "you must specify an output file" + ;; + *.$libext) linkmode=oldlib ;; + *.lo | *.$objext) linkmode=obj ;; + *.la) linkmode=lib ;; + *) linkmode=prog ;; # Anything else should be a program. + esac + + specialdeplibs= + + libs= + # Find all interdependent deplibs by searching for libraries + # that are linked more than once (e.g. -la -lb -la) + for deplib in $deplibs; do + if $opt_preserve_dup_deps ; then + case "$libs " in + *" $deplib "*) func_append specialdeplibs " $deplib" ;; + esac + fi + func_append libs " $deplib" + done + + if test "$linkmode" = lib; then + libs="$predeps $libs $compiler_lib_search_path $postdeps" + + # Compute libraries that are listed more than once in $predeps + # $postdeps and mark them as special (i.e., whose duplicates are + # not to be eliminated). + pre_post_deps= + if $opt_duplicate_compiler_generated_deps; then + for pre_post_dep in $predeps $postdeps; do + case "$pre_post_deps " in + *" $pre_post_dep "*) func_append specialdeplibs " $pre_post_deps" ;; + esac + func_append pre_post_deps " $pre_post_dep" + done + fi + pre_post_deps= + fi + + deplibs= + newdependency_libs= + newlib_search_path= + need_relink=no # whether we're linking any uninstalled libtool libraries + notinst_deplibs= # not-installed libtool libraries + notinst_path= # paths that contain not-installed libtool libraries + + case $linkmode in + lib) + passes="conv dlpreopen link" + for file in $dlfiles $dlprefiles; do + case $file in + *.la) ;; + *) + func_fatal_help "libraries can \`-dlopen' only libtool libraries: $file" + ;; + esac + done + ;; + prog) + compile_deplibs= + finalize_deplibs= + alldeplibs=no + newdlfiles= + newdlprefiles= + passes="conv scan dlopen dlpreopen link" + ;; + *) passes="conv" + ;; + esac + + for pass in $passes; do + # The preopen pass in lib mode reverses $deplibs; put it back here + # so that -L comes before libs that need it for instance... + if test "$linkmode,$pass" = "lib,link"; then + ## FIXME: Find the place where the list is rebuilt in the wrong + ## order, and fix it there properly + tmp_deplibs= + for deplib in $deplibs; do + tmp_deplibs="$deplib $tmp_deplibs" + done + deplibs="$tmp_deplibs" + fi + + if test "$linkmode,$pass" = "lib,link" || + test "$linkmode,$pass" = "prog,scan"; then + libs="$deplibs" + deplibs= + fi + if test "$linkmode" = prog; then + case $pass in + dlopen) libs="$dlfiles" ;; + dlpreopen) libs="$dlprefiles" ;; + link) + libs="$deplibs %DEPLIBS%" + test "X$link_all_deplibs" != Xno && libs="$libs $dependency_libs" + ;; + esac + fi + if test "$linkmode,$pass" = "lib,dlpreopen"; then + # Collect and forward deplibs of preopened libtool libs + for lib in $dlprefiles; do + # Ignore non-libtool-libs + dependency_libs= + func_resolve_sysroot "$lib" + case $lib in + *.la) func_source "$func_resolve_sysroot_result" ;; + esac + + # Collect preopened libtool deplibs, except any this library + # has declared as weak libs + for deplib in $dependency_libs; do + func_basename "$deplib" + deplib_base=$func_basename_result + case " $weak_libs " in + *" $deplib_base "*) ;; + *) func_append deplibs " $deplib" ;; + esac + done + done + libs="$dlprefiles" + fi + if test "$pass" = dlopen; then + # Collect dlpreopened libraries + save_deplibs="$deplibs" + deplibs= + fi + + for deplib in $libs; do + lib= + found=no + case $deplib in + -mt|-mthreads|-kthread|-Kthread|-pthread|-pthreads|--thread-safe|-threads) + if test "$linkmode,$pass" = "prog,link"; then + compile_deplibs="$deplib $compile_deplibs" + finalize_deplibs="$deplib $finalize_deplibs" + else + func_append compiler_flags " $deplib" + if test "$linkmode" = lib ; then + case "$new_inherited_linker_flags " in + *" $deplib "*) ;; + * ) func_append new_inherited_linker_flags " $deplib" ;; + esac + fi + fi + continue + ;; + -l*) + if test "$linkmode" != lib && test "$linkmode" != prog; then + func_warning "\`-l' is ignored for archives/objects" + continue + fi + func_stripname '-l' '' "$deplib" + name=$func_stripname_result + if test "$linkmode" = lib; then + searchdirs="$newlib_search_path $lib_search_path $compiler_lib_search_dirs $sys_lib_search_path $shlib_search_path" + else + searchdirs="$newlib_search_path $lib_search_path $sys_lib_search_path $shlib_search_path" + fi + for searchdir in $searchdirs; do + for search_ext in .la $std_shrext .so .a; do + # Search the libtool library + lib="$searchdir/lib${name}${search_ext}" + if test -f "$lib"; then + if test "$search_ext" = ".la"; then + found=yes + else + found=no + fi + break 2 + fi + done + done + if test "$found" != yes; then + # deplib doesn't seem to be a libtool library + if test "$linkmode,$pass" = "prog,link"; then + compile_deplibs="$deplib $compile_deplibs" + finalize_deplibs="$deplib $finalize_deplibs" + else + deplibs="$deplib $deplibs" + test "$linkmode" = lib && newdependency_libs="$deplib $newdependency_libs" + fi + continue + else # deplib is a libtool library + # If $allow_libtool_libs_with_static_runtimes && $deplib is a stdlib, + # We need to do some special things here, and not later. + if test "X$allow_libtool_libs_with_static_runtimes" = "Xyes" ; then + case " $predeps $postdeps " in + *" $deplib "*) + if func_lalib_p "$lib"; then + library_names= + old_library= + func_source "$lib" + for l in $old_library $library_names; do + ll="$l" + done + if test "X$ll" = "X$old_library" ; then # only static version available + found=no + func_dirname "$lib" "" "." + ladir="$func_dirname_result" + lib=$ladir/$old_library + if test "$linkmode,$pass" = "prog,link"; then + compile_deplibs="$deplib $compile_deplibs" + finalize_deplibs="$deplib $finalize_deplibs" + else + deplibs="$deplib $deplibs" + test "$linkmode" = lib && newdependency_libs="$deplib $newdependency_libs" + fi + continue + fi + fi + ;; + *) ;; + esac + fi + fi + ;; # -l + *.ltframework) + if test "$linkmode,$pass" = "prog,link"; then + compile_deplibs="$deplib $compile_deplibs" + finalize_deplibs="$deplib $finalize_deplibs" + else + deplibs="$deplib $deplibs" + if test "$linkmode" = lib ; then + case "$new_inherited_linker_flags " in + *" $deplib "*) ;; + * ) func_append new_inherited_linker_flags " $deplib" ;; + esac + fi + fi + continue + ;; + -L*) + case $linkmode in + lib) + deplibs="$deplib $deplibs" + test "$pass" = conv && continue + newdependency_libs="$deplib $newdependency_libs" + func_stripname '-L' '' "$deplib" + func_resolve_sysroot "$func_stripname_result" + func_append newlib_search_path " $func_resolve_sysroot_result" + ;; + prog) + if test "$pass" = conv; then + deplibs="$deplib $deplibs" + continue + fi + if test "$pass" = scan; then + deplibs="$deplib $deplibs" + else + compile_deplibs="$deplib $compile_deplibs" + finalize_deplibs="$deplib $finalize_deplibs" + fi + func_stripname '-L' '' "$deplib" + func_resolve_sysroot "$func_stripname_result" + func_append newlib_search_path " $func_resolve_sysroot_result" + ;; + *) + func_warning "\`-L' is ignored for archives/objects" + ;; + esac # linkmode + continue + ;; # -L + -R*) + if test "$pass" = link; then + func_stripname '-R' '' "$deplib" + func_resolve_sysroot "$func_stripname_result" + dir=$func_resolve_sysroot_result + # Make sure the xrpath contains only unique directories. + case "$xrpath " in + *" $dir "*) ;; + *) func_append xrpath " $dir" ;; + esac + fi + deplibs="$deplib $deplibs" + continue + ;; + *.la) + func_resolve_sysroot "$deplib" + lib=$func_resolve_sysroot_result + ;; + *.$libext) + if test "$pass" = conv; then + deplibs="$deplib $deplibs" + continue + fi + case $linkmode in + lib) + # Linking convenience modules into shared libraries is allowed, + # but linking other static libraries is non-portable. + case " $dlpreconveniencelibs " in + *" $deplib "*) ;; + *) + valid_a_lib=no + case $deplibs_check_method in + match_pattern*) + set dummy $deplibs_check_method; shift + match_pattern_regex=`expr "$deplibs_check_method" : "$1 \(.*\)"` + if eval "\$ECHO \"$deplib\"" 2>/dev/null | $SED 10q \ + | $EGREP "$match_pattern_regex" > /dev/null; then + valid_a_lib=yes + fi + ;; + pass_all) + valid_a_lib=yes + ;; + esac + if test "$valid_a_lib" != yes; then + echo + $ECHO "*** Warning: Trying to link with static lib archive $deplib." + echo "*** I have the capability to make that library automatically link in when" + echo "*** you link to this library. But I can only do this if you have a" + echo "*** shared version of the library, which you do not appear to have" + echo "*** because the file extensions .$libext of this argument makes me believe" + echo "*** that it is just a static archive that I should not use here." + else + echo + $ECHO "*** Warning: Linking the shared library $output against the" + $ECHO "*** static library $deplib is not portable!" + deplibs="$deplib $deplibs" + fi + ;; + esac + continue + ;; + prog) + if test "$pass" != link; then + deplibs="$deplib $deplibs" + else + compile_deplibs="$deplib $compile_deplibs" + finalize_deplibs="$deplib $finalize_deplibs" + fi + continue + ;; + esac # linkmode + ;; # *.$libext + *.lo | *.$objext) + if test "$pass" = conv; then + deplibs="$deplib $deplibs" + elif test "$linkmode" = prog; then + if test "$pass" = dlpreopen || test "$dlopen_support" != yes || test "$build_libtool_libs" = no; then + # If there is no dlopen support or we're linking statically, + # we need to preload. + func_append newdlprefiles " $deplib" + compile_deplibs="$deplib $compile_deplibs" + finalize_deplibs="$deplib $finalize_deplibs" + else + func_append newdlfiles " $deplib" + fi + fi + continue + ;; + %DEPLIBS%) + alldeplibs=yes + continue + ;; + esac # case $deplib + + if test "$found" = yes || test -f "$lib"; then : + else + func_fatal_error "cannot find the library \`$lib' or unhandled argument \`$deplib'" + fi + + # Check to see that this really is a libtool archive. + func_lalib_unsafe_p "$lib" \ + || func_fatal_error "\`$lib' is not a valid libtool archive" + + func_dirname "$lib" "" "." + ladir="$func_dirname_result" + + dlname= + dlopen= + dlpreopen= + libdir= + library_names= + old_library= + inherited_linker_flags= + # If the library was installed with an old release of libtool, + # it will not redefine variables installed, or shouldnotlink + installed=yes + shouldnotlink=no + avoidtemprpath= + + + # Read the .la file + func_source "$lib" + + # Convert "-framework foo" to "foo.ltframework" + if test -n "$inherited_linker_flags"; then + tmp_inherited_linker_flags=`$ECHO "$inherited_linker_flags" | $SED 's/-framework \([^ $]*\)/\1.ltframework/g'` + for tmp_inherited_linker_flag in $tmp_inherited_linker_flags; do + case " $new_inherited_linker_flags " in + *" $tmp_inherited_linker_flag "*) ;; + *) func_append new_inherited_linker_flags " $tmp_inherited_linker_flag";; + esac + done + fi + dependency_libs=`$ECHO " $dependency_libs" | $SED 's% \([^ $]*\).ltframework% -framework \1%g'` + if test "$linkmode,$pass" = "lib,link" || + test "$linkmode,$pass" = "prog,scan" || + { test "$linkmode" != prog && test "$linkmode" != lib; }; then + test -n "$dlopen" && func_append dlfiles " $dlopen" + test -n "$dlpreopen" && func_append dlprefiles " $dlpreopen" + fi + + if test "$pass" = conv; then + # Only check for convenience libraries + deplibs="$lib $deplibs" + if test -z "$libdir"; then + if test -z "$old_library"; then + func_fatal_error "cannot find name of link library for \`$lib'" + fi + # It is a libtool convenience library, so add in its objects. + func_append convenience " $ladir/$objdir/$old_library" + func_append old_convenience " $ladir/$objdir/$old_library" + tmp_libs= + for deplib in $dependency_libs; do + deplibs="$deplib $deplibs" + if $opt_preserve_dup_deps ; then + case "$tmp_libs " in + *" $deplib "*) func_append specialdeplibs " $deplib" ;; + esac + fi + func_append tmp_libs " $deplib" + done + elif test "$linkmode" != prog && test "$linkmode" != lib; then + func_fatal_error "\`$lib' is not a convenience library" + fi + continue + fi # $pass = conv + + + # Get the name of the library we link against. + linklib= + if test -n "$old_library" && + { test "$prefer_static_libs" = yes || + test "$prefer_static_libs,$installed" = "built,no"; }; then + linklib=$old_library + else + for l in $old_library $library_names; do + linklib="$l" + done + fi + if test -z "$linklib"; then + func_fatal_error "cannot find name of link library for \`$lib'" + fi + + # This library was specified with -dlopen. + if test "$pass" = dlopen; then + if test -z "$libdir"; then + func_fatal_error "cannot -dlopen a convenience library: \`$lib'" + fi + if test -z "$dlname" || + test "$dlopen_support" != yes || + test "$build_libtool_libs" = no; then + # If there is no dlname, no dlopen support or we're linking + # statically, we need to preload. We also need to preload any + # dependent libraries so libltdl's deplib preloader doesn't + # bomb out in the load deplibs phase. + func_append dlprefiles " $lib $dependency_libs" + else + func_append newdlfiles " $lib" + fi + continue + fi # $pass = dlopen + + # We need an absolute path. + case $ladir in + [\\/]* | [A-Za-z]:[\\/]*) abs_ladir="$ladir" ;; + *) + abs_ladir=`cd "$ladir" && pwd` + if test -z "$abs_ladir"; then + func_warning "cannot determine absolute directory name of \`$ladir'" + func_warning "passing it literally to the linker, although it might fail" + abs_ladir="$ladir" + fi + ;; + esac + func_basename "$lib" + laname="$func_basename_result" + + # Find the relevant object directory and library name. + if test "X$installed" = Xyes; then + if test ! -f "$lt_sysroot$libdir/$linklib" && test -f "$abs_ladir/$linklib"; then + func_warning "library \`$lib' was moved." + dir="$ladir" + absdir="$abs_ladir" + libdir="$abs_ladir" + else + dir="$lt_sysroot$libdir" + absdir="$lt_sysroot$libdir" + fi + test "X$hardcode_automatic" = Xyes && avoidtemprpath=yes + else + if test ! -f "$ladir/$objdir/$linklib" && test -f "$abs_ladir/$linklib"; then + dir="$ladir" + absdir="$abs_ladir" + # Remove this search path later + func_append notinst_path " $abs_ladir" + else + dir="$ladir/$objdir" + absdir="$abs_ladir/$objdir" + # Remove this search path later + func_append notinst_path " $abs_ladir" + fi + fi # $installed = yes + func_stripname 'lib' '.la' "$laname" + name=$func_stripname_result + + # This library was specified with -dlpreopen. + if test "$pass" = dlpreopen; then + if test -z "$libdir" && test "$linkmode" = prog; then + func_fatal_error "only libraries may -dlpreopen a convenience library: \`$lib'" + fi + case "$host" in + # special handling for platforms with PE-DLLs. + *cygwin* | *mingw* | *cegcc* ) + # Linker will automatically link against shared library if both + # static and shared are present. Therefore, ensure we extract + # symbols from the import library if a shared library is present + # (otherwise, the dlopen module name will be incorrect). We do + # this by putting the import library name into $newdlprefiles. + # We recover the dlopen module name by 'saving' the la file + # name in a special purpose variable, and (later) extracting the + # dlname from the la file. + if test -n "$dlname"; then + func_tr_sh "$dir/$linklib" + eval "libfile_$func_tr_sh_result=\$abs_ladir/\$laname" + func_append newdlprefiles " $dir/$linklib" + else + func_append newdlprefiles " $dir/$old_library" + # Keep a list of preopened convenience libraries to check + # that they are being used correctly in the link pass. + test -z "$libdir" && \ + func_append dlpreconveniencelibs " $dir/$old_library" + fi + ;; + * ) + # Prefer using a static library (so that no silly _DYNAMIC symbols + # are required to link). + if test -n "$old_library"; then + func_append newdlprefiles " $dir/$old_library" + # Keep a list of preopened convenience libraries to check + # that they are being used correctly in the link pass. + test -z "$libdir" && \ + func_append dlpreconveniencelibs " $dir/$old_library" + # Otherwise, use the dlname, so that lt_dlopen finds it. + elif test -n "$dlname"; then + func_append newdlprefiles " $dir/$dlname" + else + func_append newdlprefiles " $dir/$linklib" + fi + ;; + esac + fi # $pass = dlpreopen + + if test -z "$libdir"; then + # Link the convenience library + if test "$linkmode" = lib; then + deplibs="$dir/$old_library $deplibs" + elif test "$linkmode,$pass" = "prog,link"; then + compile_deplibs="$dir/$old_library $compile_deplibs" + finalize_deplibs="$dir/$old_library $finalize_deplibs" + else + deplibs="$lib $deplibs" # used for prog,scan pass + fi + continue + fi + + + if test "$linkmode" = prog && test "$pass" != link; then + func_append newlib_search_path " $ladir" + deplibs="$lib $deplibs" + + linkalldeplibs=no + if test "$link_all_deplibs" != no || test -z "$library_names" || + test "$build_libtool_libs" = no; then + linkalldeplibs=yes + fi + + tmp_libs= + for deplib in $dependency_libs; do + case $deplib in + -L*) func_stripname '-L' '' "$deplib" + func_resolve_sysroot "$func_stripname_result" + func_append newlib_search_path " $func_resolve_sysroot_result" + ;; + esac + # Need to link against all dependency_libs? + if test "$linkalldeplibs" = yes; then + deplibs="$deplib $deplibs" + else + # Need to hardcode shared library paths + # or/and link against static libraries + newdependency_libs="$deplib $newdependency_libs" + fi + if $opt_preserve_dup_deps ; then + case "$tmp_libs " in + *" $deplib "*) func_append specialdeplibs " $deplib" ;; + esac + fi + func_append tmp_libs " $deplib" + done # for deplib + continue + fi # $linkmode = prog... + + if test "$linkmode,$pass" = "prog,link"; then + if test -n "$library_names" && + { { test "$prefer_static_libs" = no || + test "$prefer_static_libs,$installed" = "built,yes"; } || + test -z "$old_library"; }; then + # We need to hardcode the library path + if test -n "$shlibpath_var" && test -z "$avoidtemprpath" ; then + # Make sure the rpath contains only unique directories. + case "$temp_rpath:" in + *"$absdir:"*) ;; + *) func_append temp_rpath "$absdir:" ;; + esac + fi + + # Hardcode the library path. + # Skip directories that are in the system default run-time + # search path. + case " $sys_lib_dlsearch_path " in + *" $absdir "*) ;; + *) + case "$compile_rpath " in + *" $absdir "*) ;; + *) func_append compile_rpath " $absdir" ;; + esac + ;; + esac + case " $sys_lib_dlsearch_path " in + *" $libdir "*) ;; + *) + case "$finalize_rpath " in + *" $libdir "*) ;; + *) func_append finalize_rpath " $libdir" ;; + esac + ;; + esac + fi # $linkmode,$pass = prog,link... + + if test "$alldeplibs" = yes && + { test "$deplibs_check_method" = pass_all || + { test "$build_libtool_libs" = yes && + test -n "$library_names"; }; }; then + # We only need to search for static libraries + continue + fi + fi + + link_static=no # Whether the deplib will be linked statically + use_static_libs=$prefer_static_libs + if test "$use_static_libs" = built && test "$installed" = yes; then + use_static_libs=no + fi + if test -n "$library_names" && + { test "$use_static_libs" = no || test -z "$old_library"; }; then + case $host in + *cygwin* | *mingw* | *cegcc*) + # No point in relinking DLLs because paths are not encoded + func_append notinst_deplibs " $lib" + need_relink=no + ;; + *) + if test "$installed" = no; then + func_append notinst_deplibs " $lib" + need_relink=yes + fi + ;; + esac + # This is a shared library + + # Warn about portability, can't link against -module's on some + # systems (darwin). Don't bleat about dlopened modules though! + dlopenmodule="" + for dlpremoduletest in $dlprefiles; do + if test "X$dlpremoduletest" = "X$lib"; then + dlopenmodule="$dlpremoduletest" + break + fi + done + if test -z "$dlopenmodule" && test "$shouldnotlink" = yes && test "$pass" = link; then + echo + if test "$linkmode" = prog; then + $ECHO "*** Warning: Linking the executable $output against the loadable module" + else + $ECHO "*** Warning: Linking the shared library $output against the loadable module" + fi + $ECHO "*** $linklib is not portable!" + fi + if test "$linkmode" = lib && + test "$hardcode_into_libs" = yes; then + # Hardcode the library path. + # Skip directories that are in the system default run-time + # search path. + case " $sys_lib_dlsearch_path " in + *" $absdir "*) ;; + *) + case "$compile_rpath " in + *" $absdir "*) ;; + *) func_append compile_rpath " $absdir" ;; + esac + ;; + esac + case " $sys_lib_dlsearch_path " in + *" $libdir "*) ;; + *) + case "$finalize_rpath " in + *" $libdir "*) ;; + *) func_append finalize_rpath " $libdir" ;; + esac + ;; + esac + fi + + if test -n "$old_archive_from_expsyms_cmds"; then + # figure out the soname + set dummy $library_names + shift + realname="$1" + shift + libname=`eval "\\$ECHO \"$libname_spec\""` + # use dlname if we got it. it's perfectly good, no? + if test -n "$dlname"; then + soname="$dlname" + elif test -n "$soname_spec"; then + # bleh windows + case $host in + *cygwin* | mingw* | *cegcc*) + func_arith $current - $age + major=$func_arith_result + versuffix="-$major" + ;; + esac + eval soname=\"$soname_spec\" + else + soname="$realname" + fi + + # Make a new name for the extract_expsyms_cmds to use + soroot="$soname" + func_basename "$soroot" + soname="$func_basename_result" + func_stripname 'lib' '.dll' "$soname" + newlib=libimp-$func_stripname_result.a + + # If the library has no export list, then create one now + if test -f "$output_objdir/$soname-def"; then : + else + func_verbose "extracting exported symbol list from \`$soname'" + func_execute_cmds "$extract_expsyms_cmds" 'exit $?' + fi + + # Create $newlib + if test -f "$output_objdir/$newlib"; then :; else + func_verbose "generating import library for \`$soname'" + func_execute_cmds "$old_archive_from_expsyms_cmds" 'exit $?' + fi + # make sure the library variables are pointing to the new library + dir=$output_objdir + linklib=$newlib + fi # test -n "$old_archive_from_expsyms_cmds" + + if test "$linkmode" = prog || test "$opt_mode" != relink; then + add_shlibpath= + add_dir= + add= + lib_linked=yes + case $hardcode_action in + immediate | unsupported) + if test "$hardcode_direct" = no; then + add="$dir/$linklib" + case $host in + *-*-sco3.2v5.0.[024]*) add_dir="-L$dir" ;; + *-*-sysv4*uw2*) add_dir="-L$dir" ;; + *-*-sysv5OpenUNIX* | *-*-sysv5UnixWare7.[01].[10]* | \ + *-*-unixware7*) add_dir="-L$dir" ;; + *-*-darwin* ) + # if the lib is a (non-dlopened) module then we can not + # link against it, someone is ignoring the earlier warnings + if /usr/bin/file -L $add 2> /dev/null | + $GREP ": [^:]* bundle" >/dev/null ; then + if test "X$dlopenmodule" != "X$lib"; then + $ECHO "*** Warning: lib $linklib is a module, not a shared library" + if test -z "$old_library" ; then + echo + echo "*** And there doesn't seem to be a static archive available" + echo "*** The link will probably fail, sorry" + else + add="$dir/$old_library" + fi + elif test -n "$old_library"; then + add="$dir/$old_library" + fi + fi + esac + elif test "$hardcode_minus_L" = no; then + case $host in + *-*-sunos*) add_shlibpath="$dir" ;; + esac + add_dir="-L$dir" + add="-l$name" + elif test "$hardcode_shlibpath_var" = no; then + add_shlibpath="$dir" + add="-l$name" + else + lib_linked=no + fi + ;; + relink) + if test "$hardcode_direct" = yes && + test "$hardcode_direct_absolute" = no; then + add="$dir/$linklib" + elif test "$hardcode_minus_L" = yes; then + add_dir="-L$dir" + # Try looking first in the location we're being installed to. + if test -n "$inst_prefix_dir"; then + case $libdir in + [\\/]*) + func_append add_dir " -L$inst_prefix_dir$libdir" + ;; + esac + fi + add="-l$name" + elif test "$hardcode_shlibpath_var" = yes; then + add_shlibpath="$dir" + add="-l$name" + else + lib_linked=no + fi + ;; + *) lib_linked=no ;; + esac + + if test "$lib_linked" != yes; then + func_fatal_configuration "unsupported hardcode properties" + fi + + if test -n "$add_shlibpath"; then + case :$compile_shlibpath: in + *":$add_shlibpath:"*) ;; + *) func_append compile_shlibpath "$add_shlibpath:" ;; + esac + fi + if test "$linkmode" = prog; then + test -n "$add_dir" && compile_deplibs="$add_dir $compile_deplibs" + test -n "$add" && compile_deplibs="$add $compile_deplibs" + else + test -n "$add_dir" && deplibs="$add_dir $deplibs" + test -n "$add" && deplibs="$add $deplibs" + if test "$hardcode_direct" != yes && + test "$hardcode_minus_L" != yes && + test "$hardcode_shlibpath_var" = yes; then + case :$finalize_shlibpath: in + *":$libdir:"*) ;; + *) func_append finalize_shlibpath "$libdir:" ;; + esac + fi + fi + fi + + if test "$linkmode" = prog || test "$opt_mode" = relink; then + add_shlibpath= + add_dir= + add= + # Finalize command for both is simple: just hardcode it. + if test "$hardcode_direct" = yes && + test "$hardcode_direct_absolute" = no; then + add="$libdir/$linklib" + elif test "$hardcode_minus_L" = yes; then + add_dir="-L$libdir" + add="-l$name" + elif test "$hardcode_shlibpath_var" = yes; then + case :$finalize_shlibpath: in + *":$libdir:"*) ;; + *) func_append finalize_shlibpath "$libdir:" ;; + esac + add="-l$name" + elif test "$hardcode_automatic" = yes; then + if test -n "$inst_prefix_dir" && + test -f "$inst_prefix_dir$libdir/$linklib" ; then + add="$inst_prefix_dir$libdir/$linklib" + else + add="$libdir/$linklib" + fi + else + # We cannot seem to hardcode it, guess we'll fake it. + add_dir="-L$libdir" + # Try looking first in the location we're being installed to. + if test -n "$inst_prefix_dir"; then + case $libdir in + [\\/]*) + func_append add_dir " -L$inst_prefix_dir$libdir" + ;; + esac + fi + add="-l$name" + fi + + if test "$linkmode" = prog; then + test -n "$add_dir" && finalize_deplibs="$add_dir $finalize_deplibs" + test -n "$add" && finalize_deplibs="$add $finalize_deplibs" + else + test -n "$add_dir" && deplibs="$add_dir $deplibs" + test -n "$add" && deplibs="$add $deplibs" + fi + fi + elif test "$linkmode" = prog; then + # Here we assume that one of hardcode_direct or hardcode_minus_L + # is not unsupported. This is valid on all known static and + # shared platforms. + if test "$hardcode_direct" != unsupported; then + test -n "$old_library" && linklib="$old_library" + compile_deplibs="$dir/$linklib $compile_deplibs" + finalize_deplibs="$dir/$linklib $finalize_deplibs" + else + compile_deplibs="-l$name -L$dir $compile_deplibs" + finalize_deplibs="-l$name -L$dir $finalize_deplibs" + fi + elif test "$build_libtool_libs" = yes; then + # Not a shared library + if test "$deplibs_check_method" != pass_all; then + # We're trying link a shared library against a static one + # but the system doesn't support it. + + # Just print a warning and add the library to dependency_libs so + # that the program can be linked against the static library. + echo + $ECHO "*** Warning: This system can not link to static lib archive $lib." + echo "*** I have the capability to make that library automatically link in when" + echo "*** you link to this library. But I can only do this if you have a" + echo "*** shared version of the library, which you do not appear to have." + if test "$module" = yes; then + echo "*** But as you try to build a module library, libtool will still create " + echo "*** a static module, that should work as long as the dlopening application" + echo "*** is linked with the -dlopen flag to resolve symbols at runtime." + if test -z "$global_symbol_pipe"; then + echo + echo "*** However, this would only work if libtool was able to extract symbol" + echo "*** lists from a program, using \`nm' or equivalent, but libtool could" + echo "*** not find such a program. So, this module is probably useless." + echo "*** \`nm' from GNU binutils and a full rebuild may help." + fi + if test "$build_old_libs" = no; then + build_libtool_libs=module + build_old_libs=yes + else + build_libtool_libs=no + fi + fi + else + deplibs="$dir/$old_library $deplibs" + link_static=yes + fi + fi # link shared/static library? + + if test "$linkmode" = lib; then + if test -n "$dependency_libs" && + { test "$hardcode_into_libs" != yes || + test "$build_old_libs" = yes || + test "$link_static" = yes; }; then + # Extract -R from dependency_libs + temp_deplibs= + for libdir in $dependency_libs; do + case $libdir in + -R*) func_stripname '-R' '' "$libdir" + temp_xrpath=$func_stripname_result + case " $xrpath " in + *" $temp_xrpath "*) ;; + *) func_append xrpath " $temp_xrpath";; + esac;; + *) func_append temp_deplibs " $libdir";; + esac + done + dependency_libs="$temp_deplibs" + fi + + func_append newlib_search_path " $absdir" + # Link against this library + test "$link_static" = no && newdependency_libs="$abs_ladir/$laname $newdependency_libs" + # ... and its dependency_libs + tmp_libs= + for deplib in $dependency_libs; do + newdependency_libs="$deplib $newdependency_libs" + case $deplib in + -L*) func_stripname '-L' '' "$deplib" + func_resolve_sysroot "$func_stripname_result";; + *) func_resolve_sysroot "$deplib" ;; + esac + if $opt_preserve_dup_deps ; then + case "$tmp_libs " in + *" $func_resolve_sysroot_result "*) + func_append specialdeplibs " $func_resolve_sysroot_result" ;; + esac + fi + func_append tmp_libs " $func_resolve_sysroot_result" + done + + if test "$link_all_deplibs" != no; then + # Add the search paths of all dependency libraries + for deplib in $dependency_libs; do + path= + case $deplib in + -L*) path="$deplib" ;; + *.la) + func_resolve_sysroot "$deplib" + deplib=$func_resolve_sysroot_result + func_dirname "$deplib" "" "." + dir=$func_dirname_result + # We need an absolute path. + case $dir in + [\\/]* | [A-Za-z]:[\\/]*) absdir="$dir" ;; + *) + absdir=`cd "$dir" && pwd` + if test -z "$absdir"; then + func_warning "cannot determine absolute directory name of \`$dir'" + absdir="$dir" + fi + ;; + esac + if $GREP "^installed=no" $deplib > /dev/null; then + case $host in + *-*-darwin*) + depdepl= + eval deplibrary_names=`${SED} -n -e 's/^library_names=\(.*\)$/\1/p' $deplib` + if test -n "$deplibrary_names" ; then + for tmp in $deplibrary_names ; do + depdepl=$tmp + done + if test -f "$absdir/$objdir/$depdepl" ; then + depdepl="$absdir/$objdir/$depdepl" + darwin_install_name=`${OTOOL} -L $depdepl | awk '{if (NR == 2) {print $1;exit}}'` + if test -z "$darwin_install_name"; then + darwin_install_name=`${OTOOL64} -L $depdepl | awk '{if (NR == 2) {print $1;exit}}'` + fi + func_append compiler_flags " ${wl}-dylib_file ${wl}${darwin_install_name}:${depdepl}" + func_append linker_flags " -dylib_file ${darwin_install_name}:${depdepl}" + path= + fi + fi + ;; + *) + path="-L$absdir/$objdir" + ;; + esac + else + eval libdir=`${SED} -n -e 's/^libdir=\(.*\)$/\1/p' $deplib` + test -z "$libdir" && \ + func_fatal_error "\`$deplib' is not a valid libtool archive" + test "$absdir" != "$libdir" && \ + func_warning "\`$deplib' seems to be moved" + + path="-L$absdir" + fi + ;; + esac + case " $deplibs " in + *" $path "*) ;; + *) deplibs="$path $deplibs" ;; + esac + done + fi # link_all_deplibs != no + fi # linkmode = lib + done # for deplib in $libs + if test "$pass" = link; then + if test "$linkmode" = "prog"; then + compile_deplibs="$new_inherited_linker_flags $compile_deplibs" + finalize_deplibs="$new_inherited_linker_flags $finalize_deplibs" + else + compiler_flags="$compiler_flags "`$ECHO " $new_inherited_linker_flags" | $SED 's% \([^ $]*\).ltframework% -framework \1%g'` + fi + fi + dependency_libs="$newdependency_libs" + if test "$pass" = dlpreopen; then + # Link the dlpreopened libraries before other libraries + for deplib in $save_deplibs; do + deplibs="$deplib $deplibs" + done + fi + if test "$pass" != dlopen; then + if test "$pass" != conv; then + # Make sure lib_search_path contains only unique directories. + lib_search_path= + for dir in $newlib_search_path; do + case "$lib_search_path " in + *" $dir "*) ;; + *) func_append lib_search_path " $dir" ;; + esac + done + newlib_search_path= + fi + + if test "$linkmode,$pass" != "prog,link"; then + vars="deplibs" + else + vars="compile_deplibs finalize_deplibs" + fi + for var in $vars dependency_libs; do + # Add libraries to $var in reverse order + eval tmp_libs=\"\$$var\" + new_libs= + for deplib in $tmp_libs; do + # FIXME: Pedantically, this is the right thing to do, so + # that some nasty dependency loop isn't accidentally + # broken: + #new_libs="$deplib $new_libs" + # Pragmatically, this seems to cause very few problems in + # practice: + case $deplib in + -L*) new_libs="$deplib $new_libs" ;; + -R*) ;; + *) + # And here is the reason: when a library appears more + # than once as an explicit dependence of a library, or + # is implicitly linked in more than once by the + # compiler, it is considered special, and multiple + # occurrences thereof are not removed. Compare this + # with having the same library being listed as a + # dependency of multiple other libraries: in this case, + # we know (pedantically, we assume) the library does not + # need to be listed more than once, so we keep only the + # last copy. This is not always right, but it is rare + # enough that we require users that really mean to play + # such unportable linking tricks to link the library + # using -Wl,-lname, so that libtool does not consider it + # for duplicate removal. + case " $specialdeplibs " in + *" $deplib "*) new_libs="$deplib $new_libs" ;; + *) + case " $new_libs " in + *" $deplib "*) ;; + *) new_libs="$deplib $new_libs" ;; + esac + ;; + esac + ;; + esac + done + tmp_libs= + for deplib in $new_libs; do + case $deplib in + -L*) + case " $tmp_libs " in + *" $deplib "*) ;; + *) func_append tmp_libs " $deplib" ;; + esac + ;; + *) func_append tmp_libs " $deplib" ;; + esac + done + eval $var=\"$tmp_libs\" + done # for var + fi + # Last step: remove runtime libs from dependency_libs + # (they stay in deplibs) + tmp_libs= + for i in $dependency_libs ; do + case " $predeps $postdeps $compiler_lib_search_path " in + *" $i "*) + i="" + ;; + esac + if test -n "$i" ; then + func_append tmp_libs " $i" + fi + done + dependency_libs=$tmp_libs + done # for pass + if test "$linkmode" = prog; then + dlfiles="$newdlfiles" + fi + if test "$linkmode" = prog || test "$linkmode" = lib; then + dlprefiles="$newdlprefiles" + fi + + case $linkmode in + oldlib) + if test -n "$dlfiles$dlprefiles" || test "$dlself" != no; then + func_warning "\`-dlopen' is ignored for archives" + fi + + case " $deplibs" in + *\ -l* | *\ -L*) + func_warning "\`-l' and \`-L' are ignored for archives" ;; + esac + + test -n "$rpath" && \ + func_warning "\`-rpath' is ignored for archives" + + test -n "$xrpath" && \ + func_warning "\`-R' is ignored for archives" + + test -n "$vinfo" && \ + func_warning "\`-version-info/-version-number' is ignored for archives" + + test -n "$release" && \ + func_warning "\`-release' is ignored for archives" + + test -n "$export_symbols$export_symbols_regex" && \ + func_warning "\`-export-symbols' is ignored for archives" + + # Now set the variables for building old libraries. + build_libtool_libs=no + oldlibs="$output" + func_append objs "$old_deplibs" + ;; + + lib) + # Make sure we only generate libraries of the form `libNAME.la'. + case $outputname in + lib*) + func_stripname 'lib' '.la' "$outputname" + name=$func_stripname_result + eval shared_ext=\"$shrext_cmds\" + eval libname=\"$libname_spec\" + ;; + *) + test "$module" = no && \ + func_fatal_help "libtool library \`$output' must begin with \`lib'" + + if test "$need_lib_prefix" != no; then + # Add the "lib" prefix for modules if required + func_stripname '' '.la' "$outputname" + name=$func_stripname_result + eval shared_ext=\"$shrext_cmds\" + eval libname=\"$libname_spec\" + else + func_stripname '' '.la' "$outputname" + libname=$func_stripname_result + fi + ;; + esac + + if test -n "$objs"; then + if test "$deplibs_check_method" != pass_all; then + func_fatal_error "cannot build libtool library \`$output' from non-libtool objects on this host:$objs" + else + echo + $ECHO "*** Warning: Linking the shared library $output against the non-libtool" + $ECHO "*** objects $objs is not portable!" + func_append libobjs " $objs" + fi + fi + + test "$dlself" != no && \ + func_warning "\`-dlopen self' is ignored for libtool libraries" + + set dummy $rpath + shift + test "$#" -gt 1 && \ + func_warning "ignoring multiple \`-rpath's for a libtool library" + + install_libdir="$1" + + oldlibs= + if test -z "$rpath"; then + if test "$build_libtool_libs" = yes; then + # Building a libtool convenience library. + # Some compilers have problems with a `.al' extension so + # convenience libraries should have the same extension an + # archive normally would. + oldlibs="$output_objdir/$libname.$libext $oldlibs" + build_libtool_libs=convenience + build_old_libs=yes + fi + + test -n "$vinfo" && \ + func_warning "\`-version-info/-version-number' is ignored for convenience libraries" + + test -n "$release" && \ + func_warning "\`-release' is ignored for convenience libraries" + else + + # Parse the version information argument. + save_ifs="$IFS"; IFS=':' + set dummy $vinfo 0 0 0 + shift + IFS="$save_ifs" + + test -n "$7" && \ + func_fatal_help "too many parameters to \`-version-info'" + + # convert absolute version numbers to libtool ages + # this retains compatibility with .la files and attempts + # to make the code below a bit more comprehensible + + case $vinfo_number in + yes) + number_major="$1" + number_minor="$2" + number_revision="$3" + # + # There are really only two kinds -- those that + # use the current revision as the major version + # and those that subtract age and use age as + # a minor version. But, then there is irix + # which has an extra 1 added just for fun + # + case $version_type in + darwin|linux|osf|windows|none) + func_arith $number_major + $number_minor + current=$func_arith_result + age="$number_minor" + revision="$number_revision" + ;; + freebsd-aout|freebsd-elf|qnx|sunos) + current="$number_major" + revision="$number_minor" + age="0" + ;; + irix|nonstopux) + func_arith $number_major + $number_minor + current=$func_arith_result + age="$number_minor" + revision="$number_minor" + lt_irix_increment=no + ;; + *) + func_fatal_configuration "$modename: unknown library version type \`$version_type'" + ;; + esac + ;; + no) + current="$1" + revision="$2" + age="$3" + ;; + esac + + # Check that each of the things are valid numbers. + case $current in + 0|[1-9]|[1-9][0-9]|[1-9][0-9][0-9]|[1-9][0-9][0-9][0-9]|[1-9][0-9][0-9][0-9][0-9]) ;; + *) + func_error "CURRENT \`$current' must be a nonnegative integer" + func_fatal_error "\`$vinfo' is not valid version information" + ;; + esac + + case $revision in + 0|[1-9]|[1-9][0-9]|[1-9][0-9][0-9]|[1-9][0-9][0-9][0-9]|[1-9][0-9][0-9][0-9][0-9]) ;; + *) + func_error "REVISION \`$revision' must be a nonnegative integer" + func_fatal_error "\`$vinfo' is not valid version information" + ;; + esac + + case $age in + 0|[1-9]|[1-9][0-9]|[1-9][0-9][0-9]|[1-9][0-9][0-9][0-9]|[1-9][0-9][0-9][0-9][0-9]) ;; + *) + func_error "AGE \`$age' must be a nonnegative integer" + func_fatal_error "\`$vinfo' is not valid version information" + ;; + esac + + if test "$age" -gt "$current"; then + func_error "AGE \`$age' is greater than the current interface number \`$current'" + func_fatal_error "\`$vinfo' is not valid version information" + fi + + # Calculate the version variables. + major= + versuffix= + verstring= + case $version_type in + none) ;; + + darwin) + # Like Linux, but with the current version available in + # verstring for coding it into the library header + func_arith $current - $age + major=.$func_arith_result + versuffix="$major.$age.$revision" + # Darwin ld doesn't like 0 for these options... + func_arith $current + 1 + minor_current=$func_arith_result + xlcverstring="${wl}-compatibility_version ${wl}$minor_current ${wl}-current_version ${wl}$minor_current.$revision" + verstring="-compatibility_version $minor_current -current_version $minor_current.$revision" + ;; + + freebsd-aout) + major=".$current" + versuffix=".$current.$revision"; + ;; + + freebsd-elf) + major=".$current" + versuffix=".$current" + ;; + + irix | nonstopux) + if test "X$lt_irix_increment" = "Xno"; then + func_arith $current - $age + else + func_arith $current - $age + 1 + fi + major=$func_arith_result + + case $version_type in + nonstopux) verstring_prefix=nonstopux ;; + *) verstring_prefix=sgi ;; + esac + verstring="$verstring_prefix$major.$revision" + + # Add in all the interfaces that we are compatible with. + loop=$revision + while test "$loop" -ne 0; do + func_arith $revision - $loop + iface=$func_arith_result + func_arith $loop - 1 + loop=$func_arith_result + verstring="$verstring_prefix$major.$iface:$verstring" + done + + # Before this point, $major must not contain `.'. + major=.$major + versuffix="$major.$revision" + ;; + + linux) + func_arith $current - $age + major=.$func_arith_result + versuffix="$major.$age.$revision" + ;; + + osf) + func_arith $current - $age + major=.$func_arith_result + versuffix=".$current.$age.$revision" + verstring="$current.$age.$revision" + + # Add in all the interfaces that we are compatible with. + loop=$age + while test "$loop" -ne 0; do + func_arith $current - $loop + iface=$func_arith_result + func_arith $loop - 1 + loop=$func_arith_result + verstring="$verstring:${iface}.0" + done + + # Make executables depend on our current version. + func_append verstring ":${current}.0" + ;; + + qnx) + major=".$current" + versuffix=".$current" + ;; + + sunos) + major=".$current" + versuffix=".$current.$revision" + ;; + + windows) + # Use '-' rather than '.', since we only want one + # extension on DOS 8.3 filesystems. + func_arith $current - $age + major=$func_arith_result + versuffix="-$major" + ;; + + *) + func_fatal_configuration "unknown library version type \`$version_type'" + ;; + esac + + # Clear the version info if we defaulted, and they specified a release. + if test -z "$vinfo" && test -n "$release"; then + major= + case $version_type in + darwin) + # we can't check for "0.0" in archive_cmds due to quoting + # problems, so we reset it completely + verstring= + ;; + *) + verstring="0.0" + ;; + esac + if test "$need_version" = no; then + versuffix= + else + versuffix=".0.0" + fi + fi + + # Remove version info from name if versioning should be avoided + if test "$avoid_version" = yes && test "$need_version" = no; then + major= + versuffix= + verstring="" + fi + + # Check to see if the archive will have undefined symbols. + if test "$allow_undefined" = yes; then + if test "$allow_undefined_flag" = unsupported; then + func_warning "undefined symbols not allowed in $host shared libraries" + build_libtool_libs=no + build_old_libs=yes + fi + else + # Don't allow undefined symbols. + allow_undefined_flag="$no_undefined_flag" + fi + + fi + + func_generate_dlsyms "$libname" "$libname" "yes" + func_append libobjs " $symfileobj" + test "X$libobjs" = "X " && libobjs= + + if test "$opt_mode" != relink; then + # Remove our outputs, but don't remove object files since they + # may have been created when compiling PIC objects. + removelist= + tempremovelist=`$ECHO "$output_objdir/*"` + for p in $tempremovelist; do + case $p in + *.$objext | *.gcno) + ;; + $output_objdir/$outputname | $output_objdir/$libname.* | $output_objdir/${libname}${release}.*) + if test "X$precious_files_regex" != "X"; then + if $ECHO "$p" | $EGREP -e "$precious_files_regex" >/dev/null 2>&1 + then + continue + fi + fi + func_append removelist " $p" + ;; + *) ;; + esac + done + test -n "$removelist" && \ + func_show_eval "${RM}r \$removelist" + fi + + # Now set the variables for building old libraries. + if test "$build_old_libs" = yes && test "$build_libtool_libs" != convenience ; then + func_append oldlibs " $output_objdir/$libname.$libext" + + # Transform .lo files to .o files. + oldobjs="$objs "`$ECHO "$libobjs" | $SP2NL | $SED "/\.${libext}$/d; $lo2o" | $NL2SP` + fi + + # Eliminate all temporary directories. + #for path in $notinst_path; do + # lib_search_path=`$ECHO "$lib_search_path " | $SED "s% $path % %g"` + # deplibs=`$ECHO "$deplibs " | $SED "s% -L$path % %g"` + # dependency_libs=`$ECHO "$dependency_libs " | $SED "s% -L$path % %g"` + #done + + if test -n "$xrpath"; then + # If the user specified any rpath flags, then add them. + temp_xrpath= + for libdir in $xrpath; do + func_replace_sysroot "$libdir" + func_append temp_xrpath " -R$func_replace_sysroot_result" + case "$finalize_rpath " in + *" $libdir "*) ;; + *) func_append finalize_rpath " $libdir" ;; + esac + done + if test "$hardcode_into_libs" != yes || test "$build_old_libs" = yes; then + dependency_libs="$temp_xrpath $dependency_libs" + fi + fi + + # Make sure dlfiles contains only unique files that won't be dlpreopened + old_dlfiles="$dlfiles" + dlfiles= + for lib in $old_dlfiles; do + case " $dlprefiles $dlfiles " in + *" $lib "*) ;; + *) func_append dlfiles " $lib" ;; + esac + done + + # Make sure dlprefiles contains only unique files + old_dlprefiles="$dlprefiles" + dlprefiles= + for lib in $old_dlprefiles; do + case "$dlprefiles " in + *" $lib "*) ;; + *) func_append dlprefiles " $lib" ;; + esac + done + + if test "$build_libtool_libs" = yes; then + if test -n "$rpath"; then + case $host in + *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2* | *-*-beos* | *-cegcc* | *-*-haiku*) + # these systems don't actually have a c library (as such)! + ;; + *-*-rhapsody* | *-*-darwin1.[012]) + # Rhapsody C library is in the System framework + func_append deplibs " System.ltframework" + ;; + *-*-netbsd*) + # Don't link with libc until the a.out ld.so is fixed. + ;; + *-*-openbsd* | *-*-freebsd* | *-*-dragonfly*) + # Do not include libc due to us having libc/libc_r. + ;; + *-*-sco3.2v5* | *-*-sco5v6*) + # Causes problems with __ctype + ;; + *-*-sysv4.2uw2* | *-*-sysv5* | *-*-unixware* | *-*-OpenUNIX*) + # Compiler inserts libc in the correct place for threads to work + ;; + *) + # Add libc to deplibs on all other systems if necessary. + if test "$build_libtool_need_lc" = "yes"; then + func_append deplibs " -lc" + fi + ;; + esac + fi + + # Transform deplibs into only deplibs that can be linked in shared. + name_save=$name + libname_save=$libname + release_save=$release + versuffix_save=$versuffix + major_save=$major + # I'm not sure if I'm treating the release correctly. I think + # release should show up in the -l (ie -lgmp5) so we don't want to + # add it in twice. Is that correct? + release="" + versuffix="" + major="" + newdeplibs= + droppeddeps=no + case $deplibs_check_method in + pass_all) + # Don't check for shared/static. Everything works. + # This might be a little naive. We might want to check + # whether the library exists or not. But this is on + # osf3 & osf4 and I'm not really sure... Just + # implementing what was already the behavior. + newdeplibs=$deplibs + ;; + test_compile) + # This code stresses the "libraries are programs" paradigm to its + # limits. Maybe even breaks it. We compile a program, linking it + # against the deplibs as a proxy for the library. Then we can check + # whether they linked in statically or dynamically with ldd. + $opt_dry_run || $RM conftest.c + cat > conftest.c </dev/null` + $nocaseglob + else + potential_libs=`ls $i/$libnameglob[.-]* 2>/dev/null` + fi + for potent_lib in $potential_libs; do + # Follow soft links. + if ls -lLd "$potent_lib" 2>/dev/null | + $GREP " -> " >/dev/null; then + continue + fi + # The statement above tries to avoid entering an + # endless loop below, in case of cyclic links. + # We might still enter an endless loop, since a link + # loop can be closed while we follow links, + # but so what? + potlib="$potent_lib" + while test -h "$potlib" 2>/dev/null; do + potliblink=`ls -ld $potlib | ${SED} 's/.* -> //'` + case $potliblink in + [\\/]* | [A-Za-z]:[\\/]*) potlib="$potliblink";; + *) potlib=`$ECHO "$potlib" | $SED 's,[^/]*$,,'`"$potliblink";; + esac + done + if eval $file_magic_cmd \"\$potlib\" 2>/dev/null | + $SED -e 10q | + $EGREP "$file_magic_regex" > /dev/null; then + func_append newdeplibs " $a_deplib" + a_deplib="" + break 2 + fi + done + done + fi + if test -n "$a_deplib" ; then + droppeddeps=yes + echo + $ECHO "*** Warning: linker path does not have real file for library $a_deplib." + echo "*** I have the capability to make that library automatically link in when" + echo "*** you link to this library. But I can only do this if you have a" + echo "*** shared version of the library, which you do not appear to have" + echo "*** because I did check the linker path looking for a file starting" + if test -z "$potlib" ; then + $ECHO "*** with $libname but no candidates were found. (...for file magic test)" + else + $ECHO "*** with $libname and none of the candidates passed a file format test" + $ECHO "*** using a file magic. Last file checked: $potlib" + fi + fi + ;; + *) + # Add a -L argument. + func_append newdeplibs " $a_deplib" + ;; + esac + done # Gone through all deplibs. + ;; + match_pattern*) + set dummy $deplibs_check_method; shift + match_pattern_regex=`expr "$deplibs_check_method" : "$1 \(.*\)"` + for a_deplib in $deplibs; do + case $a_deplib in + -l*) + func_stripname -l '' "$a_deplib" + name=$func_stripname_result + if test "X$allow_libtool_libs_with_static_runtimes" = "Xyes" ; then + case " $predeps $postdeps " in + *" $a_deplib "*) + func_append newdeplibs " $a_deplib" + a_deplib="" + ;; + esac + fi + if test -n "$a_deplib" ; then + libname=`eval "\\$ECHO \"$libname_spec\""` + for i in $lib_search_path $sys_lib_search_path $shlib_search_path; do + potential_libs=`ls $i/$libname[.-]* 2>/dev/null` + for potent_lib in $potential_libs; do + potlib="$potent_lib" # see symlink-check above in file_magic test + if eval "\$ECHO \"$potent_lib\"" 2>/dev/null | $SED 10q | \ + $EGREP "$match_pattern_regex" > /dev/null; then + func_append newdeplibs " $a_deplib" + a_deplib="" + break 2 + fi + done + done + fi + if test -n "$a_deplib" ; then + droppeddeps=yes + echo + $ECHO "*** Warning: linker path does not have real file for library $a_deplib." + echo "*** I have the capability to make that library automatically link in when" + echo "*** you link to this library. But I can only do this if you have a" + echo "*** shared version of the library, which you do not appear to have" + echo "*** because I did check the linker path looking for a file starting" + if test -z "$potlib" ; then + $ECHO "*** with $libname but no candidates were found. (...for regex pattern test)" + else + $ECHO "*** with $libname and none of the candidates passed a file format test" + $ECHO "*** using a regex pattern. Last file checked: $potlib" + fi + fi + ;; + *) + # Add a -L argument. + func_append newdeplibs " $a_deplib" + ;; + esac + done # Gone through all deplibs. + ;; + none | unknown | *) + newdeplibs="" + tmp_deplibs=`$ECHO " $deplibs" | $SED 's/ -lc$//; s/ -[LR][^ ]*//g'` + if test "X$allow_libtool_libs_with_static_runtimes" = "Xyes" ; then + for i in $predeps $postdeps ; do + # can't use Xsed below, because $i might contain '/' + tmp_deplibs=`$ECHO " $tmp_deplibs" | $SED "s,$i,,"` + done + fi + case $tmp_deplibs in + *[!\ \ ]*) + echo + if test "X$deplibs_check_method" = "Xnone"; then + echo "*** Warning: inter-library dependencies are not supported in this platform." + else + echo "*** Warning: inter-library dependencies are not known to be supported." + fi + echo "*** All declared inter-library dependencies are being dropped." + droppeddeps=yes + ;; + esac + ;; + esac + versuffix=$versuffix_save + major=$major_save + release=$release_save + libname=$libname_save + name=$name_save + + case $host in + *-*-rhapsody* | *-*-darwin1.[012]) + # On Rhapsody replace the C library with the System framework + newdeplibs=`$ECHO " $newdeplibs" | $SED 's/ -lc / System.ltframework /'` + ;; + esac + + if test "$droppeddeps" = yes; then + if test "$module" = yes; then + echo + echo "*** Warning: libtool could not satisfy all declared inter-library" + $ECHO "*** dependencies of module $libname. Therefore, libtool will create" + echo "*** a static module, that should work as long as the dlopening" + echo "*** application is linked with the -dlopen flag." + if test -z "$global_symbol_pipe"; then + echo + echo "*** However, this would only work if libtool was able to extract symbol" + echo "*** lists from a program, using \`nm' or equivalent, but libtool could" + echo "*** not find such a program. So, this module is probably useless." + echo "*** \`nm' from GNU binutils and a full rebuild may help." + fi + if test "$build_old_libs" = no; then + oldlibs="$output_objdir/$libname.$libext" + build_libtool_libs=module + build_old_libs=yes + else + build_libtool_libs=no + fi + else + echo "*** The inter-library dependencies that have been dropped here will be" + echo "*** automatically added whenever a program is linked with this library" + echo "*** or is declared to -dlopen it." + + if test "$allow_undefined" = no; then + echo + echo "*** Since this library must not contain undefined symbols," + echo "*** because either the platform does not support them or" + echo "*** it was explicitly requested with -no-undefined," + echo "*** libtool will only create a static version of it." + if test "$build_old_libs" = no; then + oldlibs="$output_objdir/$libname.$libext" + build_libtool_libs=module + build_old_libs=yes + else + build_libtool_libs=no + fi + fi + fi + fi + # Done checking deplibs! + deplibs=$newdeplibs + fi + # Time to change all our "foo.ltframework" stuff back to "-framework foo" + case $host in + *-*-darwin*) + newdeplibs=`$ECHO " $newdeplibs" | $SED 's% \([^ $]*\).ltframework% -framework \1%g'` + new_inherited_linker_flags=`$ECHO " $new_inherited_linker_flags" | $SED 's% \([^ $]*\).ltframework% -framework \1%g'` + deplibs=`$ECHO " $deplibs" | $SED 's% \([^ $]*\).ltframework% -framework \1%g'` + ;; + esac - # Follow symbolic links until we get to the real thisdir. - file=\`ls -ld \"\$file\" | ${SED} -n 's/.*-> //p'\` - while test -n \"\$file\"; do - destdir=\`\$echo \"X\$file\" | \$Xsed -e 's%/[^/]*\$%%'\` + # move library search paths that coincide with paths to not yet + # installed libraries to the beginning of the library search list + new_libs= + for path in $notinst_path; do + case " $new_libs " in + *" -L$path/$objdir "*) ;; + *) + case " $deplibs " in + *" -L$path/$objdir "*) + func_append new_libs " -L$path/$objdir" ;; + esac + ;; + esac + done + for deplib in $deplibs; do + case $deplib in + -L*) + case " $new_libs " in + *" $deplib "*) ;; + *) func_append new_libs " $deplib" ;; + esac + ;; + *) func_append new_libs " $deplib" ;; + esac + done + deplibs="$new_libs" - # If there was a directory component, then change thisdir. - if test \"x\$destdir\" != \"x\$file\"; then - case \"\$destdir\" in - [\\\\/]* | [A-Za-z]:[\\\\/]*) thisdir=\"\$destdir\" ;; - *) thisdir=\"\$thisdir/\$destdir\" ;; - esac - fi + # All the library-specific variables (install_libdir is set above). + library_names= + old_library= + dlname= - file=\`\$echo \"X\$file\" | \$Xsed -e 's%^.*/%%'\` - file=\`ls -ld \"\$thisdir/\$file\" | ${SED} -n 's/.*-> //p'\` - done + # Test again, we may have decided not to build it any more + if test "$build_libtool_libs" = yes; then + if test "$hardcode_into_libs" = yes; then + # Hardcode the library paths + hardcode_libdirs= + dep_rpath= + rpath="$finalize_rpath" + test "$opt_mode" != relink && rpath="$compile_rpath$rpath" + for libdir in $rpath; do + if test -n "$hardcode_libdir_flag_spec"; then + if test -n "$hardcode_libdir_separator"; then + func_replace_sysroot "$libdir" + libdir=$func_replace_sysroot_result + if test -z "$hardcode_libdirs"; then + hardcode_libdirs="$libdir" + else + # Just accumulate the unique libdirs. + case $hardcode_libdir_separator$hardcode_libdirs$hardcode_libdir_separator in + *"$hardcode_libdir_separator$libdir$hardcode_libdir_separator"*) + ;; + *) + func_append hardcode_libdirs "$hardcode_libdir_separator$libdir" + ;; + esac + fi + else + eval flag=\"$hardcode_libdir_flag_spec\" + func_append dep_rpath " $flag" + fi + elif test -n "$runpath_var"; then + case "$perm_rpath " in + *" $libdir "*) ;; + *) func_apped perm_rpath " $libdir" ;; + esac + fi + done + # Substitute the hardcoded libdirs into the rpath. + if test -n "$hardcode_libdir_separator" && + test -n "$hardcode_libdirs"; then + libdir="$hardcode_libdirs" + if test -n "$hardcode_libdir_flag_spec_ld"; then + eval dep_rpath=\"$hardcode_libdir_flag_spec_ld\" + else + eval dep_rpath=\"$hardcode_libdir_flag_spec\" + fi + fi + if test -n "$runpath_var" && test -n "$perm_rpath"; then + # We should set the runpath_var. + rpath= + for dir in $perm_rpath; do + func_append rpath "$dir:" + done + eval "$runpath_var='$rpath\$$runpath_var'; export $runpath_var" + fi + test -n "$dep_rpath" && deplibs="$dep_rpath $deplibs" + fi - # Try to get the absolute directory name. - absdir=\`cd \"\$thisdir\" && pwd\` - test -n \"\$absdir\" && thisdir=\"\$absdir\" -" + shlibpath="$finalize_shlibpath" + test "$opt_mode" != relink && shlibpath="$compile_shlibpath$shlibpath" + if test -n "$shlibpath"; then + eval "$shlibpath_var='$shlibpath\$$shlibpath_var'; export $shlibpath_var" + fi - if test "$fast_install" = yes; then - $echo >> $output "\ - program=lt-'$outputname'$exeext - progdir=\"\$thisdir/$objdir\" + # Get the real and link names of the library. + eval shared_ext=\"$shrext_cmds\" + eval library_names=\"$library_names_spec\" + set dummy $library_names + shift + realname="$1" + shift - if test ! -f \"\$progdir/\$program\" || \\ - { file=\`ls -1dt \"\$progdir/\$program\" \"\$progdir/../\$program\" 2>/dev/null | ${SED} 1q\`; \\ - test \"X\$file\" != \"X\$progdir/\$program\"; }; then + if test -n "$soname_spec"; then + eval soname=\"$soname_spec\" + else + soname="$realname" + fi + if test -z "$dlname"; then + dlname=$soname + fi - file=\"\$\$-\$program\" + lib="$output_objdir/$realname" + linknames= + for link + do + func_append linknames " $link" + done - if test ! -d \"\$progdir\"; then - $mkdir \"\$progdir\" - else - $rm \"\$progdir/\$file\" - fi" + # Use standard objects if they are pic + test -z "$pic_flag" && libobjs=`$ECHO "$libobjs" | $SP2NL | $SED "$lo2o" | $NL2SP` + test "X$libobjs" = "X " && libobjs= - $echo >> $output "\ + delfiles= + if test -n "$export_symbols" && test -n "$include_expsyms"; then + $opt_dry_run || cp "$export_symbols" "$output_objdir/$libname.uexp" + export_symbols="$output_objdir/$libname.uexp" + func_append delfiles " $export_symbols" + fi + + orig_export_symbols= + case $host_os in + cygwin* | mingw* | cegcc*) + if test -n "$export_symbols" && test -z "$export_symbols_regex"; then + # exporting using user supplied symfile + if test "x`$SED 1q $export_symbols`" != xEXPORTS; then + # and it's NOT already a .def file. Must figure out + # which of the given symbols are data symbols and tag + # them as such. So, trigger use of export_symbols_cmds. + # export_symbols gets reassigned inside the "prepare + # the list of exported symbols" if statement, so the + # include_expsyms logic still works. + orig_export_symbols="$export_symbols" + export_symbols= + always_export_symbols=yes + fi + fi + ;; + esac - # relink executable if necessary - if test -n \"\$relink_command\"; then - if relink_command_output=\`eval \$relink_command 2>&1\`; then : - else - $echo \"\$relink_command_output\" >&2 - $rm \"\$progdir/\$file\" - exit $EXIT_FAILURE - fi - fi + # Prepare the list of exported symbols + if test -z "$export_symbols"; then + if test "$always_export_symbols" = yes || test -n "$export_symbols_regex"; then + func_verbose "generating symbol list for \`$libname.la'" + export_symbols="$output_objdir/$libname.exp" + $opt_dry_run || $RM $export_symbols + cmds=$export_symbols_cmds + save_ifs="$IFS"; IFS='~' + for cmd1 in $cmds; do + IFS="$save_ifs" + # Take the normal branch if the nm_file_list_spec branch + # doesn't work or if tool conversion is not needed. + case $nm_file_list_spec~$to_tool_file_cmd in + *~func_convert_file_noop | *~func_convert_file_msys_to_w32 | ~*) + try_normal_branch=yes + eval cmd=\"$cmd1\" + func_len " $cmd" + len=$func_len_result + ;; + *) + try_normal_branch=no + ;; + esac + if test "$try_normal_branch" = yes \ + && { test "$len" -lt "$max_cmd_len" \ + || test "$max_cmd_len" -le -1; } + then + func_show_eval "$cmd" 'exit $?' + skipped_export=false + elif test -n "$nm_file_list_spec"; then + func_basename "$output" + output_la=$func_basename_result + save_libobjs=$libobjs + save_output=$output + output=${output_objdir}/${output_la}.nm + func_to_tool_file "$output" + libobjs=$nm_file_list_spec$func_to_tool_file_result + func_append delfiles " $output" + func_verbose "creating $NM input file list: $output" + for obj in $save_libobjs; do + func_to_tool_file "$obj" + $ECHO "$func_to_tool_file_result" + done > "$output" + eval cmd=\"$cmd1\" + func_show_eval "$cmd" 'exit $?' + output=$save_output + libobjs=$save_libobjs + skipped_export=false + else + # The command line is too long to execute in one step. + func_verbose "using reloadable object file for export list..." + skipped_export=: + # Break out early, otherwise skipped_export may be + # set to false by a later but shorter cmd. + break + fi + done + IFS="$save_ifs" + if test -n "$export_symbols_regex" && test "X$skipped_export" != "X:"; then + func_show_eval '$EGREP -e "$export_symbols_regex" "$export_symbols" > "${export_symbols}T"' + func_show_eval '$MV "${export_symbols}T" "$export_symbols"' + fi + fi + fi - $mv \"\$progdir/\$file\" \"\$progdir/\$program\" 2>/dev/null || - { $rm \"\$progdir/\$program\"; - $mv \"\$progdir/\$file\" \"\$progdir/\$program\"; } - $rm \"\$progdir/\$file\" - fi" - else - $echo >> $output "\ - program='$outputname' - progdir=\"\$thisdir/$objdir\" -" + if test -n "$export_symbols" && test -n "$include_expsyms"; then + tmp_export_symbols="$export_symbols" + test -n "$orig_export_symbols" && tmp_export_symbols="$orig_export_symbols" + $opt_dry_run || eval '$ECHO "$include_expsyms" | $SP2NL >> "$tmp_export_symbols"' + fi + + if test "X$skipped_export" != "X:" && test -n "$orig_export_symbols"; then + # The given exports_symbols file has to be filtered, so filter it. + func_verbose "filter symbol list for \`$libname.la' to tag DATA exports" + # FIXME: $output_objdir/$libname.filter potentially contains lots of + # 's' commands which not all seds can handle. GNU sed should be fine + # though. Also, the filter scales superlinearly with the number of + # global variables. join(1) would be nice here, but unfortunately + # isn't a blessed tool. + $opt_dry_run || $SED -e '/[ ,]DATA/!d;s,\(.*\)\([ \,].*\),s|^\1$|\1\2|,' < $export_symbols > $output_objdir/$libname.filter + func_append delfiles " $export_symbols $output_objdir/$libname.filter" + export_symbols=$output_objdir/$libname.def + $opt_dry_run || $SED -f $output_objdir/$libname.filter < $orig_export_symbols > $export_symbols fi - $echo >> $output "\ + tmp_deplibs= + for test_deplib in $deplibs; do + case " $convenience " in + *" $test_deplib "*) ;; + *) + func_append tmp_deplibs " $test_deplib" + ;; + esac + done + deplibs="$tmp_deplibs" - if test -f \"\$progdir/\$program\"; then" + if test -n "$convenience"; then + if test -n "$whole_archive_flag_spec" && + test "$compiler_needs_object" = yes && + test -z "$libobjs"; then + # extract the archives, so we have objects to list. + # TODO: could optimize this to just extract one archive. + whole_archive_flag_spec= + fi + if test -n "$whole_archive_flag_spec"; then + save_libobjs=$libobjs + eval libobjs=\"\$libobjs $whole_archive_flag_spec\" + test "X$libobjs" = "X " && libobjs= + else + gentop="$output_objdir/${outputname}x" + func_append generated " $gentop" - # Export our shlibpath_var if we have one. - if test "$shlibpath_overrides_runpath" = yes && test -n "$shlibpath_var" && test -n "$temp_rpath"; then - $echo >> $output "\ - # Add our own library path to $shlibpath_var - $shlibpath_var=\"$temp_rpath\$$shlibpath_var\" + func_extract_archives $gentop $convenience + func_append libobjs " $func_extract_archives_result" + test "X$libobjs" = "X " && libobjs= + fi + fi - # Some systems cannot cope with colon-terminated $shlibpath_var - # The second colon is a workaround for a bug in BeOS R4 sed - $shlibpath_var=\`\$echo \"X\$$shlibpath_var\" | \$Xsed -e 's/::*\$//'\` + if test "$thread_safe" = yes && test -n "$thread_safe_flag_spec"; then + eval flag=\"$thread_safe_flag_spec\" + func_append linker_flags " $flag" + fi - export $shlibpath_var -" + # Make a backup of the uninstalled library when relinking + if test "$opt_mode" = relink; then + $opt_dry_run || eval '(cd $output_objdir && $RM ${realname}U && $MV $realname ${realname}U)' || exit $? fi - # fixup the dll searchpath if we need to. - if test -n "$dllsearchpath"; then - $echo >> $output "\ - # Add the dll search path components to the executable PATH - PATH=$dllsearchpath:\$PATH -" + # Do each of the archive commands. + if test "$module" = yes && test -n "$module_cmds" ; then + if test -n "$export_symbols" && test -n "$module_expsym_cmds"; then + eval test_cmds=\"$module_expsym_cmds\" + cmds=$module_expsym_cmds + else + eval test_cmds=\"$module_cmds\" + cmds=$module_cmds + fi + else + if test -n "$export_symbols" && test -n "$archive_expsym_cmds"; then + eval test_cmds=\"$archive_expsym_cmds\" + cmds=$archive_expsym_cmds + else + eval test_cmds=\"$archive_cmds\" + cmds=$archive_cmds + fi fi - $echo >> $output "\ - if test \"\$libtool_execute_magic\" != \"$magic\"; then - # Run the actual program with our arguments. -" - case $host in - # Backslashes separate directories on plain windows - *-*-mingw | *-*-os2*) - $echo >> $output "\ - exec \"\$progdir\\\\\$program\" \${1+\"\$@\"} -" - ;; + if test "X$skipped_export" != "X:" && + func_len " $test_cmds" && + len=$func_len_result && + test "$len" -lt "$max_cmd_len" || test "$max_cmd_len" -le -1; then + : + else + # The command line is too long to link in one step, link piecewise + # or, if using GNU ld and skipped_export is not :, use a linker + # script. - *) - $echo >> $output "\ - exec \"\$progdir/\$program\" \${1+\"\$@\"} -" - ;; - esac - $echo >> $output "\ - \$echo \"\$0: cannot exec \$program \$*\" - exit $EXIT_FAILURE - fi - else - # The program doesn't exist. - \$echo \"\$0: error: \\\`\$progdir/\$program' does not exist\" 1>&2 - \$echo \"This script is just a wrapper for \$program.\" 1>&2 - $echo \"See the $PACKAGE documentation for more information.\" 1>&2 - exit $EXIT_FAILURE - fi -fi\ -" - chmod +x $output - fi - exit $EXIT_SUCCESS - ;; - esac + # Save the value of $output and $libobjs because we want to + # use them later. If we have whole_archive_flag_spec, we + # want to use save_libobjs as it was before + # whole_archive_flag_spec was expanded, because we can't + # assume the linker understands whole_archive_flag_spec. + # This may have to be revisited, in case too many + # convenience libraries get linked in and end up exceeding + # the spec. + if test -z "$convenience" || test -z "$whole_archive_flag_spec"; then + save_libobjs=$libobjs + fi + save_output=$output + func_basename "$output" + output_la=$func_basename_result - # See if we need to build an old-fashioned archive. - for oldlib in $oldlibs; do + # Clear the reloadable object creation command queue and + # initialize k to one. + test_cmds= + concat_cmds= + objlist= + last_robj= + k=1 - if test "$build_libtool_libs" = convenience; then - oldobjs="$libobjs_save" - addlibs="$convenience" - build_libtool_libs=no - else - if test "$build_libtool_libs" = module; then - oldobjs="$libobjs_save" - build_libtool_libs=no - else - oldobjs="$old_deplibs $non_pic_objects" - fi - addlibs="$old_convenience" - fi + if test -n "$save_libobjs" && test "X$skipped_export" != "X:" && test "$with_gnu_ld" = yes; then + output=${output_objdir}/${output_la}.lnkscript + func_verbose "creating GNU ld script: $output" + echo 'INPUT (' > $output + for obj in $save_libobjs + do + func_to_tool_file "$obj" + $ECHO "$func_to_tool_file_result" >> $output + done + echo ')' >> $output + func_append delfiles " $output" + func_to_tool_file "$output" + output=$func_to_tool_file_result + elif test -n "$save_libobjs" && test "X$skipped_export" != "X:" && test "X$file_list_spec" != X; then + output=${output_objdir}/${output_la}.lnk + func_verbose "creating linker input file list: $output" + : > $output + set x $save_libobjs + shift + firstobj= + if test "$compiler_needs_object" = yes; then + firstobj="$1 " + shift + fi + for obj + do + func_to_tool_file "$obj" + $ECHO "$func_to_tool_file_result" >> $output + done + func_append delfiles " $output" + func_to_tool_file "$output" + output=$firstobj\"$file_list_spec$func_to_tool_file_result\" + else + if test -n "$save_libobjs"; then + func_verbose "creating reloadable object files..." + output=$output_objdir/$output_la-${k}.$objext + eval test_cmds=\"$reload_cmds\" + func_len " $test_cmds" + len0=$func_len_result + len=$len0 + + # Loop over the list of objects to be linked. + for obj in $save_libobjs + do + func_len " $obj" + func_arith $len + $func_len_result + len=$func_arith_result + if test "X$objlist" = X || + test "$len" -lt "$max_cmd_len"; then + func_append objlist " $obj" + else + # The command $test_cmds is almost too long, add a + # command to the queue. + if test "$k" -eq 1 ; then + # The first file doesn't have a previous command to add. + reload_objs=$objlist + eval concat_cmds=\"$reload_cmds\" + else + # All subsequent reloadable object files will link in + # the last one created. + reload_objs="$objlist $last_robj" + eval concat_cmds=\"\$concat_cmds~$reload_cmds~\$RM $last_robj\" + fi + last_robj=$output_objdir/$output_la-${k}.$objext + func_arith $k + 1 + k=$func_arith_result + output=$output_objdir/$output_la-${k}.$objext + objlist=" $obj" + func_len " $last_robj" + func_arith $len0 + $func_len_result + len=$func_arith_result + fi + done + # Handle the remaining objects by creating one last + # reloadable object file. All subsequent reloadable object + # files will link in the last one created. + test -z "$concat_cmds" || concat_cmds=$concat_cmds~ + reload_objs="$objlist $last_robj" + eval concat_cmds=\"\${concat_cmds}$reload_cmds\" + if test -n "$last_robj"; then + eval concat_cmds=\"\${concat_cmds}~\$RM $last_robj\" + fi + func_append delfiles " $output" - if test -n "$addlibs"; then - gentop="$output_objdir/${outputname}x" - generated="$generated $gentop" + else + output= + fi - func_extract_archives $gentop $addlibs - oldobjs="$oldobjs $func_extract_archives_result" - fi + if ${skipped_export-false}; then + func_verbose "generating symbol list for \`$libname.la'" + export_symbols="$output_objdir/$libname.exp" + $opt_dry_run || $RM $export_symbols + libobjs=$output + # Append the command to create the export file. + test -z "$concat_cmds" || concat_cmds=$concat_cmds~ + eval concat_cmds=\"\$concat_cmds$export_symbols_cmds\" + if test -n "$last_robj"; then + eval concat_cmds=\"\$concat_cmds~\$RM $last_robj\" + fi + fi - # Do each command in the archive commands. - if test -n "$old_archive_from_new_cmds" && test "$build_libtool_libs" = yes; then - cmds=$old_archive_from_new_cmds - else - # POSIX demands no paths to be encoded in archives. We have - # to avoid creating archives with duplicate basenames if we - # might have to extract them afterwards, e.g., when creating a - # static archive out of a convenience library, or when linking - # the entirety of a libtool archive into another (currently - # not supported by libtool). - if (for obj in $oldobjs - do - $echo "X$obj" | $Xsed -e 's%^.*/%%' - done | sort | sort -uc >/dev/null 2>&1); then - : - else - $echo "copying selected object files to avoid basename conflicts..." + test -n "$save_libobjs" && + func_verbose "creating a temporary reloadable object file: $output" - if test -z "$gentop"; then - gentop="$output_objdir/${outputname}x" - generated="$generated $gentop" + # Loop through the commands generated above and execute them. + save_ifs="$IFS"; IFS='~' + for cmd in $concat_cmds; do + IFS="$save_ifs" + $opt_silent || { + func_quote_for_expand "$cmd" + eval "func_echo $func_quote_for_expand_result" + } + $opt_dry_run || eval "$cmd" || { + lt_exit=$? + + # Restore the uninstalled library and exit + if test "$opt_mode" = relink; then + ( cd "$output_objdir" && \ + $RM "${realname}T" && \ + $MV "${realname}U" "$realname" ) + fi + + exit $lt_exit + } + done + IFS="$save_ifs" - $show "${rm}r $gentop" - $run ${rm}r "$gentop" - $show "$mkdir $gentop" - $run $mkdir "$gentop" - exit_status=$? - if test "$exit_status" -ne 0 && test ! -d "$gentop"; then - exit $exit_status + if test -n "$export_symbols_regex" && ${skipped_export-false}; then + func_show_eval '$EGREP -e "$export_symbols_regex" "$export_symbols" > "${export_symbols}T"' + func_show_eval '$MV "${export_symbols}T" "$export_symbols"' fi fi - save_oldobjs=$oldobjs - oldobjs= - counter=1 - for obj in $save_oldobjs - do - objbase=`$echo "X$obj" | $Xsed -e 's%^.*/%%'` - case " $oldobjs " in - " ") oldobjs=$obj ;; - *[\ /]"$objbase "*) - while :; do - # Make sure we don't pick an alternate name that also - # overlaps. - newobj=lt$counter-$objbase - counter=`expr $counter + 1` - case " $oldobjs " in - *[\ /]"$newobj "*) ;; - *) if test ! -f "$gentop/$newobj"; then break; fi ;; - esac - done - $show "ln $obj $gentop/$newobj || cp $obj $gentop/$newobj" - $run ln "$obj" "$gentop/$newobj" || - $run cp "$obj" "$gentop/$newobj" - oldobjs="$oldobjs $gentop/$newobj" - ;; - *) oldobjs="$oldobjs $obj" ;; - esac - done - fi + if ${skipped_export-false}; then + if test -n "$export_symbols" && test -n "$include_expsyms"; then + tmp_export_symbols="$export_symbols" + test -n "$orig_export_symbols" && tmp_export_symbols="$orig_export_symbols" + $opt_dry_run || eval '$ECHO "$include_expsyms" | $SP2NL >> "$tmp_export_symbols"' + fi + + if test -n "$orig_export_symbols"; then + # The given exports_symbols file has to be filtered, so filter it. + func_verbose "filter symbol list for \`$libname.la' to tag DATA exports" + # FIXME: $output_objdir/$libname.filter potentially contains lots of + # 's' commands which not all seds can handle. GNU sed should be fine + # though. Also, the filter scales superlinearly with the number of + # global variables. join(1) would be nice here, but unfortunately + # isn't a blessed tool. + $opt_dry_run || $SED -e '/[ ,]DATA/!d;s,\(.*\)\([ \,].*\),s|^\1$|\1\2|,' < $export_symbols > $output_objdir/$libname.filter + func_append delfiles " $export_symbols $output_objdir/$libname.filter" + export_symbols=$output_objdir/$libname.def + $opt_dry_run || $SED -f $output_objdir/$libname.filter < $orig_export_symbols > $export_symbols + fi + fi - eval cmds=\"$old_archive_cmds\" + libobjs=$output + # Restore the value of output. + output=$save_output - if len=`expr "X$cmds" : ".*"` && - test "$len" -le "$max_cmd_len" || test "$max_cmd_len" -le -1; then - cmds=$old_archive_cmds - else - # the command line is too long to link in one step, link in parts - $echo "using piecewise archive linking..." - save_RANLIB=$RANLIB - RANLIB=: - objlist= - concat_cmds= - save_oldobjs=$oldobjs + if test -n "$convenience" && test -n "$whole_archive_flag_spec"; then + eval libobjs=\"\$libobjs $whole_archive_flag_spec\" + test "X$libobjs" = "X " && libobjs= + fi + # Expand the library linking commands again to reset the + # value of $libobjs for piecewise linking. - # Is there a better way of finding the last object in the list? - for obj in $save_oldobjs - do - last_oldobj=$obj - done - for obj in $save_oldobjs - do - oldobjs="$objlist $obj" - objlist="$objlist $obj" - eval test_cmds=\"$old_archive_cmds\" - if len=`expr "X$test_cmds" : ".*" 2>/dev/null` && - test "$len" -le "$max_cmd_len"; then - : + # Do each of the archive commands. + if test "$module" = yes && test -n "$module_cmds" ; then + if test -n "$export_symbols" && test -n "$module_expsym_cmds"; then + cmds=$module_expsym_cmds else - # the above command should be used before it gets too long - oldobjs=$objlist - if test "$obj" = "$last_oldobj" ; then - RANLIB=$save_RANLIB - fi - test -z "$concat_cmds" || concat_cmds=$concat_cmds~ - eval concat_cmds=\"\${concat_cmds}$old_archive_cmds\" - objlist= + cmds=$module_cmds fi - done - RANLIB=$save_RANLIB - oldobjs=$objlist - if test "X$oldobjs" = "X" ; then - eval cmds=\"\$concat_cmds\" else - eval cmds=\"\$concat_cmds~\$old_archive_cmds\" + if test -n "$export_symbols" && test -n "$archive_expsym_cmds"; then + cmds=$archive_expsym_cmds + else + cmds=$archive_cmds + fi fi fi - fi - save_ifs="$IFS"; IFS='~' - for cmd in $cmds; do - eval cmd=\"$cmd\" - IFS="$save_ifs" - $show "$cmd" - $run eval "$cmd" || exit $? - done - IFS="$save_ifs" - done - if test -n "$generated"; then - $show "${rm}r$generated" - $run ${rm}r$generated - fi + if test -n "$delfiles"; then + # Append the command to remove temporary files to $cmds. + eval cmds=\"\$cmds~\$RM $delfiles\" + fi - # Now create the libtool archive. - case $output in - *.la) - old_library= - test "$build_old_libs" = yes && old_library="$libname.$libext" - $show "creating $output" + # Add any objects from preloaded convenience libraries + if test -n "$dlprefiles"; then + gentop="$output_objdir/${outputname}x" + func_append generated " $gentop" - # Preserve any variables that may affect compiler behavior - for var in $variables_saved_for_relink; do - if eval test -z \"\${$var+set}\"; then - relink_command="{ test -z \"\${$var+set}\" || unset $var || { $var=; export $var; }; }; $relink_command" - elif eval var_value=\$$var; test -z "$var_value"; then - relink_command="$var=; export $var; $relink_command" - else - var_value=`$echo "X$var_value" | $Xsed -e "$sed_quote_subst"` - relink_command="$var=\"$var_value\"; export $var; $relink_command" + func_extract_archives $gentop $dlprefiles + func_append libobjs " $func_extract_archives_result" + test "X$libobjs" = "X " && libobjs= fi - done - # Quote the link command for shipping. - relink_command="(cd `pwd`; $SHELL $progpath $preserve_args --mode=relink $libtool_args @inst_prefix_dir@)" - relink_command=`$echo "X$relink_command" | $SP2NL | $Xsed -e "$sed_quote_subst" | $NL2SP` - if test "$hardcode_automatic" = yes ; then - relink_command= - fi + save_ifs="$IFS"; IFS='~' + for cmd in $cmds; do + IFS="$save_ifs" + eval cmd=\"$cmd\" + $opt_silent || { + func_quote_for_expand "$cmd" + eval "func_echo $func_quote_for_expand_result" + } + $opt_dry_run || eval "$cmd" || { + lt_exit=$? - # Only create the output if not a dry run. - if test -z "$run"; then - for installed in no yes; do - if test "$installed" = yes; then - if test -z "$install_libdir"; then - break + # Restore the uninstalled library and exit + if test "$opt_mode" = relink; then + ( cd "$output_objdir" && \ + $RM "${realname}T" && \ + $MV "${realname}U" "$realname" ) fi - output="$output_objdir/$outputname"i - # Replace all uninstalled libtool libraries with the installed ones - newdependency_libs= - for deplib in $dependency_libs; do - case $deplib in - *.la) - name=`$echo "X$deplib" | $Xsed -e 's%^.*/%%'` - eval libdir=`${SED} -n -e 's/^libdir=\(.*\)$/\1/p' $deplib` - if test -z "$libdir"; then - $echo "$modename: \`$deplib' is not a valid libtool archive" 1>&2 - exit $EXIT_FAILURE - fi - newdependency_libs="$newdependency_libs $libdir/$name" - ;; - *) newdependency_libs="$newdependency_libs $deplib" ;; - esac - done - dependency_libs="$newdependency_libs" - newdlfiles= - for lib in $dlfiles; do - name=`$echo "X$lib" | $Xsed -e 's%^.*/%%'` - eval libdir=`${SED} -n -e 's/^libdir=\(.*\)$/\1/p' $lib` - if test -z "$libdir"; then - $echo "$modename: \`$lib' is not a valid libtool archive" 1>&2 - exit $EXIT_FAILURE - fi - newdlfiles="$newdlfiles $libdir/$name" - done - dlfiles="$newdlfiles" - newdlprefiles= - for lib in $dlprefiles; do - name=`$echo "X$lib" | $Xsed -e 's%^.*/%%'` - eval libdir=`${SED} -n -e 's/^libdir=\(.*\)$/\1/p' $lib` - if test -z "$libdir"; then - $echo "$modename: \`$lib' is not a valid libtool archive" 1>&2 - exit $EXIT_FAILURE - fi - newdlprefiles="$newdlprefiles $libdir/$name" - done - dlprefiles="$newdlprefiles" - else - newdlfiles= - for lib in $dlfiles; do - case $lib in - [\\/]* | [A-Za-z]:[\\/]*) abs="$lib" ;; - *) abs=`pwd`"/$lib" ;; - esac - newdlfiles="$newdlfiles $abs" - done - dlfiles="$newdlfiles" - newdlprefiles= - for lib in $dlprefiles; do - case $lib in - [\\/]* | [A-Za-z]:[\\/]*) abs="$lib" ;; - *) abs=`pwd`"/$lib" ;; - esac - newdlprefiles="$newdlprefiles $abs" - done - dlprefiles="$newdlprefiles" - fi - $rm $output - # place dlname in correct position for cygwin - tdlname=$dlname - case $host,$output,$installed,$module,$dlname in - *cygwin*,*lai,yes,no,*.dll | *mingw*,*lai,yes,no,*.dll) tdlname=../bin/$dlname ;; - esac - $echo > $output "\ -# $outputname - a libtool library file -# Generated by $PROGRAM - GNU $PACKAGE $VERSION$TIMESTAMP -# -# Please DO NOT delete this file! -# It is necessary for linking the library. - -# The name that we can dlopen(3). -dlname='$tdlname' - -# Names of this library. -library_names='$library_names' - -# The name of the static archive. -old_library='$old_library' - -# Libraries that this one depends upon. -dependency_libs='$dependency_libs' -# Version information for $libname. -current=$current -age=$age -revision=$revision + exit $lt_exit + } + done + IFS="$save_ifs" -# Is this an already installed library? -installed=$installed + # Restore the uninstalled library and exit + if test "$opt_mode" = relink; then + $opt_dry_run || eval '(cd $output_objdir && $RM ${realname}T && $MV $realname ${realname}T && $MV ${realname}U $realname)' || exit $? -# Should we warn about portability when linking against -modules? -shouldnotlink=$module + if test -n "$convenience"; then + if test -z "$whole_archive_flag_spec"; then + func_show_eval '${RM}r "$gentop"' + fi + fi -# Files to dlopen/dlpreopen -dlopen='$dlfiles' -dlpreopen='$dlprefiles' + exit $EXIT_SUCCESS + fi -# Directory that this library needs to be installed in: -libdir='$install_libdir'" - if test "$installed" = no && test "$need_relink" = yes; then - $echo >> $output "\ -relink_command=\"$relink_command\"" + # Create links to the real library. + for linkname in $linknames; do + if test "$realname" != "$linkname"; then + func_show_eval '(cd "$output_objdir" && $RM "$linkname" && $LN_S "$realname" "$linkname")' 'exit $?' fi done - fi - # Do a symbolic link so that the libtool archive can be found in - # LD_LIBRARY_PATH before the program is installed. - $show "(cd $output_objdir && $rm $outputname && $LN_S ../$outputname $outputname)" - $run eval '(cd $output_objdir && $rm $outputname && $LN_S ../$outputname $outputname)' || exit $? + # If -module or -export-dynamic was specified, set the dlname. + if test "$module" = yes || test "$export_dynamic" = yes; then + # On all known operating systems, these are identical. + dlname="$soname" + fi + fi ;; - esac - exit $EXIT_SUCCESS - ;; - # libtool install mode - install) - modename="$modename: install" + obj) + if test -n "$dlfiles$dlprefiles" || test "$dlself" != no; then + func_warning "\`-dlopen' is ignored for objects" + fi - # There may be an optional sh(1) argument at the beginning of - # install_prog (especially on Windows NT). - if test "$nonopt" = "$SHELL" || test "$nonopt" = /bin/sh || - # Allow the use of GNU shtool's install command. - $echo "X$nonopt" | grep shtool > /dev/null; then - # Aesthetically quote it. - arg=`$echo "X$nonopt" | $Xsed -e "$sed_quote_subst"` - case $arg in - *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \ ]*|*]*|"") - arg="\"$arg\"" - ;; + case " $deplibs" in + *\ -l* | *\ -L*) + func_warning "\`-l' and \`-L' are ignored for objects" ;; esac - install_prog="$arg " - arg="$1" - shift - else - install_prog= - arg=$nonopt - fi - # The real first argument should be the name of the installation program. - # Aesthetically quote it. - arg=`$echo "X$arg" | $Xsed -e "$sed_quote_subst"` - case $arg in - *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \ ]*|*]*|"") - arg="\"$arg\"" - ;; - esac - install_prog="$install_prog$arg" + test -n "$rpath" && \ + func_warning "\`-rpath' is ignored for objects" - # We need to accept at least all the BSD install flags. - dest= - files= - opts= - prev= - install_type= - isdir=no - stripme= - for arg - do - if test -n "$dest"; then - files="$files $dest" - dest=$arg - continue - fi + test -n "$xrpath" && \ + func_warning "\`-R' is ignored for objects" - case $arg in - -d) isdir=yes ;; - -f) - case " $install_prog " in - *[\\\ /]cp\ *) ;; - *) prev=$arg ;; - esac - ;; - -g | -m | -o) prev=$arg ;; - -s) - stripme=" -s" - continue - ;; - -*) + test -n "$vinfo" && \ + func_warning "\`-version-info' is ignored for objects" + + test -n "$release" && \ + func_warning "\`-release' is ignored for objects" + + case $output in + *.lo) + test -n "$objs$old_deplibs" && \ + func_fatal_error "cannot build library object \`$output' from non-libtool objects" + + libobj=$output + func_lo2o "$libobj" + obj=$func_lo2o_result ;; *) - # If the previous option needed an argument, then skip it. - if test -n "$prev"; then - prev= - else - dest=$arg - continue - fi + libobj= + obj="$output" ;; esac - # Aesthetically quote the argument. - arg=`$echo "X$arg" | $Xsed -e "$sed_quote_subst"` - case $arg in - *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \ ]*|*]*|"") - arg="\"$arg\"" - ;; - esac - install_prog="$install_prog $arg" - done + # Delete the old objects. + $opt_dry_run || $RM $obj $libobj - if test -z "$install_prog"; then - $echo "$modename: you must specify an install program" 1>&2 - $echo "$help" 1>&2 - exit $EXIT_FAILURE - fi + # Objects from convenience libraries. This assumes + # single-version convenience libraries. Whenever we create + # different ones for PIC/non-PIC, this we'll have to duplicate + # the extraction. + reload_conv_objs= + gentop= + # reload_cmds runs $LD directly, so let us get rid of + # -Wl from whole_archive_flag_spec and hope we can get by with + # turning comma into space.. + wl= - if test -n "$prev"; then - $echo "$modename: the \`$prev' option requires an argument" 1>&2 - $echo "$help" 1>&2 - exit $EXIT_FAILURE - fi + if test -n "$convenience"; then + if test -n "$whole_archive_flag_spec"; then + eval tmp_whole_archive_flags=\"$whole_archive_flag_spec\" + reload_conv_objs=$reload_objs\ `$ECHO "$tmp_whole_archive_flags" | $SED 's|,| |g'` + else + gentop="$output_objdir/${obj}x" + func_append generated " $gentop" - if test -z "$files"; then - if test -z "$dest"; then - $echo "$modename: no file or destination specified" 1>&2 - else - $echo "$modename: you must specify a destination" 1>&2 + func_extract_archives $gentop $convenience + reload_conv_objs="$reload_objs $func_extract_archives_result" + fi fi - $echo "$help" 1>&2 - exit $EXIT_FAILURE - fi - # Strip any trailing slash from the destination. - dest=`$echo "X$dest" | $Xsed -e 's%/$%%'` + # If we're not building shared, we need to use non_pic_objs + test "$build_libtool_libs" != yes && libobjs="$non_pic_objects" - # Check to see that the destination is a directory. - test -d "$dest" && isdir=yes - if test "$isdir" = yes; then - destdir="$dest" - destname= - else - destdir=`$echo "X$dest" | $Xsed -e 's%/[^/]*$%%'` - test "X$destdir" = "X$dest" && destdir=. - destname=`$echo "X$dest" | $Xsed -e 's%^.*/%%'` + # Create the old-style object. + reload_objs="$objs$old_deplibs "`$ECHO "$libobjs" | $SP2NL | $SED "/\.${libext}$/d; /\.lib$/d; $lo2o" | $NL2SP`" $reload_conv_objs" ### testsuite: skip nested quoting test - # Not a directory, so check to see that there is only one file specified. - set dummy $files - if test "$#" -gt 2; then - $echo "$modename: \`$dest' is not a directory" 1>&2 - $echo "$help" 1>&2 - exit $EXIT_FAILURE + output="$obj" + func_execute_cmds "$reload_cmds" 'exit $?' + + # Exit if we aren't doing a library object file. + if test -z "$libobj"; then + if test -n "$gentop"; then + func_show_eval '${RM}r "$gentop"' + fi + + exit $EXIT_SUCCESS fi - fi - case $destdir in - [\\/]* | [A-Za-z]:[\\/]*) ;; - *) - for file in $files; do - case $file in - *.lo) ;; - *) - $echo "$modename: \`$destdir' must be an absolute directory name" 1>&2 - $echo "$help" 1>&2 - exit $EXIT_FAILURE - ;; - esac - done + + if test "$build_libtool_libs" != yes; then + if test -n "$gentop"; then + func_show_eval '${RM}r "$gentop"' + fi + + # Create an invalid libtool object if no PIC, so that we don't + # accidentally link it into a program. + # $show "echo timestamp > $libobj" + # $opt_dry_run || eval "echo timestamp > $libobj" || exit $? + exit $EXIT_SUCCESS + fi + + if test -n "$pic_flag" || test "$pic_mode" != default; then + # Only do commands if we really have different PIC objects. + reload_objs="$libobjs $reload_conv_objs" + output="$libobj" + func_execute_cmds "$reload_cmds" 'exit $?' + fi + + if test -n "$gentop"; then + func_show_eval '${RM}r "$gentop"' + fi + + exit $EXIT_SUCCESS ;; - esac - # This variable tells wrapper scripts just to set variables rather - # than running their programs. - libtool_install_magic="$magic" + prog) + case $host in + *cygwin*) func_stripname '' '.exe' "$output" + output=$func_stripname_result.exe;; + esac + test -n "$vinfo" && \ + func_warning "\`-version-info' is ignored for programs" - staticlibs= - future_libdirs= - current_libdirs= - for file in $files; do + test -n "$release" && \ + func_warning "\`-release' is ignored for programs" - # Do each installation. - case $file in - *.$libext) - # Do the static libraries later. - staticlibs="$staticlibs $file" + test "$preload" = yes \ + && test "$dlopen_support" = unknown \ + && test "$dlopen_self" = unknown \ + && test "$dlopen_self_static" = unknown && \ + func_warning "\`LT_INIT([dlopen])' not used. Assuming no dlopen support." + + case $host in + *-*-rhapsody* | *-*-darwin1.[012]) + # On Rhapsody replace the C library is the System framework + compile_deplibs=`$ECHO " $compile_deplibs" | $SED 's/ -lc / System.ltframework /'` + finalize_deplibs=`$ECHO " $finalize_deplibs" | $SED 's/ -lc / System.ltframework /'` ;; + esac - *.la) - # Check to see that this really is a libtool archive. - if (${SED} -e '2q' $file | grep "^# Generated by .*$PACKAGE") >/dev/null 2>&1; then : - else - $echo "$modename: \`$file' is not a valid libtool archive" 1>&2 - $echo "$help" 1>&2 - exit $EXIT_FAILURE + case $host in + *-*-darwin*) + # Don't allow lazy linking, it breaks C++ global constructors + # But is supposedly fixed on 10.4 or later (yay!). + if test "$tagname" = CXX ; then + case ${MACOSX_DEPLOYMENT_TARGET-10.0} in + 10.[0123]) + func_append compile_command " ${wl}-bind_at_load" + func_append finalize_command " ${wl}-bind_at_load" + ;; + esac fi + # Time to change all our "foo.ltframework" stuff back to "-framework foo" + compile_deplibs=`$ECHO " $compile_deplibs" | $SED 's% \([^ $]*\).ltframework% -framework \1%g'` + finalize_deplibs=`$ECHO " $finalize_deplibs" | $SED 's% \([^ $]*\).ltframework% -framework \1%g'` + ;; + esac - library_names= - old_library= - relink_command= - # If there is no directory component, then add one. - case $file in - */* | *\\*) . $file ;; - *) . ./$file ;; - esac - # Add the libdir to current_libdirs if it is the destination. - if test "X$destdir" = "X$libdir"; then - case "$current_libdirs " in - *" $libdir "*) ;; - *) current_libdirs="$current_libdirs $libdir" ;; + # move library search paths that coincide with paths to not yet + # installed libraries to the beginning of the library search list + new_libs= + for path in $notinst_path; do + case " $new_libs " in + *" -L$path/$objdir "*) ;; + *) + case " $compile_deplibs " in + *" -L$path/$objdir "*) + func_append new_libs " -L$path/$objdir" ;; esac - else - # Note the libdir as a future libdir. - case "$future_libdirs " in - *" $libdir "*) ;; - *) future_libdirs="$future_libdirs $libdir" ;; + ;; + esac + done + for deplib in $compile_deplibs; do + case $deplib in + -L*) + case " $new_libs " in + *" $deplib "*) ;; + *) func_append new_libs " $deplib" ;; esac - fi + ;; + *) func_append new_libs " $deplib" ;; + esac + done + compile_deplibs="$new_libs" - dir=`$echo "X$file" | $Xsed -e 's%/[^/]*$%%'`/ - test "X$dir" = "X$file/" && dir= - dir="$dir$objdir" - if test -n "$relink_command"; then - # Determine the prefix the user has applied to our future dir. - inst_prefix_dir=`$echo "$destdir" | $SED "s%$libdir\$%%"` + func_append compile_command " $compile_deplibs" + func_append finalize_command " $finalize_deplibs" - # Don't allow the user to place us outside of our expected - # location b/c this prevents finding dependent libraries that - # are installed to the same prefix. - # At present, this check doesn't affect windows .dll's that - # are installed into $libdir/../bin (currently, that works fine) - # but it's something to keep an eye on. - if test "$inst_prefix_dir" = "$destdir"; then - $echo "$modename: error: cannot install \`$file' to a directory not ending in $libdir" 1>&2 - exit $EXIT_FAILURE - fi + if test -n "$rpath$xrpath"; then + # If the user specified any rpath flags, then add them. + for libdir in $rpath $xrpath; do + # This is the magic to use -rpath. + case "$finalize_rpath " in + *" $libdir "*) ;; + *) func_append finalize_rpath " $libdir" ;; + esac + done + fi - if test -n "$inst_prefix_dir"; then - # Stick the inst_prefix_dir data into the link command. - relink_command=`$echo "$relink_command" | $SP2NL | $SED "s%@inst_prefix_dir@%-inst-prefix-dir $inst_prefix_dir%" | $NL2SP` + # Now hardcode the library paths + rpath= + hardcode_libdirs= + for libdir in $compile_rpath $finalize_rpath; do + if test -n "$hardcode_libdir_flag_spec"; then + if test -n "$hardcode_libdir_separator"; then + if test -z "$hardcode_libdirs"; then + hardcode_libdirs="$libdir" + else + # Just accumulate the unique libdirs. + case $hardcode_libdir_separator$hardcode_libdirs$hardcode_libdir_separator in + *"$hardcode_libdir_separator$libdir$hardcode_libdir_separator"*) + ;; + *) + func_append hardcode_libdirs "$hardcode_libdir_separator$libdir" + ;; + esac + fi else - relink_command=`$echo "$relink_command" | $SP2NL | $SED "s%@inst_prefix_dir@%%" | $NL2SP` + eval flag=\"$hardcode_libdir_flag_spec\" + func_append rpath " $flag" fi + elif test -n "$runpath_var"; then + case "$perm_rpath " in + *" $libdir "*) ;; + *) func_append perm_rpath " $libdir" ;; + esac + fi + case $host in + *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2* | *-cegcc*) + testbindir=`${ECHO} "$libdir" | ${SED} -e 's*/lib$*/bin*'` + case :$dllsearchpath: in + *":$libdir:"*) ;; + ::) dllsearchpath=$libdir;; + *) func_append dllsearchpath ":$libdir";; + esac + case :$dllsearchpath: in + *":$testbindir:"*) ;; + ::) dllsearchpath=$testbindir;; + *) func_append dllsearchpath ":$testbindir";; + esac + ;; + esac + done + # Substitute the hardcoded libdirs into the rpath. + if test -n "$hardcode_libdir_separator" && + test -n "$hardcode_libdirs"; then + libdir="$hardcode_libdirs" + eval rpath=\" $hardcode_libdir_flag_spec\" + fi + compile_rpath="$rpath" - $echo "$modename: warning: relinking \`$file'" 1>&2 - $show "$relink_command" - if $run eval "$relink_command"; then : + rpath= + hardcode_libdirs= + for libdir in $finalize_rpath; do + if test -n "$hardcode_libdir_flag_spec"; then + if test -n "$hardcode_libdir_separator"; then + if test -z "$hardcode_libdirs"; then + hardcode_libdirs="$libdir" + else + # Just accumulate the unique libdirs. + case $hardcode_libdir_separator$hardcode_libdirs$hardcode_libdir_separator in + *"$hardcode_libdir_separator$libdir$hardcode_libdir_separator"*) + ;; + *) + func_append hardcode_libdirs "$hardcode_libdir_separator$libdir" + ;; + esac + fi else - $echo "$modename: error: relink \`$file' with the above command before installing it" 1>&2 - exit $EXIT_FAILURE + eval flag=\"$hardcode_libdir_flag_spec\" + func_append rpath " $flag" fi + elif test -n "$runpath_var"; then + case "$finalize_perm_rpath " in + *" $libdir "*) ;; + *) func_append finalize_perm_rpath " $libdir" ;; + esac fi + done + # Substitute the hardcoded libdirs into the rpath. + if test -n "$hardcode_libdir_separator" && + test -n "$hardcode_libdirs"; then + libdir="$hardcode_libdirs" + eval rpath=\" $hardcode_libdir_flag_spec\" + fi + finalize_rpath="$rpath" - # See the names of the shared library. - set dummy $library_names - if test -n "$2"; then - realname="$2" - shift - shift + if test -n "$libobjs" && test "$build_old_libs" = yes; then + # Transform all the library objects into standard objects. + compile_command=`$ECHO "$compile_command" | $SP2NL | $SED "$lo2o" | $NL2SP` + finalize_command=`$ECHO "$finalize_command" | $SP2NL | $SED "$lo2o" | $NL2SP` + fi - srcname="$realname" - test -n "$relink_command" && srcname="$realname"T + func_generate_dlsyms "$outputname" "@PROGRAM@" "no" - # Install the shared library and build the symlinks. - $show "$install_prog $dir/$srcname $destdir/$realname" - $run eval "$install_prog $dir/$srcname $destdir/$realname" || exit $? - if test -n "$stripme" && test -n "$striplib"; then - $show "$striplib $destdir/$realname" - $run eval "$striplib $destdir/$realname" || exit $? - fi + # template prelinking step + if test -n "$prelink_cmds"; then + func_execute_cmds "$prelink_cmds" 'exit $?' + fi - if test "$#" -gt 0; then - # Delete the old symlinks, and create new ones. - # Try `ln -sf' first, because the `ln' binary might depend on - # the symlink we replace! Solaris /bin/ln does not understand -f, - # so we also need to try rm && ln -s. - for linkname - do - if test "$linkname" != "$realname"; then - $show "(cd $destdir && { $LN_S -f $realname $linkname || { $rm $linkname && $LN_S $realname $linkname; }; })" - $run eval "(cd $destdir && { $LN_S -f $realname $linkname || { $rm $linkname && $LN_S $realname $linkname; }; })" - fi - done - fi + wrappers_required=yes + case $host in + *cegcc* | *mingw32ce*) + # Disable wrappers for cegcc and mingw32ce hosts, we are cross compiling anyway. + wrappers_required=no + ;; + *cygwin* | *mingw* ) + if test "$build_libtool_libs" != yes; then + wrappers_required=no + fi + ;; + *) + if test "$need_relink" = no || test "$build_libtool_libs" != yes; then + wrappers_required=no + fi + ;; + esac + if test "$wrappers_required" = no; then + # Replace the output file specification. + compile_command=`$ECHO "$compile_command" | $SED 's%@OUTPUT@%'"$output"'%g'` + link_command="$compile_command$compile_rpath" - # Do each command in the postinstall commands. - lib="$destdir/$realname" - cmds=$postinstall_cmds - save_ifs="$IFS"; IFS='~' - for cmd in $cmds; do - IFS="$save_ifs" - eval cmd=\"$cmd\" - $show "$cmd" - $run eval "$cmd" || { - lt_exit=$? - - # Restore the uninstalled library and exit - if test "$mode" = relink; then - $run eval '(cd $output_objdir && $rm ${realname}T && $mv ${realname}U $realname)' - fi + # We have no uninstalled library dependencies, so finalize right now. + exit_status=0 + func_show_eval "$link_command" 'exit_status=$?' - exit $lt_exit - } - done - IFS="$save_ifs" + if test -n "$postlink_cmds"; then + func_to_tool_file "$output" + postlink_cmds=`func_echo_all "$postlink_cmds" | $SED -e 's%@OUTPUT@%'"$output"'%g' -e 's%@TOOL_OUTPUT@%'"$func_to_tool_file_result"'%g'` + func_execute_cmds "$postlink_cmds" 'exit $?' fi - # Install the pseudo-library for information purposes. - name=`$echo "X$file" | $Xsed -e 's%^.*/%%'` - instname="$dir/$name"i - $show "$install_prog $instname $destdir/$name" - $run eval "$install_prog $instname $destdir/$name" || exit $? + # Delete the generated files. + if test -f "$output_objdir/${outputname}S.${objext}"; then + func_show_eval '$RM "$output_objdir/${outputname}S.${objext}"' + fi - # Maybe install the static library, too. - test -n "$old_library" && staticlibs="$staticlibs $dir/$old_library" - ;; + exit $exit_status + fi - *.lo) - # Install (i.e. copy) a libtool object. + if test -n "$compile_shlibpath$finalize_shlibpath"; then + compile_command="$shlibpath_var=\"$compile_shlibpath$finalize_shlibpath\$$shlibpath_var\" $compile_command" + fi + if test -n "$finalize_shlibpath"; then + finalize_command="$shlibpath_var=\"$finalize_shlibpath\$$shlibpath_var\" $finalize_command" + fi - # Figure out destination file name, if it wasn't already specified. - if test -n "$destname"; then - destfile="$destdir/$destname" - else - destfile=`$echo "X$file" | $Xsed -e 's%^.*/%%'` - destfile="$destdir/$destfile" + compile_var= + finalize_var= + if test -n "$runpath_var"; then + if test -n "$perm_rpath"; then + # We should set the runpath_var. + rpath= + for dir in $perm_rpath; do + func_append rpath "$dir:" + done + compile_var="$runpath_var=\"$rpath\$$runpath_var\" " fi - - # Deduce the name of the destination old-style object file. - case $destfile in - *.lo) - staticdest=`$echo "X$destfile" | $Xsed -e "$lo2o"` - ;; - *.$objext) - staticdest="$destfile" - destfile= - ;; - *) - $echo "$modename: cannot copy a libtool object to \`$destfile'" 1>&2 - $echo "$help" 1>&2 - exit $EXIT_FAILURE - ;; - esac - - # Install the libtool object if requested. - if test -n "$destfile"; then - $show "$install_prog $file $destfile" - $run eval "$install_prog $file $destfile" || exit $? + if test -n "$finalize_perm_rpath"; then + # We should set the runpath_var. + rpath= + for dir in $finalize_perm_rpath; do + func_append rpath "$dir:" + done + finalize_var="$runpath_var=\"$rpath\$$runpath_var\" " fi + fi - # Install the old object if enabled. - if test "$build_old_libs" = yes; then - # Deduce the name of the old-style object file. - staticobj=`$echo "X$file" | $Xsed -e "$lo2o"` + if test "$no_install" = yes; then + # We don't need to create a wrapper script. + link_command="$compile_var$compile_command$compile_rpath" + # Replace the output file specification. + link_command=`$ECHO "$link_command" | $SED 's%@OUTPUT@%'"$output"'%g'` + # Delete the old output file. + $opt_dry_run || $RM $output + # Link the executable and exit + func_show_eval "$link_command" 'exit $?' - $show "$install_prog $staticobj $staticdest" - $run eval "$install_prog \$staticobj \$staticdest" || exit $? + if test -n "$postlink_cmds"; then + func_to_tool_file "$output" + postlink_cmds=`func_echo_all "$postlink_cmds" | $SED -e 's%@OUTPUT@%'"$output"'%g' -e 's%@TOOL_OUTPUT@%'"$func_to_tool_file_result"'%g'` + func_execute_cmds "$postlink_cmds" 'exit $?' fi + exit $EXIT_SUCCESS - ;; + fi - *) - # Figure out destination file name, if it wasn't already specified. - if test -n "$destname"; then - destfile="$destdir/$destname" + if test "$hardcode_action" = relink; then + # Fast installation is not supported + link_command="$compile_var$compile_command$compile_rpath" + relink_command="$finalize_var$finalize_command$finalize_rpath" + + func_warning "this platform does not like uninstalled shared libraries" + func_warning "\`$output' will be relinked during installation" + else + if test "$fast_install" != no; then + link_command="$finalize_var$compile_command$finalize_rpath" + if test "$fast_install" = yes; then + relink_command=`$ECHO "$compile_var$compile_command$compile_rpath" | $SED 's%@OUTPUT@%\$progdir/\$file%g'` + else + # fast_install is set to needless + relink_command= + fi else - destfile=`$echo "X$file" | $Xsed -e 's%^.*/%%'` - destfile="$destdir/$destfile" + link_command="$compile_var$compile_command$compile_rpath" + relink_command="$finalize_var$finalize_command$finalize_rpath" fi + fi - # If the file is missing, and there is a .exe on the end, strip it - # because it is most likely a libtool script we actually want to - # install - stripped_ext="" - case $file in - *.exe) - if test ! -f "$file"; then - file=`$echo $file|${SED} 's,.exe$,,'` - stripped_ext=".exe" - fi - ;; - esac - - # Do a test to see if this is really a libtool program. - case $host in - *cygwin*|*mingw*) - wrapper=`$echo $file | ${SED} -e 's,.exe$,,'` - ;; - *) - wrapper=$file - ;; - esac - if (${SED} -e '4q' $wrapper | grep "^# Generated by .*$PACKAGE")>/dev/null 2>&1; then - notinst_deplibs= - relink_command= - - # Note that it is not necessary on cygwin/mingw to append a dot to - # foo even if both foo and FILE.exe exist: automatic-append-.exe - # behavior happens only for exec(3), not for open(2)! Also, sourcing - # `FILE.' does not work on cygwin managed mounts. - # - # If there is no directory component, then add one. - case $wrapper in - */* | *\\*) . ${wrapper} ;; - *) . ./${wrapper} ;; - esac + # Replace the output file specification. + link_command=`$ECHO "$link_command" | $SED 's%@OUTPUT@%'"$output_objdir/$outputname"'%g'` - # Check the variables that should have been set. - if test -z "$notinst_deplibs"; then - $echo "$modename: invalid libtool wrapper script \`$wrapper'" 1>&2 - exit $EXIT_FAILURE - fi + # Delete the old output files. + $opt_dry_run || $RM $output $output_objdir/$outputname $output_objdir/lt-$outputname - finalize=yes - for lib in $notinst_deplibs; do - # Check to see that each library is installed. - libdir= - if test -f "$lib"; then - # If there is no directory component, then add one. - case $lib in - */* | *\\*) . $lib ;; - *) . ./$lib ;; - esac - fi - libfile="$libdir/"`$echo "X$lib" | $Xsed -e 's%^.*/%%g'` ### testsuite: skip nested quoting test - if test -n "$libdir" && test ! -f "$libfile"; then - $echo "$modename: warning: \`$lib' has not been installed in \`$libdir'" 1>&2 - finalize=no - fi - done + func_show_eval "$link_command" 'exit $?' - relink_command= - # Note that it is not necessary on cygwin/mingw to append a dot to - # foo even if both foo and FILE.exe exist: automatic-append-.exe - # behavior happens only for exec(3), not for open(2)! Also, sourcing - # `FILE.' does not work on cygwin managed mounts. - # - # If there is no directory component, then add one. - case $wrapper in - */* | *\\*) . ${wrapper} ;; - *) . ./${wrapper} ;; - esac + if test -n "$postlink_cmds"; then + func_to_tool_file "$output_objdir/$outputname" + postlink_cmds=`func_echo_all "$postlink_cmds" | $SED -e 's%@OUTPUT@%'"$output_objdir/$outputname"'%g' -e 's%@TOOL_OUTPUT@%'"$func_to_tool_file_result"'%g'` + func_execute_cmds "$postlink_cmds" 'exit $?' + fi - outputname= - if test "$fast_install" = no && test -n "$relink_command"; then - if test "$finalize" = yes && test -z "$run"; then - tmpdir=`func_mktempdir` - file=`$echo "X$file$stripped_ext" | $Xsed -e 's%^.*/%%'` - outputname="$tmpdir/$file" - # Replace the output file specification. - relink_command=`$echo "X$relink_command" | $SP2NL | $Xsed -e 's%@OUTPUT@%'"$outputname"'%g' | $NL2SP` + # Now create the wrapper script. + func_verbose "creating $output" - $show "$relink_command" - if $run eval "$relink_command"; then : - else - $echo "$modename: error: relink \`$file' with the above command before installing it" 1>&2 - ${rm}r "$tmpdir" - continue - fi - file="$outputname" - else - $echo "$modename: warning: cannot relink \`$file'" 1>&2 - fi + # Quote the relink command for shipping. + if test -n "$relink_command"; then + # Preserve any variables that may affect compiler behavior + for var in $variables_saved_for_relink; do + if eval test -z \"\${$var+set}\"; then + relink_command="{ test -z \"\${$var+set}\" || $lt_unset $var || { $var=; export $var; }; }; $relink_command" + elif eval var_value=\$$var; test -z "$var_value"; then + relink_command="$var=; export $var; $relink_command" else - # Install the binary that we compiled earlier. - file=`$echo "X$file$stripped_ext" | $Xsed -e "s%\([^/]*\)$%$objdir/\1%"` + func_quote_for_eval "$var_value" + relink_command="$var=$func_quote_for_eval_result; export $var; $relink_command" fi - fi + done + relink_command="(cd `pwd`; $relink_command)" + relink_command=`$ECHO "$relink_command" | $SED "$sed_quote_subst"` + fi - # remove .exe since cygwin /usr/bin/install will append another - # one anyway - case $install_prog,$host in - */usr/bin/install*,*cygwin*) - case $file:$destfile in - *.exe:*.exe) - # this is ok - ;; - *.exe:*) - destfile=$destfile.exe - ;; - *:*.exe) - destfile=`$echo $destfile | ${SED} -e 's,.exe$,,'` - ;; - esac - ;; + # Only actually do things if not in dry run mode. + $opt_dry_run || { + # win32 will think the script is a binary if it has + # a .exe suffix, so we strip it off here. + case $output in + *.exe) func_stripname '' '.exe' "$output" + output=$func_stripname_result ;; esac - $show "$install_prog$stripme $file $destfile" - $run eval "$install_prog\$stripme \$file \$destfile" || exit $? - test -n "$outputname" && ${rm}r "$tmpdir" - ;; - esac - done + # test for cygwin because mv fails w/o .exe extensions + case $host in + *cygwin*) + exeext=.exe + func_stripname '' '.exe' "$outputname" + outputname=$func_stripname_result ;; + *) exeext= ;; + esac + case $host in + *cygwin* | *mingw* ) + func_dirname_and_basename "$output" "" "." + output_name=$func_basename_result + output_path=$func_dirname_result + cwrappersource="$output_path/$objdir/lt-$output_name.c" + cwrapper="$output_path/$output_name.exe" + $RM $cwrappersource $cwrapper + trap "$RM $cwrappersource $cwrapper; exit $EXIT_FAILURE" 1 2 15 + + func_emit_cwrapperexe_src > $cwrappersource + + # The wrapper executable is built using the $host compiler, + # because it contains $host paths and files. If cross- + # compiling, it, like the target executable, must be + # executed on the $host or under an emulation environment. + $opt_dry_run || { + $LTCC $LTCFLAGS -o $cwrapper $cwrappersource + $STRIP $cwrapper + } - for file in $staticlibs; do - name=`$echo "X$file" | $Xsed -e 's%^.*/%%'` + # Now, create the wrapper script for func_source use: + func_ltwrapper_scriptname $cwrapper + $RM $func_ltwrapper_scriptname_result + trap "$RM $func_ltwrapper_scriptname_result; exit $EXIT_FAILURE" 1 2 15 + $opt_dry_run || { + # note: this script will not be executed, so do not chmod. + if test "x$build" = "x$host" ; then + $cwrapper --lt-dump-script > $func_ltwrapper_scriptname_result + else + func_emit_wrapper no > $func_ltwrapper_scriptname_result + fi + } + ;; + * ) + $RM $output + trap "$RM $output; exit $EXIT_FAILURE" 1 2 15 - # Set up the ranlib parameters. - oldlib="$destdir/$name" + func_emit_wrapper no > $output + chmod +x $output + ;; + esac + } + exit $EXIT_SUCCESS + ;; + esac - $show "$install_prog $file $oldlib" - $run eval "$install_prog \$file \$oldlib" || exit $? + # See if we need to build an old-fashioned archive. + for oldlib in $oldlibs; do - if test -n "$stripme" && test -n "$old_striplib"; then - $show "$old_striplib $oldlib" - $run eval "$old_striplib $oldlib" || exit $? + if test "$build_libtool_libs" = convenience; then + oldobjs="$libobjs_save $symfileobj" + addlibs="$convenience" + build_libtool_libs=no + else + if test "$build_libtool_libs" = module; then + oldobjs="$libobjs_save" + build_libtool_libs=no + else + oldobjs="$old_deplibs $non_pic_objects" + if test "$preload" = yes && test -f "$symfileobj"; then + func_append oldobjs " $symfileobj" + fi + fi + addlibs="$old_convenience" fi - # Do each command in the postinstall commands. - cmds=$old_postinstall_cmds - save_ifs="$IFS"; IFS='~' - for cmd in $cmds; do - IFS="$save_ifs" - eval cmd=\"$cmd\" - $show "$cmd" - $run eval "$cmd" || exit $? - done - IFS="$save_ifs" - done + if test -n "$addlibs"; then + gentop="$output_objdir/${outputname}x" + func_append generated " $gentop" - if test -n "$future_libdirs"; then - $echo "$modename: warning: remember to run \`$progname --finish$future_libdirs'" 1>&2 - fi + func_extract_archives $gentop $addlibs + func_append oldobjs " $func_extract_archives_result" + fi - if test -n "$current_libdirs"; then - # Maybe just do a dry run. - test -n "$run" && current_libdirs=" -n$current_libdirs" - exec_cmd='$SHELL $progpath $preserve_args --finish$current_libdirs' - else - exit $EXIT_SUCCESS - fi - ;; + # Do each command in the archive commands. + if test -n "$old_archive_from_new_cmds" && test "$build_libtool_libs" = yes; then + cmds=$old_archive_from_new_cmds + else - # libtool finish mode - finish) - modename="$modename: finish" - libdirs="$nonopt" - admincmds= + # Add any objects from preloaded convenience libraries + if test -n "$dlprefiles"; then + gentop="$output_objdir/${outputname}x" + func_append generated " $gentop" - if test -n "$finish_cmds$finish_eval" && test -n "$libdirs"; then - for dir - do - libdirs="$libdirs $dir" - done + func_extract_archives $gentop $dlprefiles + func_append oldobjs " $func_extract_archives_result" + fi - for libdir in $libdirs; do - if test -n "$finish_cmds"; then - # Do each command in the finish commands. - cmds=$finish_cmds - save_ifs="$IFS"; IFS='~' - for cmd in $cmds; do - IFS="$save_ifs" - eval cmd=\"$cmd\" - $show "$cmd" - $run eval "$cmd" || admincmds="$admincmds - $cmd" + # POSIX demands no paths to be encoded in archives. We have + # to avoid creating archives with duplicate basenames if we + # might have to extract them afterwards, e.g., when creating a + # static archive out of a convenience library, or when linking + # the entirety of a libtool archive into another (currently + # not supported by libtool). + if (for obj in $oldobjs + do + func_basename "$obj" + $ECHO "$func_basename_result" + done | sort | sort -uc >/dev/null 2>&1); then + : + else + echo "copying selected object files to avoid basename conflicts..." + gentop="$output_objdir/${outputname}x" + func_append generated " $gentop" + func_mkdir_p "$gentop" + save_oldobjs=$oldobjs + oldobjs= + counter=1 + for obj in $save_oldobjs + do + func_basename "$obj" + objbase="$func_basename_result" + case " $oldobjs " in + " ") oldobjs=$obj ;; + *[\ /]"$objbase "*) + while :; do + # Make sure we don't pick an alternate name that also + # overlaps. + newobj=lt$counter-$objbase + func_arith $counter + 1 + counter=$func_arith_result + case " $oldobjs " in + *[\ /]"$newobj "*) ;; + *) if test ! -f "$gentop/$newobj"; then break; fi ;; + esac + done + func_show_eval "ln $obj $gentop/$newobj || cp $obj $gentop/$newobj" + func_append oldobjs " $gentop/$newobj" + ;; + *) func_append oldobjs " $obj" ;; + esac done - IFS="$save_ifs" - fi - if test -n "$finish_eval"; then - # Do the single finish_eval. - eval cmds=\"$finish_eval\" - $run eval "$cmds" || admincmds="$admincmds - $cmds" fi - done - fi - - # Exit here if they wanted silent mode. - test "$show" = : && exit $EXIT_SUCCESS + eval cmds=\"$old_archive_cmds\" - $echo "X----------------------------------------------------------------------" | $Xsed - $echo "Libraries have been installed in:" - for libdir in $libdirs; do - $echo " $libdir" + func_len " $cmds" + len=$func_len_result + if test "$len" -lt "$max_cmd_len" || test "$max_cmd_len" -le -1; then + cmds=$old_archive_cmds + elif test -n "$archiver_list_spec"; then + func_verbose "using command file archive linking..." + for obj in $oldobjs + do + func_to_tool_file "$obj" + $ECHO "$func_to_tool_file_result" + done > $output_objdir/$libname.libcmd + func_to_tool_file "$output_objdir/$libname.libcmd" + oldobjs=" $archiver_list_spec$func_to_tool_file_result" + cmds=$old_archive_cmds + else + # the command line is too long to link in one step, link in parts + func_verbose "using piecewise archive linking..." + save_RANLIB=$RANLIB + RANLIB=: + objlist= + concat_cmds= + save_oldobjs=$oldobjs + oldobjs= + # Is there a better way of finding the last object in the list? + for obj in $save_oldobjs + do + last_oldobj=$obj + done + eval test_cmds=\"$old_archive_cmds\" + func_len " $test_cmds" + len0=$func_len_result + len=$len0 + for obj in $save_oldobjs + do + func_len " $obj" + func_arith $len + $func_len_result + len=$func_arith_result + func_append objlist " $obj" + if test "$len" -lt "$max_cmd_len"; then + : + else + # the above command should be used before it gets too long + oldobjs=$objlist + if test "$obj" = "$last_oldobj" ; then + RANLIB=$save_RANLIB + fi + test -z "$concat_cmds" || concat_cmds=$concat_cmds~ + eval concat_cmds=\"\${concat_cmds}$old_archive_cmds\" + objlist= + len=$len0 + fi + done + RANLIB=$save_RANLIB + oldobjs=$objlist + if test "X$oldobjs" = "X" ; then + eval cmds=\"\$concat_cmds\" + else + eval cmds=\"\$concat_cmds~\$old_archive_cmds\" + fi + fi + fi + func_execute_cmds "$cmds" 'exit $?' done - $echo - $echo "If you ever happen to want to link against installed libraries" - $echo "in a given directory, LIBDIR, you must either use libtool, and" - $echo "specify the full pathname of the library, or use the \`-LLIBDIR'" - $echo "flag during linking and do at least one of the following:" - if test -n "$shlibpath_var"; then - $echo " - add LIBDIR to the \`$shlibpath_var' environment variable" - $echo " during execution" - fi - if test -n "$runpath_var"; then - $echo " - add LIBDIR to the \`$runpath_var' environment variable" - $echo " during linking" - fi - if test -n "$hardcode_libdir_flag_spec"; then - libdir=LIBDIR - eval flag=\"$hardcode_libdir_flag_spec\" - - $echo " - use the \`$flag' linker flag" - fi - if test -n "$admincmds"; then - $echo " - have your system administrator run these commands:$admincmds" - fi - if test -f /etc/ld.so.conf; then - $echo " - have your system administrator add LIBDIR to \`/etc/ld.so.conf'" - fi - $echo - $echo "See any operating system documentation about shared libraries for" - $echo "more information, such as the ld(1) and ld.so(8) manual pages." - $echo "X----------------------------------------------------------------------" | $Xsed - exit $EXIT_SUCCESS - ;; - - # libtool execute mode - execute) - modename="$modename: execute" - # The first argument is the command name. - cmd="$nonopt" - if test -z "$cmd"; then - $echo "$modename: you must specify a COMMAND" 1>&2 - $echo "$help" - exit $EXIT_FAILURE - fi + test -n "$generated" && \ + func_show_eval "${RM}r$generated" - # Handle -dlopen flags immediately. - for file in $execute_dlfiles; do - if test ! -f "$file"; then - $echo "$modename: \`$file' is not a file" 1>&2 - $echo "$help" 1>&2 - exit $EXIT_FAILURE - fi + # Now create the libtool archive. + case $output in + *.la) + old_library= + test "$build_old_libs" = yes && old_library="$libname.$libext" + func_verbose "creating $output" - dir= - case $file in - *.la) - # Check to see that this really is a libtool archive. - if (${SED} -e '2q' $file | grep "^# Generated by .*$PACKAGE") >/dev/null 2>&1; then : + # Preserve any variables that may affect compiler behavior + for var in $variables_saved_for_relink; do + if eval test -z \"\${$var+set}\"; then + relink_command="{ test -z \"\${$var+set}\" || $lt_unset $var || { $var=; export $var; }; }; $relink_command" + elif eval var_value=\$$var; test -z "$var_value"; then + relink_command="$var=; export $var; $relink_command" else - $echo "$modename: \`$lib' is not a valid libtool archive" 1>&2 - $echo "$help" 1>&2 - exit $EXIT_FAILURE + func_quote_for_eval "$var_value" + relink_command="$var=$func_quote_for_eval_result; export $var; $relink_command" fi + done + # Quote the link command for shipping. + relink_command="(cd `pwd`; $SHELL $progpath $preserve_args --mode=relink $libtool_args @inst_prefix_dir@)" + relink_command=`$ECHO "$relink_command" | $SED "$sed_quote_subst"` + if test "$hardcode_automatic" = yes ; then + relink_command= + fi - # Read the libtool library. - dlname= - library_names= + # Only create the output if not a dry run. + $opt_dry_run || { + for installed in no yes; do + if test "$installed" = yes; then + if test -z "$install_libdir"; then + break + fi + output="$output_objdir/$outputname"i + # Replace all uninstalled libtool libraries with the installed ones + newdependency_libs= + for deplib in $dependency_libs; do + case $deplib in + *.la) + func_basename "$deplib" + name="$func_basename_result" + eval libdir=`${SED} -n -e 's/^libdir=\(.*\)$/\1/p' $deplib` + test -z "$libdir" && \ + func_fatal_error "\`$deplib' is not a valid libtool archive" + func_append newdependency_libs " ${lt_sysroot:+=}$libdir/$name" + ;; + -L*) + func_stripname -L '' "$deplib" + func_replace_sysroot "$func_stripname_result" + func_append newdependency_libs " -L$func_replace_sysroot_result" + ;; + -R*) + func_stripname -R '' "$deplib" + func_replace_sysroot "$func_stripname_result" + func_append newdependency_libs " -R$func_replace_sysroot_result" + ;; + *) func_append newdependency_libs " $deplib" ;; + esac + done + dependency_libs="$newdependency_libs" + newdlfiles= - # If there is no directory component, then add one. - case $file in - */* | *\\*) . $file ;; - *) . ./$file ;; - esac + for lib in $dlfiles; do + case $lib in + *.la) + func_basename "$lib" + name="$func_basename_result" + eval libdir=`${SED} -n -e 's/^libdir=\(.*\)$/\1/p' $lib` + test -z "$libdir" && \ + func_fatal_error "\`$lib' is not a valid libtool archive" + func_append newdlfiles " ${lt_sysroot:+=}$libdir/$name" + ;; + *) func_append newdlfiles " $lib" ;; + esac + done + dlfiles="$newdlfiles" + newdlprefiles= + for lib in $dlprefiles; do + case $lib in + *.la) + # Only pass preopened files to the pseudo-archive (for + # eventual linking with the app. that links it) if we + # didn't already link the preopened objects directly into + # the library: + func_basename "$lib" + name="$func_basename_result" + eval libdir=`${SED} -n -e 's/^libdir=\(.*\)$/\1/p' $lib` + test -z "$libdir" && \ + func_fatal_error "\`$lib' is not a valid libtool archive" + func_append newdlprefiles " ${lt_sysroot:+=}$libdir/$name" + ;; + esac + done + dlprefiles="$newdlprefiles" + else + newdlfiles= + for lib in $dlfiles; do + case $lib in + [\\/]* | [A-Za-z]:[\\/]*) abs="$lib" ;; + *) abs=`pwd`"/$lib" ;; + esac + func_append newdlfiles " $abs" + done + dlfiles="$newdlfiles" + newdlprefiles= + for lib in $dlprefiles; do + case $lib in + [\\/]* | [A-Za-z]:[\\/]*) abs="$lib" ;; + *) abs=`pwd`"/$lib" ;; + esac + func_append newdlprefiles " $abs" + done + dlprefiles="$newdlprefiles" + fi + $RM $output + # place dlname in correct position for cygwin + # In fact, it would be nice if we could use this code for all target + # systems that can't hard-code library paths into their executables + # and that have no shared library path variable independent of PATH, + # but it turns out we can't easily determine that from inspecting + # libtool variables, so we have to hard-code the OSs to which it + # applies here; at the moment, that means platforms that use the PE + # object format with DLL files. See the long comment at the top of + # tests/bindir.at for full details. + tdlname=$dlname + case $host,$output,$installed,$module,$dlname in + *cygwin*,*lai,yes,no,*.dll | *mingw*,*lai,yes,no,*.dll | *cegcc*,*lai,yes,no,*.dll) + # If a -bindir argument was supplied, place the dll there. + if test "x$bindir" != x ; + then + func_relative_path "$install_libdir" "$bindir" + tdlname=$func_relative_path_result$dlname + else + # Otherwise fall back on heuristic. + tdlname=../bin/$dlname + fi + ;; + esac + $ECHO > $output "\ +# $outputname - a libtool library file +# Generated by $PROGRAM (GNU $PACKAGE$TIMESTAMP) $VERSION +# +# Please DO NOT delete this file! +# It is necessary for linking the library. - # Skip this library if it cannot be dlopened. - if test -z "$dlname"; then - # Warn if it was a shared library. - test -n "$library_names" && $echo "$modename: warning: \`$file' was not linked with \`-export-dynamic'" - continue - fi +# The name that we can dlopen(3). +dlname='$tdlname' - dir=`$echo "X$file" | $Xsed -e 's%/[^/]*$%%'` - test "X$dir" = "X$file" && dir=. +# Names of this library. +library_names='$library_names' - if test -f "$dir/$objdir/$dlname"; then - dir="$dir/$objdir" - else - if test ! -f "$dir/$dlname"; then - $echo "$modename: cannot find \`$dlname' in \`$dir' or \`$dir/$objdir'" 1>&2 - exit $EXIT_FAILURE - fi - fi - ;; +# The name of the static archive. +old_library='$old_library' - *.lo) - # Just add the directory containing the .lo file. - dir=`$echo "X$file" | $Xsed -e 's%/[^/]*$%%'` - test "X$dir" = "X$file" && dir=. - ;; +# Linker flags that can not go in dependency_libs. +inherited_linker_flags='$new_inherited_linker_flags' - *) - $echo "$modename: warning \`-dlopen' is ignored for non-libtool libraries and objects" 1>&2 - continue - ;; - esac +# Libraries that this one depends upon. +dependency_libs='$dependency_libs' - # Get the absolute pathname. - absdir=`cd "$dir" && pwd` - test -n "$absdir" && dir="$absdir" +# Names of additional weak libraries provided by this library +weak_library_names='$weak_libs' - # Now add the directory to shlibpath_var. - if eval "test -z \"\$$shlibpath_var\""; then - eval "$shlibpath_var=\"\$dir\"" - else - eval "$shlibpath_var=\"\$dir:\$$shlibpath_var\"" - fi - done +# Version information for $libname. +current=$current +age=$age +revision=$revision - # This variable tells wrapper scripts just to set shlibpath_var - # rather than running their programs. - libtool_execute_magic="$magic" +# Is this an already installed library? +installed=$installed - # Check if any of the arguments is a wrapper script. - args= - for file - do - case $file in - -*) ;; - *) - # Do a test to see if this is really a libtool program. - if (${SED} -e '4q' $file | grep "^# Generated by .*$PACKAGE") >/dev/null 2>&1; then - # If there is no directory component, then add one. - case $file in - */* | *\\*) . $file ;; - *) . ./$file ;; - esac +# Should we warn about portability when linking against -modules? +shouldnotlink=$module - # Transform arg to wrapped name. - file="$progdir/$program" - fi - ;; - esac - # Quote arguments (to preserve shell metacharacters). - file=`$echo "X$file" | $Xsed -e "$sed_quote_subst"` - args="$args \"$file\"" - done +# Files to dlopen/dlpreopen +dlopen='$dlfiles' +dlpreopen='$dlprefiles' - if test -z "$run"; then - if test -n "$shlibpath_var"; then - # Export the shlibpath_var. - eval "export $shlibpath_var" - fi +# Directory that this library needs to be installed in: +libdir='$install_libdir'" + if test "$installed" = no && test "$need_relink" = yes; then + $ECHO >> $output "\ +relink_command=\"$relink_command\"" + fi + done + } - # Restore saved environment variables - for lt_var in LANG LANGUAGE LC_ALL LC_CTYPE LC_COLLATE LC_MESSAGES - do - eval "if test \"\${save_$lt_var+set}\" = set; then - $lt_var=\$save_$lt_var; export $lt_var - fi" - done + # Do a symbolic link so that the libtool archive can be found in + # LD_LIBRARY_PATH before the program is installed. + func_show_eval '( cd "$output_objdir" && $RM "$outputname" && $LN_S "../$outputname" "$outputname" )' 'exit $?' + ;; + esac + exit $EXIT_SUCCESS +} - # Now prepare to actually exec the command. - exec_cmd="\$cmd$args" - else - # Display what would be done. - if test -n "$shlibpath_var"; then - eval "\$echo \"\$shlibpath_var=\$$shlibpath_var\"" - $echo "export $shlibpath_var" - fi - $echo "$cmd$args" - exit $EXIT_SUCCESS - fi - ;; +{ test "$opt_mode" = link || test "$opt_mode" = relink; } && + func_mode_link ${1+"$@"} - # libtool clean and uninstall mode - clean | uninstall) - modename="$modename: $mode" - rm="$nonopt" + +# func_mode_uninstall arg... +func_mode_uninstall () +{ + $opt_debug + RM="$nonopt" files= rmforce= exit_status=0 @@ -6540,44 +9441,41 @@ for arg do case $arg in - -f) rm="$rm $arg"; rmforce=yes ;; - -*) rm="$rm $arg" ;; - *) files="$files $arg" ;; + -f) func_append RM " $arg"; rmforce=yes ;; + -*) func_append RM " $arg" ;; + *) func_append files " $arg" ;; esac done - if test -z "$rm"; then - $echo "$modename: you must specify an RM program" 1>&2 - $echo "$help" 1>&2 - exit $EXIT_FAILURE - fi + test -z "$RM" && \ + func_fatal_help "you must specify an RM program" rmdirs= - origobjdir="$objdir" for file in $files; do - dir=`$echo "X$file" | $Xsed -e 's%/[^/]*$%%'` - if test "X$dir" = "X$file"; then - dir=. - objdir="$origobjdir" + func_dirname "$file" "" "." + dir="$func_dirname_result" + if test "X$dir" = X.; then + odir="$objdir" else - objdir="$dir/$origobjdir" + odir="$dir/$objdir" fi - name=`$echo "X$file" | $Xsed -e 's%^.*/%%'` - test "$mode" = uninstall && objdir="$dir" + func_basename "$file" + name="$func_basename_result" + test "$opt_mode" = uninstall && odir="$dir" - # Remember objdir for removal later, being careful to avoid duplicates - if test "$mode" = clean; then + # Remember odir for removal later, being careful to avoid duplicates + if test "$opt_mode" = clean; then case " $rmdirs " in - *" $objdir "*) ;; - *) rmdirs="$rmdirs $objdir" ;; + *" $odir "*) ;; + *) func_append rmdirs " $odir" ;; esac fi # Don't error if the file doesn't exist and rm -f was used. - if (test -L "$file") >/dev/null 2>&1 \ - || (test -h "$file") >/dev/null 2>&1 \ - || test -f "$file"; then + if { test -L "$file"; } >/dev/null 2>&1 || + { test -h "$file"; } >/dev/null 2>&1 || + test -f "$file"; then : elif test -d "$file"; then exit_status=1 @@ -6591,55 +9489,32 @@ case $name in *.la) # Possibly a libtool archive, so verify it. - if (${SED} -e '2q' $file | grep "^# Generated by .*$PACKAGE") >/dev/null 2>&1; then - . $dir/$name + if func_lalib_p "$file"; then + func_source $dir/$name # Delete the libtool libraries and symlinks. for n in $library_names; do - rmfiles="$rmfiles $objdir/$n" + func_append rmfiles " $odir/$n" done - test -n "$old_library" && rmfiles="$rmfiles $objdir/$old_library" + test -n "$old_library" && func_append rmfiles " $odir/$old_library" - case "$mode" in + case "$opt_mode" in clean) - case " $library_names " in - # " " in the beginning catches empty $dlname + case " $library_names " in *" $dlname "*) ;; - *) rmfiles="$rmfiles $objdir/$dlname" ;; + *) test -n "$dlname" && func_append rmfiles " $odir/$dlname" ;; esac - test -n "$libdir" && rmfiles="$rmfiles $objdir/$name $objdir/${name}i" + test -n "$libdir" && func_append rmfiles " $odir/$name $odir/${name}i" ;; uninstall) if test -n "$library_names"; then # Do each command in the postuninstall commands. - cmds=$postuninstall_cmds - save_ifs="$IFS"; IFS='~' - for cmd in $cmds; do - IFS="$save_ifs" - eval cmd=\"$cmd\" - $show "$cmd" - $run eval "$cmd" - if test "$?" -ne 0 && test "$rmforce" != yes; then - exit_status=1 - fi - done - IFS="$save_ifs" + func_execute_cmds "$postuninstall_cmds" 'test "$rmforce" = yes || exit_status=1' fi if test -n "$old_library"; then # Do each command in the old_postuninstall commands. - cmds=$old_postuninstall_cmds - save_ifs="$IFS"; IFS='~' - for cmd in $cmds; do - IFS="$save_ifs" - eval cmd=\"$cmd\" - $show "$cmd" - $run eval "$cmd" - if test "$?" -ne 0 && test "$rmforce" != yes; then - exit_status=1 - fi - done - IFS="$save_ifs" + func_execute_cmds "$old_postuninstall_cmds" 'test "$rmforce" = yes || exit_status=1' fi # FIXME: should reinstall the best remaining shared library. ;; @@ -6649,288 +9524,95 @@ *.lo) # Possibly a libtool object, so verify it. - if (${SED} -e '2q' $file | grep "^# Generated by .*$PACKAGE") >/dev/null 2>&1; then + if func_lalib_p "$file"; then # Read the .lo file - . $dir/$name + func_source $dir/$name # Add PIC object to the list of files to remove. - if test -n "$pic_object" \ - && test "$pic_object" != none; then - rmfiles="$rmfiles $dir/$pic_object" + if test -n "$pic_object" && + test "$pic_object" != none; then + func_append rmfiles " $dir/$pic_object" fi # Add non-PIC object to the list of files to remove. - if test -n "$non_pic_object" \ - && test "$non_pic_object" != none; then - rmfiles="$rmfiles $dir/$non_pic_object" + if test -n "$non_pic_object" && + test "$non_pic_object" != none; then + func_append rmfiles " $dir/$non_pic_object" fi fi ;; *) - if test "$mode" = clean ; then + if test "$opt_mode" = clean ; then noexename=$name case $file in *.exe) - file=`$echo $file|${SED} 's,.exe$,,'` - noexename=`$echo $name|${SED} 's,.exe$,,'` + func_stripname '' '.exe' "$file" + file=$func_stripname_result + func_stripname '' '.exe' "$name" + noexename=$func_stripname_result # $file with .exe has already been added to rmfiles, # add $file without .exe - rmfiles="$rmfiles $file" + func_append rmfiles " $file" ;; esac # Do a test to see if this is a libtool program. - if (${SED} -e '4q' $file | grep "^# Generated by .*$PACKAGE") >/dev/null 2>&1; then - relink_command= - . $dir/$noexename + if func_ltwrapper_p "$file"; then + if func_ltwrapper_executable_p "$file"; then + func_ltwrapper_scriptname "$file" + relink_command= + func_source $func_ltwrapper_scriptname_result + func_append rmfiles " $func_ltwrapper_scriptname_result" + else + relink_command= + func_source $dir/$noexename + fi # note $name still contains .exe if it was in $file originally # as does the version of $file that was added into $rmfiles - rmfiles="$rmfiles $objdir/$name $objdir/${name}S.${objext}" + func_append rmfiles " $odir/$name $odir/${name}S.${objext}" if test "$fast_install" = yes && test -n "$relink_command"; then - rmfiles="$rmfiles $objdir/lt-$name" + func_append rmfiles " $odir/lt-$name" fi if test "X$noexename" != "X$name" ; then - rmfiles="$rmfiles $objdir/lt-${noexename}.c" + func_append rmfiles " $odir/lt-${noexename}.c" fi fi fi ;; esac - $show "$rm $rmfiles" - $run $rm $rmfiles || exit_status=1 + func_show_eval "$RM $rmfiles" 'exit_status=1' done - objdir="$origobjdir" # Try to remove the ${objdir}s in the directories where we deleted files for dir in $rmdirs; do if test -d "$dir"; then - $show "rmdir $dir" - $run rmdir $dir >/dev/null 2>&1 + func_show_eval "rmdir $dir >/dev/null 2>&1" fi done exit $exit_status - ;; +} - "") - $echo "$modename: you must specify a MODE" 1>&2 - $echo "$generic_help" 1>&2 - exit $EXIT_FAILURE - ;; - esac +{ test "$opt_mode" = uninstall || test "$opt_mode" = clean; } && + func_mode_uninstall ${1+"$@"} - if test -z "$exec_cmd"; then - $echo "$modename: invalid operation mode \`$mode'" 1>&2 - $echo "$generic_help" 1>&2 - exit $EXIT_FAILURE - fi -fi # test -z "$show_help" +test -z "$opt_mode" && { + help="$generic_help" + func_fatal_help "you must specify a MODE" +} + +test -z "$exec_cmd" && \ + func_fatal_help "invalid operation mode \`$opt_mode'" if test -n "$exec_cmd"; then - eval exec $exec_cmd + eval exec "$exec_cmd" exit $EXIT_FAILURE fi -# We need to display help for each of the modes. -case $mode in -"") $echo \ -"Usage: $modename [OPTION]... [MODE-ARG]... - -Provide generalized library-building support services. - - --config show all configuration variables - --debug enable verbose shell tracing --n, --dry-run display commands without modifying any files - --features display basic configuration information and exit - --finish same as \`--mode=finish' - --help display this help message and exit - --mode=MODE use operation mode MODE [default=inferred from MODE-ARGS] - --quiet same as \`--silent' - --silent don't print informational messages - --tag=TAG use configuration variables from tag TAG - --version print version information - -MODE must be one of the following: - - clean remove files from the build directory - compile compile a source file into a libtool object - execute automatically set library path, then run a program - finish complete the installation of libtool libraries - install install libraries or executables - link create a library or an executable - uninstall remove libraries from an installed directory - -MODE-ARGS vary depending on the MODE. Try \`$modename --help --mode=MODE' for -a more detailed description of MODE. - -Report bugs to ." - exit $EXIT_SUCCESS - ;; - -clean) - $echo \ -"Usage: $modename [OPTION]... --mode=clean RM [RM-OPTION]... FILE... - -Remove files from the build directory. - -RM is the name of the program to use to delete files associated with each FILE -(typically \`/bin/rm'). RM-OPTIONS are options (such as \`-f') to be passed -to RM. - -If FILE is a libtool library, object or program, all the files associated -with it are deleted. Otherwise, only FILE itself is deleted using RM." - ;; - -compile) - $echo \ -"Usage: $modename [OPTION]... --mode=compile COMPILE-COMMAND... SOURCEFILE - -Compile a source file into a libtool library object. - -This mode accepts the following additional options: - - -o OUTPUT-FILE set the output file name to OUTPUT-FILE - -prefer-pic try to building PIC objects only - -prefer-non-pic try to building non-PIC objects only - -static always build a \`.o' file suitable for static linking - -COMPILE-COMMAND is a command to be used in creating a \`standard' object file -from the given SOURCEFILE. - -The output file name is determined by removing the directory component from -SOURCEFILE, then substituting the C source code suffix \`.c' with the -library object suffix, \`.lo'." - ;; - -execute) - $echo \ -"Usage: $modename [OPTION]... --mode=execute COMMAND [ARGS]... - -Automatically set library path, then run a program. - -This mode accepts the following additional options: - - -dlopen FILE add the directory containing FILE to the library path - -This mode sets the library path environment variable according to \`-dlopen' -flags. - -If any of the ARGS are libtool executable wrappers, then they are translated -into their corresponding uninstalled binary, and any of their required library -directories are added to the library path. - -Then, COMMAND is executed, with ARGS as arguments." - ;; - -finish) - $echo \ -"Usage: $modename [OPTION]... --mode=finish [LIBDIR]... - -Complete the installation of libtool libraries. - -Each LIBDIR is a directory that contains libtool libraries. - -The commands that this mode executes may require superuser privileges. Use -the \`--dry-run' option if you just want to see what would be executed." - ;; - -install) - $echo \ -"Usage: $modename [OPTION]... --mode=install INSTALL-COMMAND... - -Install executables or libraries. - -INSTALL-COMMAND is the installation command. The first component should be -either the \`install' or \`cp' program. - -The rest of the components are interpreted as arguments to that command (only -BSD-compatible install options are recognized)." - ;; - -link) - $echo \ -"Usage: $modename [OPTION]... --mode=link LINK-COMMAND... - -Link object files or libraries together to form another library, or to -create an executable program. - -LINK-COMMAND is a command using the C compiler that you would use to create -a program from several object files. - -The following components of LINK-COMMAND are treated specially: - - -all-static do not do any dynamic linking at all - -avoid-version do not add a version suffix if possible - -dlopen FILE \`-dlpreopen' FILE if it cannot be dlopened at runtime - -dlpreopen FILE link in FILE and add its symbols to lt_preloaded_symbols - -export-dynamic allow symbols from OUTPUT-FILE to be resolved with dlsym(3) - -export-symbols SYMFILE - try to export only the symbols listed in SYMFILE - -export-symbols-regex REGEX - try to export only the symbols matching REGEX - -LLIBDIR search LIBDIR for required installed libraries - -lNAME OUTPUT-FILE requires the installed library libNAME - -module build a library that can dlopened - -no-fast-install disable the fast-install mode - -no-install link a not-installable executable - -no-undefined declare that a library does not refer to external symbols - -o OUTPUT-FILE create OUTPUT-FILE from the specified objects - -objectlist FILE Use a list of object files found in FILE to specify objects - -precious-files-regex REGEX - don't remove output files matching REGEX - -release RELEASE specify package release information - -rpath LIBDIR the created library will eventually be installed in LIBDIR - -R[ ]LIBDIR add LIBDIR to the runtime path of programs and libraries - -static do not do any dynamic linking of uninstalled libtool libraries - -static-libtool-libs - do not do any dynamic linking of libtool libraries - -version-info CURRENT[:REVISION[:AGE]] - specify library version info [each variable defaults to 0] - -All other options (arguments beginning with \`-') are ignored. - -Every other argument is treated as a filename. Files ending in \`.la' are -treated as uninstalled libtool libraries, other files are standard or library -object files. - -If the OUTPUT-FILE ends in \`.la', then a libtool library is created, -only library objects (\`.lo' files) may be specified, and \`-rpath' is -required, except when creating a convenience library. - -If OUTPUT-FILE ends in \`.a' or \`.lib', then a standard library is created -using \`ar' and \`ranlib', or on Windows using \`lib'. - -If OUTPUT-FILE ends in \`.lo' or \`.${objext}', then a reloadable object file -is created, otherwise an executable program is created." - ;; - -uninstall) - $echo \ -"Usage: $modename [OPTION]... --mode=uninstall RM [RM-OPTION]... FILE... +exit $exit_status -Remove libraries from an installation directory. - -RM is the name of the program to use to delete files associated with each FILE -(typically \`/bin/rm'). RM-OPTIONS are options (such as \`-f') to be passed -to RM. - -If FILE is a libtool library, all the files associated with it are deleted. -Otherwise, only FILE itself is deleted using RM." - ;; - -*) - $echo "$modename: invalid operation mode \`$mode'" 1>&2 - $echo "$help" 1>&2 - exit $EXIT_FAILURE - ;; -esac - -$echo -$echo "Try \`$modename --help' for more information about other modes." - -exit $? # The TAGs below are defined such that we never get into a situation # in which we disable both kinds of libraries. Given conflicting @@ -6944,14 +9626,17 @@ # configuration. But we'll never go from static-only to shared-only. # ### BEGIN LIBTOOL TAG CONFIG: disable-shared -disable_libs=shared +build_libtool_libs=no +build_old_libs=yes # ### END LIBTOOL TAG CONFIG: disable-shared # ### BEGIN LIBTOOL TAG CONFIG: disable-static -disable_libs=static +build_old_libs=`case $build_libtool_libs in yes) echo no;; *) echo yes;; esac` # ### END LIBTOOL TAG CONFIG: disable-static # Local Variables: # mode:shell-script # sh-indentation:2 # End: +# vi:sw=2 + --- php5-5.3.10.orig/debian/libapache2-mod-php5.conf +++ php5-5.3.10/debian/libapache2-mod-php5.conf @@ -0,0 +1,16 @@ + + + SetHandler application/x-httpd-php + + + SetHandler application/x-httpd-php-source + + # To re-enable php in user directories comment the following lines + # (from to .) Do NOT set it to On as it + # prevents .htaccess files from disabling it. + + + php_admin_value engine Off + + + --- php5-5.3.10.orig/debian/control +++ php5-5.3.10/debian/control @@ -0,0 +1,476 @@ +Source: php5 +Section: php +Priority: optional +Maintainer: Ubuntu Developers +XSBC-Original-Maintainer: Debian PHP Maintainers +Uploaders: Ondřej Surý , + Sean Finney , + Thijs Kinkhorst +Build-Depends: apache2-prefork-dev, + autoconf (>= 2.63), + automake (>= 1.11) | automake1.11, + bison, + chrpath, + debhelper (>= 5), + flex, + freetds-dev, + hardening-wrapper, + libapr1-dev (>= 1.2.7-8), + libbz2-dev, + libcurl4-openssl-dev, + libdb-dev, + libenchant-dev, + libevent-dev (>= 1.4.11), + libexpat1-dev (>= 1.95.2-2.1), + libfreetype6-dev, + libgcrypt11-dev, + libgd2-xpm-dev, + libglib2.0-dev, + libgmp3-dev, + libicu-dev, + libjpeg-dev | libjpeg62-dev, + libkrb5-dev, + libldap2-dev, + libmagic-dev, + libmhash-dev (>= 0.8.8), + libmysqlclient-dev, + libpam0g-dev, + libpcre3-dev (>= 6.6), + libpng12-dev, + libpq-dev, + libpspell-dev, + librecode-dev, + libsasl2-dev, + libsnmp-dev, + libsqlite3-dev, + libssl-dev, + libt1-dev, + libtidy-dev, + libtool (>= 2.2), + libwrap0-dev, + libxmltok1-dev, + libxml2-dev, + libxslt1-dev (>= 1.0.18), + lemon, + mysql-server-core-5.5, + mysql-client-5.5, + locales-all | language-pack-de, + netbase, + netcat-openbsd | netcat, + quilt, + re2c, + unixodbc-dev, + zlib1g-dev, + libedit-dev, + tzdata +Build-Conflicts: bind-dev +Standards-Version: 3.9.2 +Vcs-Git: git://git.debian.org/pkg-php/php.git +Vcs-Browser: http://git.debian.org/?p=pkg-php/php.git +Homepage: http://www.php.net/ + +Package: php5 +Architecture: all +Depends: ${misc:Depends}, libapache2-mod-php5 (>= ${source:Version}) | libapache2-mod-php5filter (>= ${source:Version}) | php5-cgi (>= ${source:Version}) | php5-fpm (>= ${source:Version}), php5-common (>= ${source:Version}) +Description: server-side, HTML-embedded scripting language (metapackage) + This package is a metapackage that, when installed, guarantees that you + have at least one of the four server-side versions of the PHP5 interpreter + installed. Removing this package won't remove PHP5 from your system, however + it may remove other packages that depend on this one. + . + PHP5 is a widely-used general-purpose scripting language that is + especially suited for Web development and can be embedded into HTML. + The goal of the language is to allow web developers to write + dynamically generated pages quickly. + +Package: php5-common +Architecture: any +Depends: ${misc:Depends}, sed (>= 4.1.1-1), ${shlibs:Depends} +Suggests: php5-suhosin +Provides: php5-json, php5-mhash +Conflicts: php5-json, php5-mhash +Description: Common files for packages built from the php5 source + This package contains the documentation and example files relevant to all + the other packages built from the php5 source. + . + PHP5 is a widely-used general-purpose scripting language that is + especially suited for Web development and can be embedded into HTML. + The goal of the language is to allow web developers to write + dynamically generated pages quickly. + +Package: libapache2-mod-php5 +Section: httpd +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends}, mime-support, ${apache2:Depends}, php5-common (= ${binary:Version}), libmagic1, ucf, tzdata +Conflicts: libapache2-mod-php4, libapache2-mod-php5filter +Provides: ${php:Provides} +Recommends: php5-cli +Suggests: php-pear +Description: server-side, HTML-embedded scripting language (Apache 2 module) + This package provides the PHP5 module for the Apache 2 webserver (as + found in the apache2-mpm-prefork package). Please note that this package + ONLY works with Apache's prefork MPM, as it is not compiled thread-safe. + . + ${php:Extensions} + . + PHP5 is a widely-used general-purpose scripting language that is + especially suited for Web development and can be embedded into HTML. + The goal of the language is to allow web developers to write + dynamically generated pages quickly. + +Package: libapache2-mod-php5filter +Section: httpd +Priority: extra +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends}, mime-support, ${apache2:Depends}, php5-common (= ${binary:Version}), libmagic1, ucf, tzdata +Conflicts: libapache2-mod-php4, libapache2-mod-php5 +Provides: ${php:Provides} +Suggests: php-pear +Description: server-side, HTML-embedded scripting language (apache 2 filter module) + This package provides the PHP5 Filter module for the Apache 2 webserver (as + found in the apache2-mpm-prefork package). Please note that this package + ONLY works with Apache's prefork MPM, as it is not compiled thread-safe. + . + Unless you specifically need filter-module support, you most likely + should instead install libapache2-mod-php5. + . + ${php:Extensions} + . + PHP5 is a widely-used general-purpose scripting language that is + especially suited for Web development and can be embedded into HTML. + The goal of the language is to allow web developers to write + dynamically generated pages quickly. + +Package: php5-cgi +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends}, mime-support, php5-common (= ${binary:Version}), libmagic1, ucf, tzdata +Provides: ${php:Provides} +Suggests: php-pear +Description: server-side, HTML-embedded scripting language (CGI binary) + This package provides the /usr/lib/cgi-bin/php5 CGI interpreter built + for use in Apache 2 with mod_actions, or any other CGI httpd that + supports a similar mechanism. Note that MOST Apache users probably + want the libapache2-mod-php5 package. + . + ${php:Extensions} + . + PHP5 is a widely-used general-purpose scripting language that is + especially suited for Web development and can be embedded into HTML. + The goal of the language is to allow web developers to write + dynamically generated pages quickly. + +Package: php5-cli +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends}, mime-support, php5-common (= ${binary:Version}), libmagic1, ucf, tzdata +Provides: ${php:Provides} +Suggests: php-pear +Description: command-line interpreter for the php5 scripting language + This package provides the /usr/bin/php5 command interpreter, useful for + testing PHP scripts from a shell or performing general shell scripting tasks. + . + ${php:Extensions} + . + PHP5 is a widely-used general-purpose scripting language that is + especially suited for Web development and can be embedded into HTML. + The goal of the language is to allow web developers to write + dynamically generated pages quickly. + +Package: php5-fpm +Architecture: any +Pre-Depends: dpkg (>= 1.15.7.2~) +Depends: ${shlibs:Depends}, ${misc:Depends}, mime-support, php5-common (= ${binary:Version}), libmagic1, ucf, tzdata +Provides: ${php:Provides} +Suggests: php-pear +Description: server-side, HTML-embedded scripting language (FPM-CGI binary) + This package provides the Fast Process Manager interpreter that runs + as a daemon and receives Fast/CGI requests. Note that MOST Apache users + probably want the libapache2-mod-php5 package. + . + ${php:Extensions} + . + PHP5 is an HTML-embedded scripting language. Much of its syntax is borrowed + from C, Java and Perl with a couple of unique PHP-specific features thrown + in. The goal of the language is to allow web developers to write dynamically + generated pages quickly. + +Package: php5-dev +Depends: ${misc:Depends}, autoconf (>= 2.63), automake (>= 1.11), libssl-dev, libtool (>= 2.2), shtool, php5-common (>= ${binary:Version}) +Conflicts: ${libtool:Conflicts} +Architecture: any +Description: Files for PHP5 module development + This package provides the files from the PHP5 source needed for compiling + additional modules. + . + PHP5 is a widely-used general-purpose scripting language that is + especially suited for Web development and can be embedded into HTML. + The goal of the language is to allow web developers to write + dynamically generated pages quickly. + +Package: php5-dbg +Depends: ${misc:Depends}, php5-common (= ${binary:Version}), libapache2-mod-php5 (= ${binary:Version}) | libapache2-mod-php5filter (= ${binary:Version}) | php5-cgi (= ${binary:Version}) | php5-cli (= ${binary:Version}) | php5-fpm (= ${binary:Version}) | php5-curl (= ${binary:Version}) | php5-enchant (= ${binary:Version}) | php5-gd (= ${binary:Version}) | php5-gmp (= ${binary:Version}) | php5-intl (= ${binary:Version}) | php5-ldap (= ${binary:Version}) | php5-mysql (= ${binary:Version}) | php5-odbc (= ${binary:Version}) | php5-pgsql (= ${binary:Version}) | php5-pspell (= ${binary:Version}) | php5-recode (= ${binary:Version}) | php5-snmp (= ${binary:Version}) | php5-sqlite (= ${binary:Version}) | php5-sybase (= ${binary:Version}) | php5-tidy (= ${binary:Version}) | php5-xmlrpc (= ${binary:Version}) | php5-xsl (= ${binary:Version}) +Recommends: gdb +Section: debug +Priority: extra +Architecture: any +Description: Debug symbols for PHP5 + This package provides the debug symbols for PHP5 needed for properly + debugging errors in PHP5 with gdb. + . + PHP5 is a widely-used general-purpose scripting language that is + especially suited for Web development and can be embedded into HTML. + The goal of the language is to allow web developers to write + dynamically generated pages quickly. + +Package: php-pear +Architecture: all +Depends: ${misc:Depends}, php5-common (>= ${source:Version}), php5-cli +Recommends: gnupg, php5-dev +Conflicts: php-xml-util +Replaces: php4-pear (<< 4:4.4.0-0), php-xml-util +Provides: php-xml-util +Description: PEAR - PHP Extension and Application Repository + This package contains the base PEAR classes for PHP, as well as the PEAR + installer. Many PEAR classes are already packaged for Debian, and can be + easily identified by names beginning with "php-", such as php-db and + php-auth. Note: to build and install precompiled PECL extensions, you + will need one of the php development packages installed. + . + PHP5 is a widely-used general-purpose scripting language that is + especially suited for Web development and can be embedded into HTML. + The goal of the language is to allow web developers to write + dynamically generated pages quickly. + +Package: php5-curl +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends}, ${php:Depends}, php5-common (= ${binary:Version}) +Description: CURL module for php5 + CURL is a library for getting files from FTP, GOPHER, HTTP server. + . + PHP5 is a widely-used general-purpose scripting language that is + especially suited for Web development and can be embedded into HTML. + The goal of the language is to allow web developers to write + dynamically generated pages quickly. + +Package: php5-enchant +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends}, ${php:Depends}, php5-common (= ${binary:Version}) +Description: Enchant module for php5 + This package provides a module for the generic spell checking library + Enchant, which can use engines such as ispell, aspell and myspells. + . + PHP5 is a widely-used general-purpose scripting language that is + especially suited for Web development and can be embedded into HTML. + The goal of the language is to allow web developers to write + dynamically generated pages quickly. + +Package: php5-gd +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends}, ${php:Depends}, php5-common (= ${binary:Version}) +Description: GD module for php5 + This package provides a module for handling graphics directly from PHP + scripts. It supports the PNG, JPEG, XPM formats as well as Freetype/ttf fonts. + . + PHP5 is a widely-used general-purpose scripting language that is + especially suited for Web development and can be embedded into HTML. + The goal of the language is to allow web developers to write + dynamically generated pages quickly. + +Package: php5-gmp +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends}, ${php:Depends}, php5-common (= ${binary:Version}) +Description: GMP module for php5 + This package provides a module for arbitrary precision arithmetic via the + GNU Multiple Precision (GMP) Arithmetic Library. + . + PHP5 is a widely-used general-purpose scripting language that is + especially suited for Web development and can be embedded into HTML. + The goal of the language is to allow web developers to write + dynamically generated pages quickly. + +Package: php5-intl +Architecture: any +Depends: ${shlibs:Depends}, ${php:Depends}, ${misc:Depends}, php5-common (= ${binary:Version}) +Conflicts: php5-idn +Replaces: php5-idn +Provides: php5-idn +Description: internationalisation module for php5 + This package provides a module to ease internationalisation of PHP scripts. + . + PHP5 is a widely-used general-purpose scripting language that is + especially suited for Web development and can be embedded into HTML. + The goal of the language is to allow web developers to write + dynamically generated pages quickly. + +Package: php5-ldap +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends}, ${php:Depends}, php5-common (= ${binary:Version}) +Description: LDAP module for php5 + This package provides a module for LDAP functions in PHP scripts. + . + PHP5 is a widely-used general-purpose scripting language that is + especially suited for Web development and can be embedded into HTML. + The goal of the language is to allow web developers to write + dynamically generated pages quickly. + +Package: php5-mysql +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends}, ${php:Depends}, php5-common (= ${binary:Version}) +Conflicts: php5-mysqli, php5-mysqlnd +Replaces: php5-mysqli, php5-mysqlnd +Description: MySQL module for php5 + This package provides modules for MySQL database connections directly from + PHP scripts. It includes the generic "mysql" module which can be used + to connect to all versions of MySQL, an improved "mysqli" module for + MySQL version 4.1 or later, and the pdo_mysql module for use with + the PHP Data Object extension. + . + PHP5 is a widely-used general-purpose scripting language that is + especially suited for Web development and can be embedded into HTML. + The goal of the language is to allow web developers to write + dynamically generated pages quickly. + +Package: php5-mysqlnd +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends}, ${php:Depends}, php5-common (= ${binary:Version}) +Conflicts: php5-mysqli, php5-mysql +Replaces: php5-mysqli, php5-mysql +Description: MySQL module for php5 (Native Driver) + This package provides modules for MySQL database connections directly from + PHP scripts. It includes the generic "mysql" module which can be used + to connect to all versions of MySQL, an improved "mysqli" module for + MySQL version 4.1 or later, and the pdo_mysql module for use with + the PHP Data Object extension. + . + This package use the MySQL Native Driver. + . + PHP5 is a widely-used general-purpose scripting language that is + especially suited for Web development and can be embedded into HTML. + The goal of the language is to allow web developers to write + dynamically generated pages quickly. + +Package: php5-odbc +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends}, ${php:Depends}, php5-common (= ${binary:Version}) +Description: ODBC module for php5 + This package provides a module for database access through ODBC drivers. + It uses the unixODBC library as an ODBC provider. It also contains the + pdo_odbc module, for use with the PHP Data Object extension. + . + PHP5 is a widely-used general-purpose scripting language that is + especially suited for Web development and can be embedded into HTML. + The goal of the language is to allow web developers to write + dynamically generated pages quickly. + +Package: php5-pgsql +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends}, ${php:Depends}, php5-common (= ${binary:Version}) +Description: PostgreSQL module for php5 + This package provides a module for PostgreSQL database connections + directly from PHP scripts. It also includes the pdo_pgsql module for + use with the PHP Data Object extension. + . + PHP5 is a widely-used general-purpose scripting language that is + especially suited for Web development and can be embedded into HTML. + The goal of the language is to allow web developers to write + dynamically generated pages quickly. + +Package: php5-pspell +Architecture: any +Depends: ${shlibs:Depends}, ${php:Depends}, ${misc:Depends}, php5-common (= ${binary:Version}) +Description: pspell module for php5 + This package provides a module for pspell functions in PHP scripts. + . + PHP5 is a widely-used general-purpose scripting language that is + especially suited for Web development and can be embedded into HTML. + The goal of the language is to allow web developers to write + dynamically generated pages quickly. + +Package: php5-recode +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends}, ${php:Depends}, php5-common (= ${binary:Version}) +Description: recode module for php5 + This package provides a module for recode - character set recoding. + . + PHP5 is a widely-used general-purpose scripting language that is + especially suited for Web development and can be embedded into HTML. + The goal of the language is to allow web developers to write + dynamically generated pages quickly. + +Package: php5-snmp +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends}, ${php:Depends}, php5-common (= ${binary:Version}) +Description: SNMP module for php5 + This package provides a module for SNMP functions in PHP scripts. + . + PHP5 is a widely-used general-purpose scripting language that is + especially suited for Web development and can be embedded into HTML. + The goal of the language is to allow web developers to write + dynamically generated pages quickly. + +Package: php5-sqlite +Architecture: any +Pre-Depends: dpkg (>= 1.15.7.2~) +Depends: ${shlibs:Depends}, ${misc:Depends}, ${php:Depends}, php5-common (= ${binary:Version}) +Breaks: roundcube-sqlite +Description: SQLite module for php5 + This package provides a module allowing you to use the SQLite self-contained + database engine from within your PHP scripts, eliminating the need for a full + SQL server installation like MySQL or PostgreSQL. It also includes the + pdo_sqlite module, for use with the PHP Data Object extension. + . + PHP5 is a widely-used general-purpose scripting language that is + especially suited for Web development and can be embedded into HTML. + The goal of the language is to allow web developers to write + dynamically generated pages quickly. + +Package: php5-sybase +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends}, ${php:Depends}, php5-common (= ${binary:Version}) +Provides: php5-mssql +Description: Sybase / MS SQL Server module for php5 + This package provides a module for Sybase and Microsoft SQL Server + database connections directly from PHP scripts. It also includes the + pdo_dblib module for use with the PHP Data Object extension. + . + PHP5 is a widely-used general-purpose scripting language that is + especially suited for Web development and can be embedded into HTML. + The goal of the language is to allow web developers to write + dynamically generated pages quickly. + +Package: php5-tidy +Architecture: any +Depends: ${shlibs:Depends}, ${php:Depends}, ${misc:Depends}, php5-common (= ${binary:Version}) +Description: tidy module for php5 + This package provides a module for tidy functions in PHP scripts. + . + Tidy is an extension based on Libtidy (http://tidy.sf.net/) and allows + a PHP developer to clean, repair, and traverse HTML, XHTML, and XML + documents -- including ones with embedded scripting languages such as PHP + or ASP within them using OO constructs. + . + PHP5 is a widely-used general-purpose scripting language that is + especially suited for Web development and can be embedded into HTML. + The goal of the language is to allow web developers to write + dynamically generated pages quickly. + +Package: php5-xmlrpc +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends}, ${php:Depends}, php5-common (= ${binary:Version}) +Description: XML-RPC module for php5 + This package provides a module for XML-RPC functions in PHP scripts. + . + PHP5 is a widely-used general-purpose scripting language that is + especially suited for Web development and can be embedded into HTML. + The goal of the language is to allow web developers to write + dynamically generated pages quickly. + +Package: php5-xsl +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends}, ${php:Depends}, php5-common (= ${binary:Version}) +Description: XSL module for php5 + This package provides a module for XSL using the libxslt XSL parser. + . + PHP5 is a widely-used general-purpose scripting language that is + especially suited for Web development and can be embedded into HTML. + The goal of the language is to allow web developers to write + dynamically generated pages quickly. --- php5-5.3.10.orig/debian/php-pear.lintian-overrides +++ php5-5.3.10/debian/php-pear.lintian-overrides @@ -0,0 +1 @@ +php-pear: extra-license-file usr/share/doc/php5-common/PEAR/PEAR/LICENSE --- php5-5.3.10.orig/debian/php5.lintian-overrides +++ php5-5.3.10/debian/php5.lintian-overrides @@ -0,0 +1,3 @@ +php5-common: non-standard-dir-perm var/lib/php5/ 1733 != 0755 +php5-common: package-contains-empty-directory usr/lib/php5/libexec/ +php5-common: missing-dependency-on-phpapi --- php5-5.3.10.orig/debian/setup-mysql.sh +++ php5-5.3.10/debian/setup-mysql.sh @@ -0,0 +1,76 @@ +#!/bin/sh + +set -eu + +[ $# -ge 2 ] || { + echo "Usage: debian/setup-mysql.sh port data-dir" >&2 + exit 1 +} + +# CLI arguments # +port=$1 +datadir=$2 +action=${3:-start} + +localbase=`dirname $datadir`/mysql_base + +# Some vars # + +socket=$datadir/mysql.sock +# Commands: +mysqladmin="mysqladmin -u root -P $port -h localhost --socket=$socket" +mysqld="$localbase/bin/mysqld --no-defaults --bind-address=127.0.0.1 --port=$port --socket=$socket --datadir=$datadir" + +# Main code # + +if [ "$action" = "stop" ]; then + $mysqladmin shutdown + rm -rf $localbase + exit +fi + +# Copy the necessary pieces of mysql to a local dir to avoid apparmor restrictions +rm -rf $localbase +mkdir -p $localbase/bin +mkdir -p $localbase/share +cp /usr/sbin/mysqld $localbase/bin +cp /usr/bin/my_print_defaults $localbase/bin +cp -r /usr/share/mysql $localbase/share + +rm -rf $datadir +mkdir -p $datadir +chmod go-rx $datadir + +mysql_install_db --basedir=$localbase --datadir=$datadir --rpm --force --tmpdir=/tmp --user=$USER >> $datadir/bootstrap.log 2>&1 + +tmpf=$(mktemp) +cat > "$tmpf" <> $datadir/bootstrap.log 2>&1 + +unlink "$tmpf" + +# Start the daemon +$mysqld > $datadir/run.log 2>&1 & + +pid=$! + +# wait for the server to be actually available +c=0; +while ! nc -z localhost $port; do + c=$(($c+1)); + sleep 3; + if [ $c -gt 20 ]; then + echo "Timed out waiting for mysql server to be available" >&2 + if [ "$pid" ]; then + kill $pid || : + sleep 2 + kill -s KILL $pid || : + fi + exit 1 + fi +done --- php5-5.3.10.orig/debian/php5-common.README.Debian +++ php5-5.3.10/debian/php5-common.README.Debian @@ -0,0 +1,148 @@ +Table of Contents: +--------------------------------------------------------------------- +* Using php5 with threaded webservers (eg. apache2-mpm-worker, caudium) +* Problems starting apache2 with php5 +* Session storage +* Other caveats +* php5-cgi and apache2 +* Restarting your web server after installing modules +* Configuration layout +* Timezone data from system timezone database +* Further documentation, errata, etc + + +Using php5 with threaded webservers (eg. apache2-mpm-worker, caudium) +--------------------------------------------------------------------- + + After much back-and-forth with upstream (and even building our + packages thread-safe for a while), we're currently admitting defeat + on that front, and are NOT building any thread-safe versions of + PHP for any webservers. Our recommendation is that, if you need + to use a threaded webserver, you should use php5-cgi in either + 'normal' CGI mode, or in FastCGI mode. + +Adam Conrad Sun, 06 Feb 2005 08:24:56 -0700 + + +Problems starting apache2 with php5 +---------------------------------- + + At the time of writing, there are no *known* incompatibilities + between any of the php5 modules we ship. However, there have been + many bug reports in the past due to dynamically-loaded extensions, + and it's possible there are still bugs in the released packages. If + Apache fails to start after you install php5, check your list of + enabled extensions at the bottom of /etc/php5/apache2/php.ini (and in + the per-sapi configuration directory), and try commenting out or + reordering the extensions until you find a combination that works. + + For example, in the past the mhash extension was incompatible with + some other common extensions. To work around this, you could list + the mhash extension first in php.ini. + + If you find an extension-related bug in the Debian packages, and you + are willing to help debug the problem, please send us a bug report + that lists all enabled PHP5 extensions (extension=), in the order + in which they appear in php.ini, as well as all enabled Apache modules + (LoadModule), with version numbers where possible. + +Steve Langasek Fri, 26 Apr 2002 13:39:00 -0500 + + +Session storage +--------------- + + Session files are stored in /var/lib/php5. For security purposes, this + directory is unreadable by non-root users. This means that php5 running + from apache2, for example, will not be able to clean up stale session + files. Instead, we have a cron job run every 30 mins that cleans up + stale session files; /etc/cron.d/php5. You may need to modify how + often this runs, if you've modified session.gc_maxlifetime in your + php.ini; otherwise, it may be too lax or overly aggressive in cleaning + out stale session files. + +Andres Salomon Fri, 03 Sep 2004 03:12:54 -0400 + + +Other caveats +------------- + + * extension_dir and include_path should be commented out, if you don't need + special settings for them so php will look in compiled-in paths. If you set + them, you should also add appropriate php install directories there. + +php5-cgi and apache2 +--------------------------- + +In 99% of cases, what you probably want isn't php5-cgi at all, but rather +the libapache2-mod-php5 package, which will configure itself on +installation and Just Work(tm). If, however, you have a need to use +the CGI version of php5 with apache2, the following should help +get you going, though there are dozens of different ways to do this. + +Please note that this process will never be made automatic, as php5-cgi +is meant to be a webserver-agnostic package that can be used with any +httpd, and we don't want it to conflict with the httpd-specific packages +such as libapache2-mod-php5. If both were installed side-by-side and both +were automatically enabled, the results would be a bit confusing, obviously. + +To use php5-cgi with apache2 + 1) activate CGI (it's on by default in default debian setups) + a) If using the prefork MPM, use 'a2enmod cgi' + b) If using a threaded MPM, use 'a2enmod cgid' + 2) activate mod_actions (a2enmod actions) + 3) Add the following to a config snippet in /etc/apache2/conf.d + + Action application/x-httpd-php /cgi-bin/php5 + + +Adam Conrad Sat, 04 Sep 2004 23:04:26 -0600 + +Configuration Layout +--------------------------------------------------------------------- + +Each of the 3 SAPI's (apache2/cgi/cli) have a different +central configuration file /etc/php5/$SAPI/php.ini. + +Additionally, each SAPI is configured with the compile-time option + + --with-config-file-scan-dir=/etc/php5/$SAPI/conf.d + +which for all SAPI's is actually a symlink pointing to a central +directory /etc/php5/conf.d. Any file found in this directory ending +in .ini will be treated as a configuration file by the php SAPI. + +The rationale with this method is that each SAPI can thus be +identically configured with a minimal amount of conffile handling, +but at the same time if you want to have SAPI-specific configuration, +you can just remove the symlink. + +sean finney Thu, 19 Oct 2006 23:33:05 +0200 + +Timezone data from system timezone database +--------------------------------------------------------------------- + +Debian PHP has been patched to use of the system wide timezone database +from the tzdata package, making sure any updates there are automatically +used by PHP aswell. + +Note that this requires that the PHP process has access to /etc/localtime +and /usr/share/zoneinfo. For any regular installation this should be the +case, but in specific secured environments when reading the timezone +database is impossible PHP will give a "Timezone database is corrupt - +this should *never* happen!" error. + +Thijs Kinkhorst Wed, 23 Jul 2008 17:42:06 +0200 + +Further documentation, errata, etc +--------------------------------------------------------------------- + +Errata and other general information about PHP in Debian can be found +in the debian wiki at: + + http://wiki.debian.org/PHP + +If after reading the documentation in this file you still have unanswered +questions, that's a good next place to go. + +sean finney Thu, 19 Oct 2006 22:57:52 +0200 --- php5-5.3.10.orig/debian/README.source +++ php5-5.3.10/debian/README.source @@ -0,0 +1,53 @@ + == Generation of the php5-dbg package Depends == + +The following command can be used to generate a heuristic list of +packages the php5-dbg package probably needs to Depend on: + +dh_testdir && egrep '^Package' debian/control | cut '-d ' -f2 | \ + egrep -v '(^php5|dbg|dev|common|pear)$' | tr "\n" "|" | sed 's/|$//' |\ + sed -r 's/([^|]+)(\||$)/ \1 (= ${binary:Version}) \2/g'; echo + + == Used patch system == + +This package uses quilt to manage all modifications to the upstream +source. Changes are stored in the source package as diffs in +debian/patches and applied during the build. + +See /usr/share/doc/quilt/README.source for a detailed explanation. + + == Making some sense out of the configure options == + +The COMMON_CONFIG variable contains the configure options that are to +be used on all the SAPIs. Built-in extensions and other general options +should be set here. +The shared extensions are built when building the apache2 SAPI and as +such they need to be specified there. +The calls to configure for the other SAPIs usually only need +--without-foo when the extension or feature is otherwise enabled by +default. + + == The *modulelist files == + +When building a new module (or extension) on an individual binary +package, it must be added to the debian/modulelist file. However, if +the extension is to be included in an existing binary package, it +must be added to the debian/extramodulelist file. + +The format of these files is: +" " + +E.g. for, if we want the mysql extension to be shipped in the +php5-mysql package we use: +"mysql MySQL mysql" +But we also want mysqli and the PDO in the same package, so we add the +following lines to extramoduleslist: +"mysql MySQLi mysqli +mysql MySQL_PDO pdo_mysql" + + == More debian/rules foo == + +* The shared extensions are built under the apache2 target (see above). +* The CLI SAPI is built on the build-cli-stamp AND build-cgi-stamp, with + different configure options. + + -- Ondřej Surý , Wed, 16 Feb 2011 15:24:44 +0100 --- php5-5.3.10.orig/debian/modulelist +++ php5-5.3.10/debian/modulelist @@ -0,0 +1,18 @@ +curl CURL +enchant Enchant +gd GD +gmp GMP +intl Internationalisation +ldap LDAP +mysql MySQL +mysqlnd MySQL mysqlnd 10 +odbc ODBC +pgsql PostgreSQL +pspell pspell +recode recode +snmp SNMP +sqlite SQLite sqlite3 +sybase Sybase mssql +tidy tidy +xmlrpc XML-RPC +xsl XSL --- php5-5.3.10.orig/debian/libapache2-mod-php5.load +++ php5-5.3.10/debian/libapache2-mod-php5.load @@ -0,0 +1 @@ +LoadModule php5_module /usr/lib/apache2/modules/libphp5.so --- php5-5.3.10.orig/debian/extramodulelist +++ php5-5.3.10/debian/extramodulelist @@ -0,0 +1,11 @@ +mysql MySQL mysqli +mysql MySQL pdo_mysql +mysqlnd MySQL mysql +mysqlnd MySQL mysqli +mysqlnd MySQL pdo_mysql +interbase InterBase/Firebird pdo_firebird +common PDO pdo +odbc ODBC pdo_odbc +pgsql PostgreSQL pdo_pgsql +sqlite SQLite pdo_sqlite +sybase Sybase pdo_dblib --- php5-5.3.10.orig/debian/libapache2-mod-php5filter.dirs +++ php5-5.3.10/debian/libapache2-mod-php5filter.dirs @@ -0,0 +1,3 @@ +/etc/apache2/mods-available +/etc/php5/apache2filter +/usr/lib/apache2/modules --- php5-5.3.10.orig/debian/php5-cgi.dirs +++ php5-5.3.10/debian/php5-cgi.dirs @@ -0,0 +1,4 @@ +/etc/php5/cgi +/usr/lib/cgi-bin +/usr/bin +/usr/share/man/man1 --- php5-5.3.10.orig/debian/libapache2-mod-php5filter.triggers +++ php5-5.3.10/debian/libapache2-mod-php5filter.triggers @@ -0,0 +1 @@ +interest /etc/php5/conf.d --- php5-5.3.10.orig/debian/source_php5.py +++ php5-5.3.10/debian/source_php5.py @@ -0,0 +1,57 @@ +#!/usr/bin/python + +'''PHP5 Apport interface + +Copyright (C) 2010 Canonical Ltd. +Author: Chuck Short + +This program is free software; you can redistribute it and/or modify it +under the terms of the GNU General Public License as published by the +Free Software Foundation; either version 2 of the License, or (at your +option) any later version. See http://www.gnu.org/copyleft/gpl.html for +the full text of the license. +''' + +import os +import subprocess +from apport.hookutils import * + +def _add_my_conf_files(report, filename): + if not os.path.exists(filename): + return + + key = 'PHPConf' + path_to_key(filename) + report[key] = "" + for line in read_file(filename).split('\n'): + try: + if 'mysql.default_password ' in line.split('=')[0]: + line = "%s = @@APPORTREPLACED@@" % (line.split('=')[0]) + if 'mysqli.default_pw ' in line.split('=')[0]: + line = "%s = @@APPORTREPLACED@@" % (line.split('=')[0]) + if 'ifx.default_password ' in line.split('=')[0]: + line = "%s = @@APPORTREPLACED@@" % (line.split('=')[0]) + report[key] += line + '\n' + except IndexError: + continue + +def add_info(report): + _add_my_conf_files(report, '/etc/php5/apache2/php.ini') + _add_my_conf_files(report, '/etc/php5/cli/php5.ini') + + # packages in main + packages=['php5', 'php-common', 'libapache2-mod-php5', 'libapache2-mod-php5filter' + 'php5-cgi', 'php5-cli', 'php5-dev', 'php5-dbg', 'php-pear', 'php5-curl', 'php5-gd' + 'php5-gmp', 'php5-ldap', 'php5-mhash', 'php5-mysql', 'php5-odbc', 'php5-pgsql', + 'php5-pspell', 'php5-recode', 'php5-snmp', 'php5-sqlite', 'php5-sybase', 'php5-tidy', + 'php5-xmlrpc', 'php5-xsl'] + + versions = '' + for package in packages: + try: + version = packaging.get_version(package) + except ValueError: + version = 'N/A' + if version is None: + version = 'N/A' + versions += '%s %s\n' %(package, version) + report['PHPInstalledModules'] = versions --- php5-5.3.10.orig/debian/changelog +++ php5-5.3.10/debian/changelog @@ -0,0 +1,4952 @@ +php5 (5.3.10-1ubuntu3.24) precise-security; urgency=medium + + * SECURITY UPDATE: segfault in SplMinHeap::compare + - debian/patches/CVE-2015-4116.patch: properly handle count in + ext/spl/spl_heap.c, added test to ext/spl/tests/bug69737.phpt. + - CVE-2015-4116 + * SECURITY UPDATE: denial of service via recursive method calls + - debian/patches/CVE-2015-8873.patch: add limit to + Zend/zend_exceptions.c, add tests to + ext/standard/tests/serialize/bug69152.phpt, + ext/standard/tests/serialize/bug69793.phpt, + sapi/cli/tests/005.phpt. + - CVE-2015-8873 + * SECURITY UPDATE: denial of service or code execution via crafted + serialized data + - debian/patches/CVE-2015-8876.patch: fix logic in + Zend/zend_exceptions.c, added test to Zend/tests/bug70121.phpt. + - CVE-2015-8876 + * SECURITY UPDATE: XSS in header() with Internet Explorer (LP: #1594041) + - debian/patches/CVE-2015-8935.patch: update header handling to + RFC 7230 in main/SAPI.c, added tests to + ext/standard/tests/general_functions/bug60227_*.phpt. + - CVE-2015-8935 + * SECURITY UPDATE: get_icu_value_internal out-of-bounds read + - debian/patches/CVE-2016-5093.patch: add enough space in + ext/intl/locale/locale_methods.c, added test to + ext/intl/tests/bug72241.phpt. + - CVE-2016-5093 + * SECURITY UPDATE: integer overflow in php_html_entities() + - debian/patches/CVE-2016-5094.patch: don't create strings with lengths + outside int range in ext/standard/html.c. + - CVE-2016-5094 + * SECURITY UPDATE: string overflows in string add operations + - debian/patches/CVE-2016-5095.patch: check for size overflow in + Zend/zend_operators.c. + - CVE-2016-5095 + * SECURITY UPDATE: int/size_t confusion in fread + - debian/patches/CVE-2016-5096.patch: check string length in + ext/standard/file.c, added test to + ext/standard/tests/file/bug72114.phpt. + - CVE-2016-5096 + * SECURITY UPDATE: memory leak and buffer overflow in FPM + - debian/patches/CVE-2016-5114.patch: check buffer length in + sapi/fpm/fpm/fpm_log.c. + - CVE-2016-5114 + * SECURITY UPDATE: proxy request header vulnerability (httpoxy) + - debian/patches/CVE-2016-5385.patch: only use HTTP_PROXY from the + local environment in ext/standard/basic_functions.c, main/SAPI.c, + main/php_variables.c. + - CVE-2016-5385 + * SECURITY UPDATE: inadequate error handling in bzread() + - debian/patches/CVE-2016-5399.patch: do not allow reading past error + read in ext/bz2/bz2.c. + - CVE-2016-5399 + * SECURITY UPDATE: integer overflows in mcrypt + - debian/patches/CVE-2016-5769.patch: check for overflow in + ext/mcrypt/mcrypt.c. + - CVE-2016-5769 + * SECURITY UPDATE: double free corruption in wddx_deserialize + - debian/patches/CVE-2016-5772.patch: prevent double-free in + ext/wddx/wddx.c, added test to ext/wddx/tests/bug72340.phpt. + - CVE-2016-5772 + * SECURITY UPDATE: buffer overflow in php_url_parse_ex() + - debian/patches/CVE-2016-6288.patch: handle length in + ext/standard/url.c. + - CVE-2016-6288 + * SECURITY UPDATE: integer overflow in the virtual_file_ex function + - debian/patches/CVE-2016-6289.patch: properly check path_length in + Zend/zend_virtual_cwd.c. + - CVE-2016-6289 + * SECURITY UPDATE: use after free in unserialize() with unexpected + session deserialization + - debian/patches/CVE-2016-6290.patch: destroy var_hash properly in + ext/session/session.c, added test to ext/session/tests/bug72562.phpt. + - CVE-2016-6290 + * SECURITY UPDATE: out of bounds read in exif_process_IFD_in_MAKERNOTE + - debian/patches/CVE-2016-6291.patch: add more bounds checks to + ext/exif/exif.c. + - CVE-2016-6291 + * SECURITY UPDATE: locale_accept_from_http out-of-bounds access + - debian/patches/CVE-2016-6294.patch: check length in + ext/intl/locale/locale_methods.c, added test to + ext/intl/tests/bug72533.phpt. + - CVE-2016-6294 + * SECURITY UPDATE: heap buffer overflow in simplestring_addn + - debian/patches/CVE-2016-6296.patch: prevent overflows in + ext/xmlrpc/libxmlrpc/simplestring.*. + - CVE-2016-6296 + * SECURITY UPDATE: integer overflow in php_stream_zip_opener + - debian/patches/CVE-2016-6297.patch: use size_t in + ext/zip/zip_stream.c. + - CVE-2016-6297 + * debian/patches/fix_exif_tests.patch: fix exif test results after + security changes. + + -- Marc Deslauriers Mon, 01 Aug 2016 13:27:52 -0400 + +php5 (5.3.10-1ubuntu3.23) precise-security; urgency=medium + + * SECURITY UPDATE: heap corruption in tar/zip/phar parser + - debian/patches/CVE-2016-4342.patch: remove UMR when size is 0 in + ext/phar/phar_object.c. + - CVE-2016-4342 + * SECURITY UPDATE: uninitialized pointer in phar_make_dirstream() + - debian/patches/CVE-2016-4343.patch: check lengths in + ext/phar/dirstream.c, ext/phar/tar.c. + - CVE-2016-4343 + * SECURITY UPDATE: bcpowmod accepts negative scale and corrupts _one_ + definition + - debian/patches/CVE-2016-4537.patch: properly detect scale in + ext/bcmath/bcmath.c, add test to ext/bcmath/tests/bug72093.phpt. + - CVE-2016-4537 + - CVE-2016-4538 + * SECURITY UPDATE: xml_parse_into_struct segmentation fault + - debian/patches/CVE-2016-4539.patch: check parser->level in + ext/xml/xml.c, added test to ext/xml/tests/bug72099.phpt. + - CVE-2016-4539 + * SECURITY UPDATE: out-of-bounds reads in zif_grapheme_stripos and + zif_grapheme_strpos with negative offset + - debian/patches/CVE-2016-4540.patch: check bounds in + ext/intl/grapheme/grapheme_string.c, added test to + ext/intl/tests/bug72061.phpt. + - CVE-2016-4540 + - CVE-2016-4541 + * SECURITY UPDATE: out of bounds heap read access in exif header + processing + - debian/patches/CVE-2016-4542.patch: check sizes and length in + ext/exif/exif.c. + - CVE-2016-4542 + - CVE-2016-4543 + - CVE-2016-4544 + + -- Marc Deslauriers Thu, 19 May 2016 12:54:58 -0400 + +php5 (5.3.10-1ubuntu3.22) precise-security; urgency=medium + + * SECURITY UPDATE: directory traversal in ZipArchive::extractTo + - debian/patches/CVE-2014-9767.patch: use proper path in + ext/zip/php_zip.c, added test to ext/zip/tests/bug70350.phpt. + - CVE-2014-9767 + * SECURITY UPDATE: type confusion issue in SoapClient + - debian/patches/CVE-2015-8835.patch: check types in + ext/soap/php_http.c. + - CVE-2015-8835 + - CVE-2016-3185 + * SECURITY UPDATE: mysqlnd is vulnerable to BACKRONYM + - debian/patches/CVE-2015-8838.patch: fix ssl handling in + ext/mysqlnd/mysqlnd.c. + - CVE-2015-8838 + * SECURITY UPDATE: stack overflow when decompressing tar archives + - debian/patches/CVE-2016-2554.patch: handle non-terminated linknames + in ext/phar/tar.c. + - CVE-2016-2554 + * SECURITY UPDATE: use-after-free in WDDX + - debian/patches/CVE-2016-3141.patch: fix stack in ext/wddx/wddx.c, + added test to ext/wddx/tests/bug71587.phpt. + - CVE-2016-3141 + * SECURITY UPDATE: out-of-Bound Read in phar_parse_zipfile() + - debian/patches/CVE-2016-3142.patch: check bounds in ext/phar/zip.c. + - CVE-2016-3142 + * SECURITY UPDATE: libxml_disable_entity_loader setting is shared between + threads + - debian/patches/bug64938.patch: enable entity loader in + ext/libxml/libxml.c. + - No CVE number + * SECURITY UPDATE: openssl_random_pseudo_bytes() is not cryptographically + secure + - debian/patches/bug70014.patch: use RAND_bytes instead of deprecated + RAND_pseudo_bytes in ext/openssl/openssl.c. + - No CVE number + * SECURITY UPDATE: buffer over-write in finfo_open with malformed magic + file + - debian/patches/bug71527.patch: properly calculate length in + ext/fileinfo/libmagic/funcs.c, added test to + ext/fileinfo/tests/bug71527.magic. + - CVE number pending + * SECURITY UPDATE: integer overflow in php_raw_url_encode + - debian/patches/bug71798.patch: use size_t in ext/standard/url.c. + - CVE number pending + * SECURITY UPDATE: invalid memory write in phar on filename containing + NULL + - debian/patches/bug71860.patch: require valid paths in + ext/phar/phar.c, ext/phar/phar_object.c. + - CVE number pending + * SECURITY UPDATE: invalid negative size in mbfl_strcut + - debian/patches/bug71906.patch: fix length checks in + ext/mbstring/libmbfl/mbfl/mbfilter.c. + - CVE number pending + + -- Marc Deslauriers Tue, 19 Apr 2016 16:55:56 -0400 + +php5 (5.3.10-1ubuntu3.21) precise-security; urgency=medium + + * SECURITY UPDATE: null pointer dereference in phar_get_fp_offset() + - debian/patches/CVE-2015-7803.patch: check link in ext/phar/util.c. + - CVE-2015-7803 + * SECURITY UPDATE: uninitialized pointer in phar_make_dirstream() + - debian/patches/CVE-2015-7804.patch: check filename length in + ext/phar/util.c, ext/phar/zip.c. + - CVE-2015-7804 + + -- Marc Deslauriers Tue, 27 Oct 2015 16:59:36 -0400 + +php5 (5.3.10-1ubuntu3.20) precise-security; urgency=medium + + * debian/patches/bug65481.patch: backport bugfix to get new + var_push_dtor_no_addref function. + * SECURITY UPDATE: phar segfault on invalid file + - debian/patches/CVE-2015-5589-1.patch: check stream before closing in + ext/phar/phar_object.c. + - debian/patches/CVE-2015-5589-2.patch: add better checks in + ext/phar/phar_object.c. + - CVE-2015-5589 + * SECURITY UPDATE: phar buffer overflow in phar_fix_filepath + - debian/patches/CVE-2015-5590.patch: properly handle path in + ext/phar/phar.c. + - CVE-2015-5590 + * SECURITY UPDATE: multiple use-after-free issues in unserialize() + - debian/patches/CVE-2015-6831-1.patch: fix SPLArrayObject in + ext/spl/spl_array.c, added test to ext/spl/tests/bug70166.phpt. + - debian/patches/CVE-2015-6831-2.patch: fix SplObjectStorage in + ext/spl/spl_observer.c. + - CVE-2015-6831 + * SECURITY UPDATE: dangling pointer in the unserialization of ArrayObject + items + - debian/patches/CVE-2015-6832.patch: fix dangling pointer in + ext/spl/spl_array.c. + - CVE-2015-6832 + * SECURITY UPDATE: phar files extracted outside of destination dir + - debian/patches/CVE-2015-6833-1.patch: limit extracted files to given + directory in ext/phar/phar_object.c. + - CVE-2015-6833 + * SECURITY UPDATE: multiple vulnerabilities in unserialize() + - debian/patches/CVE-2015-6834-1.patch: fix use-after-free in + ext/standard/var.c, ext/standard/var_unserializer.*. + - debian/patches/CVE-2015-6834-2.patch: fix use-after-free in + ext/spl/spl_observer.c. + - CVE-2015-6834 + * SECURITY UPDATE: use after free in session deserializer + - debian/patches/CVE-2015-6835-1.patch: fix use after free in + ext/session/session.c, ext/standard/var_unserializer.* + fixed tests in ext/session/tests/session_decode_error2.phpt, + ext/session/tests/session_decode_variation3.phpt. + - CVE-2015-6835 + * SECURITY UPDATE: SOAP serialize_function_call() type confusion + - debian/patches/CVE-2015-6836.patch: check type in ext/soap/soap.c, + added test to ext/soap/tests/bug70388.phpt. + - CVE-2015-6836 + * SECURITY UPDATE: NULL pointer dereference in XSLTProcessor class + - debian/patches/CVE-2015-6837-6838.patch: fix logic in + ext/xsl/xsltprocessor.c. + - CVE-2015-6837 + - CVE-2015-6838 + + -- Marc Deslauriers Tue, 29 Sep 2015 12:51:49 -0400 + +php5 (5.3.10-1ubuntu3.19) precise-security; urgency=medium + + * SECURITY UPDATE: missing file path null byte checks + - debian/patches/CVE-2015-3411.patch: add missing checks to + ext/dom/document.c, ext/fileinfo/fileinfo.c, ext/gd/gd.c, + ext/hash/hash.c, ext/pgsql/pgsql.c, ext/standard/streamsfuncs.c, + ext/xmlwriter/php_xmlwriter.c, ext/zlib/zlib.c, add tests to + ext/fileinfo/tests/finfo_file_basic.phpt, + ext/hash/tests/hash_hmac_file_error.phpt, + backport CHECK_NULL_PATH to Zend/zend_API.h. + - CVE-2015-3411 + - CVE-2015-3412 + * SECURITY UPDATE: denial of service via crafted tar archive + - debian/patches/CVE-2015-4021.patch: handle empty strings in + ext/phar/tar.c. + - CVE-2015-4021 + * SECURITY UPDATE: arbitrary code execution via ftp server long reply to + a LIST command + - debian/patches/CVE-2015-4022.patch: fix overflow in ext/ftp/ftp.c. + - CVE-2015-4022 + * SECURITY UPDATE: denial of service via crafted form data + - debian/patches/CVE-2015-4024.patch: use smart_str to assemble strings + in main/rfc1867.c. + - CVE-2015-4024 + * SECURITY UPDATE: more missing file path null byte checks + - debian/patches/CVE-2015-4025.patch: add missing checks to + ext/pcntl/pcntl.c, ext/standard/dir.c. + - CVE-2015-4025 + - CVE-2015-4026 + * SECURITY UPDATE: arbitrary code execution via crafted serialized data + with unexpected data type + - debian/patches/CVE-2015-4147.patch: check variable types in + ext/soap/php_encoding.c, ext/soap/php_http.c, ext/soap/soap.c. + - CVE-2015-4147 + - CVE-2015-4148 + - CVE-2015-4600 + - CVE-2015-4601 + * SECURITY UPDATE: more missing file path null byte checks + - debian/patches/CVE-2015-4598.patch: add missing checks to + ext/dom/document.c, ext/gd/gd.c. + - CVE-2015-4598 + * SECURITY UPDATE: denial of service or information leak via type + confusion with crafted serialized data + - debian/patches/CVE-2015-4599.patch: use proper types in + ext/soap/soap.c. + - CVE-2015-4599 + * SECURITY UPDATE: denial of service or information leak via type + confusion with crafted serialized data + - debian/patches/CVE-2015-4602.patch: check for proper type in + ext/standard/incomplete_class.c. + - CVE-2015-4602 + * SECURITY UPDATE: denial of service or information leak via type + confusion with crafted serialized data + - debian/patches/CVE-2015-4603.patch: check type in + Zend/zend_exceptions.c, add test to + ext/standard/tests/serialize/bug69152.phpt. + - CVE-2015-4603 + * SECURITY UPDATE: arbitrary code execution via ftp server long reply to + a LIST command + - debian/patches/CVE-2015-4643.patch: prevent overflow check bypass in + ext/ftp/ftp.c. + - CVE-2015-4643 + * SECURITY UPDATE: denial of service via php_pgsql_meta_data + - debian/patches/CVE-2015-4644.patch: check return value in + ext/pgsql/pgsql.c, add test to ext/pgsql/pg_insert_002.phpt. + - CVE-2015-4644 + * debian/patches/CVE-2015-2783-memleak.patch: fix memory leak introduced + by CVE-2015-2783 security update. + + -- Marc Deslauriers Thu, 02 Jul 2015 07:42:32 -0400 + +php5 (5.3.10-1ubuntu3.18) precise-security; urgency=medium + + * SECURITY UPDATE: potential remote code execution vulnerability when + used with the Apache 2.4 apache2handler + - debian/patches/bug69218.patch: perform proper cleanup in + sapi/apache2handler/sapi_apache2.c. + - CVE number pending + * SECURITY UPDATE: buffer overflow when parsing tar/zip/phar + - debian/patches/bug69441.patch: check lengths in + ext/phar/phar_internal.h. + - CVE number pending + * SECURITY UPDATE: heap overflow in regexp library + - debian/patches/CVE-2015-2305.patch: check for overflow in + ext/ereg/regex/regcomp.c. + - CVE-2015-2305 + * SECURITY UPDATE: buffer overflow in unserialize when parsing Phar + - debian/patches/CVE-2015-2783.patch: properly check lengths in + ext/phar/phar.c, ext/phar/phar_internal.h. + - CVE-2015-2783 + * SECURITY UPDATE: arbitrary code exection via process_nested_data + use-after-free + - debian/patches/CVE-2015-2787.patch: fix logic in + ext/standard/var_unserializer.*. + - CVE-2015-2787 + + -- Marc Deslauriers Fri, 17 Apr 2015 06:25:37 -0400 + +php5 (5.3.10-1ubuntu3.17) precise-security; urgency=medium + + * SECURITY UPDATE: denial of service via recursion + - debian/patches/CVE-2014-8117.patch: lower recursion limit in + ext/fileinfo/libmagic/softmagic.c. + - CVE-2014-8117 + * SECURITY UPDATE: denial of service or possible code execution in + enchant + - debian/patches/CVE-2014-9705.patch: handle position better in + ext/enchant/enchant.c. + - CVE-2014-9705 + * SECURITY UPDATE: arbitrary code execution via use after free in + unserialize() with DateTime + - debian/patches/CVE-2015-0273.patch: fix use after free in + ext/date/php_date.c, added test to ext/date/tests/*.phpt. + - CVE-2015-0273 + * SECURITY UPDATE: denial of service or possible code execution in phar + - debian/patches/CVE-2015-2301.patch: fix use after free in + ext/phar/phar_object.c. + - CVE-2015-2301 + + -- Marc Deslauriers Mon, 16 Mar 2015 13:59:27 -0400 + +php5 (5.3.10-1ubuntu3.16) precise-security; urgency=medium + + * SECURITY UPDATE: arbitrary code execution via improper handling of + duplicate keys in unserializer + - debian/patches/CVE-2014-8142.patch: fix use after free in + ext/standard/var_unserializer.*, added test to + ext/standard/tests/serialize/bug68594.phpt. + - CVE-2014-8142 + * SECURITY UPDATE: arbitrary code execution via improper handling of + duplicate keys in unserializer, additional fix + - debian/patches/CVE-2015-0231.patch: fix use after free in + ext/standard/var_unserializer.*, added test to + ext/standard/tests/strings/bug68710.phpt. + - CVE-2015-0231 + * debian/patches/remove_readelf.patch: remove readelf.c from fileinfo as + it isn't used, and is a source of confusion when doing security + updates. + * debian/patches/CVE-2014-3710.patch: removed, wasn't needed. + + -- Marc Deslauriers Fri, 13 Feb 2015 11:53:39 -0500 + +php5 (5.3.10-1ubuntu3.15) precise-security; urgency=medium + + * SECURITY UPDATE: denial of service via buffer overflow in mkgmtime() + - debian/patches/CVE-2014-3668.patch: properly handle sizes in + ext/xmlrpc/libxmlrpc/xmlrpc.c, added test to + ext/xmlrpc/tests/bug68027.phpt. + - CVE-2014-3668 + * SECURITY UPDATE: integer overflow in unserialize() + - debian/patches/CVE-2014-3669.patch: fix overflow in + ext/standard/var_unserializer.{c,re}, added test to + ext/standard/tests/serialize/bug68044.phpt. + - CVE-2014-3669 + * SECURITY UPDATE: Heap corruption in exif_thumbnail() + - debian/patches/CVE-2014-3670.patch: fix sizes in ext/exif/exif.c. + - CVE-2014-3670 + * SECURITY UPDATE: out of bounds read in elf note headers in fileinfo() + - debian/patches/CVE-2014-3710.patch: validate note headers in + ext/fileinfo/libmagic/readelf.c. + - CVE-2014-3710 + * SECURITY UPDATE: local file disclosure via curl NULL byte injection + - debian/patches/curl_embedded_null.patch: don't accept curl options + with embedded NULLs in ext/curl/interface.c, added test to + ext/curl/tests/bug68089.phpt. + - No CVE number + + -- Marc Deslauriers Tue, 28 Oct 2014 15:06:12 -0400 + +php5 (5.3.10-1ubuntu3.14) precise-security; urgency=medium + + * SECURITY UPDATE: denial of service in FileInfo cdf_read_property_info + - debian/patches/CVE-2014-3587.patch: check for array under-runs as well + as over-runs in ext/fileinfo/libmagic/cdf.c + - CVE-2014-3587 + * SECURITY UPDATE: denial of service in dns_get_record + - debian/patches/CVE-2014-3597.patch: check for DNS overflows in + ext/standard/dns.c + - CVE-2014-3587 + + -- Seth Arnold Wed, 03 Sep 2014 23:27:39 -0700 + +php5 (5.3.10-1ubuntu3.13) precise-security; urgency=medium + + * SECURITY UPDATE: denial of service in FileInfo cdf_read_short_sector + - debian/patches/CVE-2014-0207.patch: properly calculate sizes in + ext/fileinfo/libmagic/cdf.c. + - CVE-2014-0207 + * SECURITY UPDATE: denial of service in FileInfo cdf_count_chain + - debian/patches/CVE-2014-3480.patch: properly calculate sizes in + ext/fileinfo/libmagic/cdf.c. + - CVE-2014-3480 + * SECURITY UPDATE: denial of service and possible code execution via + unserialize() SPL type confusion + - debian/patches/CVE-2014-3515.patch: properly check types in + ext/spl/spl_array.c, ext/spl/spl_observer.c, added test to + ext/spl/tests/SplObjectStorage_unserialize_bad.phpt. + - CVE-2014-3515 + * SECURITY UPDATE: denial of service via SPL Iterators use-after-free + - debian/patches/CVE-2014-4670.patch: fix use-after-free in + ext/spl/spl_dllist.c, added test to ext/spl/tests/bug67538.phpt. + - CVE-2014-4670 + * SECURITY UPDATE: denial of service via ArrayIterator use-after-free + - debian/patches/CVE-2014-4698.patch: don't allow modifying ArrayObject + during sorting in ext/spl/spl_array.c, added test to + ext/spl/tests/bug67539.phpt. + - CVE-2014-4698 + * SECURITY UPDATE: information leak via phpinfo (LP: #1338170) + - debian/patches/CVE-2014-4721.patch: fix type confusion in + ext/standard/info.c, added test to + ext/standard/tests/general_functions/bug67498.phpt. + - CVE-2014-4721 + + -- Marc Deslauriers Mon, 07 Jul 2014 08:41:06 -0400 + +php5 (5.3.10-1ubuntu3.12) precise-security; urgency=medium + + * SECURITY UPDATE: incorrect FastCGI socket permissions (LP: #1307027) + - debian/patches/CVE-2014-0185.patch: default to 0660 in + sapi/fpm/fpm/fpm_unix.c, sapi/fpm/php-fpm.conf.in. + - CVE-2014-0185 + * SECURITY UPDATE: denial of service in FileInfo cdf_unpack_summary_info + - debian/patches/CVE-2014-0237.patch: remove file_printf calls in + ext/fileinfo/libmagic/cdf.c. + - CVE-2014-0237 + * SECURITY UPDATE: denial of service in FileInfo cdf_read_property_info + - debian/patches/CVE-2014-0238.patch: fix infinite loop in + ext/fileinfo/libmagic/cdf.c. + - CVE-2014-0238 + * SECURITY UPDATE: code execution via buffer overflow in DNS TXT record + parsing + - debian/patches/CVE-2014-4049.patch: check length in + ext/standard/dns.c. + - CVE-2014-4049 + + -- Marc Deslauriers Thu, 19 Jun 2014 13:44:17 -0400 + +php5 (5.3.10-1ubuntu3.11) precise-security; urgency=medium + + * SECURITY UPDATE: denial of service in fileinfo via crafted offset in + PE executable + - debian/patches/CVE-2014-2270.patch: check bounds in + ext/fileinfo/libmagic/softmagic.c. + - CVE-2014-2270 + + -- Marc Deslauriers Thu, 03 Apr 2014 15:21:27 -0400 + +php5 (5.3.10-1ubuntu3.10) precise-security; urgency=medium + + * SECURITY UPDATE: denial of service via crafted indirect offset value + in fileinfo + - debian/patches/CVE-2013-1943.patch: properly handle recursion in + ext/fileinfo/libmagic/{ascmagic.c,file.h,funcs.c,softmagic.c}, added + test to ext/fileinfo/tests/cve-2014-1943.phpt. + - CVE-2013-1943 + + -- Marc Deslauriers Fri, 28 Feb 2014 14:55:00 -0500 + +php5 (5.3.10-1ubuntu3.9) precise-security; urgency=low + + * SECURITY UPDATE: denial of service and possible code execution via + malicious certificate + - debian/patches/CVE-2013-6420.patch: properly validate timestr in + ext/openssl/openssl.c, added ext/openssl/tests/cve-2013-6420.*. + - CVE-2013-6420 + * SECURITY UPDATE: denial of service via crafted interval specification + - debian/patches/CVE-2013-6712.patch: check error_count in + ext/date/lib/parse_iso_intervals.*. + - CVE-2013-6712 + + -- Marc Deslauriers Wed, 11 Dec 2013 19:22:04 -0500 + +php5 (5.3.10-1ubuntu3.8) precise-security; urgency=low + + * SECURITY UPDATE: SSL cert validation spoofing via NULL character in + subjectAltName. + - debian/patches/CVE-2013-4248.patch: validate subjectAltName in + ext/openssl/openssl.c, added test to ext/openssl/tests/cve2013_4073*. + - CVE-2013-4248 + + -- Marc Deslauriers Wed, 04 Sep 2013 12:54:39 -0400 + +php5 (5.3.10-1ubuntu3.7) precise-security; urgency=low + + * SECURITY UPDATE: denial of service and possible code execution via xml + parser heap overflow + - debian/patches/CVE-2013-4113.patch: check against XML_MAXLEVEL in + ext/xml/xml.c, add test to ext/xml/tests/bug65236.phpt. + - CVE-2013-4113 + * SECURITY UPDATE: denial of service via overflow in SdnToJewish + - debian/patches/CVE-2013-4635.patch: check value in + ext/calendar/jewish.c, add test to + ext/calendar/tests/jdtojewish64.phpt. + - CVE-2013-4635 + + -- Marc Deslauriers Mon, 15 Jul 2013 09:49:43 -0400 + +php5 (5.3.10-1ubuntu3.6) precise-security; urgency=low + + * SECURITY UPDATE: arbitrary file disclosure via XML External Entity + - debian/patches/CVE-2013-1643.patch: disable the entity loader in + ext/libxml/libxml.c, ext/libxml/php_libxml.h, ext/soap/php_xml.c. + - CVE-2013-1643 + + -- Marc Deslauriers Fri, 08 Mar 2013 16:22:01 -0500 + +php5 (5.3.10-1ubuntu3.5) precise-security; urgency=low + + * SECURITY UPDATE: arbitrary memory disclosure (LP: #1099793) + - debian/patches/CVE-2012-6113.patch: properly initialize length in + ext/openssl/openssl.c. + - CVE-2012-6113 + + -- Marc Deslauriers Fri, 18 Jan 2013 09:49:22 -0500 + +php5 (5.3.10-1ubuntu3.4) precise-security; urgency=low + + * SECURITY UPDATE: HTTP response-splitting issue with %0D sequences + - debian/patches/CVE-2011-1398.patch: properly handle %0D and NUL in + main/SAPI.c, added tests to ext/standard/tests/*, fix test suite + failures in ext/phar/phar_object.c. + - CVE-2011-1398 + - CVE-2012-4388 + * SECURITY UPDATE: denial of service and possible code execution via + _php_stream_scandir function (LP: #1028064) + - debian/patches/CVE-2012-2688.patch: prevent overflow in + main/streams/streams.c. + - CVE-2012-2688 + * SECURITY UPDATE: denial of service via PDO extension crafted parameter + - debian/patches/CVE-2012-3450.patch: improve logic in + ext/pdo/pdo_sql_parser.re, regenerate ext/pdo/pdo_sql_parser.c, add + test to ext/pdo_mysql/tests/bug_61755.phpt. + - CVE-2012-3450 + + -- Marc Deslauriers Tue, 11 Sep 2012 11:28:52 -0400 + +php5 (5.3.10-1ubuntu3.3) precise-proposed; urgency=low + + * Applies upstream bug fixes for several issues and bugs: + * php5-fpm segfaults with error 4 in libc-2.15.so + (LP: #1006738. Bug Priority: High) + * PHP5-FPM not reporting errors to web server (nginx) + (LP: #1014044. Bug Priority: Medium) + + -- Thomas Ward Tue, 31 Jul 2012 21:15:08 -0400 + +php5 (5.3.10-1ubuntu3.2) precise-security; urgency=low + + * SECURITY UPDATE: denial of service via invalid tidy objects + - debian/patches/CVE-2012-0781.patch: track initialization in + ext/tidy/tidy.c, added tests to ext/tidy/tests/004.phpt, + ext/tidy/tests/bug54682.phpt. + - CVE-2012-0781 + * SECURITY UPDATE: denial of service or possible directory traversal via + invalid filename. + - debian/patches/CVE-2012-1172.patch: ensure brackets get closed in + main/rfc1867.c, add test to tests/basic/bug55500.phpt. + - CVE-2012-1172 + * SECURITY UPDATE: password truncation via invalid byte + - debian/patches/CVE-2012-2143.patch: improve logic in + ext/standard/crypt_freesec.c, add test to + ext/standard/tests/strings/crypt_chars.phpt. + - CVE-2012-2143 + * SECURITY UPDATE: improve php5-cgi query string parameter parsing + - debian/patches/CVE-2012-233x.patch: improve parsing in + sapi/cgi/cgi_main.c. + - CVE-2012-2335 + - CVE-2012-2336 + * SECURITY UPDATE: phar extension heap overflow + - debian/patches/CVE-2012-2386.patch: check for overflow in + ext/phar/tar.c. + - CVE-2012-2386 + + -- Marc Deslauriers Tue, 12 Jun 2012 13:40:37 -0400 + +php5 (5.3.10-1ubuntu3.1) precise-security; urgency=low + + * SECURITY UPDATE: php5-cgi query string parameters parsing + vulnerability + - debian/patches/php5-CVE-2012-1823.patch: filter query strings that + are prefixed with '-' + - CVE-2012-1823 + - CVE-2012-2311 + + -- Steve Beattie Thu, 03 May 2012 15:42:08 -0700 + +php5 (5.3.10-1ubuntu3) precise; urgency=low + + * Cherry picked fixes from Debian testing: + - d/maxlifetime: Improve maxlifetime script to scan for more SAPIs and + scan all *.ini in conf.d directory. + (LP: #916065). + - d/libapache2-mod-php5.postinst,libapache2-mod-php5filter.postinst: + Restart apache on first install to ensure module is fully enabled. + (LP: #953081). + + -- James Page Wed, 11 Apr 2012 14:27:10 +0100 + +php5 (5.3.10-1ubuntu2) precise; urgency=low + + * Pre-Depend on a new enough version of dpkg for dpkg-maintscript-helper + rather than checking whether it exists at run-time, leading to more + predictable behaviour on upgrades. + + -- Colin Watson Mon, 05 Mar 2012 12:21:35 +0000 + +php5 (5.3.10-1ubuntu1) precise; urgency=low + + * Merge from Debian testing. Remaining changes: + - d/control: build-depend on mysql 5.5 instead of 5.1 for running tests. + - d/setup-mysql.sh: modify to work with mysql 5.5 differences + - debian/rules: export DEB_HOST_MULTIARCH properly. + - Only build php5-sqlite for sqlite3, dropping the obsolete sqlite2. + - Add build-dependency on lemon, which we now need. + - Dropped firebird2.1-dev, libc-client-dev, libmcrypt-dev as it is in universe. + - Dropped libcurl-dev not in the archive. + - debian/control: replace build-depends on mysql-server with + mysql-server-core-5.5 and mysql-client-5.5 to avoid upstart and + mysql-server-5.5 postinst confusion with starting up multiple + mysqlds listening on the same port. + - Dropped php5-imap, php5-interbase, php5-mcrypt since we have versions + already in universe. + - Suggest php5-suhosin rather than recommends. + - Dropped libonig-dev and libqgdbm since its in universe. (libonig MIR + has been declined due to an inactive upstream. So this is probably + a permanent change). + - modulelist: Drop imap, interbase, sybase, and mcrypt. + - debian/rules: + * Dropped building of mcrypt, imap, and interbase. + * Install apport hook for php5. + * stop mysql instance on clean just in case we failed in tests + - debian/control: Recommend php5-dev for php-pear. + * Dropped Changes: + - d/patches/CVE-2011-4566.patch: Applied upstream + - debian/rules: --enable-pcntl for cgi as well. (Applied in Debian) + * d/rules: enable Suhosin patch with PHP5_SUHOSIN=yes + * d/NEWS: add note explaining that SUHOSIN *is* enabled in the Ubuntu + package. + * d/rules: Simplify apache config settings since we never build + interbase or firebird. + + -- Clint Byrum Thu, 16 Feb 2012 03:17:18 -0800 + +php5 (5.3.10-1) unstable; urgency=high + + [ Raphael Geissert ] + * Remove myself from uploaders + * Randomly choose the mysql server's port + + [ Ondřej Surý ] + * Fix use_embedded_timezonedb.patch in custom builds (Courtesy of + Dominic Scheirlinck) (Closes: #652599) + * Fix typo in firebird2.1-dev build dependency + * Update gbp.conf for 5.3.x branch + * Imported Upstream version 5.3.10 + + CVE-2012-0830: Fixed arbitrary remote code execution vulnerability + reported by Stefan Esser. + + -- Ondřej Surý Fri, 03 Feb 2012 09:38:06 +0100 + +php5 (5.3.9-6) unstable; urgency=low + + * Build MySQL extensions with Native Driver as an alternative + (Closes: #576412) + * Set default mysql socket location to /var/run/mysqld/mysqld.sock + * Move php5-sqlite postinst code to postinst.extra + * Cherry-pick patches from Fedora: + + Fix mysqlnd socket location fix + + Define _GNU_SOURCE in the configure.in + + Typing fixes in dba extension + + Don't add RPATH to extensions + * Add missing check for dpkg-maintscript-helper in sqlite preinst + and postrm + * Add code to specify priority of modules to load mysqlnd.so before + mysql.so and mysqli.so in php5-mysqlnd package + * Alter version in rm_conffile call to 5.3.9~ to handle all possible + versions due binNMUs (Closes: #656495) + * Add more condition when to remove empty postinst script + + -- Ondřej Surý Tue, 31 Jan 2012 15:25:57 +0100 + +php5 (5.3.9-5) unstable; urgency=low + + * Use DEB_HOST_ARCH, not DEB_HOST_ARCH_OS to check where to build + firebird module (Closes: #645401) + * Add back firebird2.5-dev and firebird2.1-dev to allow backports + * Disable tests on hurd-i386 for now, because it FTBFS + * Don't fail if suhosin is not enabled (Closes: #657808) + + -- Ondřej Surý Sun, 29 Jan 2012 09:27:28 +0100 + +php5 (5.3.9-4) unstable; urgency=low + + * Remove suhosin patch from description and add short NEWS about + disabling Suhosin patch (Closes: #657697) + * Re-enable firebird extension build on armhf and powerpcspe + (Closes: #657691) + + -- Ondřej Surý Sat, 28 Jan 2012 08:50:42 +0100 + +php5 (5.3.9-3) unstable; urgency=low + + * Don't build firebird extension on hurd, m68k, hppa, ppc64, armhf and + powerpcspe (Closes: #651070) + * Avoid ptrace hungs when building on hurd + * Check for dpkg-maintscript-helper existence instead of hard dpkg + dependency to allow backported packaged on older (Ubuntu lucid) + systems + * Remove Suhosin patch, but add PHP5_SUHOSIN=no/yes option to + debian/rules + * Update patches after suhosin.patch removal and update suhosin.patch to + cleanly apply as a last patch in the series + * Replace firebird2.[15]-dev (transitional) dependencies with + firebird-dev + * More Firebird adjustments, don't build the extension on more ports, + where firebird-dev is not available + + -- Ondřej Surý Fri, 27 Jan 2012 11:02:48 +0100 + +php5 (5.3.9-2) unstable; urgency=low + + * Handle sqlite.so removal (remove conffile) (Closes: #656495) + * Add Breaks: roundcube-sqlite since we no longer ship sqlite.so + + -- Ondřej Surý Tue, 24 Jan 2012 09:55:56 +0100 + +php5 (5.3.9-1) unstable; urgency=low + + * Remove obsolete sqlite(2) module from php5-sqlite + * Use correct signals in php5-fpm init script (Closes: #645934) + * Imported Upstream version 5.3.9 + * Adapt debian/patches to 5.3.9 release + + -- Ondřej Surý Wed, 11 Jan 2012 16:33:20 +0100 + +php5 (5.3.8.0-1ubuntu3) precise; urgency=low + + * SECURITY UPDATE: Denial of service and possible information disclosure + via exif integer overflow + - debian/patches/CVE-2011-4566.patch: fix count checks in + ext/exif/exif.c. + - CVE-2011-4566 + + -- Marc Deslauriers Mon, 12 Dec 2011 15:14:28 -0500 + +php5 (5.3.8.0-1ubuntu2) precise; urgency=low + + * d/control: build-depend on mysql 5.5 instead of 5.1 for running tests. + * d/setup-mysql.sh: modify to work with mysql 5.5 differences + + -- Clint Byrum Thu, 24 Nov 2011 10:28:38 -0800 + +php5 (5.3.8.0-1ubuntu1) precise; urgency=low + + * Resynchronise with Debian. Remaining changes: + - debian/rules: export DEB_HOST_MULTIARCH properly. + - Only build php5-sqlite for sqlite3, dropping the obsolete sqlite2. + - Add build-dependency on lemon, which we now need. + - Dropped firebird2.1-dev, libc-client-dev, libmcrypt-dev as it is in universe. + - Dropped libcurl-dev not in the archive. + - debian/control: replace build-depends on mysql-server with + mysql-server-core-5.1 and mysql-client-5.1 to avoid upstart and + mysql-server-5.1 postinst confusion with starting up multiple + mysqlds listening on the same port. + - Dropped php5-imap, php5-interbase, php5-mcrypt since we have versions + already in universe. + - Suggest php5-suhosin rather than recommends. + - Dropped libonig-dev and libqgdbm since its in universe. (libonig MIR + has been declined due to an inactive upstream. So this is probably + a permanent change). + - modulelist: Drop imap, interbase, sybase, and mcrypt. + - debian/rules: + * Dropped building of mcrypt, imap, and interbase. + * Install apport hook for php5. + * stop mysql instance on clean just in case we failed in tests + - debian/control: Recommend php5-dev for php-pear. + - debian/rules: --enable-pcntl for cgi as well. + * debian/patches/temporary-path-fixes-for-multiarch.patch: Handle + multiarch libmysqlclient as well. + + -- Colin Watson Wed, 23 Nov 2011 12:58:51 +0000 + +php5 (5.3.8.0-1) unstable; urgency=low + + * Re-re-imported upstream version 5.3.8, as a new sourceful update, + in order to prevent the package from remaining as a native package. + + -- Sean Finney Thu, 27 Oct 2011 17:17:02 +0200 + +php5 (5.3.8-2ubuntu2) precise; urgency=low + + * Rebuild for libicu48. + + -- Colin Watson Wed, 23 Nov 2011 10:54:32 +0000 + +php5 (5.3.8-2ubuntu1) precise; urgency=low + + * Merge with Debian; remaining changes: + - debian/rules: export DEB_HOST_MULTIARCH properly. + - Only build php5-sqlite for sqlite3, dropping the obsolete sqlite2. + - Add build-dependency on lemon, which we now need. + - Dropped firebird2.1-dev, libc-client-dev, libmcrypt-dev as it is in universe. + - Dropped libcurl-dev not in the archive. + - debian/control: replace build-depends on mysql-server with + mysql-server-core-5.1 and mysql-client-5.1 to avoid upstart and + mysql-server-5.1 postinst confusion with starting up multiple + mysqlds listening on the same port. + - Dropped php5-imap, php5-interbase, php5-mcrypt since we have versions + already in universe. + - Suggest php5-suhosin rather than recommends. + - Dropped libonig-dev and libqgdbm since its in universe. (libonig MIR + has been declined due to an inactive upstream. So this is probably + a permanent change). + - modulelist: Drop imap, interbase, sybase, and mcrypt. + - debian/rules: + * Dropped building of mcrypt, imap, and interbase. + * Install apport hook for php5. + * stop mysql instance on clean just in case we failed in tests + - debian/control: Recommend php5-dev for php-pear. + - debian/rules: --enable-pcntl for cgi as well. + + -- Matthias Klose Tue, 18 Oct 2011 15:39:03 +0200 + +php5 (5.3.8-2) unstable; urgency=low + + * Fix botched upload when git-buildpackage didn't play well with + bz2 upstream archive + * Add additional temporary fix for MultiArch OpenSSL + + -- Ondřej Surý Mon, 12 Sep 2011 09:06:10 +0200 + +php5 (5.3.8-1) unstable; urgency=low + + * Imported Upstream version 5.3.8 + * Refresh patches to 5.3.8 release + * Pull fixes for DateTime tests from upstream SVN + * Add additional temporary fix for MultiArch for sybase/mssql + + -- Ondřej Surý Wed, 24 Aug 2011 13:13:51 +0200 + +php5 (5.3.7-1) unstable; urgency=low + + * Imported Upstream version 5.3.7 + * Update patches to the new 5.3.7 release and remove those merged + upstream + * Don't require autoconf 2.59 and lower, we'll deal with consequences + * Add MultiArch fix for LDAP libraries + * Remove PEAR patching with CVE-2011-1144.patch which was merged upstream + + -- Ondřej Surý Fri, 19 Aug 2011 14:18:03 +0200 + +php5 (5.3.6-13ubuntu3) oneiric; urgency=low + + * debian/rules: export DEB_HOST_MULTIARCH properly, so that I don't spend + an hour scratching my head at './debian/rules configure' not working + right. + * Only build php5-sqlite for sqlite3, dropping the obsolete sqlite2. + * Add build-dependency on lemon, which we now need. + + -- Steve Langasek Wed, 24 Aug 2011 21:40:27 +0000 + +php5 (5.3.6-13ubuntu2) oneiric; urgency=low + + * debian/rules: build with --with-openssl instead of --with-openssl=/usr, + to autodetect libraries in multiarch directories. + * debian/patches/temporary-path-fixes-for-multiarch.patch: add ldap + multiarch checks. LP: #826601. + + -- Steve Langasek Tue, 16 Aug 2011 06:14:55 +0000 + +php5 (5.3.6-13ubuntu1) oneiric; urgency=low + + * Merge from debian unstable. Remaining changes: + * Dropped firebird2.1-dev, libc-client-dev, libmcrypt-dev as it is in universe. + * Dropped libcurl-dev not in the archive. + * debian/control: replace build-depends on mysql-server with + mysql-server-core-5.1 and mysql-client-5.1 to avoid upstart and + mysql-server-5.1 postinst confusion with starting up multiple + mysqlds listening on the same port. + * Dropped php5-imap, php5-interbase, php5-mcrypt since we have versions + already in universe. + * Suggest php5-suhosin rather than recommends. + * Dropped libonig-dev and libqgdbm since its in universe. (libonig MIR + has been declined due to an inactive upstream. So this is probably + a permanent change). + * modulelist: Drop imap, interbase, sybase, and mcrypt. + * debian/rules: + * Dropped building of mcrypt, imap, and interbase. + * Install apport hook for php5. + * stop mysql instance on clean just in case we failed in tests + * debian/control: Recommend php5-dev for php-pear. + * debian/rules: --enable-pcntl for cgi as well. + * debian/patches/temporary-path-fixes-for-multiarch.patch: as a stopgap + for natty, patch the various config.m4 files for modules whose + libraries have moved to the multiarch dir; we can't use --with-libdir + yet because that requires all the build-deps to have moved. Thanks to + Jonathan Marsden for preparing this patch. + * debian/patches/fpm-config.patch: Update php-fpm.conf(pool.d/con) + to do initial chdir to / as suggest by Olaf van van der Spek + to detect early problems if php5-fpm needs a write access to + initial chdir. + * SECURITY UPDATE: use-after-free vulnerability + - debian/patches/php5-CVE-2011-1148.patch: improve reference + counting + - CVE-2011-1148 + * debian/rules: set DEB_HOST_MULTIARCH to enable 'debian/rules' for + building. + + -- Chuck Short Mon, 25 Jul 2011 19:14:12 +0100 + +php5 (5.3.6-13) unstable; urgency=low + + * Fix CVE-2011-2483: 8-bit character mishandling allows different + password pairs to produce the same hash (Closes: #631347) + * Add support for $2x$ identifier as blowfish variant in crypt.c to + allow backward compatibility with old invalid hashes + * Return fail string (*0) on invalid Blowfish salt rounds + * Add NEWS item about incompatible blowfish hashes + * Fix CVE-2011-1938: Stack-based buffer overflow in the socket_connect + function in ext/sockets/sockets.c in PHP 5.3.3 through 5.3.6 might + allow context-dependent attackers to execute arbitrary code via a + long pathname for a UNIX socket. + + -- Ondřej Surý Mon, 04 Jul 2011 12:41:07 +0200 + +php5 (5.3.6-12) unstable; urgency=low + + * Bump standards version to 3.9.2 + * Update cron.d code to even safer variant (Courtesy of Bob Proulx) + * Small optimization in cron.d script (Courtesy of Marcus Cobden) + * Add firebird2.1-dev option to allow backports + * Pull (and fix broken patch) multiarch workaround from Ubuntu natty + * Add error message when phpize is not found (Closes: #627937) + * Enable pcntl extension for CGI builds (Closes: #627941), but + disable all pcntl functions by default + * File path injection vulnerability in RFC1867 File upload filename + [CVE-2011-2202] + + -- Ondřej Surý Wed, 15 Jun 2011 11:06:40 +0200 + +php5 (5.3.6-11ubuntu1) oneiric; urgency=low + + * Merge from debian unstable. Remaining changes: + * Dropped firebird2.1-dev, libc-client-dev, libmcrypt-dev as it is in universe. + * Dropped libcurl-dev not in the archive. + * debian/control: replace build-depends on mysql-server with + mysql-server-core-5.1 and mysql-client-5.1 to avoid upstart and + mysql-server-5.1 postinst confusion with starting up multiple + mysqlds listening on the same port. + * Dropped php5-imap, php5-interbase, php5-mcrypt since we have versions + already in universe. + * Suggest php5-suhosin rather than recommends. + * Dropped libonig-dev and libqgdbm since its in universe. (libonig MIR + has been declined due to an inactive upstream. So this is probably + a permanent change). + * modulelist: Drop imap, interbase, sybase, and mcrypt. + * debian/rules: + * Dropped building of mcrypt, imap, and interbase. + * Install apport hook for php5. + * stop mysql instance on clean just in case we failed in tests + * debian/control: Recommend php5-dev for php-pear. + * debian/rules: --enable-pcntl for cgi as well. + * debian/patches/temporary-path-fixes-for-multiarch.patch: as a stopgap + for natty, patch the various config.m4 files for modules whose + libraries have moved to the multiarch dir; we can't use --with-libdir + yet because that requires all the build-deps to have moved. Thanks to + Jonathan Marsden for preparing this patch. + * debian/patches/fpm-config.patch: Update php-fpm.conf(pool.d/con) + to do initial chdir to / as suggest by Olaf van van der Spek + to detect early problems if php5-fpm needs a write access to + initial chdir. + * SECURITY UPDATE: use-after-free vulnerability + - debian/patches/php5-CVE-2011-1148.patch: improve reference + counting + - CVE-2011-1148 + * debian/rules: set DEB_HOST_MULTIARCH to enable 'debian/rules' for + building. + * Dropped Changes: + * Dropped libmysqlclient15-dev, build against mysql 5.1. -- Dropped in debian. + * Dropped locales-all. -- Now has alternative language-pack-de for use in tests. + * debian/php5-fpm.init: backport changes from Debian package to run + configuration check. Removes check for /var/www which broke stand- + alone installation of php5-fpm. -- superseded upstream + * All CVE's not mentioned above (applied upstream or in Debian) + * debian/patches/configure-as-needed.patch. Work around suspicious + configure macros to fix a build failure with --as-needed + * debian/patches/backport-upstream-lp592442.patch: Backport upstream fix + for ssl fopen issues. -- applied in Debian + * debian/patches/lp564920-fix-big-files.patch: Fix downloading of large + files -- applied in Debian + + -- Clint Byrum Wed, 25 May 2011 10:34:40 -0700 + +php5 (5.3.6-11) unstable; urgency=low + + * Use more reasonable default number of processes for PHP5-FPM + * Enable firebird support everywhere also in debian/rules + * Don't delete still used session files (Closes: #626640) + * Enable building of php5-interbase by adding Architecture: any + to debian/control + * Use dh_prep instead of dh_clean -k + + -- Ondřej Surý Sat, 14 May 2011 22:15:32 +0200 + +php5 (5.3.6-10) unstable; urgency=low + + * Purge .start files in postrm, not in prerm (Closes: #607520) + * Register config files to UCF Registry + + -- Ondřej Surý Sat, 30 Apr 2011 13:16:27 +0200 + +php5 (5.3.6-9) unstable; urgency=low + + * Make sure even harded to not left any stale file after purging the + package (Closes: #607520) + * Move libapache2-mod-php5filter to extra to satisfy policy + * Remove oldstable dependcy on firebird2.0-dev + * Enable php5-interbase on all platforms and update build dependency + on firebird2.5-dev + * Import backported upstream fix for fopen fails on some SSL urls + * Remove windows devel file from php5-dev + * Add more lintian-overrides: + + Missing dependency on phpapi for php5-common is not missing + + php-pear is keeping it's original directory structure + + Double the filenames (./usr vs usr) to fix difference between + lintian versions + + the embedded file library (libmagic) is unfortunately a custom + one and cannot be replaced by system one (it's on the TODO list) + + -- Ondřej Surý Thu, 28 Apr 2011 13:37:07 +0200 + +php5 (5.3.6-8) unstable; urgency=low + + * Provides/Replaces/Conflicts: php5-idn (Closes: #547117) + * Build depend on libdb-dev (>= 5.1) (Closes: #621443) + + -- Ondřej Surý Sun, 10 Apr 2011 23:27:44 +0200 + +php5 (5.3.6-7) unstable; urgency=low + + * Disable SSLv2 when disabled in OpenSSL (Closes: #620776) + + -- Ondřej Surý Mon, 04 Apr 2011 08:40:25 +0200 + +php5 (5.3.6-6) unstable; urgency=low + + * Fix order of do_check in php5-fpm.init to check for the right return + code + + -- Ondřej Surý Thu, 31 Mar 2011 11:46:49 +0200 + +php5 (5.3.6-5) unstable; urgency=low + + * Don't fail the php5-fpm init.d script if VERBOSE is `no' + * Fix some compile errors with --enable-maintainer-zts as reported by + Raphaël Gertz + * Make php5-fpm init.d script even less verbose on startup + + -- Ondřej Surý Mon, 28 Mar 2011 17:05:17 +0200 + +php5 (5.3.6-4) unstable; urgency=low + + * Merged r308688 fix s/raiseErro/raiseError/ and fixed parenthese in + r309043 (Closes: #619307) (Courtesy of upstream and Ernesto Domato) + * Make locales-all build dependency useful by fixing language tests + to use de_DE.UTF-8 + * Debian packaging: + + Allow easy porting to Ubuntu by adding alternate dependency for + locales-all -> language-pack-de, because only german locale is used + in the tests + + Fix missing debhelper token in php5-fpm.preinst + * Explicitly set pm.start_servers in php5-fpm to make it quiet + * Update php5-fpm.init according to latest /etc/init.d/skeleton + (Closes: #619383) + + -- Ondřej Surý Wed, 23 Mar 2011 16:44:28 +0100 + +php5 (5.3.6-3) unstable; urgency=low + + * Update php-fpm.conf(pool.d/www.conf) to do initial chdir to / as + suggested by Olaf van der Spek to detect early problems if php5-fpm + needs a write access to initial chdir. Also fix brown-paper-bug + which made the setting new chdir not work because we already modify + it elsewhere (Closes: #601243) + + -- Ondřej Surý Mon, 21 Mar 2011 16:27:01 +0100 + +php5 (5.3.6-2) unstable; urgency=low + + * Update default configuration file for php5-fpm (Closes: #619104) + * Depend only on libdb4.8-dev | libdb4.6-dev to match apache2 + (Closes: #619036) + + Will coordinate change to db5.1 with apache2 maintainer + + -- Ondřej Surý Mon, 21 Mar 2011 11:54:04 +0100 + +php5 (5.3.6-1) unstable; urgency=low + + * Imported Upstream version 5.3.6 + + PEAR updated to 1.9.2 (CVE-2011-1072) + * Cherry-pick CVE-2011-1144 from PEAR 1.9.3 (Closes: #546164) + * Debian packaging: + + Start using pristine-tar + + Remove patches merged upstream or otherwise deprecated + + Move php5-fpm.postrm extras to debian/rules + * FPM SAPI changes: + + Set initial chdir to /tmp in www pool (Closes: #601243) + + Rename main configuration file to php-fpm.conf to match upstream + + Enable error reporting in init.d file + + Patch FPM SAPI to use Debian php-fpm.conf as default + * Fix regression with missing CRYPT_SALT_LENGTH (Closes: #603012) + * Generate SHA512 salt string when provided salt is null (Closes: #581170) + * Fix FTBFS with gold or ld --no-add-needed (Closes: #615770) + * Don't mmap large >4GB files + * CVE-2011-0441: Be more careful when removing session files + (Closes: #618489) + + -- Ondřej Surý Fri, 18 Mar 2011 15:51:50 +0100 + +php5 (5.3.5-1ubuntu7.2) natty-security; urgency=low + + * debian/patches/php5-pear-CVE-2011-1144-regression.patch: fix + mkdir parenthesis issue and PEAR::raiseErro typo (LP: #774452) + + -- Steve Beattie Sat, 30 Apr 2011 16:00:39 -0700 + +php5 (5.3.5-1ubuntu7.1) natty-security; urgency=low + + * SECURITY UPDATE: arbitrary files removal via cronjob + - debian/php5-common.php5.cron.d: take greater care when removing + session files. + - http://git.debian.org/?p=pkg-php%2Fphp.git;a=commitdiff_plain;h=d09fd04ed7bfcf7f008360c6a42025108925df09 + - CVE-2011-0441 + * SECURITY UPDATE: symlink tmp races in pear install + - debian/patches/php5-pear-CVE-2011-1072.patch: improved + tempfile handling. + - debian/rules: apply patch manually after unpacking PEAR phar + archive. + - CVE-2011-1072 + * SECURITY UPDATE: more symlink races in pear install + - debian/patches/php5-pear-CVE-2011-1144.patch: add TOCTOU save + file handler. + - debian/rules: apply patch manually after unpacking PEAR phar + archive. + - CVE-2011-1144 + * SECURITY UPDATE: denial of service through application crash with + invalid images + - debian/patches/php5-CVE-2010-4698.patch: verify anti-aliasing + steps are either 4 or 16. + - CVE-2010-4698 + * SECURITY UPDATE: denial of service through application crash + - debian/patches/php5-CVE-2011-0420.patch: improve grapheme_extract() + argument validation. + - CVE-2011-0420 + * SECURITY UPDATE: denial of service through application crash + - debian/patches/php5-CVE-2011-0421.patch: fail operation gracefully + when handling zero sized zipfile with the FL_UNCHANGED argument + - CVE-2011-0421 + * SECURITY UPDATE: denial of service through application crash when + handling images with invalid exif tags + - debian/patches/php5-CVE-2011-0708.patch: stricter exif checking + - CVE-2011-0708 + * SECURITY UPDATE: denial of service and possible data disclosure + through integer overflow + - debian/patches/php5-CVE-2011-1092.patch: better boundary + condition checks in shmop_read() + - CVE-2011-1092 + * SECURITY UPDATE: use-after-free vulnerability + - debian/patches/php5-CVE-2011-1148.patch: improve reference + counting + - CVE-2011-1148 + * SECURITY UPDATE: format string vulnerability + - debian/patches/php5-CVE-2011-1153.patch: correctly quote format + strings + - CVE-2011-1153 + * SECURITY UPDATE: denial of service through buffer overflow crash + (code execution mitigated by compilation with Fortify Source) + - debian/patches/php5-CVE-2011-1464.patch: limit amount of precision + to ensure fitting within MAX_BUF_SIZE + - CVE-2011-1464 + * SECURITY UPDATE: denial of service through application crash + - debian/patches/php5-CVE-2011-1467.patch: check for invalid + attribute symbols in NumberFormatter::setSymbol() + - CVE-2011-1467 + * SECURITY UPDATE: denial of service through memory leak + - debian/patches/php5-CVE-2011-1468.patch: fix memory leak of + openssl contexts + - CVE-2011-1468 + * SECURITY UPDATE: denial of service through application crash + when using HTTP proxy with the FTP wrapper + - debian/patches/php5-CVE-2011-1469.patch: improve pointer handling + - CVE-2011-1469 + * SECURITY UPDATE: denial of service through application crash when + handling ziparchive streams + - debian/patches/php5-CVE-2011-1470.patch: set necessary elements of + the meta data structure + - CVE-2011-1470 + * SECURITY UPDATE: denial of service through application crash when + handling malformed zip files + - debian/patches/php5-CVE-2011-1471.patch: correct integer + signedness error when handling zip_fread() return value. + - CVE-2011-1471 + * debian/control: replace build-depends on mysql-server with + mysql-server-core-5.1 and mysql-client-5.1 to avoid upstart and + mysql-server-5.1 postinst confusion with starting up multiple + mysqlds listening on the same port. + + -- Steve Beattie Tue, 26 Apr 2011 08:34:26 -0700 + +php5 (5.3.5-1ubuntu7) natty; urgency=low + + * debian/php5-fpm.init: backport changes from Debian package to run + configuration check. Removes check for /var/www which broke stand- + alone installation of php5-fpm. (LP: #753924) + * debian/rules: set DEB_HOST_MULTIARCH to enable 'debian/rules' for + building. + + -- Clint Byrum Tue, 12 Apr 2011 14:21:14 -0700 + +php5 (5.3.5-1ubuntu6) natty; urgency=low + + * debian/patches/fpm-config.patch: Update php-fpm.conf(pool.d/con) + to do initial chdir to / as suggest by Olaf van van der Spek + to detect early problems if php5-fpm needs a write access to + initial chdir. + * debian/patches/backport-upstream-lp592442.patch: Backport upstream fix + for ssl fopen issues. (LP: #592442) + + -- Chuck Short Fri, 01 Apr 2011 09:29:49 -0400 + +php5 (5.3.5-1ubuntu5) natty; urgency=low + + * debian/patches/temporary-path-fixes-for-multiarch.patch: as a stopgap + for natty, patch the various config.m4 files for modules whose + libraries have moved to the multiarch dir; we can't use --with-libdir + yet because that requires all the build-deps to have moved. Thanks to + Jonathan Marsden for preparing this patch. LP: #739977. + * debian/patches/ubuntu/ubuntu-php-version.patch: drop. This is an + autogenerated file. + + -- Steve Langasek Thu, 24 Mar 2011 22:34:00 +0000 + +php5 (5.3.5-1ubuntu4) natty; urgency=low + + * debian/control: Recommend php5-dev for php-pear. (LP: #634359) + * debian/rules: --enable-pcntl for cgi as well. (LP: #658346) + + -- Chuck Short Mon, 14 Mar 2011 10:34:00 -0400 + +php5 (5.3.5-1ubuntu3) natty; urgency=low + + * debian/php5-fpm.init: Fix logic from previous commit. + + -- Chuck Short Mon, 14 Mar 2011 08:18:17 -0400 + +php5 (5.3.5-1ubuntu2) natty; urgency=low + + * debian/php5-fpm.init: Dont start fpm if /var/www doesnt exist. + (LP: #731572) + + -- Chuck Short Fri, 11 Mar 2011 16:29:24 -0500 + +php5 (5.3.5-1ubuntu1) natty; urgency=low + + * Merge from debian/unstable. Remaining changes: + - debian/control: + * Dropped firebird2.1-dev, libc-client-dev, libmcrypt-dev as it is in universe. + * Dropped libmysqlclient15-dev, build against mysql 5.1. + * Dropped libcurl-dev not in the archive. + * Suggest php5-suhosin rather than recommends. + * Dropped php5-imap, php5-interbase, php5-mcrypt since we have versions + already in universe. + * Dropped libonig-dev and libqgdbm since its in universe. (will be re-added in lucid+1) + - modulelist: Drop imap, interbase, sybase, and mcrypt. + - debian/rules: + * Dropped building of mcrypt, imap, and interbase. + * Install apport hook for php5. + * stop mysql instance on clean just in case we failed in tests + + -- Chuck Short Tue, 22 Feb 2011 09:46:37 -0500 + +php5 (5.3.5-1) unstable; urgency=low + + * Imported Upstream version 5.3.5 + * Updated suhosin patch to 0.9.10 + * Add Conflict: with php5-idn to php5-intl (Closes: #610935) + * Build the FPM SAPI (Closes: #603174) + * Adapted (and removed upstream-applied) patches to php 5.3.5 + + -- Ondřej Surý Wed, 16 Feb 2011 15:17:32 +0100 + +php5 (5.3.3-7ubuntu1) natty; urgency=low + + * Merge from debian unstable. Remaining changes: + - debian/control: + * Dropped firebird2.1-dev, libc-client-dev, libmcrypt-dev as it is in universe. + * Dropped libmysqlclient15-dev, build against mysql 5.1. + * Dropped libcurl-dev not in the archive. + * Suggest php5-suhosin rather than recommends. + * Dropped php5-imap, php5-interbase, php5-mcrypt since we have versions + already in universe. + * Dropped libonig-dev and libqgdbm since its in universe. (will be re-added in lucid+1) + * Dropped locales-all. + - modulelist: Drop imap, interbase, sybase, and mcrypt. + - debian/rules: + * Dropped building of mcrypt, imap, and interbase. + * Install apport hook for php5. + * stop mysql instance on clean just in case we failed in tests + - Dropped debian/patches/fix-upstream-bug53632.patch, used debian's instead. + - Dropped debian/patches/mssql-fix-segfault.patch, use debian's instead. + - debian/patches/configure-as-needed.patch. Work around suspicious + configure macros to fix a build failure with --as-needed + - debian/patches/php52389-pgsql-segfault.patch: removing, causes error + handling to fail. + + -- Chuck Short Fri, 07 Jan 2011 22:44:56 +0000 + +php5 (5.3.3-7) unstable; urgency=low + + * Cherry pick patches for: + + double free vulnerability in the imap_do_open function in the IMAP + extension (CVE-2010-4150) + + infinite loop with x87 CPU + + extract() to not overwrite $GLOBALS and $this when using + EXTR_OVERWRITE + + crash if aa steps are invalid in GD extension + + crash with entitity declaration in simplexml.c + + NULL dereference in Zend language scanner + + integer overflow in SdnToJulian + + memory leaks and possible crash introduced by NULL poisoning patch + + leaks and crash when passing the callback as a variable + + leak in highlight_string + + segmentation fault in pgsql_stmt_execute when postgres is down + + segmentation fault when extending SplFixedArray + + segmentation fault when node is NULL in simplexml.c + + segmentation fault when using several cloned intl objects + + segmentation fault when using bad column_number in sqlite3 columnName + * Add comment about cherry picked patches (and last revision) from + upstream SVN to README.source + + -- Ondřej Surý Wed, 05 Jan 2011 11:06:20 +0100 + +php5 (5.3.3-6) unstable; urgency=medium + + * Cherry-pick fix for crashes on invalid parameters in intl extension. + (CVE-2010-4409). + * Cherry pick fix for crash in zip extract method (possible CWE-170) + * Cherry pick fix for unaligned memory access in ext/hash/hash_tiger.c + * Update CVE-2010-3870 to include test case + * Cherry pick complete fix to reject filenames with NULL (CVE requested) + + -- Ondřej Surý Tue, 07 Dec 2010 11:15:58 +0100 + +php5 (5.3.3-5) unstable; urgency=high + + * Add firebird support for armhf (Closes: #604526) + * More updates to open_basedir (Closes: #605391) + + -- Ondřej Surý Tue, 30 Nov 2010 12:00:37 +0100 + +php5 (5.3.3-4) unstable; urgency=low + + * Cherry pick patches for (Closes: #603751): + + NULL pointer dereference in ZipArchive::getArchiveComment + (CVE-2010-3709) + + utf8_decode xml_utf8_decode vulnerability (CVE-2010-3870) + + mb_strcut() returns garbage with the excessive length parameter + (CVE-2010-4156) + + possible flaw in open_basedir (CVE-2010-3436) + + segfault in SplFileObject::fscanf + + memory leak in PDO::FETCH_INTO + + crash when storing many SPLFixedArray in an array + + possible crash in php_mssql_get_column_content_without_type() + + cURL leaks handle and causes assertion error (CURLOPT_STDERR) + + segfault when optional parameters are not passed in to mssql_connect + + segfault when ssl stream option capture_peer_cert_chain used + + crash in GC because of incorrect reference counting + + crash when calling enchant_broker_get_dict_path before set_path + + crash in pdo_firebird getAttribute() + + -- Ondřej Surý Wed, 17 Nov 2010 10:31:58 +0100 + +php5 (5.3.3-3) unstable; urgency=high + + * Fix segfault in filter_var with FILTER_VALIDATE_EMAIL with large + amount of data (CVE-2010-3710, Closes: #601619) + + -- Ondřej Surý Wed, 27 Oct 2010 23:39:37 +0200 + +php5 (5.3.3-2) unstable; urgency=low + + * Upload 5.3.3 to unstable + + Fixes CVE-2010-2225, CVE-2010-2094, CVE-2010-1917, CVE-2010-1866, + CVE-2010-2531, CVE-2010-3065. + * Don't build FPM SAPI now + * Bump standards version to 3.9.1 + * Synchronize system crypt patch + * Cherry pick upstream fix for format vulnerability in phar/stream.c + + Fixes CVE-2010-2950. + * Set explicit error level to hide warnings on systems with modified + php.ini (Closes: #590485) + * Apply patch to fix loading of extensions without [PHP] section + (Closes: #595761) + * Set session.gc_probability back to 0 (Closes: #595706) + * Update PHP5 description to not include references to C, Java and + Perl (Closes: #351032) + + -- Ondřej Surý Thu, 21 Oct 2010 16:57:53 +0200 + +php5 (5.3.3-1ubuntu12) natty; urgency=low + + * debian/patches/fix-upstream-bug53632.patch: Fix infinite loop bug (php bug #53632) + (LP: #697181) + + -- Chuck Short Fri, 07 Jan 2011 12:57:59 -0500 + +php5 (5.3.3-1ubuntu11) natty; urgency=low + + * Add debian/patches/mssql-fix-segfault.patch: Fixes segfault on missing + parameters for mssql. Upstream php bug #52843 and LP: #611316. + + -- Clint Byrum Fri, 03 Dec 2010 23:45:19 -0800 + +php5 (5.3.3-1ubuntu10) natty; urgency=low + + * debian/patches/configure-as-needed.patch. Work around suspicious + configure macros to fix a build failure with --as-needed (Clint Byrum). + Addresses #676672. + + -- Matthias Klose Wed, 24 Nov 2010 10:44:36 +0100 + +php5 (5.3.3-1ubuntu9.1) maverick-proposed; urgency=low + + * debian/patches/php52389-pgsql-segfault.patch: removing, + causes error handling to fail (LP: #660227) + + -- Clint Byrum Thu, 14 Oct 2010 06:46:02 -0700 + +php5 (5.3.3-1ubuntu9) maverick; urgency=low + + * SECURITY UPDATE: arbitrary memory disclosure and possible code + execution via phar extension + - debian/patches/CVE-2010-2950.patch: use correct format string in + ext/phar/stream.c. + - CVE-2010-2094 + - CVE-2010-2950 + + -- Marc Deslauriers Mon, 20 Sep 2010 14:56:33 -0400 + +php5 (5.3.3-1ubuntu8) maverick; urgency=low + + * Build-depend on netcat-openbsd | netcat, instead of just netcat (only + in universe). + + -- Matthias Klose Fri, 17 Sep 2010 14:33:13 +0200 + +php5 (5.3.3-1ubuntu7) maverick; urgency=low + + * debian/setup-mysql.sh: Copy mysqld to local dir during build to avoid + apparmor restrictions (LP: #638401) + * debian/rules: stop mysql instance on clean just in case we failed in tests + + -- Clint Byrum Wed, 15 Sep 2010 10:48:32 -0700 + +php5 (5.3.3-1ubuntu6) maverick; urgency=low + + * Undo sybase debugging libraries split: keeping a smaller delta with Debian + is more important than demoting sybase to universe. + + -- Mathias Gug Wed, 25 Aug 2010 14:04:57 -0400 + +php5 (5.3.3-1ubuntu5) maverick; urgency=low + + * Drop sybase libraries to universe: + Move debugging libraries to php5-sybase-dbg: + - debian/control: + + create php5-sybase-dbg package. + + drop php5-sybase as php5-dbg dependency. + - debian/rules: move sybase debugging libraries to php5-sybase-dbg. + + -- Mathias Gug Fri, 20 Aug 2010 19:13:55 -0400 + +php5 (5.3.3-1ubuntu4) maverick; urgency=low + + * debian/php5-module.ini: # replaced with ; (LP: #591286) + * debian/patches/php52389-pgsql-segfault.patch (LP: #607646) + - Applying patch for upstream bug that causes segfaults in pgsql + + -- Clint Byrum Fri, 13 Aug 2010 00:07:15 -0700 + +php5 (5.3.3-1ubuntu3) maverick; urgency=low + + * debian/patches/lp564920-fix-big-files.patch: Fix downloading of large + files (LP: #564920) + + -- Clint Byrum Fri, 06 Aug 2010 13:10:17 -0700 + +php5 (5.3.3-1ubuntu2) maverick; urgency=low + + * debian/control: Use netcat rather than netcat-traditional. + + -- Chuck Short Thu, 05 Aug 2010 20:00:34 -0500 + +php5 (5.3.3-1ubuntu1) maverick; urgency=low + + * Merge from debian experimental: + - debian/control: + * Dropped firebird2.1-dev, libc-client-dev, libmcrypt-dev as it is in universe. + * Dropped libmysqlclient15-dev, build against mysql 5.1. + * Dropped libcurl-dev not in the archive. + * Suggest php5-suhosin rather than recommends. + * Dropped php5-imap, php5-interbase, php5-mcrypt since we have versions already in + universe. + * Dropped libonig-dev and libqgdbm since its in universe. (will be re-added in lucid+1) + * Dropped locales-all. + - modulelist: Drop imap, interbase, and mcrypt. + - debian/rules: + * Dropped building of mcrypt, imap, and interbase. + * Install apport hook for php5. + + -- Chuck Short Sun, 01 Aug 2010 14:28:03 -0500 + +php5 (5.3.3-1) experimental; urgency=low + + * Upload PHP 5.3.3 to experimental for further testing + + Fixes odbc_autocommit (Closes: #586570) + + Adds support for sqlite3_busy_timout (Closes: #589473) + + Fixes CVE-2010-2225, CVE-2010-2094, CVE-2010-1917, CVE-2010-1866 + and other CVEs that do not apply to the Debian packages or are + irrelevant as per the pre-5.3.2-2 security policy. + * Changes pending update from unstable: + + Use system crypt + * Build the FPM SAPI. + + -- Raphael Geissert Sat, 31 Jul 2010 15:53:12 -0400 + +php5 (5.3.2-2) unstable; urgency=low + + [ Ondřej Surý ] + * Fix unittest about failing crypt() calls with invalid salt + + [ Raphael Geissert ] + * Cherry pick upstream fix for mysqli_ssl_set (Closes: #572122) + * Cherry pick patch to reset error status on beginTransaction() + * Cherry pick patch to add missing definition of JSON_ERROR_UTF8 + * Cherry pick patch to fix SplFileInfo::getPathName() + * Cherry pick patch to fix a memory leak in the cyclical gc + * Cherry pick fix for memory leak in date when gc is enabled + * Cherry pick patch to fix an unaligned mem access in the dba ext + * Cherry pick fix for memory issues in mysqli_options (Closes: #577784) + * Set default session.save_path to /var/lib/php5 (Closes: #576593) + * Don't install an extra copy of php.ini-production + * Remove obsolete TODO list + * Add debian/source/format and set it to 1.0 + * Add doc-base registration for Structuctures_Graph documentation + * Cherry pick patch to fix multiple typos + * Synchronize enchant patch with changes committed upstream + * Cherry pick patch to workaround BDB 4.8 bc changes (Closes: #570149) + * Cherry pick patch to allow the timeout on mssql to be effective p/query + * Cherry pick patch to correctly determine length of doc_root + * Cherry pick patch to fix a memory leak in SoapServer::handle + * Cherry pick patch to fix SplFileInf::fscanf()'s prototype + * Test the mysql extensions too + * Update the security policy for Squeeze and greater + * Include ext_skel script (Closes: #530757) + + [ Sean Finney ] + * Fix for parallel FTBFS in (Closes: #584348) + * Import upstream fix for pdo_mysql segfaults (Closes: #581911) + - thanks to Richard van den Berg + * Dynamically determine maxlifetime if possible. (Closes: #504053) + - thanks to Chris Butler + + -- Raphael Geissert Sun, 18 Jul 2010 15:35:06 -0500 + +php5 (5.3.2-1ubuntu5) maverick; urgency=low + + * debian/php5-module.ini: Comment should be "#" not ";". (LP: #573436) + * debian/patches/cherrypick-upstream-51740.diff: Fix acinclude.ac macro check. (LP: #576910) + * debian/patches/cherrypick-upstream-48361.diff: Fix regression with getPathInfo() + doesn't return parent info (LP: #576910) + * debian/patches/session_save_path.patch: ave PHP sessions to + /var/lib/php rather than /tmp. (LP: #573222) + + -- Chuck Short Tue, 25 May 2010 10:17:00 -0400 + +php5 (5.3.2-1ubuntu4.1) lucid-proposed; urgency=low + + * debian/patches/fix-mysql-badmem.patch: Fix mysql crash when using php5-cgi. (LP: #567043) + + -- Chuck Short Mon, 03 May 2010 11:23:43 -0400 + +php5 (5.3.2-1ubuntu4) lucid; urgency=low + + * debian/control, debian/rules: Re-enable libedit-dev. (LP: #548823) + + -- Chuck Short Mon, 05 Apr 2010 15:33:21 -0400 + +php5 (5.3.2-1ubuntu3) lucid; urgency=low + + * debian/control: Fix upgrade of php5-ldap from 5.3.1. (LP: #) + + -- Chuck Short Sun, 28 Mar 2010 15:41:34 -0400 + +php5 (5.3.2-1ubuntu2) lucid; urgency=low + + * debian/control: Dont build with libmcrypt-dev. + + -- Chuck Short Fri, 26 Mar 2010 14:39:36 -0400 + +php5 (5.3.2-1ubuntu1) lucid; urgency=low + + * Merge from debian unstable: + - debian/control: + * Dropped firebird2.1-dev, libc-client-dev, libmcrypt-dev as it is in universe. + * Dropped libmysqlclient15-dev, build against mysql 5.1. + * Dropped libcurl-dev not in the archive. + * Suggest php5-suhosin rather than recommends. + * Dropped php5-imap, php5-interbase, php5-mcrypt since we have versions already in + universe. + * Dropped libonig-dev and libqgdbm since its in universe. (will be re-added in lucid+1) + * Dropped locales-all. + - modulelist: Drop imap, interbase, and mcrypt. + - debian/rules: + * Dropped building of mcrypt, imap, and interbase. + * Install apport hook for php5. + - Dropped debian/patches/libedit_is_editline.patch. + + -- Chuck Short Tue, 16 Mar 2010 09:09:50 -0400 + +php5 (5.3.2-1) unstable; urgency=high + + [ Sean Finney ] + * Fix improper signed overflow detection in filter extension + (Closes: #570287) + * Another integer overflow/underflow logic fix. (Closes: #570144) + * new debian patch fix_filter_var_email_test.patch (Closes: #571764) + * New debian patch fix_var_dump_64bit.phpt.patch (Closes: #571772) + * New debian patch use_embedded_timezonedb_fixes.patch (Closes: #571762) + + [ Raphael Geissert ] + * Build with qdbm support + * Really run extensions' tests + * Add a note about user_dirs in apache conf file (Closes: #571714) + * Fix typo in debian/NEWS + * Don't install a(nother) useless Structures_Graph sh script + * Re-enable short_open_tag for CLI too (Closes: #573367) + * Disable memory limit in CLI, letting ulimit do its job (Closes: #407425) + * Fix the locale name in some tests (Closes: #573511) + * Fix some gd tests that need the bundled library + * Fix a null pointer dereference when processing invalid XML-RPC + requests (CVE-2010-0397, Closes: #573573) + * Fix an unaligned memory access in enchant_dict_suggest() + * Fix another unaligned memory access in enchant + * Test that the list of extensions to test is never empty + * Update the list of alternative dependencies of php5-dbg + * debian/rules cleanup + * debian/control cleanup + * Build against the system oniguruma library + * Add libjpeg-dev as an alternative to libjpeg62-dev for future + transitions + + [ Ondřej Surý ] + * Imported Upstream version 5.3.2 + * Updated suhosin patch to 0.9.9.1 version. + * Removed debian/patches/suhosin_page_size_fixes.patch. (Closes: #571974) + * Refreshed debian/patches/001-libtool_fixes.patch + * Refreshed debian/patches/006-debian_quirks.patch + * Adapt debian patches to 5.3.2. + * Remove "binary" contents from + debian/patches/fix_var_dump_64bit.phpt.patch + * New debian patch fix_broken_sha2_test.patch + * New debian patch always_use_system_crypt.patch (Closes: #572601) + * New debian patch php_crypt_revamped.patch (Closes: #572601) + + -- Raphael Geissert Sat, 13 Mar 2010 15:11:48 -0600 + +php5 (5.3.1-5) unstable; urgency=low + + [ Sean Finney ] + * Pass full path to php cli executable for unit tests + * dont-gitclean-in-build.patch: Don't run git-clean via buildconf + * update debian patch page_size_fixes.patch with upstream bug ref + * new debian patch broken_5.3_test-posix_uname.patch (Closes: #570286) + + [ Raphael Geissert ] + * Add build-dependency on netbase to fix a test (Closes: #570291) + * Suhosin PAGE_SIZE fixes have been already forwarded + * Fix a race condition on shtool's mkdir -p (Closes: #570111) + * Actually test the binary that is to be shipped in the -cli package + * Add some more documentation about the build system + * Documentation updates + * Update the suhosin patch version information + * Build-dep on locales-all to enable multiple tests + * Don't ship empty maintainer scripts + * Add patch to allow building with qdbm + * Test the extensions that don't require a special setup + * Get the correct list of built-in extensions of apache2filter + + -- Raphael Geissert Mon, 22 Feb 2010 10:41:51 -0600 + +php5 (5.3.1-4) unstable; urgency=low + + [ Raphael Geissert ] + * Pass -O0 when using 'noopt' to actually disable any optimization + * Add patch to use sysconf() to determine the page size + * Add patch to remove PAGE_SIZE assumptions in suhosin code + * Fix an unaligned memory access in the phar extension + * Fix another unaligned memory access + * Print the expected/actual output of failed test + * Add missing PEAR directory (Closes: #542483) + * Build sqlite3 as shared (Closes: #568956) + * Add some more documentation about the source package + + [ Sean Finney ] + * New debian patch fix_broken_5.3_tests.patch + + -- Raphael Geissert Thu, 11 Feb 2010 02:22:47 -0600 + +php5 (5.3.1-3) unstable; urgency=low + + [ Ondřej Surý ] + * get rid of php4 dependencies + * Enable short_open_tag again (Closes: #537099) + * fix dependency on automake1.4 in php5-dev package + * fix typo s/firefox/firebird/ in changelog + * Removed long inactive Adam Conrad and Jeroen van Wolffelaar from uploaders + + [ Raphael Geissert ] + * Fix maintainer scripts to use php.ini-production (Closes: #565130) + * Revert b22a350: Turn the phpapi dependencies into php5 | phpapi + * Allow parallel building via parallel=n + * Build with the hardening wrapper + * Remove no-longer-needed dfsg-repack script + * Add DEP-3-format metadata to some of the patches + * Build the intl extension + * Drop exif_read_data-segfault patch, merged upstream + * Build the enchant extension + * Add ${misc:Depends} where missing + * Disable mod_php in user directories (Closes: #555606) + * Add missing comment character to php.ini-paranoid (Closes: #564622) + * Build the interbase extension on all the supported architectures + + [ Sean Finney ] + * 5.3 upload for unstable. + - Includes backported fix for "ref converted to value" (Closes: #556237). + + -- Raphael Geissert Sun, 07 Feb 2010 23:31:51 -0600 + +php5 (5.3.1-2) experimental; urgency=low + + * Merged changes from 5.2.x sid branch. + * Adapt mssql-null-exception.patch and sybase-alias.patch to 5.3.1 + * Update strcmp_null-OnUpdateErrorLog.patch; merged upstream, leave a + patch with a test case + * Removed check_ini_on_modify_status.patch and gentoo/117- + 4_digit_year_big_endian.patch; merged upstream + * Removed max_file_uploads.patch; no need for backwards compatibility + between major releases + * Refreshed 112-proc_open.patch,exif_read_data-segfault.patch + * Fix duplicate Provides: in debian/control introduced by cherry- + picking 94f0ec3 + * Update sybase aliases to include correct arguments, needed for 5.3.x + * Update Build-Depends: to include firebird2.1-dev as preferred + alternative (Closes: #564691) + * Reformat Build-Depends: to one-dependency-per-line + * Reduce number of libdb*-dev to include only version in + stable/testing/unstable + * Switch to automake (>= 1.11) | automake1.11, depend on autoconf >= + 2.63 (Closes: #549148) + + -- Ondřej Surý Mon, 11 Jan 2010 16:56:01 +0100 + +php5 (5.3.1-1) experimental; urgency=low + + * Imported Upstream version 5.3.1 + * Change dependcy to libdb-dev instead on arbitrary version of + libdb4.x-dev + * Refreshed 006-debian_quirks patch to apply cleanly. + * Removed 114-php_gd_segfault.patch, merged upstream. + * Refreshed 115-autoconf_ftbfs.patch to apply cleanly + * Updated suhosin.patch to 0.9.8 version for php-5.3.1 + * Refreshed 001-libtool_fixes.patch + * Refreshed 004-ldap_fix.patch + * Refreshed 013-force_getaddrinfo.patch + * Refreshed 036-fd_setsize_fix.patch + * Refreshed 052-phpinfo_no_configure.patch + * Refreshed 053-extension_api.patch + * Refreshed 108-64_bit_datetime.patch + * Refreshed 113-php.ini_securitynotes.patch + * Refreshed 116-posixness_fix.patch + * Refreshed gentoo/006_ext-curl-set_opt-crash.patch + * Refreshed gentoo/009_ob-memory-leaks.patch + * Refreshed libedit_is_editline.patch + * Refreshed suhosin.patch + * Add .gitignore file to ignore .pc/ directory + * Removed README.CVS-RULES from debian/php5-common.docs, file is no + longer shipped by upstream. + + -- Ondřej Surý Thu, 07 Jan 2010 17:21:47 +0100 + +php5 (5.3.0-3) experimental; urgency=low + + * Fix segmentation fault in php-gd (Closes: #543496) + * Update suhosin patch to 0.9.8 *BETA* and enable it again + * Fix FTBFS with current autoconf/automake (Closes: #542906, #542088) + * Add avr32-linux-gnu to no -gstabs toolchains (Closes: #543278) + * Fix FTBFS on Debian Hurd (Closes: #530281) + * Use updated (v7) version of use_embedded_timezonedb.patch (Closes: #535770) + + -- Ondřej Surý Tue, 25 Aug 2009 16:12:13 +0200 + +php5 (5.2.12.dfsg.1-2) unstable; urgency=low + + * Update Build-Depends: to include firebird2.1-dev as preferred + alternative (Closes: #564691) + * Reformat Build-Depends: to one-dependency-per-line + * Reduce number of firebird*-dev to include only version in + stable/testing/unstable + * Reduce number of libdb*-dev to include only version in + stable/testing/unstable + * Switch to automake (>= 1.11) | automake1.11, depend on autoconf + (>= 2.63) (Closes: #549148) + + -- Ondřej Surý Mon, 11 Jan 2010 17:31:33 +0100 + +php5 (5.2.12.dfsg.1-1) unstable; urgency=low + + [ Thijs Kinkhorst ] + * Change comment in module .ini snippets from # to ; to avoid deprecation + warnings with PHP 5.3.0. + + [ Ondřej Surý ] + * Imported Upstream version 5.2.12.dfsg.1 + * Removed manpage_spelling.patch, merged upstream. + * Removed libedit_is_editline.patch, merged upstream. + * Refreshed max_file_uploads.patch, patch can be removed, it's kept to + raise max_file_uploads to 50. + * Refreshed and updated suhosin.patch + * Refreshed 001-libtool_fixes.patch, 004-ldap_fix.patch, + 006-debian_quirks.patch, 013-force_getaddrinfo.patch, + 034-apache2_umask_fix.patch, 053-extension_api.patch, + 056-mime_magic_liberal.patch, 115-autoconf_ftbfs.patch, + gentoo/009_ob-memory-leaks.patch, mssql-null-exception.patch, + use_embedded_timezonedb.patch + * Removed autogenerated main/php_config.h.in from suhosin.patch + (Ubuntu: #493761) + * Short open tags are On again in php.ini-dist (Closes: #537099) + * Don't leave .start if we are purging (Closes: #561739) + * Add README.Debian file to /usr/share/doc/php-pear/PEAR, so the + directory is not deleted (Closes: #563437, #542483) + + [ Upstream ] + * Fix default pear.php.net channel definitions (Closes: #559029) + + -- Ondřej Surý Fri, 08 Jan 2010 18:18:43 +0100 + +php5 (5.2.11.dfsg.1-2) unstable; urgency=high + + * max_file_uploads: limit the maximum number of file uploads to 50 + + Reduces the chances of a temporary file exhaustion DoS + * Add libdb4.8-dev as an alternative dependency (Closes: #555945) + * Add libdb-dev as another alternative, hopefully the last one + (Closes: #548486) + * Add a versioned dependency on libtool 2.2 (Closes: #548015) + * Use FilesMatch and SetHandler on apache setups (Closes: #491928) + * Gentoo patch ext-curl-set_opt-crash has already been merged upstream + * Drop unused lintian override + + -- Raphael Geissert Sat, 21 Nov 2009 13:37:51 -0600 + +php5 (5.2.11.dfsg.1-1) unstable; urgency=low + + * New upstream release + + [ Fixes incorporated upstream ] + * Fix 4-year digit year on big-endian platforms (Closes: #542301) + * patch curl_streams_sleep.patch + * patch strcmp_null-OnUpdateErrorLog.patch (partially addresses #540605) + * patch check_ini_on_modify_status.patch + + [ Raphael Geissert ] + * Add aliases to the mssql functions on the sybase extension (Closes: #523073) + * Fix the rows_affected alias, it should be affected_rows + * Avoid possible memory dumps via PG on restored ini values (Closes: #540605) + + [ Ondrej Sury ] + * Fix FTBFS with current autoconf/automake (Closes: #542906, #542088) + * Add avr32-linux-gnu to no -gstabs toolchains (Closes: #543278) + * Fix FTBFS on Debian Hurd (Closes: #530281) + * fix whitespace in libapache2-mod-php5.postinst + + [ Sean Finney ] + * incorporate/ack previous NMU's, thanks Andreas. + * update debian patch 115-autoconf_ftbfs.patch for new upstream version + * update debian patch fix_broken_upstream_tests.patch + * update debian patch mssql-null-exception.patch + * refresh various quilt patches against new upstream version + * remove no longer needed "legacy" support for conffile migration + * add dpkg trigger in the apache2 and apache2filter sapis for reloading + apache2 on extension updates (Closes: #490023, #524206) + * let libmysqlclient15-dev be a fallback alternative for libmysqlclient-dev + in case someone wants to backport the package. + * update list of installed documentation + + -- Sean Finney Sun, 20 Sep 2009 11:05:35 +0200 + +php5 (5.2.10.dfsg.1-2.2) unstable; urgency=medium + + * Non-maintainer upload. + * Drop hand-crafted dependency on libmysqlclient15. + + -- Andreas Barth Mon, 31 Aug 2009 09:22:16 +0200 + +php5 (5.2.10.dfsg.1-2.1) unstable; urgency=medium + + * Non-maintainer upload. + * Fix FTBFS with new autoconf. Thanks to Russ Allbery for the patch. + Closes: #542906 + + -- Andreas Barth Sun, 30 Aug 2009 13:49:40 +0200 + +php5 (5.2.10.dfsg.1-2) unstable; urgency=low + + * Declare that PEAR replaces XML_UTIL (Closes: #534621) + * Bump standards-version, no change needed + * Fix an unconditional limit on dblib_driver.c (Closes: #534881) + * Fix a segfault on exif_data_read with corrupted jpg files (Closes: #535888) + * Recommend php5-suhosin, as suggested by Thijs (Closes: #529760) + * Set sysconfig to /etc, to avoid getting /usr/etc in PHP_SYSCONFDIR + * Add myself to uploaders + * Fix the path to PEAR's config, directly in rules (Closes: #507762) + + -- Raphael Geissert Thu, 09 Jul 2009 18:25:48 -0500 + +php5 (5.3.0-2) experimental; urgency=low + + * update configuration file names to new upstream naming convention + + -- Sean Finney Wed, 01 Jul 2009 09:12:10 +0200 + +php5 (5.3.0-1) experimental; urgency=low + + * New Upstream Version + + [ Sean Finney ] + * use ';' instead of '#' as comments in module ini files + * remove binary package for php5-mhash which is now built-in + * update removed windows modules in 006-debian_quirks.patch + * quilt refresh for new upstream release + + -- Sean Finney Tue, 30 Jun 2009 20:09:07 +0200 + +php5 (5.3.0~RC4-1) UNRELEASED; urgency=low + + * New Upstream Version + + [ Sean Finney ] + * (temporarily) disable suhosin patch while it does not apply to 5.3 + * refresh various debian patches, fixing whitespace and offsets + * copy the gbp.conf from debian-sid and adapt it for experimental + * cherry-pick relevant gentoo patches from unstable + * cherry-pick debian fixes in libtool2.2.patch from unstable + * Update package sections to match override. + + [ Raphael Geissert ] + * Detect the path to ltmain.sh at build time and set conflicts + appropriately + * Add libdb4.7-dev as an ORed build dependency to fix FTBFS + * Update the Vcs-* fields to reflect the move from svn to git + * Turn the phpapi dependencies into php5 | phpapi to fix + installability issues + * Bump Standards-Version to 3.8.1, no change needed + * Add a set of lintian overrides for some FP spelling-error-in-binary + + [ Thijs Kinkhorst ] + * Update php5-cli package description to make it more neutral + + -- Sean Finney Mon, 29 Jun 2009 07:54:51 +0200 + +php5 (5.3.0~RC1-1) unstable; urgency=low + + * New Upstream Version + + -- Mark A. Hershberger Wed, 25 Mar 2009 19:39:48 -0400 + +php5 (5.2.9.dfsg.1-1) unstable; urgency=low + + * New upstream release (closes: #520538). + - fixes regressions with parsing via libxml2 (closes: #520246, #520423). + + [ Sean Finney ] + * Refresh all patches. + * Update suhosin patch to 5.2.9, remove autotools-generated files (configure, + php_config.h.in) and .dsp files from patch. + * remove obsolete configure options from ./configure: --enable-memory-limit, + --enable-track-vars, --enable-trans-sid, --enable-filepro and --enable-dbx. + * Remove obsoleted patches which have been incorporated upstream: + - snmp_leaks.patch + - BG-initializing-fix.patch + - CVE-2008-2829.patch + - CVE-2008-3658.patch + - CVE-2008-3659.patch + - CVE-2008-3660.patch + - CVE-2008-5557.patch + - CVE-2008-5658.patch + - pdo-fetchobject-prototype-error.patch + - zend_object_handlers-invalid-write.patch + - dba-inifile-truncation.patch + - gentoo/freetds-compat.patch + - gentoo/010_ticks-zts-crashes.patch + - gentoo/019_new-memory-corruption.patch + - gentoo/009_array-function-crashes.patch + - gentoo/015_CVE-2008-2665-wrapper-safemode-bypass.patch + - gentoo/017_xmlrpc-invalid-callback-crash.patch + - gentoo/007_dom-setAttributeNode-crash.patch + - gentoo/006_PDORow-crash.patch + - gentoo/005_stream_context_set_params-crash.patch + * Update fix_broken_upstream_tests.patch, one of the tests is fixed. + + -- Sean Finney Tue, 24 Mar 2009 19:05:09 +0100 + +php5 (5.2.6.dfsg.1-3) unstable; urgency=low + + [ Sean Finney ] + * Do not add -O2 to CFLAGS if DEB_BUILD_OPTIONS contains noopt. + * Security related fixes: + - php: inifile handler for the dba functions can be used to truncate a file + Patch: dba-inifile-truncation.patch (closes: #507101). + - CVE-2008-5658.patch: ZipArchive::extractTo directory traversal + Patch: CVE-2008-5658.patch (closes: #507857). + Thanks to Pierre Joye for help with the patch. + + [ Raphael Geissert ] + * Picked up some patches from Gentoo (most included in PHP 5.2.7 and later): + + patches/gentoo/005_stream_context_set_params-crash.patch + + patches/gentoo/006_PDORow-crash.patch + + patches/gentoo/007_dom-setAttributeNode-crash.patch + + patches/gentoo/009_array-function-crashes.patch + + patches/gentoo/010_ticks-zts-crashes.patch + + patches/gentoo/015_CVE-2008-2665-wrapper-safemode-bypass.patch + + patches/gentoo/017_xmlrpc-invalid-callback-crash.patch + + patches/gentoo/019_new-memory-corruption.patch + + patches/gentoo/freetds-compat.patch + - was deprecated_freetds_check.patch + + -- Sean Finney Sat, 24 Jan 2009 21:17:13 +0100 + +php5 (5.2.6.dfsg.1-2) unstable; urgency=low + + [ Sean Finney ] + * Make sure a file used to track state is properly removed in the + postinst, thanks Raphael (closes: #511049). + + [ Thijs Kinkhorst ] + * Fix watch file to mangle version. + + [ Raphael Geissert ] + * Ship script used to take an upstream tarball and remove the non + DFSG-free stuff, update watch file accordingly. + + -- Sean Finney Tue, 13 Jan 2009 08:24:36 +0100 + +php5 (5.2.6.dfsg.1-1) unstable; urgency=high + + [ Sean Finney ] + * Incorporate previous NMU. + * Updated system tzdata patch from Joe Orton. + * Removed tzdb-nofree_ents_ifnotzdata.patch, which is now incorporated + into Joe's patch. + * Two backported fixes from 5.2.8, thanks to Olivier Bonvalet for looking + them up. + - Upstream bug #46157 (PDOStatement::fetchObject prototype error) + Patch: pdo-fetchobject-prototype-error.patch + - Upstream bug #46308 (Invalid write in zend object handler / getter) + Patch: zend_object_handlers-invalid-write.patch + * Security related fixes: + - CVE-2008-5624: Incorporate fix from 5.3 for proper initialization of + uid/gid for apache2 sapi. + Patch: BG-initializing-fix.patch + - CVE-2008-5557: heap overflows in the mbstring extension. + Patch: CVE-2008-5557.patch (closes: #511493). + + [ Thijs Kinkhorst ] + * Correct description typo, thanks Mathias Brodala (Closes: #508989). + + -- Sean Finney Mon, 12 Jan 2009 12:12:36 +0100 + +php5 (5.2.6.dfsg.1-0.1) unstable; urgency=low + + * Non-maintainer upload. + * Remove exts/dbase from orig tarball (Closes: #341420) + + -- Ben Hutchings Sat, 29 Nov 2008 19:19:28 +0000 + +php5 (5.2.6-5) unstable; urgency=high + + * Update debian/copyright to document that the DFSG-unfree email + requirement in ext/standard/rand.c has been rescinded by the + copyrightholder (Closes: #498621). + + -- Thijs Kinkhorst Sun, 05 Oct 2008 11:32:35 +0200 + +php5 (5.2.6-4) unstable; urgency=high + + [ Sean Finney ] + * Take three unreleased fixes from upstream CVS: + - CVE-2008-3658: Buffer overflow in the imageloadfont function. + Patch: CVE-2008-3658.patch (closes: #499989) + - CVE-2008-3659: Buffer overflow in the memnstr function. + Patch: CVE-2008-3659.patch (closes: #499988) + - CVE-2008-3660: Remote DoS in fastcgi module + Patch: CVE-2008-3660.patch (closes: #499987) + + [ Raphael Geissert ] + * snmp_leaks.patch: fixes memory leaks in the snmp extension (Closes: #423296) + - Thanks to Rodrigo Campos for the follow up + - Thanks to Federico Cuello for the original patch + * php5-dev.lintian-override: fix it so it actually works + + -- Sean Finney Sun, 14 Sep 2008 14:25:11 +0200 + +php5 (5.2.6-3) unstable; urgency=high + + [ Thijs Kinkhorst ] + * Drop unneeded php5-timezonedb Suggests and obsolete php3 Conflicts. + * Add documentation about the timezonedb change (Closes: #492025). + + [ Adam Conrad ] + * Modify 033-we_WANT_libtool.patch to cope with newer versions of + libtool that only copy auxilliary files when --install is used, + while still working with older versions that DTRT without. + + [ Raphael Geissert ] + * debian/rules: + + Avoid installing useless test suites in php-pear (Closes: #478995) + + Remove any empty directory in php-pear + + Also get rid of usr/share/php/data/Structures_Graph/* + - Those were meant to be used by upstream maintainer + * debian/php5-dev.lintian-overrides: + - usr/lib/php5/build/run-tests.php is not meant to be used directly + * debian/control: bumped Standards Version to 3.8.0, no changes needed + * bad_whatis_entries.patch: fixes the whatis entries of all the manpages + * deprecated_freetds_check.patch: fixes the freetds detection routine + + Closes: #494230 + - Thanks to jklowden@freetds.org and the Gentoo folks for the patch + (RC bugfix, upload urgency bumped) + * debian/libapache2-mod-php5*-{prerm,postinst}: + - Create a status file when removing the package (but not purging) + while having the mod enabled so reinstallation of the package + does not end up disabling the module (Closes: #471548) + + [ Sean Finney ] + * Bump dependency on libmysqlclient15off to require the version from + lenny or later, in order to avoid subtle problems not previously detected + with libmysqlclient_r on mixed etch/lenny/sid systems (closes: #495575). + + -- Sean Finney Wed, 20 Aug 2008 19:32:02 +0200 + +php5 (5.2.6-2) unstable; urgency=high + + [ Raphael Geissert ] + * Lintian-based changes: + - also install a lintian override for libapache2-mod-php5filter + - fixed the generic lintian overrides so they are meaningful + - dropping linda overrides, linda is gone now + - s/meta-package/metapackage + * debian/control: + - Updated php5's description so it mentions three instead of + only two server-side SAPIs + - Depend on php5-cli in php-pear (Closes: #482517) + + Previous change reverted because of PEAR packages FTBFS + - {B-,}Depend on tzdata to avoid crashes caused by the tz ext patch + - Dropped some versioned {b-,}dependencies that are satisified + even on sarge + * php.ini-*: state that when using a custom save_path, + gc_probability should also be set (Closes: #388808, #321460) + * tzdb-nofree_ents_ifnotzdata.patch: avoid free'ing ents when the tz dir does + not exist (Closes: #483461) + + [ Sean Finney ] + * Fix for CVE-2008-2829: unsafe usage of deprecated imap functions + Patch: CVE-2008-2829.patch + * Modifications to suhosin.patch due to alignment problems on some + architectures. Thanks to Stefan Esser for the initial suggestion. + (Closes: #481737). + * Rename the apache2 filter module to libphp5filter.so, to prevent + conflicting filenames for symbols in the debug package. + + -- Sean Finney Thu, 03 Jul 2008 08:14:45 +0200 + +php5 (5.2.6-1) unstable; urgency=medium + + * New upstream release. Fixes several security issues of unknown impact: + + possible stack buffer overflow in the FastCGI SAPI + + integer overflow in printf() + + unknown issue CVE-2008-0599 + + a safe_mode bypass in cURL + + incomplete multibyte chars inside escapeshellcmd() + + [ Sean Finney ] + * New patch (use_embedded_timezonedb.patch) allows us to default to + using the system provided timezone database instead of the one bundled + with PHP. Many thanks to Joe Orten from Red Hat for the patch! + (closes: #447174, #471104). + * Updated the Suhosin patch to v0.9.6 (5.2.6). + * New patch: force_libmysqlclient_r.patch, forcing the build system + to link against the threadsafe libmysqlclient without having to enable + the other zts features in php. This is required since the apr libraries + are now linking against this as well and mysql exports the same symbols + from both libraries. Thanks to Stefan Fritsch (closes: #469081). + * Massaged/updated various other patches in debian/patches + * Update copyright information to have information about non-trivial + patches worthy of copyright attributions, and update information about + current debian maintainers. + * Add some useful quilt settings in debian/rules to lower the amount of + noise in future quilt updates. + * Now building a php5 apache2 module with filter-module support in a new + libapache2-mod-php5filter package (closes: #438120). + + [ Thijs Kinkhorst ] + * Checked for policy 3.7.3, no changes. + + [ Raphael Geissert ] + * Build a php5-dbg package with the debug symbols of the SAPIs & extensions + + Bump debhelper dependency to >= 5 as dh_strip behaves differently. + * debian/watch: refactored so it can actually be used to download the tarball + * debian/rules: removed bashisms (Closes: #478613) + * debian/control: add a notice about Suhosin being applied (Closes: #471324) + + Additionally make sure the PHP boilerplate is the same for each package + * debian/patches/manpage_spelling.patch: + - fix spelling mistakes in man page (Closes: #413712) + * debian/NEWS: s/suhosin/Suhosin (Closes: #434351) + * debian/control: removed ORed postgresql-dev build-dep (Closes: #429981) + + postgresql-dev is a transitional package since etch + * Override the following lintian messages: + + SAPI packages package-contains-empty-directory usr/lib/php5/20060613+lfs/ + + php5-common package-contains-empty-directory usr/lib/php5/libexec/ + * Set our custom PHP_PEAR_DOWNLOAD_DIR when building the pear stuff + + Avoids the creation of /tmp/pear (Closes: #463979) + * Replaced all 'make' with '$(MAKE)' so any extra flag is preserved + * debian/rules: s/DEB_BUILD_ARCH/DEB_HOST_ARCH + + HOST is the machine the package is built for. + * Recommend php5-cli instead of depending on it in php-pear (Closes: #243214) + + php5-cli is only needed by the, rearely used, pear installer + * debian/README.source: inform how to generate php5-dbg's Depends + * debian/patches/029-php.ini_paranoid.patch: updated (Closes: #459814) + + Thanks to Javier Fernández-Sanguino Peña + Changes: + - includes some variables which were no present in the first version and + removes modules not available in PHP5. Also fixes typos in comments which + have since been fixed in php.ini-dist + - adds notes (Debian-specific) of which security features applications + should not rely on + - add more information of why some variables were enabled + - reorder the description of changes to suit the location in the config file + - add notes of deprecated features in PHP6 + - add more (suggested) changes to the session module to make a more secure + use and storage of session IDs. + - remove the 'include' function from the list of disabled functions as it + is quite common for most applications + - modify the valid 'include_path' to make it really paranoid ('.' is not + allowed anymore) + - adjust locations of directories, including the upload dir and session dir + - proper definition for sql.safe_mode and description (missing in + php.ini-dist of what it is really for) + - added session configuration variables which are not available in + php.ini-dist together with recommended paranoid values + (session.referer_check, session.entropy_file, session.entropy_length) + - added more information to session configuration (not available in php.ini) + based on the information at php.net + * Lintian-based changes: + - debian/php5-common.dirs: do NOT create usr/share/doc/php5-common/PEAR/ + - fixed a hyphen-used-as-minus-sign in php5(1):319 + - get rid of usr/share/php/data/Structures_Graph/LICENSE in php-pear + * Move /usr/share/php/docs to /usr/share/doc/pear-php/PEAR (Closes: #331034) + + [ Steve Langasek ] + * Step down from the PHP maintenance team, removing myself from uploaders. + So long, and thanks for all the fish! + + -- Sean Finney Sun, 04 May 2008 21:15:47 +0200 + +php5 (5.2.5-3) unstable; urgency=high + + * zend_parse_parameters does not handle size_t's, causing issues with + 043-recode_size_t.patch and segmentation faults for recode-using pages. + changed problematic parameters back to "int" and added an overflow check. + thanks to Thomas Stegbauer, Tim Dijkstra, Bart Cortooms, Sebastian Göbel, + and Vincent Tondellier for their reports. closes: #459020. + + -- Sean Finney Thu, 21 Feb 2008 00:59:21 +0100 + +php5 (5.2.5-2) unstable; urgency=low + + * debian/patches/libdb_is_-ldb: reorder the search for db4 instances to + give precedence to -ldb, so that we always get the version that matches + the installed -dev package instead of whichever most recent version php + upstream currently knows about. Closes: #463397. + * Update suhosin patch to not patch .dsp files (and config.w32), which + are irrelevant to Unix builds and seem to cause problems for clean + patching/unpatching. + + -- Steve Langasek Fri, 01 Feb 2008 18:46:15 +0000 + +php5 (5.2.5-1) unstable; urgency=low + + [ Sean Finney ] + * New upstream release + * Updated suhosin patch for 5.2.5 minus ./configure as before. + * Workaround for xargs not handling extra long cmdlines in session + cleanup script (Closes: #461755). + * Remove unneccesary DEB_BUILD_GNU_TYPE fudging (Closes: #429066). Thanks + to Riku Voipio for the report/patch. + + [ Raphael Geissert ] + * debian/rules: now DEB_BUILD_OPTIONS=nocheck aware + * Updated description of the php5 meta-package to reflect removal of apache + (Closes: #418038) + * Capitalise apache where needed (Closes: #439575) + * Homepage is now a control entry (moved from Description), Closes: #439578 + * Fixed test-results.txt target so parallel package building doesn't fail + * Added Suggests: php5-timezonedb to all the SAPIs + + [ Steve Langasek ] + * Add ${shlibs:Depends} to php5-common, since it does build ELF objects now + (pdo.so) + * Update build-deps to libdb4.6-dev now that libaprutil1-dev has switched. + Closes: #461192. + + -- Steve Langasek Thu, 17 Jan 2008 13:39:17 -0800 + +php5 (5.2.4-2) unstable; urgency=low + + [ sean finney ] + * for posterity revised previous changelog to reference the CVE id's + of security issues resolved by the latest upstream release. + * lintian: use debian/compat instead of DH_COMPAT in debian/rules. + * lintian: use source:Version and binary:Version where appropriate, + instead of Source-Version + * lintian: remove a couple pieces of cruft in the changelog that were causing + false-postive wrong-bug-number-in-closes, but were generally useless + anyway. + + [ Raphael Geissert ] + * Using test-results.txt as a target + * cronjob now checks for existance of /usr/lib/php5/maxlifetime (Closes: #439286) + * Fixed memory limit of 1232M in php.ini for cli (Closes: #440624) + * Build the interbase extension using firebird2.0-dev (Closes: #433736) + * Unapply patches with debian/rules clean + + [ Steve Langasek ] + * Don't patch configure or php_config.h.in in suhosin.patch, as these are + auto-generated and including them in the patch results in a race + condition for the necessary build-time regeneration. Thanks to Daniel + Schepler for reporting, and to Damyan Ivanov for helping to sort out the + fix. Closes: #443637. + * Also remove the modified auto-generated files in the clean target, + which triggers a warning about disappearing files when building the + source package but avoids carrying irrelevant diffs to these files + in the Debian diff. + * Now that the testsuite is being run at build time, test failures cause + a bunch of junk files to be left around in the Debian diff. So clean up + several false-positive failures: + - 052-phpinfo_no_configure.patch: we're patching the output of phpinfo(), + so patch the test as well + - fix_broken_upstream_tests.patch: use a local directory for tests that + use sessions, skip the phpinfo test after all because it doesn't appear + to be compatible with current testsuite behavior, and disable the + moneyformat test if en_US locale is not available. + There are still several other failing tests, but these are not false + positives and remain enabled pending investigation. + + -- sean finney Wed, 24 Oct 2007 21:51:14 +0200 + +php5 (5.2.4-1) unstable; urgency=low + + * New upstream release. + * Security issues resolved in the latest release: + - CVE-2007-2519 - Directory traversal vulnerability in PEAR + + + [ sean finney ] + * patch from Jan Wagner to be able to conditionally disable any + patches that break binary-compatibility with official php + binary-only extensions. see debian/rules for more information. + * now incorporate the php unit tests into the build process. for + those interested the output is stored in the file + /usr/share/doc/php5-common/test-results.txt . + * by default we now ship with enable_dl = Off, as there are some + fairly significant ramifications security-wise to having it on. + * we shipping with the suhosin patch enabled by default. + special thanks to Blars Blarson for providing a sparc machine for + testing purposes with 5.2.3 (closes: #397179). + * new binary package php5-gmp, with the newly enabled gmp extension, + since whatever reason for not doing so either never existed or no + no longer exists (closes: #344137). Build-Depends added for libgmp3-dev. + + [ Steve Langasek ] + * php5-module.postinst: don't assume that the postinst is only relevant + when called with 'configure' as an argument, some future debhelper code + could apply in the case of other methods of invocation. + * Clean up build dependencies for recent library transitions: + - libsnmp-dev is now the real package name, and is supported as a virtual + package for backports. + - re-add firebird2-dev as an alternative to firebird1.5-dev, to support + backports. + - the curl -dev package name has changed from libcurl3-openssl-dev to + libcurl4-openssl-dev; update to the proper name, with libcurl-dev as + an alternative. + * Switch php5-sybase to use the mssql extension instead of the sybase_ct + extension. Closes: #418734, #329065. + + -- sean finney Sun, 16 Sep 2007 14:46:06 +0200 + +php5 (5.2.3-1) unstable; urgency=low + + * new upstream release. + * upstream has incorporated the last of the recent CVE fixes, so + the patches have been removed. + * change build dependencies for firebird2-dev -> firebird1.5-dev, + as the firebird maintainer has changed names in order to provide + more clarity since there's also a firebird2.0 now (closes: #427181). + * now include, but do not apply by default, the suhosin patch. see + NEWS.Debian for more information. + + -- sean finney Mon, 04 Jun 2007 22:02:10 +0200 + +php5 (5.2.2-2) unstable; urgency=low + + [sean finney] + - build with --with-ldap-sasl and modify build-depends to include + libsasl2-dev in order to get the ldap_sasl_bind function (closes: #422490). + - the json extension is now on by default in php builds, so there's + no need for the php5-json package. added a Provides/Conflicts to + help set an upgrade path. + - apache 1.x support is soon disappearing. as a consequence we are + no longer building the libapache-mod-php5 module. the php5 metapackage + should as a result bring in libapache2-mod-php5 by default for those who + already have it installed. + + -- sean finney Sun, 20 May 2007 21:59:56 +0200 + +php5 (5.2.2-1) unstable; urgency=low + + [ sean finney ] + * new upstream release (closes: #422405). + * /most/ of the previous CVE patches have been committed upstream, though: + - the patch for MOPB-41 was fixed in a different way and we'll be keeping + our fix for the time being. + - it doesn't seem like MOPB-45 has been fixed yet. + * remove build-dependency option on libmysqlclient12-dev, since the mysqli + option requires it, and 15 is in stable now anyway. thanks to + Henk van de kamer for finding this (closes: #422224). + * now includes requested fix for mysql row counts (closes: #418471). + * needle/haystack issues are reported fixed (closes: #399924). + * oh yeah, because we're using quilt now: (closes: #338315). + * update build-deps to libdb4.5-dev | libdb4.4-dev (closes: #421929). + note that the resulting php packages won't actually build against + libdb4.5 until all of our build-dependant packages do too. + + -- sean finney Sat, 05 May 2007 19:56:30 +0200 + +php5 (5.2.0-12) unstable; urgency=high + + [ sean finney ] + * modify the build-depends to play more nicely when the net-snmp + maintainers decide to change their package names (closes: #421061). + + -- sean finney Tue, 01 May 2007 14:24:01 +0200 + +php5 (5.2.0-11) unstable; urgency=high + + [ sean finney ] + * The following security issues are addressed with this update: + - CVE-2007-0910/MOPB-32 session_decode() Double Free Vulnerability + * note that this is an update to the previous version of the upstream + fix for CVE-2007-0910, which introduced a seperate exploit path. + - CVE-2007-1286/MOPB-04 unserialize() ZVAL Reference Counter Overflow + - CVE-2007-1380/MOPB-10 php_binary Session Deserialization Information Leak + - CVE-2007-1375/MOPB-14 substr_compare() Information Leak Vulnerability + - CVE-2007-1376/MOPB-15 shmop Functions Resource Verification Vulnerability + - CVE-2007-1453/MOPB-18 ext/filter HTML Tag Stripping Bypass Vulnerability + - CVE-2007-1453/MOPB-19 ext/filter Space Trimming Buffer Underflow Vuln. + - CVE-2007-1521/MOPB-22 session_regenerate_id() Double Free Vulnerability + - CVE-2007-1583/MOPB-26 mb_parse_str() register_globals Activation Vuln. + - CVE-2007-1700/MOPB-30 _SESSION unset() Vulnerability + - CVE-2007-1718/MOPB-34 mail() Header Injection + - CVE-2007-1777/MOPB-35 zip_entry_read() Integer Overflow Vulnerability + - CVE-2007-1887-1888/MOPB-41 sqlite_udf_decode_binary() Buffer Overflow + - CVE-2007-1824/MOPB-42 php_stream_filter_create() Off By One Vulnerablity + - CVE-2007-1889/MOPB-44 Memory Manager Signed Comparision Vulnerability + - CVE-2007-1900/MOPB-45 ext/filter Email Validation Vulnerability + * The other security issues resulting from the "Month of PHP bugs" either + did not affect the version of php5 shipped in unstable, or did not merit + a security update according to the established security policy for php + in debian. You are encouraged to verify that your configuration is not + affected by any of the other vulnerabilities by visiting: + http://www.php-security.org/ + * other, less interesting changes: + - now use quilt for managing local patches. + - massage all of the patches, eliminating fuzz and offsets. + + -- sean finney Mon, 23 Apr 2007 19:02:51 +0200 + +php5 (5.2.0-10) unstable; urgency=high + + [ sean finney ] + * The php security update contained a regression in the streams + module. this version contains an updated version of the patch + for CVE-2007-0906 (116-CVE-2007-0906_streams.patch), which should + fix the regression. Thanks to Martin Pitt for noticing this. + * Fix the patch names in the previous changelog entry, and fix a factual + inaccuracy that was accidentally pasted from the php4 changelog. + * The previous update was missing two fixes from CVE-2007-0906: + * interbase: (116-CVE-2007-0906_interbase.patch) + * zip: (116-CVE-2007-0906_zip.patch) + + -- sean finney Wed, 07 Mar 2007 23:11:29 +0100 + +php5 (5.2.0-9) unstable; urgency=high + + [ sean finney ] + * The following security issues are addressed with this update: + - CVE-2007-0906: Multiple buffer overflows in various code: + * session (116-CVE-2007-0906_session.patch) + * imap (116-CVE-2007-0906_imap.patch) + * str_replace: (116-CVE-2007-0906_string.patch) + * the sqlite and mail related vulnerabilities in this CVE do not + affect the php5 source packages. + - CVE-2007-0907: sapi_header_op buffer underflow (116-CVE-2007-0907.patch) + - CVE-2007-0908: wddx information disclosure (116-CVE-2007-0908.patch) + - CVE-2007-0909: More buffer overflows: + * the odbc_result_all function (116-CVE-2007-0909_odbc.patch) + * various formatted print functions (116-CVE-2007-0909_print.patch) + - CVE-2007-0910: Clobbering of super-globals (116-CVE-2007-0910.patch) + - CVE-2007-0988: 64bit unserialize DoS (116-CVE-2007-0988.patch) + Closes: #410995. + * The package maintainers would like to thank Joe Orton from redhat and + Martin Pitt from ubuntu for their help in preparation of this update. + * backport upstream fix for AUTH PLAIN support in imap extension + Closes: #401712. + + -- sean finney Sat, 03 Mar 2007 11:13:33 +0100 + +php5 (5.2.0-8) unstable; urgency=high + + [ sean finney ] + * Update package information to say simply "Apache 2" instead + of "Apache 2.0" (ref: #400306). + * Update package description for php-pear to mention needing + phpN-dev for building PECL extensions (closes: #401825). + * Add mention of Freetype fonts to php5-gd package description, + thanks to Ole Laursen for the suggestion (closes: #387881). + * Include a backported version of upstream's fix for + alignment calculatations which cause FTBFS problems for + some arches. Thanks to Roman Zippel for finding this (closes: #401129). + patch: 114-zend_alloc.c_m68k_alignment.patch + * Remove --enable-yp, as it's no longer used and seperately + packaged. Thanks to Martijn Grendelman for mentioning this + (closes: #402161). + * Add mention to README.Debian of needing to restart apache when + installing modules (closes: #392249). + * Don't strip the DSO modules if building with DEB_BUILD_OPTIONS + containing nostrip + * Backported a patch from upstream CVS to fix a rather nasty + memory leak in zend_alloc (closes: #402506). + patch: 115-zend_alloc.c_memleak.patch + * The memleak and FTBFS are targeted at etch, and there aren't + any other significant changes, so priority=high. + + -- sean finney Sun, 17 Dec 2006 16:49:35 +0100 + +php5 (5.2.0-7) unstable; urgency=high + + [ Steve Langasek ] + * Also disable firebird in the PDO config for archs other than + i386/amd64. + + -- sean finney Fri, 24 Nov 2006 15:20:53 +0100 + +php5 (5.2.0-6) unstable; urgency=high + + [ sean finney ] + * firebird2-dev (and thus php5-interbase) is only available on + i386/amd64, so update the control/rules information accordingly. + thanks to Bastian Blank for reporting this (closes: #399558). + + -- sean finney Wed, 22 Nov 2006 19:04:04 +0100 + +php5 (5.2.0-5) unstable; urgency=high + + [ sean finney ] + * bring some of the mainline php4 modules back into the php source + package instead of distributing them in independant source packages: + - php5-imap + - php5-interbase + - php5-mcrypt + - php5-pspell + - php5-tidy + these modules are still provided in the same binary packages as + before, but will now be built in tandem with the core php packages. + * fix for pdo.so duplicate loading warnings, thanks to Jan Wagner + (closes: #398367, #399248). + + -- sean finney Mon, 20 Nov 2006 12:41:37 +0100 + +php5 (5.2.0-4) unstable; urgency=high + + * Re-re-enable LFS support, forward-porting vorlon's fixes in + the php4 tree. + * Add a bit of support in upgrade scripts to avoid unnecessary + ucf prompting during upgrades (closes: #398363). + * Update build-dependencies to reflect that libpcre3-dev >= 6.6 + is required. Thanks to Jan Wagner for pointing this out. + * loosen dependencys for libapache2-mod-php5 to allow usage with + apache2-mpm-itk as an alternative to prefork. + Closes: #398580, #398481. + + -- sean finney Wed, 15 Nov 2006 08:33:28 +0100 + +php5 (5.2.0-3) unstable; urgency=high + + * Unify PHP options for pear binaries to: + -d output_buffering=1 -d open_basedir="" -d safe_mode=0 -d memory_limit="-1" + (Closes: #397625) + * [debian/rules]: Enable PDO building only in apache2 build. + + -- Ondřej Surý Fri, 10 Nov 2006 14:09:00 +0100 + +php5 (5.2.0-2) unstable; urgency=high + + [ Ondřej Surý ] + * Revert Large File Support for this moment. We will try to found + root of the problem for etch, but we do not promise anything. + (Closes: #397465) + + -- Ondřej Surý Wed, 8 Nov 2006 01:13:48 +0100 + +php5 (5.2.0-1) unstable; urgency=high + + [ sean finney ] + * new upstream release. since this means the 5.1 series is deadware + in the eyes of its developers, we better get on this train before + it's too late. Note: this also fixes the htmlentities() exploit. + Reference: CVE-2006-5465. + Closes: #396766. + * s/postinst/postrm/ on one critical line in debian/rules. whoops. + Thanks to Bart Martens for finding this (closes: #396873). + * as a pennance i've enabled LFS support (closes: #359686). + * new version now includes all mbstring headers (closes: #391368). + * enable new built-in zip support. + * enable pdo support for currently supported db types, and place the + extensions in the respective extension packages. future db + types will be added, but probably post-etch as they will probably + introduce new packages/dependencies (closes: #348882). + * move the mysqli module into the mysql module's package, and remove + the no longer necessary mysqli package. + * massaging/removal of various patches to upstream changes: + D patches/106-strptime_xopen.patch + D patches/110-CVE-2006-4812_zend_alloc.patch + M patches/006-debian_quirks.patch + D patches/111-mbstring-headers.patch + M patches/053-extension_api.patch + + [ Ondřej Surý ] + * Package checked, upload to unstable. + + -- Ondřej Surý Tue, 7 Nov 2006 09:26:51 +0100 + +php5 (5.1.6-6) unstable; urgency=high + + [ sean finney ] + * add notes to php.ini(-dist) about "unsupported" security features. + patch: 113-php.ini_securitynotes.patch + + [ Ondřej Surý ] + * SECURITY: include patch for html buffer overflows in ext/standard/html.c + Reference: CVE-2006-5465 + Patch: 114-CVE-2006-5465_htmlentities.patch + Closes: #396766 + + -- Ondřej Surý Fri, 3 Nov 2006 12:32:50 +0100 + +php5 (5.1.6-5) unstable; urgency=high + + [sean finney] + * add a README.Debian.security to clarify how we handle/respond + to security problems in stable releases. + * SECURITY: include patch for integer overflow in zend_alloc.c. + Reference: CVE-2006-04812 (closes: #391586). + patch: 110-CVE-2006-4812_zend_alloc.patch + * bump the debhelper compatibility level to 4. + * remove cyclic depends for mysql/mysqli. + * the long overdue rework of configuration file handling. this also + removes the need for debconf and template translations + (closes: #361211, #393788, #388697). + * start using ucf to manage the the various SAPI php.ini files. + * cleanup and consolidation of a few things in the ./debian dir + * bump the memory limit to 32M for the cli API (closes: #375070, #340586). + * include a fix for missing mbstring headers reported by Jan Wagner + (closes: #391368). + patch: 111-mbstring-headers.patch. + * include support for PTY's in proc_open, as reported by Eike Dehling. + according to php's BTS (http://bugs.php.net/bug.php?id=39224) the + feature was disabled only because the configure script couldn't + accurately determine whether the feature was available, and we know + it is :) (closes: #381438). + patch: 112-proc_open.patch. + * update standards-version to 3.7.2 + + -- sean finney Sat, 28 Oct 2006 14:29:44 +0200 + +php5 (5.1.6-4) unstable; urgency=high + + [sean finney] + * no longer build against GPL'd gdbm library (closes: #390452). + * updated apache2 module dependencies to build against and coexist + with apache2.2 (closes: #390455). + + -- sean finney Sat, 07 Oct 2006 12:06:09 +0200 + +php5 (5.1.6-3) unstable; urgency=low + + [ sean finney ] + * php5 was building against db4.3 even though db4.4 headers were + installed. fix applied to ./ext/dba/config.m4 while we wait + for a real fix from upstream (closes: #388601). + + -- sean finney Mon, 02 Oct 2006 17:42:50 +0200 + +php5 (5.1.6-2) unstable; urgency=low + + [ sean finney ] + * enable the mysqli extension (closes: #320835). + + -- sean finney Tue, 19 Sep 2006 19:31:27 +0200 + +php5 (5.1.6-1) unstable; urgency=high + + [ Adam Conrad ] + * Drop 041-shut_up_snmp.patch, which was no longer needed as of 5.1.0. + + [ Ondřej Surý ] + * Acknowledge NMU. + * New upstream release (Closes: #383596) + - Added missing safe_mode/open_basedir checks inside the error_log(), + file_exists(), imap_open() and imap_reopen() functions. + - Fixed overflows inside str_repeat() and wordwrap() functions on 64bit + systems. + - Fixed possible open_basedir/safe_mode bypass in cURL extension and + with realpath cache. (CVE-2006-2563) (Closes: #370165) + - Fixed overflow in GD extension on invalid GIF images. + - Fixed a buffer overflow inside sscanf() function. (CVE-2006-4020) + (Closes: #382256) + - Fixed an out of bounds read inside stripos() function. + - Fixed memory_limit restriction on 64 bit system (really with 5.1.6). + * Bump libdb build-dep from libdb4.3 to libdb4.4, to match with apache. + + -- Ondřej Surý Sat, 19 Aug 2006 14:41:43 +0200 + +php5 (5.1.4-0.1) unstable; urgency=high + + * Non-maintainer upload. + * New upstream release. (Closes: #366109) + * Fixes information leak in html_entity_decode() (CVE-2006-1490). + (Closes: #359907) + * Fixes phpinfo() XSS (CVE-2006-0996). (Closes: #361914) + * Fixes copy() safe mode bypass (CVE-2006-1608). (Closes: #361915) + * Fixes tempnam() open_basedir bypass (CVE-2006-1494). (Closes: #361916) + * Fixes wordwrap() buffer overflow (CVE-2006-1990). (Closes: #365312) + * Fixes substr_compare() DoS condition (CVE-2006-1991). + * Fixes crash during too deep recursion (CVE-2006-1549). (Closes: #361917) + * Fixes injection in mb_send_mail() (CVE-2006-1014, CVE-2006-1015); not + mentioned in upstream changelog. (Closes: #368595) + * 044-strtod_arm_fix.patch: Adapted for new upstream; pulled in from + Piotr Roszatycki's packages. + * 108-64bit_datetime.patch: Patch to fix possible segfault on systems where + sizeof(void*) > sizeof(int); patch from David Mosberger-Tang. + + -- Steinar H. Gunderson Tue, 13 Jun 2006 22:38:33 +0200 + +php5 (5.1.2-1) unstable; urgency=low + + * New upstream bugfix and security update release (closes: #347894) + - Fixes multiple cross-site-scripting vulnerabilities; CVE-2006-0208 + - Resolves multiple HTTP response splitting vulnerabilities, allowing + arbitrary header injection via Set-Cookie headers; see CVE-2006-0207 + - While we don't currently build it, this release also fixes a format + string vulnerability in the mysqli extension; see CVE-2006-0200 + - Includes a new version of the PEAR installer that seems to have a + slightly better clue about the difference between INSTALL_ROOT and + PHP_PEAR_INSTALL_DIR, fixing pear.conf (closes: #346479, #346501) + * While the above is partially true, the PEAR installer is still a bit + broken (it won't install correctly under fakeroot anymore, YAY), so + shuffle debian/rules to have a build-pear-stamp target, as a stopgap. + * Add 106-strptime_xopen.patch, moving the _XOPEN_SOURCE definition down + in ext/standard/datetime.c, below the php.h include (closes: #346550) + * Add 107-reflection_is_ext.patch, munging ext/reflection/config.m4 to + properly call the PHP_ARG_ENABLE macro for an extension, not built-in. + * Stop php-pear from Replacing and Conflicting with php-html-template-it, + as we only now ship the bare essential to make the pear installer go. + + -- Adam Conrad Mon, 16 Jan 2006 16:12:31 +1100 + +php5 (5.1.1-1) unstable; urgency=low + + * New upstream bugfix release, skipping the problematic 5.1.0 release: + - Fixes a zend.ze1_compatibility_mode segfault (closes: #333374) + - Remove libtool patch from acinclude.m4, now integrated upstream. + - Remove 038-round_test_fix.patch, now integrated upstream. + - Remove 049-exported-headers.patch, as upstream's build system has + gotten more clever about what they should and shouldn't export. + - Remove 054-open_basedir_slash.patch, now integrated upstream. + - Remove 055-gd_safe_mode_checks.patch, fixed differently upstream. + - Mangle 101-sqlite_is_shared.patch, to deal with upstream changes. + - Remove 104-64_bit_serialize.patch, now integrated upstream. + - Remove 105-64_bit_imagettftext.patch, now integrated upstream. + * Many security vulnerabilities fixed (closes: #341368, #336005, #336654): + - Resolves a local denial of service in the apache2 SAPI, which can + be triggered by using session.save_path in .htaccess; CVE-2005-3319 + - Resolves an infinite loop in the exif_read_data function which can + be triggered with a specially-crafted JPEG image; CVE-2005-3353 + - Resolves a vulnerability in the parse_str function whereby a remote + attacker can fool PHP into turning on register_globals, thus making + applications vulnerable to global variable injections; CVE-2005-3389 + - Resolves a vulnerability in the RFC1867 file upload feature where, if + register_globals is enabled, a remote attacker can modify the GLOBALS + array with a multipart/form-data POST request; see CVE-2005-3390 + - Resolves numerous safe_mode and open_basedir bypasses; CVE-2005-3391 + - Resolves INI settings leaks in the apache2 SAPI, leading to safe_mode + and open_basedir bypasses between virtual hosts; CVE-2005-3392 + - Resolves a CRLF injection vulnerability in the mb_send_mail function, + allowing injection of arbitrary mail headers; see CVE-2005-3883 + - Includes PEAR 1.4.5, resolving a vulnerability in the pear installer + which could lead to arbitrary code execution; see CVE-2005-4154 + * Bump libdb build-dep from libdb4.2 to libdb4.3, to match with apache. + * Bump our MySQL build-dep to 5.0's libmysqlclient15-dev (closes: #343793) + * Automate the process of getting the list of built-in modules into the + package descriptions, so it stays fresh in the future (closes: #341867) + * Intentionally disable PDO support until I've sorted out the best way to + deal with shipping this shiny new feature that won't break the world. + * The new PEAR happens to fix the Command.php greedy match bug filed in + Debian as part of the fix for the wider security issue (closes: #334969) + * Create 056-mime_magic_strings.patch, making the mime_magic extension + more liberal about what mime-types is accepts, as well as making it skip + over ones it dislikes, rather than disabling itself (closes: #335674) + * Add 057-no_apache_installed.patch, to stop spewing a mess of errors in + configure because we don't have the apache binaries in the build chroot. + * Fix small typo in the php5-xsl package description (closes: #344816) + + -- Adam Conrad Thu, 15 Dec 2005 14:46:56 +1100 + +php5 (5.0.5-3) unstable; urgency=low + + * Build-Depend on libcurl3-openssl-dev, since libcurl3-dev is going away + soon. Keep libcurl3-dev as an alternate for backporting (see: #334367) + * Switch from libmysqlclient12 to libmysqlclient14; this puts us on the + *other* side of the line regarding which combinations of DSOs cause + segfaults, so hopefully the others catch up with us soon (closes: #332453) + * Look for magic.mime in /usr/share/file now instead of /usr/share/misc/file, + as the path has been changed to comply with the FHS (see: #334510) + * Make the above backportable as well, by searching for both files, and + picking the one that's currently installed on the user's system. + * Include swedish debconf translation from Daniel Nylander (closes: #330763) + * Make pear use '/usr/bin/php' instead of just 'php' to make sure we don't + get some random binary on $PATH that won't work right (closes: #329415) + * Set PHP_PEAR_SIG_BIN to /usr/bin/gpg, and have php-pear Recommends: gnupg + + -- Adam Conrad Fri, 21 Oct 2005 02:30:19 +1000 + +php5 (5.0.5-2) unstable; urgency=medium + + * Remove Andres Salomon from the Uploaders field, at his request. Thanks + for all your work on the PHP packages, Andres, now fix our kernel bugs. + * Add 054-open_basedir_slash.patch, which fixes a bug where if open_basedir + is set to "/foo/", users can access files in "/foobar/", which is not the + documented behaviour; this addresses CAN-2005-3054 (see: #323585) + * Add 104-64_bit_serialize.patch from Joe Orton, resolving a segfault when + serializing objects on all 64-bit architectures (closes: #329768) + * Add 105-64_bit_imagettftext.patch, fixing a type mismatch in the GD + extension, causing memory corruption on 64-bit arches (closes: #331001) + * Add 055-gd_safe_mode_checks.patch from PHP CVS, adding missing safe_mode + checks to the _php_image_output and _php_image_output_ctx GD functions. + * Make php-pear Provide, Replace, and Conflict php-html-template-it, which + we appear to have absorbed into the main PEAR packaging (closes: #332393) + + -- Adam Conrad Tue, 27 Sep 2005 16:09:29 +1000 + +php5 (5.0.5-1) unstable; urgency=low + + * New upstream release, adjust patch offsets and fuzz, and drop patches: + - Drop 009-snmp-int-sizes.patch, finally fixed upstream. + - Drop 051-gcc-4.0.patch, fixed differently upstream. + - Drop 102-php_streams.patch, fixed upstream. + - Drop 103-catch_segv.patch, also fixed upstream. + - Includes PEAR XML_RPC fix for CAN-2005-2498. + - Includes phpinfo() XSS fix for CVE-2005-3388. + * Distribute the shiny new manpages for php-config and phpize. + + -- Adam Conrad Mon, 12 Sep 2005 02:29:24 +1000 + +php5 (5.0.4-4) unstable; urgency=low + + * Ondřej Surý : + - Add patch from CVS to fix regression in PHP 5.0.4, where file related + functions all stop reading at 2,000,000 bytes (closes: #321930) + * Adam Conrad : + - Enable support for gdbm files in the dba handler; half the base system + already appears to depend on libgdm, so we can't make things worse. + - Add another patch from CVS to fix a segfault in the catch/throw + handler under interesting nesting cases (closes: #322507) + - Rebuild against libsnmp9-dev for new libsnmp SOVER (closes: #327107) + + -- Adam Conrad Thu, 8 Sep 2005 00:36:36 +1000 + +php5 (5.0.4-3) unstable; urgency=low + + * And fix the module/extension API situation one last time, this time + we read ZEND_EXTENSION_API_NO, ZEND_MODULE_API_NO, and PHP_API_VERSION, + pick the most recent of the three, assume things broke in ways we're + not willing to cope with, and both change the extension directory to + use that value, as well as setting it to the provides/depends for the + various SAPI and extension packages. + * Add a new option to php-config, 'php-config --phpapi', which extension + packagers should now be using to get the current phpapi they're building + against and set their dependencies accordingly. + * Strip the -gnu off the end of the DEB_*_* variables and drop the + versioned dpkg-dev build-dep to ease backporting to sarge and hoary; + doing so in such a way as to still allow for easy cross-compiling. + * Add postgresql-dev build-dep alternate for easy hoary/sarge backports. + * Make libapache2-mod-php5 the default alternate dependency for the php5 + metapackage, since we really do want to encourage the apache upgrade. + * Make php5-dev stop shipping copies of files from autotools-dev, shtool, + and libtool, and instead symlink to them and depend on those packages, + thus avoiding the shtool issues from CAN-2005-1751 and CAN-2005-1759. + + -- Adam Conrad Sun, 31 Jul 2005 03:05:08 +1000 + +php5 (5.0.4-2) unstable; urgency=low + + * We now have a mailing list. Set the maintainer to the list, and move + myself to Uploaders where, apparently, I belong. + * Use ZEND_MODULE_API_NO rather than PHP_API_VERSION for extension deps, + as recent upstream ABI breakage in 4.4.0 leads me to believe this is + the only constant they actually bother to update on ABI changes. + * Bring back some concflicts that went missing (libapache-mod-php5 needs + to conflict with libapache-mod-php4 and older versions of php4, while + the two libapache2-mod-php[45] modules also need to conflict). + * Adjust debian/watch to not match on upstream's alpha/beta/rc releases. + + -- Adam Conrad Wed, 27 Jul 2005 22:30:42 +1000 + +php5 (5.0.4-1) unstable; urgency=low + + * Initial PHP5 release; packaging forked from php4 4:4.3.11-1. + - Closes: #262977, #293832 + * Ondrej Sury : + - Removed some obsolete cruft, since there wasn't any previous php5 + packages there is no need, to check /usr/share/doc/*, etc. + - Removed apache2 IfModule hack, it's been fixed in php5. + - Updated patches to php5, removing those which are obsolete. + - Changes xslt extension to xsl (using libxslt). + - Updated debian/* including changelog. + - Raised update-alternatives priority to 50. + * Adam Conrad : + - Merged with php4 4:4.4.0-1 packaging. + - Re-roll upstream tarball to include PEAR::XML_RPC 1.3.3, which + includes a security fix for CVE CAN-2005-1921. + - Bump to Standards-Version 3.6.2, with no source changes. + - Stop distributing the phpextdist binary, as upstream has stopped. + - Drop the ext_skel binary and skeleton dir from php5-dev, as it has + been deemed obsolete upstream and the version in the tarball is not + considered useful anymore. PEAR::PECL_Gen upstream will replace it. + - Fix longstanding broken shebang lines in debconf config scripts. + - Remove lintian overrides for modules; lintian no longer complains + about missing shlibs for libraries outside the linker path. + - Add a linda override for the non-standard directory permissions on + /var/lib/php5 in php5-common. + - Rename php5-pear to php-pear, have it replace php4-pear, and depend + on php5-cli OR php4-cli; make sure it works with both. + - Compile in SOAP extension (closes: #307580) + - Enable SQLite extension as shared, make the xmlrpc extension shared. + - Enabled the pgsql extension, and disabled the imap extension (which + will be moving to another source package and become the example + package for out-of-tree builds). + + -- Adam Conrad Sat, 16 Jul 2005 23:42:36 +1000 + +php4 (4:4.3.11-1) unstable; urgency=low + + * New upstream release (closes: #304052) + - Drop CVS patches, we're back in step with upstream versions. + - Remove 048-x509_multiple_orgUnits.patch, incorporated in 4.3.11. + - Remove 050-4.3.11_file_copy_fix.patch, incorporated in 4.3.11. + - Remove 040-curl_open_basedir.patch, as upstream has solved this + in a different fashion. + - Adjust patches for offset and fuzz. + - Remove bits from debian/rules dealing with the DB PEAR extension, + since it's no longer shipped in the php4-pear package. + * Rebuild against newer version of freetds library (closes: #317369) + * Add 052-phpinfo_no_configure.patch, which disables the display of our + "Configure Command" in phpinfo(), which was the source of many bogus + bug reports over the years, due to people misinterpreting its meaning. + * New translations to Vietnamese and Russian (closes: #316821, #310199) + - vi.po contributed by Clytie Siddall + - ru.po contributed by Yuriy Talakan' + * Mention FastCGI in the description of php4-cgi (closes: #310810) + + -- Adam Conrad Mon, 4 Jul 2005 17:47:32 +1000 + +php4 (4:4.3.10-15) unstable; urgency=low + + * Bring back the shipping of /usr/share/doc symlinks in our packages, + as this, in concert with moving the migration detection from preinst + to postinst (which was done in the last upload), seems to give us the + sanest upgrade path. Thanks to Steve Langasek for smacking me around + with unpack/upgrade scenarios for a while to convince me of this. + + -- Adam Conrad Mon, 9 May 2005 02:13:19 -0600 + +php4 (4:4.3.10-14) unstable; urgency=high + + * Revert the directory->symlink magic to work how it used to, since the + new behaviour broke hideously on upgrades from Woody, causing certain + files (like the changelog) to mysteriously go missing (closes: #307591) + * Move our template php.ini to /usr/share/php4, so we stop violating + policy by using files from /usr/share/doc (as seen in #307591) + * Remove 'readline' from the php4-cli package description, since we don't + actually build with readline support enabled anymore (closes: #306571) + + -- Adam Conrad Wed, 4 May 2005 01:48:19 -0600 + +php4 (4:4.3.10-13) unstable; urgency=low + + * Update email address for Andres Salomon + * Add Portuguese translation from Miguel Figueiredo (closes: #305038) + * Include 051-gcc-4.0.patch, which resolves a build failure in + libxmlrpc (from the xmlrpc extension) with gcc-4.0 (closes: #287956) + + -- Adam Conrad Mon, 18 Apr 2005 00:29:54 -0600 + +php4 (4:4.3.10-12) unstable; urgency=low + + * Add 050-4.3.11_file_copy_fix.patch, which reverts a broken 'fix' + made to the copy() function, causing it to fail in particularly + spectacular ways when used on remote files (closes: #304601) + * Use -g instead of -gstabs on powerpc64-linux (closes: #301571) + + -- Adam Conrad Thu, 14 Apr 2005 03:53:27 -0600 + +php4 (4:4.3.10-11) unstable; urgency=medium + + * Address an FTBFS waiting to happen in the php4-dev package: + - Remove Win32 and Netware specific headers. + - Stop shipping php4-pgsql headers. + - Stop shipping the expat headers, since we don't even + use the bundled expat library. + - Make php4-dev depend on libssl-dev, since it wants to include + ssl.h when you use it to build network-using extensions. + * Stop building extensions twice; we don't need two copies. + + -- Adam Conrad Tue, 12 Apr 2005 03:14:03 -0600 + +php4 (4:4.3.10-10) unstable; urgency=low + + * Update to 200503131325 CVS (AKA: 4.3.11RC1), fixing several bugs + including a segfault in mysql_fetch_field() (closes: #299608) + * Remove 042-remove_windows_paths.patch, incorporated upstream. + * Add 048-x509_multiple_orgUnits.patch to bring the openssl extension + in line with the upcoming 4.3.11 behaviour of listing multiple + Organisational Units in an x509 cert as an array, rather than only + listing the last in the list. + * After much talk with upstream, revert the ZTS changes. We are no + longer building a thread-safe PHP. (closes: #299820, #297223, #297679) + * ZTS was breaking file search paths, leading to errors loading files + from the cwd (closes: #298282, #298518, #299089, #299356) + * Stop building caudium-php4 (closes: #294718, #297702, #295100) + - We can't link against the GPL pike7.2, which we've been doing. Oops. + - Even if the above weren't true, upstream has insisted that ZTS is a + horribly broken solution, slated for eventual removal, and should + never, ever be used. In light of that, caudium users should instead + use php4-cgi, either as a plain CGI, or as a FastCGI backend. + - Not even attempting to provide an upgrade path, as it would be + needlessly complex, and caudium-php4 in previous stable releases + was nothing more than a useless toy, given that it had nearly no + useful extensions built-in or supported. + * Rewrite 041-shut_up_snmp.patch to take a different approach, this time + regrettably reverting a fix for a memory leak, in the name of making + things work properly, including squashing the putenv() intecaction + bug between PHP and other apache modules (closes: #298511, #300628) + * On sidegrades from distributions where different modules may be built + from their own source, and thus have their own doc directories, bad + things happen when we try to replace those with symlinks, so now we + check for this in preinst, and fix stuff up magically to Just Work. + * Add Jeroen van Wolffelaar to Uploaders. + * Fix up modules regexes to use "\.so" instead of ".so" (cf: #300998) + + -- Adam Conrad Wed, 16 Mar 2005 22:46:05 -0700 + +php4 (4:4.3.10-9) unstable; urgency=low + + * Update 040-curl_open_basedir.patch once more to make sure it doesn't + segfault when fed a null or uninitialised URL (closes: #295447) + * Add 047-zts_with_dl.patch, courtesy of Steve Langasek to re-enable the + dl() function in our builds, despite upstream's claim that it "might + not be threadsafe on all platforms"; it is on ours (closes: #297839) + * Make the php4-dev binaries versioned with alternatives (closes: #295903) + * Update build-deps to libmysqlclient12-dev (closes: #290989, #227549) + + -- Adam Conrad Sun, 6 Mar 2005 07:30:35 -0700 + +php4 (4:4.3.10-8) unstable; urgency=high + + * Add 046-zend_plist_buggery.patch which unrolls the changes made to + zend.c in CVS post-4.3.10. The memory leaks fixed by these changes + seem to not have been hurting us terribly so far, while the "fix" + (breaking persistent lists) was, uhm, bad (closes: #295998, #296694) + * Revise 041-shut_up_snmp.patch to call init_snmp with 'snmpapp' as the + appname, rather than 'php', to maintain backward compatibility, and to + wrap our setenv/unsetenv magic only around snmp_shutdown, which seems to + solve a segfault when php4-snmp is loaded with mod_perl (closes: #296282) + * Fix 042-remove_windows_paths.patch to catch both cases where windows + path stripping should occur (closes: #296406) + + -- Adam Conrad Tue, 22 Feb 2005 07:49:32 -0700 + +php4 (4:4.3.10-7) unstable; urgency=high + + * Rewrite 040-curl_open_basedir.patch, so it now does what it's supposed + to (addressing CAN-2004-1392) and no longer segfaults (closes: #295447) + + -- Adam Conrad Thu, 17 Feb 2005 00:06:36 -0700 + +php4 (4:4.3.10-6) unstable; urgency=high + + * Add 044-strtod_arm_fix.patch to fix the FPU confusion FTBFS on arm. + * Add 045-exif_nesting_level.patch to bump the exif header parsing max + nesting level to something that actually works with most JPEG images. + + -- Adam Conrad Mon, 14 Feb 2005 16:04:28 -0700 + +php4 (4:4.3.10-5) unstable; urgency=low + + * Add 043-recode_size_t.patch to fix 32/64-bit issues causing the recode + extension to segfault on alpha/amd64/ia64 (closes: #294986) + * Move the ./buildconf stuff in the unpatch target inside the test + for patch-stamp, as it's uselss unless we're unpatching. + + -- Adam Conrad Sun, 13 Feb 2005 19:09:39 -0700 + +php4 (4:4.3.10-4) unstable; urgency=medium + + * Make php4-dev arch:any, as it contains some arch-specific defines. + * Add 042-remove_windows_paths.patch, a patch to rfc1867.c to strip Windows + paths from uploaded filenames, like it used to. (closes: #294305) + * Fix up caudium description to reflect the fact that caudium it is no + longer restricted from sharing extensions with other SAPIs. + * Build-dep on apache2-threaded-dev (>= 2.0.53-3) to make sure we + get a version with non-broken headers. + + -- Adam Conrad Wed, 9 Feb 2005 11:52:10 -0700 + +php4 (4:4.3.10-3) unstable; urgency=medium + + * Update to CVS, as of 200502060530 (closes: #288672) + - Fixes two vulnerabilities in exif.c, CAN-2005-1042 and CAN-2005-1043 + - Fixes two vulnerabilities in image.c, CAN-2005-0524 and CAN-2005-0525 + - File uploads with "'" in them aren't cut off anymore (closes: #288679) + - unserialize() is no longer ridiculously slow (closes: #291392) + - Add 000-200502060530_CVS.patch + - Adapt debian/rules to the realities of upstream's new buildconf + - Add 033-we_WANT_libtool.patch, to force relibtoolizing with Debian's + libtool, rather than using upstream's broken bundled libtool + - Drop 031_zend_strtod_1.1.2.10.patch and 032_zend_strtod_debian.patch + - Adjust patches for offsets and fuzz + - Force --with-pic, as policy demands it, and the build system doesn't + * Added several patches, yanked from the Fedora PHP sources: + - 034-apache2_umask_fix.patch, fixes umask not being properly reset + after each request (closes: #286225) + - 036-fd_setsize_fix.patch, fixes misuse of FD_SET() + - 038-round_test_fix.patch, makes the rounding test work on gcc-3.3 + * Removed --with-libedit, as being able to background php is more useful, + in my opinion, than using readline functions (see #286356) + * Include zip support in all SAPIs (closes: #288534, #288909) + * Enable Zend Thread Safety for all SAPIs, meaning that our modules + are now compiled for ZTS APIs as well. (closes: #278212, #264015) + - Make sure caudium-php4 now provides phpapi-$(ver), and modules can + be configured with the caudium SAPI. + - Add 039-reentrant_libs.patch to link to the reentrant versions of + libldap and libmysqlclient + * Stop suggesting phpdoc, as it's undistributable anyway. + * Add 040-curl_open_basedir.patch, to make php4-curl respect the value + of open_basedir, thanks to Martin Pitt (closes: #291410) + * Add 041-shut_up_snmp.patch, to prevent libsnmp5 from attempting (and + failing) to write persistent data every time it shuts down. Ugh. + + -- Adam Conrad Sun, 6 Feb 2005 05:32:11 -0700 + +php4 (4:4.3.10-2) unstable; urgency=high + + * Patch Zend/zend_strtod.c twice: + - Patch from upstream CVS to fix FTBFS on Sparc/Linux systems + - Patch from me to fix FTBFS on __mc68000__, __ia64__, and __s390__ + + -- Adam Conrad Sat, 18 Dec 2004 19:35:30 -0700 + +php4 (4:4.3.10-1) unstable; urgency=high + + * New upstream release, including the following security fixes: + - CAN-2004-1018 - shmop_write() out of bounds memory write access. + - CAN-2004-1018 - integer overflow/underflow in pack() and unpack() + functions. + - CAN-2004-1019 - possible information disclosure, double free and + negative reference index array underflow in deserialization code. + - CAN-2004-1020 - addslashes() not escaping \0 correctly. + - CAN-2004-1063 - safe_mode execution directory bypass. + - CAN-2004-1064 - arbitrary file access through path truncation. + - CAN-2004-1065 - exif_read_data() overflow on long sectionname. + - magic_quotes_gpc could lead to one level directory traversal with + file uploads. + * Adjust patch offsets for new upstream, fix 013-force_getaddrinfo.patch + to match with new configure.in and drop 026-4.3.10_session_fixes.patch + which is included in 4.3.10. + + -- Adam Conrad Wed, 15 Dec 2004 17:17:40 -0700 + +php4 (4:4.3.9-2) unstable; urgency=low + + * Adam Conrad : + - Add -fno-strict-aliasing to CFLAGS, as the (several thousand) + warnings I'm getting from GCC are frightening me a tad. + - Remove the php-cgi alternative in php4-cgi's prerm, to avoid + leaving dangling symlinks (closes: #275962, #282315) + - Include 030-imap_getacl.patch, adding the imap_getacl() function + required by the GOsa project (closes: #282484) + - Include php.ini-paranoid in doc/examples, provided and maintained + by Javier Fernández-Sanguino Peña (closes: #274374) + - Make /cgi-bin/php4 an alternative for /cgi-bin/php (closes: #282464) + - Remove obsolete info from README.Debian relating to session_mm, + since we stopped building with libmm a while back. + - Reintroduce /usr/lib/php4/libexec that went missing in a previous + upload, since the build uses it as the default safe_mode exec dir. + * Andres Salomon : + - Add patch to include gd headers in php4-dev, as some PECL modules + (notably, pdflib) expect it; 028-export_gd_headers.patch. + - Lintian fix: Add missing #DEBHELPER# token to php4-common.postrm. + + -- Adam Conrad Wed, 01 Dec 2004 18:48:13 -0700 + +php4 (4:4.3.9-1) unstable; urgency=high + + * New upstream release, removed the following patches fixed upstream: + 014-apache2handler_CVS_fixes.patch, 015-gdNewDynamicCtx_Add_Ex.patch, + 018-unix_socket_fd_leak.patch, 020-4.3.9_overflow_fixes.patch, + 021-4.3.9_sybase_ct_fixes.patch, 022-4.3.9_sprintf_fixes.patch, + 023-4.3.9_array_fixes.patch, 024-4.3.9_glob_fix.patch, + and 025-4.3.9_domxml_segfaults.patch + * Resolves undiscolsed vulnerabilities in GPC processing and rfc1867 + handling of file uploads via the $_FILES array; these have since + been assigned CVE CAN-2004-0958 and CAN-2004-0959 (closes: #274206) + * After some fairly heavy testing from several users and developers, + finally update php4-snmp to use libsnmp5 (closes: #195929) + * Add 026-4.3.10_session_fixes.patch from CVS, which prevents PHP + from segfaulting when a nonexistant or unsupported save_handler or + serialize_handler is specified in php.ini. + * Add /etc/apache/conf.d/php4.conf, setting up our mime-types, on the + off chance that the user's /etc/mime.types is broken (closes: #271171) + * Reintroduce a CGI binary at /usr/bin/php4-cgi, so people who can't + make use of the --force-cgi-redirect CGI binary in /usr/lib/cgi-bin + can instead use #!/usr/bin/php4-cgi scripts (closes: #273143) + * Enable FastCGI for both CGI binaries, now that it no longer conflicts + with, but rather complements, the CGI SAPI (closes: #233849) + * Bump libgd2 build-dep a notch to make sure we build against a version + that actually has XPM support built in (closes: #270435) + * Finally drop the bogus libapache-mod-ssl dependency from the apache1.3 + php4 module, as glibc (>= 2.3.2.ds1-17) has fixed the dlopen refcount + bug that we were hacking around (closes: #205553, #230956, #271000) + * Remove the mm session handler from the apache1.3 build. Since the + files handler now works on all arches, and is configured to be secure + by default, mm seems to have outlived its usefulness. + (closes: #119902, #149430, #166811, #272463, #232840) + * Rename sapi/apache2handler/sapi_apache2.c to mod_php4.c so that + directives aren't ambiguous between php4 and php5. + * Add Czech translation, thanks to Miroslav Kure (closes: #274038) + * Configure CLI with --with-libedit for readline support, and add + 027-readline_is_editline.patch, since Debian's libedit headers are + not installed in /usr/include/readline (closes: #274031) + * libcurl grew a new SONAME somewhere along the way, and upgrading + doesn't seem to cause regressions in php4-curl, so upgrade we shall, + changing build-deps accordingly (closes: #260389) + + -- Adam Conrad Mon, 4 Oct 2004 22:57:37 -0600 + +php4 (4:4.3.8-12) unstable; urgency=high + + * On new php4-cli installations, if php4-cgi is installed, we copy its + php.ini as a starting reference, so that command line scripts that + used to work don't start mysteriously failing (closes: #270153) + * php4-common has grown a postrm script to make sure we completely + clean out and remove /var/lib/php4 during the purge phase. + * Optimize garbage collection cronjob to use 'xargs -r -0 rm', so we + aren't forking for every session file we delete (closes: #268918) + + -- Adam Conrad Sun, 5 Sep 2004 19:17:42 -0600 + +php4 (4:4.3.8-11) unstable; urgency=high + + * Andres Salomon : + - Fix bashism in maxlifetime script (closes: #270015) + * Adam Conrad : + - Clarify setup instructions in README.Debian for using php4-cgi + with the apache and apache2 packages (closes: #228342, #228343) + + -- Adam Conrad Sat, 04 Sep 2004 23:21:21 -0600 + +php4 (4:4.3.8-10) unstable; urgency=high + + * Andres Salomon : + - Change frequency of session file cleansing, based on the maximum value + of session.gc_maxlifetime from all php.ini files (closes: #269688). + - Update README.Debian to mention session cleaning cron job. + * Adam Conrad : + - Drop php4-cgi from the list of alternate dependencies for the php4 + metpackage to smooth upgrades for woody users who have both php4 and + php4-cgi installed (closes: #269628, #269348, #269377) + - Fix cut-n-paste issue in php4-cli postinst (closes: #269466) + - Add 023-4.3.9_array_fixes.patch, which fixes problems with the + extract() function misbehaving with multiple element references. + - Add 024-4.3.9_glob_fix.patch to fix broken return values from glob() + when it succeeds with no matches (closes: #269287) + - Add 025-4.3.9_domxml_segfaults.patch, fixing segfaults in the domxml + extension when it shares memory space with other libxml2-using libs. + - Update the comments in php.ini to point out that, due to dilinger's + changes above, session.gc_maxlifetime is honoured by the gc cronjob. + + -- Adam Conrad Fri, 03 Sep 2004 20:42:56 -0600 + +php4 (4:4.3.8-9) unstable; urgency=high + + * Re-introduce the changelog.Debian that went missing in the last + upload due to the php4-common move from arch:all to arch:any + * Clean up lintian warnings regarding scripts that weren't executable + and executables that weren't scripts. + * Add a lintian override for the non-standard-dir-perm of /var/lib/php4 + * Update to Standards-Version 3.6.1 (no changes, other than the above) + + -- Adam Conrad Thu, 26 Aug 2004 21:53:27 -0600 + +php4 (4:4.3.8-8) unstable; urgency=low + + * Default session.save_path is now compiled in to php4, allowing + us to, again, comment out the value in php.ini. + * Comment out session.gc_probability in the default php.ini, as we've + now compiled in a default of 0, allowing the cronjob to do the + garbage collection for us instead. (closes: #267720) + * Make the 5 SAPI postinsts smarter, allowing them to poke around in + people's configs and make sure that sessions won't be broken + after we upgraded them from a perfectly functional system. + * Add 022-4.3.9_sprintf_fixes.patch, fixing incorrect formatting of + floats with padding by sprintf(). + * Make php4-common arch:any, and loosen up some of the other any->all + package dependencies to make sure binNMUs won't break. + + -- Adam Conrad Tue, 24 Aug 2004 03:09:43 -0600 + +php4 (4:4.3.8-7) unstable; urgency=high + + * Back out LFS support AGAIN, as we're disabling LFS in apache2 for + the Sarge release. (closes: #266869) + * Add 021-4.3.9_sybase_ct_fixes.patch, backporting several fixes + for the sybase_ct extension from 4.3.9rc1. + * Tidy up descriptions a fair bit: + - Disambiguate short descriptions of SAPIs. (closes: #244571) + - Refresh the (now much longer) lists of built-in modules for each SAPI. + - Explain why caudium-php4 can't use any loadable extensions. + - Remove silly advertising blurb for Zend, since very few people are + still using php3, and those who are can't be convinced to upgrade + just by telling them "Hey, it's faster!". + - Add Homepage URI to each SAPI description. + - Fix typo in php4-domxml description. (closes: #146124) + * Make caudium-php4 provide php4-mysql and php4-pgsql, so it can be used + with packages that depend on something like "php4, php4-mysql". + * Enable --with-mime-magic and make sure all SAPIs depend on libmagic1 + to pull in /usr/share/misc/file/magic.mime (closes: #175136) + + -- Adam Conrad Thu, 19 Aug 2004 18:27:17 -0600 + +php4 (4:4.3.8-6) unstable; urgency=high + + * Add libgcrypt11-dev to the build-depends, as something seems to be + pulling it in and causing an FTBFS (closes: #265952) + * Add 020-4.3.9_overflow_fixes, backporting fix for integer overflows + in array_slice(), array_splice(), substr(), substr_replace(), + strspn() and strcspn(). + * Bump the apache2 build-dep to (>= 2.0.50-9) to ensure we're building + against the new ABI-incompatble libapr0, which brings in proper + large file support. Bump the apache2 binary dependency as well. + (closes: #266210, #266192) + * Enable large file support on all SAPIs except for caudium, as I'm not + sure how caudium will react to the change, and I don't want to + destabilise anything just before release. This change has been + heavily tested with apache2/apache/cgi/cli, and all is well there. + * Re-enable 019-z_off_t_as_long.patch, which is needed to make sure + that LFS-enabled SAPIs can still use zlib file functions correctly. + * Rework the apache2 restarting logic to only restart apache2 if + apache2ctl configtest succeeds, otherwise kick out a warning to + the user. Even then, we run force-reload with ||true, in case + apache2 fails to start for other reasons (closes: #264958) + * Make php4-gd Provide php4-gd2, so packages which still depend on + php4-gd2 are installable (and so packaging frontends can take the + provides/conflicts/replaces hint and DTRT with it) + * Split php4-cgi to php4-cgi and php4-cli (closes: #227915) + - Add php4-cli to debian/control, replaces older php4-cgi versions + - php4-cgi depends on php4-cli for smooth transitions + - php4-pear now depends on php4-cli (closes: #243214, #221434) + - Add php4-cli to list of SAPIs configurable for modules + - Munge php.1 manpage to include -cli info + - Enable pcntl and ncurses in -cli (closes: #135861, #190947, #241806) + * Move all of php4's files to libapache-mod-php4, and make php4 a + metapackage that depends on libapache-mod-php4 | libapache2-mod-php4 | + php4-cgi | caudium-php4 (closes: #244573, #246654, #244571, #266517) + * Include skeleton directory in php4-dev (closes: #95832, #211338) + * Include php.ini-recommended in php4-common's examples (closes: #181396) + * Move /var/lib/php4 to php4-common and install a cronjob that cleans + out old sessions every 30 minutes (closes: #256831, #257111) + * Move the libapache-mod-ssl dependency from php4-imap to + libapache-mod-php4 to stop irritating users of other SAPIs + (closes: #240003, #246887, #263381) + * Compile pgsql and mysql support into the caudium SAPI, so it's + slightly less useless (closes: #181175) + + -- Adam Conrad Sun, 15 Aug 2004 19:56:14 -0600 + +php4 (4:4.3.8-5) unstable; urgency=low + + * Build-depend on chrpath and use it to nuke rpath from modules + during the install target of debian/rules. + * Add 018-unix_socket_fd_leak.patch to get rid of UNIX socket file + descriptor leak on failed fsockopen() calls. (closes: #257269) + * It would seem that if we want LFS support, all SAPIs and all extensions + that do file access need to be built with LFS support, and since + apache2 currently doesn't have LFS, this presents a problem. As + such, I'm disabling LFS accross the board until apache2 supports it. + (closes: #263962) + * Add 019-z_off_t_as_long.patch, including local headers for zlib, + forcing off_t = long for gzip file functions, however disable it + for now, as we'll only need it if we reenable LFS (closes: #208608) + * Add the Debian package revision as EXTRAVERSION to PHP, so one can + more easily tell what version is currently running (for instance, + if a user fails to restart Apache after an upgrade of php4, this + would become obvious to them in the version banner and in phpinfo() + * Fixed up debian/patches, adjusting offsets and adding newlines, + so patch stops complaining and applies them cleanly. + * libapache2-mod-php4 postinst now forces a reload of apache2, which + should get the module properly working in all cases where people + previously thought 'apachectl graceful' would cut it. + (closes: #241352, #263424, #228343) + * debian/rules explicitly sets PROG_SENDMAIL during configure so + that builds on buildds with no sendmail installed don't get the + mail() function disabled. (closes: #180734) + * Enable XMLRPC-EPI support for all SAPIs (closes: #228825, #249368) + * Enable sysvmsg support for all SAPIs (closes: #236190) + * Enable dbx support for all SAPIs (closes: #229508, #249797) + * Nuke aclocal.m4 before we run ./buildconf to ensure we get it + regenerated correctly, and we get an up-to-date libtoolization. + + -- Adam Conrad Mon, 9 Aug 2004 07:47:46 -0600 + +php4 (4:4.3.8-4) unstable; urgency=low + + * Drop 016-pread_pwrite_XOPEN_SOURCE_500.patch, as it didn't seem to + solve anything, really, and add 017-pread_pwrite_disable.patch, + wich completely disables pread/pwrite usage, fixing session support + on sparc, and pread/pwrite usage on amd64. (closes: #261311) + + -- Adam Conrad Mon, 26 Jul 2004 06:15:59 -0600 + +php4 (4:4.3.8-3) unstable; urgency=low + + * Steve Langasek : + - Give php4-pear a versioned dependency on php4-cgi, due to + backwards-compatibility issues (closes: #260924). + + * Adam Conrad : + - Added a debian/watch file for the curious, or people running + automated uscan scripts over the entire archive. + - Bump libgd2 build-dep to 2.0.28 to buy us guaranteed GIF + support in php4-gd (closes: #66293) + - Add 015-gdNewDynamicCtx_Add_Ex.patch, which fixes three double-free + errors in php4-gd. This, in concert with the librrd0 update + (see #261323) should clear up all known segfaults in php4-gd + (closes: #220196, #234571, #241270, #246833, #251220, #260790) + Thanks to Klaus Reimer for the tip. + - Add 016-pread_pwrite_XOPEN_SOURCE_500.patch, which fixes use of + pread/pwrite in conjunction with LFS64. This should fix the files + session handler on sparc, as well as the amd64 build failure. + (closes: #234766, #239420, #261311, #248765) + - Clean up debian/rules to remove a bunch of obsolete cruft, as well + as introducing an LFSFLAGS, allowing us to easily turn LFS support + on and off for each SAPI. + - Re-enable LFS for apache 1.3, as it was enable in Woody and we should + remain backward compatible. + + -- Adam Conrad Sun, 25 Jul 2004 18:49:31 -0600 + +php4 (4:4.3.8-2) unstable; urgency=high + + * Urgency "high" to make up for the last upload which contained + security fixes but was uploaded urgency "low". + + * Adam Conrad : + - Bump debhelper build-dep to >= 3, as we were using DH_COMPAT=3 + in debian/rules. Not sure how this was missed for so long. + - Add 014-apache2handler_CVS_fixes.patch, which fixes a memory + leak in the apache2handler SAPI, as well as a logical mishandling + of fatal errors during activation. + + * Steve Langasek : + - Revert large file support, which appears to cause + ABI-incompatibilities (and therefore segfaults) for apache2 + (closes: #259659). + + -- Adam Conrad Mon, 19 Jul 2004 20:44:00 -0600 + +php4 (4:4.3.8-1) unstable; urgency=low + + * Adam Conrad : + - New upstream release (4.3.8). Fixes several security issues: + + Fixed strip_tags() to correctly handle '\0' characters. + + Improved stability during startup when memory_limit is used. + + Replace alloca() with emalloc() for better stack protection. + + Added missing safe_mode checks inside ftok and itpc. + + Fixed address allocation routine in IMAP extension. + + Prevent open_basedir bypass via MySQL's LOAD DATA LOCAL. + + Fixes DoS in readfile() function, see CAN-2005-0596. + - php4-pear now includes PEAR::Mail 1.1.3 (closes: #257688) + - debian/control: change libpng3-dev build-dep to libpng12-dev + - Add Turkish debconf translation, thanks to Osman Yuksel. + (closes: #252940) + + * Andres Salomon : + - New upstream release (4.3.7). The following patches are dropped: + 007-dba_fix.patch + 008-xbithack.patch + 011-curl_api_update.patch + 012-curl_deprecated_opts.patch. + - Add 013-force_getaddrinfo.patch, so that getaddrinfo support is + always enabled (instead of doing check during build). + + * Steve Langasek : + - Enumerate supported SAPIs in both the module postinst and the module + config script, to avoid "question not found" errors from debconf. + This doesn't give us automatic support for new SAPIs as they're + added, but it avoids trying to configure SAPIs that we don't support + (e.g., caudium), and it also sidesteps shell syntax errors caused by + strangely-named subdirectories. + - Remove apache2 from the TODO list, because it's done + (closes: #243793). + - Add /var/lib/php4 to the list of directories for the apache2 module, + so we don't end up with a missing session dir (closes: #240962). + - s/modules-config/apache-modconf/, now that the canonical name of the + apache-common tool has changed + - Drop references to php3 in README.Debian, and document the + simplified process for enabling php4 in apache 1.3 (closes: #244564). + - Enable large files support for all SAPIs (closes: #249500). + - Fix commented-out default include path in php.ini (closes: #250274). + + -- Adam Conrad Wed, 14 Jul 2004 18:06:42 -0600 + +php4 (4:4.3.4-4) unstable; urgency=low + + * Drop apache2 work-around patch and add build-dep on apache2 2.0.48-8, + now that #228840 is fixed. + * Fix FTBFS problem caused by curl api changes, adding patches 011 and + 012 (closes: #239159). + * Add phpapi Provides for libapache2-mod-php4 (closes: #240386). + * Add versioned build-dep for pcre, as apache2 has proven that pcre-3.9 + and older won't work (closes: #215069). + * Tighten build-dep versions to match upstream's autoconf version checks + (closes: #214060). + + -- Andres Salomon Fri, 26 Mar 2004 23:27:27 -0500 + +php4 (4:4.3.4-3) unstable; urgency=low + + * Andres Salomon : + - Fix incorrect php.ini path in CLI manpage (closes: #233757). + - Add libapache2-mod-php4 module (closes: #214611). + * Updated Japanese debconf translation; thanks to Kenshi Muto + (closes: #222424). + * Build php4-gd against libgd2-xpm, removing the need for a separate + php4-gd2 package (closes: #235390, #206045, #135664). + * Add new Catalan debconf translation; thanks to Aleix Badia i Bosch + (closes: #236630). + * Add new Spanish debconf translation; thanks to Carlos Valdivia + Yagüe (closes: #235052). + + -- Steve Langasek Sat, 28 Feb 2004 12:11:57 -0600 + +php4 (4:4.3.4-2) unstable; urgency=low + + * Add build-depends on autoconf, missed earlier (closes: #235012). + * Minor updates to README.Debian list of supported extensions. + * Fix integer size mismatch in snmp extension affecting 64-bit + platforms + + -- Steve Langasek Thu, 26 Feb 2004 22:25:27 -0600 + +php4 (4:4.3.4-1) unstable; urgency=low + + * New upstream version. Update local patch set accordingly, with help + from Andres Salomon . + - includes fix for snmpget() not closing its socket + (closes: #207363). + * Update build-depends to libdb4.2-dev, to match apache-dev + (closes: #231692). + * Drop translations of stale templates, and add new German debconf + translation; thanks to Alwin Meschede + (closes: #232270). + * Add new Danish debconf translation; thanks to Claus Hindsgaul + (closes: #233887). + * Move local patches into debian/patches/ for easier management, and + add debian/rules targets for build-time application of patches. + * Fix a problem with PHP "xbithack" causing ini scope leakage + (closes: #230047). + * Re-enable the openssl extension statically, since we now know for + sure that the php4-imap problems are a glibc bug (closes: #197450). + * Fix pear to set /usr/bin/php4 instead of /usr/bin/php for the value + of php_bin, so PEAR-managed scripts work correctly + (closes: #228381). In addition, use alternatives for /usr/bin/php + for the benefit of user scripts (closes: #185283). + * Set the default session save_path to /var/lib/php4 instead of to + /tmp, and create this directory such that all users (for php4-cgi) + can create files there and access their own files once created, but + not see the names of other files in the directory (closes: #139810). + * Drop our override of upstream's register_globals default + (closes: #230878). + + -- Steve Langasek Sat, 14 Feb 2004 10:23:24 -0600 + +php4 (4:4.3.3-5) unstable; urgency=low + + * Have php4-pear Suggest: php4-dev, for PECL extensions + (closes: #225969). + * Recompiled against the new version of libxslt, to get rid of the + dependency on libxsltbreakpoint (closes: #224806). + * Also recompiled against the new version of libc-client (closes: #227347). + * Fix pear to not expect to be able to twiddle locks when running as + non-root, which also seems to fix a memory utilization problem + (closes: #225026). + * Make php4-imap depend on libapache-mod-ssl, since this seems to be + the only reliable way of getting apache to stop segfaulting. + * Build-depend on libt1-dev, which replaces t1lib-dev. + + -- Steve Langasek Mon, 5 Jan 2004 22:53:18 -0600 + +php4 (4:4.3.3-4) unstable; urgency=low + + * Fix prerm script to remove mod_php4, *not* mod_perl, from the + config (Closes: #216889). + * Use /etc/$i/httpd.conf instead of /etc/$i to decide whether to + call modules-config. + * Don't invoke debconf unless we have to in the postinst, to reduce + the risk of interactions between modules-config and our questions. + * Add Dutch debconf translation; thanks to Tim Dijkstra + (closes: #221439). + * Sync dba lock handling against upstream CVS HEAD, to fix a bug with + truncating db4 files when opening with 'c' (create). + (Closes: #221559). + + -- Steve Langasek Tue, 21 Oct 2003 16:49:03 -0500 + +php4 (4:4.3.3-3) unstable; urgency=low + + * Disable -gstabs on ia64, since this debugging symbol type is + apparently unknown there; we should now have clean builds (with + appropriate debugging symbols) on all archs. + + -- Steve Langasek Mon, 20 Oct 2003 19:07:40 -0500 + +php4 (4:4.3.3-2) unstable; urgency=low + + * Don't call db_stop in the postinst, as this seems to cause problems + for modules-config (closes: #215663, #215584). + * Remove duplicate -prefer-pic flag on caudium build, in hope of + making libtool do something sensible on ia64,hppa (closes: #216020). + * Always build with debugging symbols, per current policy. + * Unconditionally call dh_strip, which knows about DEB_BUILD_OPTIONS; + and call install -s when installing shared extensions by hand. + * Fix upstream build rules to not call libtool --silent. + + -- Steve Langasek Wed, 15 Oct 2003 23:19:55 -0500 + +php4 (4:4.3.3-1) unstable; urgency=low + + * New upstream release. + * Add Japanese debconf translation; thanks to Kenshi Muto + (closes: #211961). + * Fix caudium handling to always grab the current pike version from + dpkg when constructing include paths (closes: #212585). + * Bump the c-client build dependencies to use the new -dev package + name. + * Convert php4 postinst/prerm scripts to use the new apache + modules-config interface. + + -- Steve Langasek Sun, 21 Sep 2003 17:26:31 -0500 + +php4 (4:4.3.2+rc3-6) unstable; urgency=low + + * Add Brazilian Portuguese debconf translation; thanks to André Luís + Lopes (closes: #207078). + * Catch debian/control up with debian/rules for the zendapi -> phpapi + transition. + + -- Steve Langasek Sun, 31 Aug 2003 20:35:57 -0500 + +php4 (4:4.3.2+rc3-5) unstable; urgency=low + + * Kill the lintian warning on the grammar in the copyright file. + * Redirect apacheconfig I/O to /dev/tty, to work around debconf + behavior (for real this time). Closes: #207468, #206404. + * Replace 'zendapi' with 'phpapi', since the former does not + accurately describe the ABI changes that affect modules and can + leave some packages installable but broken (closes: #208020). Also, + remove the versioned conflicts with php4-{mysql,pgsql}, since this + now supersedes. + * Add French debconf translation; thanks to Michel Grentzinger + (closes: #207662). + + -- Steve Langasek Sat, 23 Aug 2003 21:43:24 -0500 + +php4 (4:4.3.2+rc3-4) unstable; urgency=low + + * Have all php extensions automatically detect and configure for any + installed SAPIs (closes: #143436). + * Remove spurious dependencies from php4-dev, and replace autoconf2.13 + with autoconf (closes: #180497). + * Conflict with old php4-pgsql as we do with php4-mysql, as it + manifests the same bug. + * Add preliminary rules for building apache2 SAPI, but don't enable. + * Call db_stop before trying to run apacheconfig (closes: #206404). + * Check for the existence of /etc/php4 before trying to rmdir it, + since there are apparently those who remove such directories + prematurely (closes: #206120). + + -- Steve Langasek Sun, 17 Aug 2003 00:19:38 -0500 + +php4 (4:4.3.2+rc3-3) unstable; urgency=low + + * Fixes for spurious package dependencies + * Fix the paths emitted by php-config, so we can build php4-pgsql et al. + + -- Steve Langasek Fri, 15 Aug 2003 23:44:55 -0500 + +php4 (4:4.3.2+rc3-2) unstable; urgency=low + + * Make sure pear.conf is properly marked as a conffile, by bumping + DH_COMPAT to 3. + * Generate all per-extension postinsts/prerms at build time, instead + of managing them by hand. + * Get rid of bogus, non-FHS directories from the caudium build. + * Install the upstream php manpage in the php4-cgi package + (closes: #175836). + * Prevent null dereferencing in ldap_explode_dn() (closes: #205405). + * Hard-code /usr/share/pear at the end of the include path, for + backwards compatibility. + * Debconf support for PHP extension registration, including + po-debconf support (closes: #122353). + * Fix interpreter path in /usr/bin/pear. + * Make php4-pear depends: php4-cgi (closes: #182393). + + -- Steve Langasek Wed, 13 Aug 2003 22:39:08 -0500 + +php4 (4:4.3.2+rc3-1) unstable; urgency=low + + * New upstream version. + - includes fix for buffer overflow crashes in imap module + (closes: #191640) + - includes fix for dysfunctional open_basedir directive + (closes: #197803) + - include fix for various XSS vulnerabilities (closes: #200736) + * Recompile against newest libc-client libs, following another soname + change (closes: #199049) + * Replace db2 with db4. + * Trim down the cgi sapi rules, since it will now build both cli and + cgi for us by default. + * Kludge the caudium sapi, by hard-coding the include path we need for + pike headers. + * Copy the lex/yacc-generated .c and .h files into the build + directories, since generating them at build time gives wildly + different, and undisputably broken, results. + * Update the install rules so they're compatible with current upstream + handling of pear and the various SAPIs. + * Add '=shared' to the --enable-xslt option, to get the right results + for that extension. + * Move PEAR extensions from /usr/share/pear to /usr/share/php. + * Conflict with php4-mysql=4:4.2.3-14, due to bizarre Zend errors. + + -- Steve Langasek Wed, 6 Aug 2003 22:43:28 -0500 + +php4 (4:4.2.3-14) unstable; urgency=low + + * Disable openssl extensions AGAIN. It appears that this double-linking mess + is still causing nasty segfaults. + (closes: #188014, #188025, #188058, #189202, #189653) + + -- Adam Conrad Sun, 20 Apr 2003 17:31:59 -0600 + +php4 (4:4.2.3-13) unstable; urgency=low + + * Revert NET-SNMP patch and build php4-snmp against UCD-SNMP again + (closes: #185534) + * Build against libmm13, as libmm12 no longer exists (closes: #187401) + * Rebuild caudium-php4 against latest caudium-dev + * Re-enable openssl linking and functions, now that our glibc 2.3 + problems appear to be ironed out. + * Enable xslt and exslt support in php4-domxml (closes: #172881) + + -- Adam Conrad Thu, 3 Apr 2003 05:53:24 -0700 + +php4 (4:4.2.3-12) unstable; urgency=low + + * Rebuild php4-sybase against libct1 (closes: #184461) + + -- Steve Langasek Sat, 8 Mar 2003 20:03:33 -0600 + +php4 (4:4.2.3-11) unstable; urgency=low + + * Remove pike header location detection from debian/rules and do it + properly in sapi/caudium/config.m4, using pike7.2-config --version + + -- Adam Conrad Mon, 3 Mar 2003 23:33:26 -0700 + +php4 (4:4.2.3-10) unstable; urgency=low + + * Added patch to build with NET-SNMP 5.x + * Updated build-dep for libc-client to 2003debian + (closes: #181565, #182854, #169886) + * Updated build-dep for libcurl to libcurl2-dev (closes: #179722) + * Added -mieee to alpha build to solve FPE errors (closes: #180656) + * Removed arch-specific logic to build with gcc-3.2 on arm, since gcc-3.2 + is now the default compiler on all architectures. + * Add libwrap0-dev to the end of the build-depends to work around #183041. + Someone remember to remove this later when the bug is fixed. :) + * Build against newer libsablot0-dev (closes: #179886, #181550) + * Introduce ugly hack in debian/rules to get the pike includes + directory right for the caudium SAPI. + + -- Adam Conrad Sun, 2 Mar 2003 12:49:07 -0700 + +php4 (4:4.2.3-9) unstable; urgency=low + + * Fix caudium-php4 to not conflict with php4-pear (closes: #175415). + + -- Steve Langasek Sun, 5 Jan 2003 16:40:20 -0600 + +php4 (4:4.2.3-8) unstable; urgency=low + + * Fix typo in debian/rules + * Rebuild to bring in sync with latest caudium packages + + -- Adam Conrad Wed, 25 Dec 2002 20:00:59 -0700 + +php4 (4:4.2.3-7) unstable; urgency=low + + * Set a sane default for safe_mode_exec_dir (closes: #122920). + * Rebuild against libmm-dev on i386, instead of against the + no-longer-available libmm11-dev which Provides: the same + (closes: #173509). + + -- Steve Langasek Mon, 16 Dec 2002 22:48:40 -0600 + +php4 (4:4.2.3-6) unstable; urgency=low + + * Build with PEAR for all SAPIs, so that the built-in include_path is + set correctly (overkill?). Closes: #169786, #172321 + * Change section of php4-dev package to devel. + * Add libkrb5-dev to build-depends, since libc-client2002-dev doesn't + pull it in (closes: #173313). + * Depend on coreutils instead of fileutils, since the latter is now an + empty package (closes: #171265). + + -- Steve Langasek Sun, 15 Dec 2002 23:20:30 -0600 + +php4 (4:4.2.3-5) unstable; urgency=low + + * Fix (snip, snip) the upstream build scripts, so that libphp4.so + isn't worthlessly linked against the problematic openssl libs + (closes: #165699, #165718, #165719, #166414). + * Update config.{sub,guess} so that the package builds on mips + platforms (closes #173218) + * Replace libc-client-ssl2001-dev with libc-client2002-dev in build + dependencies, fixing various php4-imap segfaults (closes: #169610, + #169769). + + -- Steve Langasek Sun, 15 Dec 2002 19:42:43 -0600 + +php4 (4:4.2.3-4) unstable; urgency=low + + * Remove build dependency on non-extant libmagick5-dev, which is no + longer used anyway (closes: #169829, #172402). + * Add myself to the Uploaders: field of the control file. + + -- Steve Langasek Sat, 14 Dec 2002 12:52:06 -0600 + +php4 (4:4.2.3-3) unstable; urgency=low + + * Backport a patch from CVS to sanitize control characters in php_url_parse() + to prevent ASCII control injection in fopen() calls. + + -- Adam Conrad Thu, 12 Sep 2002 16:29:46 -0600 + +php4 (4:4.2.3-2) unstable; urgency=low + + * I'm a moron (thanks to James Troup for pointing this out). + * Change gcc-3.1 references in debian/rules to gcc-3.2. + * Change GD build-dep to libgd-xpm-dev until GD package mess is worked out. + + -- Adam Conrad Tue, 10 Sep 2002 12:18:21 -0600 + +php4 (4:4.2.3-1) unstable; urgency=low + + * New upstream version + * Added a patch from Ginger Alliance to eliminate warnings in xslt compile + * Messed with the php4-imap build: + - compiling with SSL support (closes: #122700) + - commented out the static-on-i386 hack, libc-client is now linked dynamically + * Sessions should finally be fixed, however I won't tag the bugs "woody" + until I know for sure. (if you were affected, please test and send + followups to me) + * Updated arm build-dep to use gcc-3.2 since gcc-3.1 is gone now. + + -- Adam Conrad Tue, 10 Sep 2002 09:02:51 -0600 + +php4 (4:4.2.2-3) unstable; urgency=low + + * Fix typo resulting in php4-odbc not having a postinst + (closes: #157116, #157927) + * Build against latest caudium-dev to made caudium-php4 installable + again. (closes: #158247) + * Update build-deps to swap libpng3 for libpng2. (closes: #158908) + + -- Adam Conrad Sat, 7 Sep 2002 01:22:57 -0600 + +php4 (4:4.2.2-2) unstable; urgency=low + + * Pulled --with-ndbm out of ./configure, as libc6 no longer ships with + headers or the library for db1 (closes: #156141, #155889) + * Update build deps to build against libmm12 (closes: #155042) + * php4-curl no longer depends on libcurl2-ssl (closes: #155015) + + -- Adam Conrad Sat, 10 Aug 2002 01:12:47 -0600 + +php4 (4:4.2.2-1) unstable; urgency=medium + + * New upstream + * Fixes input validation vulnerability in rfc1867.c (closes: #153850) + * Added missing prerm/postinst for php4-xslt (oops) + + -- Adam Conrad Mon, 22 Jul 2002 11:58:53 -0600 + +php4 (4:4.2.1-3) unstable; urgency=low + + * Yet more build fixes. This time, bump the arm build-dep from gcc-3.0 to + gcc-3.1 to avoid compiler errors. I love the arm toolchain. No, really. + + -- Adam Conrad Wed, 29 May 2002 17:40:30 -0600 + +php4 (4:4.2.1-2) unstable; urgency=low + + * Applied small patch to fix building on non-32-bit architectures + (closes: #148231) + * Added still /more/ documentation about the unserializer, sessions, + and the session.save_handler php.ini option. + + -- Adam Conrad Sun, 26 May 2002 14:43:55 -0600 + +php4 (4:4.2.1-1) unstable; urgency=low + + * The "When is Debian going to have new software like XF^H^HPHP 4.2?" release. + * Probably the last update (barring huge packaging bugs or plain broken + binaries) before starting on a complete reorg of the PHP packages. + * Deserializer now works on big-endian architectures (addresses bug #121391 + and probably others) + * This release probably fixes a whole bunch of bugs. Will be going through + the bug list and playing the reproducibility game after the upload. + * Default include_path in php.ini now set to include pear. + * Upstream default for register_globals HAS CHANGED. In the Debian php.ini + we are still using "register_globals = On" for compatibility reasons, + however our packages will change too. This is a warning for anyone + packaging PHP scripts and applications to make sure you'll be compatible + with the new default once it's set. + + -- Adam Conrad Sun, 26 May 2002 06:24:21 -0600 + +php4 (4:4.1.2-4) unstable; urgency=high + + * No binaries were harmed in the making up this upload. + * Updated README.Debian and changelog. All other files untouched, + as the binaries were merely unpacked and repacked. + - Added a note to README.Debian about how to properly set up + Apache for use with php4, if the installation didn't (and it usually + doesn't ) get it right. + - Added a note to README.Debian about the unserializer (and sessions) + being messed up on big endian architectures. It's too late to try + to get a proper fix in for this, so we're just going to have to cope. + + -- Adam Conrad Fri, 26 Apr 2002 12:27:40 -0600 + +php4 (4:4.1.2-3.1) unstable; urgency=low + + * The 'I broke it, I have to take credit for it' release. + * Rebuild the package to get proper binary dependencies on alpha. + + -- Steve Langasek Sun, 31 Mar 2002 17:13:09 -0600 + +php4 (4:4.1.2-3) unstable; urgency=low + + * Switched to --with-regex=php (from =system). This fixes all the + problems with eregi/parse_url/fopen/etc on Alpha. + * Cleaned up long descriptions (closes: #130977, #130954) + + -- Adam Conrad Wed, 27 Mar 2002 15:11:43 -0700 + +php4 (4:4.1.2-2) unstable; urgency=low + + * New maintainer (closes: #132980) + * Enabling unixodbc support (closes: #107201) + * Changed the install-modules target in build/rules_pear.mk so that + it will error out in the case of an empty modules directory or + failure to install modules (closes: #135304) + + -- Adam Conrad Tue, 12 Mar 2002 00:25:41 -0700 + +php4 (4:4.1.2-1) unstable; urgency=high + + * New upstream version with a security fix. This + supercedes 4.1.1-2.2 from Steve Langasek: + * Fix an error in the handling of MIME file upload headers, which left + open a potential security hole. (Closes: #136063) + * Fixed gcc-3.0 fix :-) + * Thanks for fixing apache-common fix + * This version should fix session bugs with upstream fix (closes: #133877) + * With a brutal change to main/SAPI.c try to fix(?) authorize bugs + + -- Petr Cech Thu, 28 Feb 2002 11:14:26 +0100 + +php4 (4:4.1.1-2.1) unstable; urgency=low + + * Non-maintainer upload. + * loosen apache-common dependency to make us forwards-compatible, as + recommended by the apache maintainer. + * use gcc-3.0 when building on arm, because the default toolchain on + that arch has Issues (closes: #135906, #135913). + + -- Steve Langasek Tue, 26 Feb 2002 09:59:49 -0600 + +php4 (4:4.1.1-2) unstable; urgency=medium + + * Rebuild with apache 1.3.23. + * This package is in maintainer change mode. Though I orphaned it I'm not + going to change maintainer to QA, because we already have fresh blood. + * ext/gd/gd.c: s/HAVE_GD_GIF/HAVE_GD_GIF_CREATE/ to build correctly with + libgd which has GIF support (fixed included upstream) + * debian/control: + - Build-Depends: s/libgd1g-dev/libgd-dev/ + also libc-client at least version 4:2001adebian-6 to fix some segfaults + * ext/standard/head.c: make the setcookie() thingie test more simple + + -- Petr Cech Mon, 11 Feb 2002 20:07:22 +0100 + +php4 (4:4.1.1-1) unstable; urgency=high + + * New upstream bugfix release. + * debian/control: php4-gd - Conflicts/Replaces: php4-gd2 if I ever get + to upload it + * debian/rules: Correctly supply modified CFLAGS to build process + + -- Petr Cech Fri, 28 Dec 2001 23:23:47 +0100 + +php4 (4:4.1.0-2) unstable; urgency=low + + * debian/php4-cgi.README.Debian: fix typo (closes: #123866) + * debian/rules: remove --enable-mbstr-enc-trans as it breaks parametr + parsing (closes: #121403) + * debian/README.Debian: document shmmax increase (closes: #119688) + + -- Petr Cech Fri, 14 Dec 2001 09:59:59 +0100 + +php4 (4:4.1.0-1) unstable; urgency=high + + * Finally final 4.1.0 + * Urgency to reflect previous version + * debian/control: php4-pear depends on php4-cgi + + -- Petr Cech Thu, 13 Dec 2001 23:09:54 +0100 + +php4 (3:4.1-2) unstable; urgency=high + + * FIxes from CSV 4.1.0RC5. Looks like it was not the release after all. + * ext/exif/exif.c: MFH + * ext/ldap/ldap.c: small crash fix from HEAD + * and misc tiny changes. Really :-) + * ext/imap/php_imap.c: HIGH. fix from CVS (imap_rfc822_parse_adrlist) changing + the argument + + -- Petr Cech Sun, 9 Dec 2001 00:01:37 +0100 + +php4 (3:4.1-1) unstable; urgency=medium + + * Final 4.1.0 (not released) + * NEWS: s/4.0/4.1/ + * Build with GD1. It should fix some GD bugs, as gd 2.0.1 is supposed to be + a beta version with known bugs. How should I know. + * sablot extension removed upstream. So use XSLT (C/R in place) + * Apply fix for file_exists() from tilo (closes: #114409) + * "Cannot redeclare" were fixed in previous RCs (closes: #112341) + * previous version is build in hppa and ia64, so I assume it + (closes: #115391) + * Add note to sybase_ct, that it conflicts with mod_gzip folowing a user + report. + * This should fix the "final HTML> stripped" bug that was introduced + in 4.0.6-3. (closes: #110415). + * add --enable-ucd-snmp-hack to try to fix segfaults with ucd-snmp + + -- Petr Cech Mon, 26 Nov 2001 14:56:50 +0100 + +php4 (3:4.0.100-1) unstable; urgency=low + + * Really a 4.1.0RC2 + * Remove hack for apache 1.3.14, as we build-depends on 1.3.22 anyway + * Build-depends: libexpat1 (>= 1.95.2-2.1) for the .1 + * Added Provides: zendapi-$version to php4 and php4-cgi + * Made modules depend on zendapi-$version instead of php4|php4-cgi. + Please use this in your php4-$module packages + * Apply c-client hack only to i386 most architectures don't support linking + both PIC and non-PIC code. I'm still affrai to do this on i386, as it + crashes a lot more :( + * Apply some CVS patches + + -- Petr Cech Wed, 14 Nov 2001 20:50:19 +0100 + +php4 (3:4.0.99-4) unstable; urgency=medium + + * Recompile because of new version of caudium. + (I really hope this gets into testing soon as php in testing + now doesn't do apache 1.3.22) + + -- Petr Cech Fri, 9 Nov 2001 11:11:46 +0100 + +php4 (3:4.0.99-3) unstable; urgency=medium + + * Recompile for new libexpat1 (closes: #116623 and others) + * upstream: ext/gd/gd.c, ext/iconv/iconv.c + * crypt(): defalt to using DES crypt() (closes: #117092) + * debian/rules: disable libmm in -cgi build. Will lesser the impact + of the infamous /tmp/session_mm.reg + * apply patch to Zend, which should fix the "cannot redeclare" error. + It's still a bug in your code though (use include_once). More changes + to this are comming (upstream). + * Add some documentation to sybase + + -- Petr Cech Mon, 22 Oct 2001 11:20:46 +0200 + +php4 (3:4.0.99-2) unstable; urgency=low + + * "Some days are just no good" release. + * Recompile with apache 1.3.22 from Incoming + * Deal with automake going to 1:1.4 and automake1.5 + + -- Petr Cech Fri, 19 Oct 2001 15:02:00 +0200 + +php4 (3:4.0.99-1) unstable; urgency=low + + * This is really 4.1.0RC1, but ... + * Applied setcookie(), which is not in upstream yet + + -- Petr Cech Fri, 19 Oct 2001 12:05:20 +0200 + +php4 (3:4.0.6.7rc3-3) unstable; urgency=medium + + * Fix dependency in caudium-php4. Sorry for this + + -- Petr Cech Fri, 19 Oct 2001 11:28:07 +0200 + +php4 (3:4.0.6.7rc3-2) unstable; urgency=medium + + * Recompile with recent caudium/pike. Please, no new version so it can get + into testing :) + * debian/control: move php4-pear to suggests + * Fix setcookie() again. I really hate this bug + * Build-Depends: re2c - it's usually not needed, but if you make some + strange changes to the parser ... + * FIx automake 1.5 build problems (I hope) + + -- Petr Cech Thu, 18 Oct 2001 12:03:39 +0200 + +php4 (3:4.0.6.7rc3-1) unstable; urgency=low + + * New upstream test release. + + -- Petr Cech Fri, 5 Oct 2001 09:23:35 +0000 + +php4 (3:4.0.6.7rc2-3) unstable; urgency=low + + * "Let's try to fix some bugs" release. + * Add some patches: ldap (does this fix things?), pgsql, + domxml + * Build-Conflicts: automake (>= 1.5) for now + + -- Petr Cech Tue, 2 Oct 2001 10:55:23 +0200 + +php4 (3:4.0.6.7rc2-2) unstable; urgency=low + + * Enable recode extension (the library is LGPL) - shared + * Enable iconv extension - in main php4. Experimental + * Build-Depends: s/libgd-dev/libgd2-dev/ + * Build-Depends: libxml2-dev (>= 2.4.2) (Closes: #112304) + and fix autoconf macros (Closes: #113980) + * Improve?? description of PEAR (Closes: #112432) + + -- Petr Cech Sat, 22 Sep 2001 10:37:42 +0200 + +php4 (3:4.0.6.7rc2-1) unstable; urgency=medium + + * 2nd release candidate + * ext/mbstring: fix compile (cp1252) + * ext/standard/url_scanner_ex: off by one + * WARNING: caudium builds with Zend Threading enabled, but other + modules don't. So you cannot safely use DSO with caudium + * Added some Build-Conflicts - with broken libmysqlclient + - with libtool 1.4b + + -- Petr Cech Mon, 10 Sep 2001 18:04:27 +0200 + +php4 (3:4.0.6-6) unstable; urgency=medium + + * The "Paul Hampson fixes release". + * Closed those atexit() bugs. Now to find out, how to make libtool link with + gcc instead of ld :(( + * ext/standard/head.c: Fix setcookie("bla) (closes: #109524, #109697) + Thanks to Paul Hampson for finding the cause, though I've used another + fix - fixed changes in CVS made in -3 I think. Silly me to think, that + all "small" changes are fixes. + * libc-client2001 was fixed in -5, so add a (closes: #109202) here + * Conflicts: only with libtool 1.4b-{1,2,3}. libtool 1.4.1 is OK + + -- Petr Cech Sat, 1 Sep 2001 20:59:40 +0200 + +php4 (3:4.0.6-5) unstable; urgency=low + + * Recompile for libc-client2001 (I hope it doesn't break anything else) + And many other libraries. + * ATTENTION. php4 still doesn't work with autoconf 2.52 and thus libtool 1.4b!! + You have to get libtool 1.4 to be able to use phpize. + + -- Petr Cech Wed, 22 Aug 2001 23:26:08 +0200 + +php4 (3:4.0.6-4) unstable; urgency=high + + * Add pear/CODING_STANDARDS into php4-pear (fixes 105574. closed too early. sorry) + * Fix the nasty segfaults with mail(). That'll teach me taking upstream + changes without looking. Thanks Cvetan Ivanov for the correct fix (also upstream now) + (closes: #105686, #105878). + + -- Petr Cech Fri, 20 Jul 2001 23:07:30 +0200 + +php4 (3:4.0.6-3) unstable; urgency=high + + * ext/standard/mail.c: security fix + * debian/control: Build-Depends: libtool (>= 1.4) + * ext/curl/curl.c: fix typo + * ext/gd/config.m4: fix typo + * ext/mcrypt/mcrypt.c: upstream buffer overflow fix + * ext/mhash/mhash.c: upstream buffer overflow fix + * ext/pgsql/pgsql.c: fix + * ext/posix/config.m4: check for getpgid + * ext/sablot/sablot.c: fix leaks + * ext/standard/url* : fixes + * ext/sysvshm/sysvshm.c: fixes + * Zend/*: small fixes + + -- Petr Cech Fri, 13 Jul 2001 16:21:04 +0200 + +php4 (3:4.0.6-2) unstable; urgency=low + + * pear/Makefile.in: add IT_Error.php to installed files (closes: #103087) + * debian/control: - allow also libcurl-ssl-dev as Build-Depends (closes: #103618) + - libfreetype6-dev to Build-Depends + - add auto* suite to php4-dev depends (closes: #104199) + * debian/rules: - build gd module with freetype2 support + - move common ./configure flags to COMMON_CONFIG + - build with mbstring support + + -- Petr Cech Fri, 13 Jul 2001 08:22:02 +0200 + +php4 (3:4.0.6-1) unstable; urgency=medium + + * New upstream release. + * NOTE: new extension will probably be in another upload, to get this + into testing ... + + -- Petr Cech Mon, 25 Jun 2001 20:43:24 +0200 + +php4 (3:4.0.5.6rc3-3) unstable; urgency=low + + * The "I hate sablot release". Recompile with 0.60 + * debian/php4-domxml.postrm: also fix the :: (closes: #101306) + * debian/rules: --enable-ctype - still EXPERIMENTAL!!! Bug upstream + + -- Petr Cech Mon, 18 Jun 2001 09:46:17 +0200 + +php4 (3:4.0.5.6rc3-2) unstable; urgency=low + + * ext/sablot/config.m4: link sablot.so with -lsablot, not main php4 + * build/ ... : upstream fix for building with automake 1.4-pX + * don't fail, when libssl-dev is not installed. sigh + + -- Petr Cech Thu, 14 Jun 2001 23:36:34 +0200 + +php4 (3:4.0.5.6rc3-1) unstable; urgency=low + + * New upstream test release. + * Recompile with apache 1.3.20 + * debian/control: + - php4-dev: Depends: bison, flex (closes: #100634) + - Build-Depends: libcurl-dev (>=7.8) + * debian/rules: + - add --enable-bcmath to all rules (closes: #100491) + * Zend/zend.c: apply upstream fix to allow building of caudium + + -- Petr Cech Tue, 12 Jun 2001 22:27:26 +0200 + +php4 (3:4.0.5.6rc2-1) unstable; urgency=low + + * New upstream test release. + * FIx regex/regex.h (int regoff_t) + * fix php4-cgi build with pcre - don't use supplied pcre + * Fix wddx support (closes: #99468) + * Add missing $(INSTALL_ROOT) to sapi/caudium/config.m4 + + -- Petr Cech Fri, 8 Jun 2001 11:37:07 +0200 + +php4 (3:4.0.5.6rc1-1) unstable; urgency=low + + * New upstream test release with new bugs :)) + * moved pear from /usr/lib/php4 to /usr/share/php4 + * Whups. Sorry about the epoch 3: . It somehow slipped in, so I'll + have to live with it + + -- Petr Cech Wed, 16 May 2001 14:14:04 +0200 + +php4 (3:4.0.5-2) unstable; urgency=low + + * Build-Depend on newer libmhash-dev, as it supposedly doesn't + compile on current woody (closes: #96555) + * Build-Depends: s/freetype2/libttf-dev/ + * Stop building php4-pgsql - move to non-US + * Build-Deps on new libsablot0 + + -- Petr Cech Thu, 10 May 2001 10:43:02 +0200 + +php4 (3:4.0.5-1) unstable; urgency=medium + + * New upstream release. + * recompile with new sablot - how I hate this (closes: #95401) + * Merge XML into main php4 + * Reword README.Debian (closes: #89667) + * Enable wddx + * debian/*.postinst: * only ask upon first install, not upgrade (closes: #93452) + * fix typos (closes: #94118) + * Added support for Sybase/MS SQL Server (using FreeTDS) + using patch from: + http://rpms.arvin.dk/php/source/patches/php-sybase_ct.patch + thanks to Bradley Bell for the patch + * ext/pcre : two upstream fixes + * ext/sablot/sablot.c: small upstream fix + * build/buildcheck.sh : fixes to allow compile with libtool 1.4 + * ext/standard/exec.c: upstream fixes + * sapi/apache/mod_php4.c: off by one fix + * sapi/cgi/cgi_main.c: fix POST bug + * main/snprintf.c: upstream fix + + -- Petr Cech Wed, 3 May 2001 22:17:10 +0200 + +php4 (4.0.4.5rc6-2) unstable; urgency=low + + * Build-depends: libcurl-dev will pull libcurl2 (closes: #92994) + * TSRM/TSRM.c: upstream fix + * ext/pgsql: upstream fix + + -- Petr Cech Thu, 5 Apr 2001 17:51:09 +0200 + +php4 (4.0.4.5rc6-1) unstable; urgency=low + + * New upstream test release. + * Don't mention CGI support, as it's not so for a long time. + + -- Petr Cech Wed, 4 Apr 2001 13:47:45 +0200 + +php4 (4.0.4.5rc5-1) unstable; urgency=low + + * New upstream test release. + * ask about /etc/php4/cgi/php.ini also + * It's really recompiled for 1.3.19 (closes: #91901, #91822) + * problems with modules documented (closes: #81141, #82611) + + -- Petr Cech Mon, 2 Apr 2001 09:38:16 +0200 + +php4 (4.0.4.5rc3-1) unstable; urgency=low + + * New upstream RC release + * debian/rules: s/with-yp/enable-yp/ to really enable YP support. Discovered + on broken potato upload. -0potato2 is fixed + * Looks like there was a bug in latest build, this should fix it (closes: #92018) + * remove libmcal0 workaround + + -- Petr Cech Wed, 28 Mar 2001 21:15:36 +0200 + +php4 (4.0.4.5rc2-1) unstable; urgency=low + + * New upstream release test release 4.0.5RC2. + * debian/rules: Add lintian overrides + * debian/control: * add libexpat1-dev to Build-Depends + * add libmcal0 to Build-Depends since libmcal0-dev is + missing this dependancy :(( Bug filled + * ext/socket/socket.c: minor upstream patch + + -- Petr Cech Mon, 26 Mar 2001 20:43:49 +0200 + +php4 (4.0.4pl1-6) unstable; urgency=low + + * NEVER RELEASED + * Build-depends on libcurl1-dev (>= 7.6.1-5), which fixes the libcurl1 or + libcurl1-ssl problem. + * remove dh_testversion and use versioned Build-depends instead + + -- Petr Cech Tue, 13 Mar 2001 23:20:58 +0100 + +php4 (4.0.4pl1-5) unstable; urgency=low + + * Add lintian overrides + * Rebuild with correct libgd-dev installed. Sorry + (closes: #88490, #88255, #88371, #88619, #88635) + * Closed by fixed libjpeg (closes: #85865, #88141) + + -- Petr Cech Tue, 6 Mar 2001 17:26:41 +0100 + +php4 (4.0.4pl1-4) unstable; urgency=low + + * The "Enable what you can" release. + * Enable sablot extension (many files) (closes: #84073) + * Enable mcal extension (finaly closes: #65688, #85925) + * Build-Conflicts: bind-dev - this supposedly causes unresolved symbols. + Why? + * ext/pgsql/pgsql.c: apply tiny patch, which should fix postgres + problems. There is a better patch in CVS, but it needs changes to Zend + * pear/pear.in: binary is php4 no php (closes: #87848) + * ext/domxml/config.m4: link with -lxml2 (closes: #87457) + * debian/README.Debian: add notes about ldap, imap and mhash extensions + * debian/{control,rules}: activate bz2 extension + * php4.ini-dist: comment out include_path so php will use compiled in + path (closes 2nd part of 87848) + + -- Petr Cech Wed, 28 Feb 2001 10:18:11 +0100 + +php4 (4.0.4pl1-3) unstable; urgency=medium + + * Fixed postrm issues. Sorry + + -- Petr Cech Sun, 4 Feb 2001 06:13:00 +0100 + +php4 (4.0.4pl1-2) unstable; urgency=medium + + * debian/control: Build-depends: xlibs-dev (seems it's missing and causes + failed builds for arm, m68k and powerpc) + s/libsnmp4.1/libsnmp4.2/ (closes: #84139) + * debian/php4.*: make LoadModule matching case insensitive (fixes 83641 + for unstable) + + -- Petr Cech Wed, 31 Jan 2001 10:14:29 +0100 + +php4 (4.0.4pl1-1) unstable; urgency=high + + * New upstream version. + * This release fixes some security problems. + * Some patches from previous versions are not here. + * debian/control: Build-depends on newer libcurl1-dev, remove librecode-dev + * debian/control: add libjpeg62-dev to build-depends from powerpc buildlog + (hmm. Where ir Roman?) + * debian/php4{,-cgi}.postinst: don't mark php.ini as conffile and install it + when it doesn't already exist. I should find a way to check, that the default + php.ini changed and user should update it. + * debian/php4{,-cgi}.postrm: cleanup the /etc/php4 dir after purge + * fix xml.so not working with php4-cgi + + -- Petr Cech Thu, 23 Jan 2001 11:12:59 +0100 + +php4 (4.0.4final-6) unstable; urgency=medium + + * OK. Now also fix the prerm issues (closes: #81418) and to ease + that thanks for submiting bugs (closes: #81818, #81819) + * some upstream updates: browsercap, php-config + + -- Petr Cech Wed, 10 Jan 2001 14:04:19 +0100 + +php4 (4.0.4final-5) unstable; urgency=medium + + * OK. Take a deep breath and fix those bloody postinst + bugs - fix it and rewrite from ed -> sed, because ed is not essential :( + closes: #80801. + * apply some upstream fixes. + * disable ctype extension - not yet ready + + -- Petr Cech Tue, 2 Jan 2001 13:40:35 +0100 + +php4 (4.0.4final-4) unstable; urgency=low + + * debian/libc-client.la: add -lpam -ldl -lcrypt + * fix php4-cgi.postinst bugs (closes: #80817, #80805, #80801) + + -- Petr Cech Fri, 29 Dec 2000 11:40:43 +0100 + +php4 (4.0.4final-3) unstable; urgency=low + + * Brown Xmas Sock Release + * Grr. correctly fix the php4 postinst error + (closes: #80303, #80324, #80326, #80359) + NMU by Wichert Akkerman (closes: #80381) + * also fix php4-cgi. NMU by Marcelo E. Magallon + (closes: #80406). + * fix fix for php4-cgi postinst s/apache/cgi/ + * apply some upstream fixes to ext/session/ + * domxml/config.m4: fix my -Lshared,/usr/lib error + * debian/rules: + * add --enable-ctype to both targets + * --diable-pear to CGI target + * generate Depends: php4 (=ver) | php4-cgi (=ver) + + -- Petr Cech Wed, 27 Dec 2000 15:29:56 +0100 + +php4 (4.0.4final-2) unstable; urgency=low + + * Run apacheconfig with --force-modules. + * Fix stupid bug in php4 and php4-cgi postinst. + * ext/sysvshm/sysvshm.c : upstream fix + + -- Petr Cech Thu, 21 Dec 2000 22:58:27 +0100 + +php4 (4.0.4final-1) unstable; urgency=low + + * New upstream version. + * Sorry for the version, but da-katie doesn't allow overwriting of files, notably + .orig.tar.gz. It's my fault I know, but it worked till now. + + -- Petr Cech Wed, 20 Dec 2000 01:32:34 +0100 + +php4 (4.0.4-0RC6.1) unstable; urgency=low + + * OK. Final final RC for 4.0.4. + * Build-depends on libxml2-dev (>= 2.2.7) because php needs this. + * Activate ndbm dba driver. + + -- Petr Cech Sun, 17 Dec 2000 19:43:51 +0100 + +php4 (4.0.4-0RC5.1) unstable; urgency=low + + * UNRELEASED. + * Final RC for 4.0.4. + * Some mods to README.Debian and TODO + + -- Petr Cech Wed, 13 Dec 2000 00:01:08 +0100 + +php4 (4.0.4-0RC4.1) unstable; urgency=low + + * New upstream beta release. Let's stabilize things now and add new + modules after final release of 4.0.4. + + -- Petr Cech Thu, 7 Dec 2000 10:12:11 +0100 + +php4 (4.0.4-0RC3.2) unstable; urgency=low + + * recompile with new libc-client200-dev. + * fix source recompile + * depend on fixed apache 1.3.14-2 + + -- Petr Cech Thu, 7 Dec 2000 00:49:14 +0100 + +php4 (4.0.4-0RC3.1) unstable; urgency=low + + * New upstream beta release. + * Add libxml2-dev to build-depends (closes: #78479). + * implement DEB_BUILD_OPTIONS + * fix apache build wrt. apxs + * fix typo in description of curl modules (closes: #78828) + + -- Petr Cech Tue, 5 Dec 2000 14:22:30 +0100 + +php4 (4.0.3pl1-7) unstable; urgency=low + + * Rebuild with apache 1.3.14-1 + + -- Petr Cech Fri, 1 Dec 2000 01:41:41 +0100 + +php4 (4.0.3pl1-6) unstable; urgency=low + + * add --enable-memory-limit + * add --enable-exif per request from William Ono. + * Add Suggests: phpdoc (yes. it's here). + * ext/standard/crypt.c - fix from CVS. + * ext/ftp/ftp.{c,h} - fix mkdir() and RETR, STOR + * ext/gd/gd.c - add format string + - add XBM to phpinfo() + * ext/imap/php_imap.{c,h} - CVS fixes + * main/main.c - fix CGI crash + - add HTTP_SERVER_VARS in CGI mode + * and many more. Taken from php4.srpm (thanks :)) + * recompile with apache 1.3.12-2.2 + * and hack large files support into DSO module. php4 doesn't use it now :(( + + -- Petr Cech Thu, 30 Nov 2000 00:01:39 +0100 + +php4 (4.0.3pl1-5) unstable; urgency=low + + * Back out changes about --enable-versioning + * ext/domxml/php_domxml.c : fix compilation with recent libxml2 (>=2.2.7) + + -- Petr Cech Tue, 21 Nov 2000 18:03:56 +0100 + +php4 (4.0.3pl1-4) unstable; urgency=low + + * Clarify README.Debian about the DB change a bit (dbm_ -> dba_*) + * Remove aliasing hack - deprecated upstream. (closes: #76558) + * Compile with libgd-dev again (Write 100x always reinstall libgd-dev). + * --enable-versioning and tweak debian/control a bit, let's see, what breaks + + -- Petr Cech Tue, 14 Nov 2000 10:00:54 +0100 + +php4 (4.0.3pl1-3) unstable; urgency=low + + * Activate curl module. + * Really enable shmop module. + * Fix include paths in phpize. Now everyone should be able to easilly build + php4 extension modules (php4-dbase anyone?). + + -- Petr Cech Mon, 6 Nov 2000 23:17:41 +0100 + +php4 (4.0.3pl1-2) unstable; urgency=low + + * Build with libgd-dev installed (NOT libgd-gif). + + -- Petr Cech Tue, 17 Oct 2000 02:08:36 +0200 + +php4 (4.0.3pl1-1) unstable; urgency=medium + + * New upstream bugfix release. + * Depend on libopenldap1 as with the newer ldap module crashes php&apache. + + -- Petr Cech Mon, 16 Oct 2000 15:30:55 +0200 + +php4 (4.0.3-2) unstable; urgency=high + + * Urgency=high because last upload didn't have it ad it fixes some + security holes. + * ext/domxml/config.m4: don't try to build then --without-domxml + + -- Petr Cech Thu, 12 Oct 2000 12:50:17 +0200 + +php4 (4.0.3-1) unstable; urgency=low + + * New upstream release. + - fixes also some string format bugs + * Build with fixed libmysqlclient10-dev. + + -- Petr Cech Thu, 12 Oct 2000 00:00:07 +0200 + +php4 (4.0.2-7) unstable; urgency=low + + * Really, really install libldap2-dev. + * Workaround broken libmysqlclient9-dev. It has broken (again) .so symlink. + + -- Petr Cech Tue, 10 Oct 2000 22:28:48 +0200 + +php4 (4.0.2-6) unstable; urgency=low + + * Again fix description a little bit. + * Correct build-depends. + * Sic. Recompile, because I've busted (libopenldap-dev instead of + libldap2-dev was installed). + * While at it install also new apache glibc NMU and recompile with it. + * Move PEAR from php4-dev to php4 and install ALL of PEAR. + * add --prefix=/usr + * debhelper v2 + * prepare for CURL module + * Updated README.Debian + * updated XML module from php4 CVS to close: #72360 + + -- Petr Cech Mon, 2 Oct 2000 14:36:35 +0200 + +php4 (4.0.2-5) unstable; urgency=low + + * Correct build-depends (libgd1-dev -> libgd-dev). Where is Roman? :) + * Add libdb2-dev (>= 2:2.7.7-2.1) to build-depends for glibc 2.1.94. + * and recompile with glibc 2.1.94 to fix it. + + -- Petr Cech Wed, 27 Sep 2000 09:00:27 +0200 + +php4 (4.0.2-4) unstable; urgency=low + + * Tweak description a little bit more. + + -- Petr Cech Sun, 24 Sep 2000 23:58:15 +0200 + +php4 (4.0.2-3) unstable; urgency=low + + * Add info about what modules and why are enabled/disabled + into README.Debian. + * Install not so many docs (only in -dev now). + * Enable calendar and sockets modules. + * Rearange package descriptions so module-specific comments + go first. + * Create domxml module aka xmlv2. + * Fix spelling wan't -> want (closes: #70544). + * Add libraries for gd module only when linking this one + and not globaly (closes: #71623). + * Say that we wait for ENTER (closes: #71769). + * Fix logic in prerm script (closes: #71770). + + -- Petr Cech Sun, 24 Sep 2000 17:54:52 +0000 + +php4 (4.0.2-2) unstable; urgency=low + + * Add info about what modules and why are enabled/disabled + into README.Debian. + * Install not so many docs (only in -dev now). + * Enable calendar and sockets modules. + * Rearange package descriptions so module-specific comments + go first. + * Create domxml module aka xmlv2. + * Fix building (small typo). + * Compile with libmysqlclient9-dev installed. + + -- Petr Cech Mon, 18 Sep 2000 23:46:40 +0200 + +php4 (4.0.2-1) unstable; urgency=low + + * The "Back from vacation" release. + * New upstream fixed (and bugs). + * Correct postm script (only cosmetic) closes: #67350, #68541 + * build with libpcre3, libldap2 + * Use modified patch from -3 (remove #define XML_... php_XML_...) + + -- Petr Cech Thu, 7 Sep 2000 23:17:59 +0200 + +php4 (4.0.1pl2-3) unstable; urgency=low + + * UNRELEASED + * Fixed the XML packages. + + -- Norman Jordan Thu, 10 Aug 2000 21:45:15 +0000 + +php4 (4.0.1pl2-2) unstable; urgency=low + + * Fix source archive. + + -- Petr Cech Tue, 11 Jul 2000 11:04:48 +0000 + +php4 (4.0.1pl2-1) unstable; urgency=low + + * New upstream bug fix release (variation of the patches in -2) + * Build with new libgd1 library (maybe still in Incoming) + * Move PEAR stuff to php4 package (closes: #66897). + + -- Petr Cech Sun, 9 Jul 2000 09:01:06 +0000 + +php4 (4.0.1-2) unstable; urgency=low + + * Apply some CVS diffs in an attempt to fix opendir() problems. + + -- Petr Cech Fri, 30 Jun 2000 09:04:24 +0000 + +php4 (4.0.1-1) unstable; urgency=low + + * New upstream release (taken from CVS tag php_4_0_1). + * --with-regex=system else it plays havoc. Dunno why ... + * remove autoconf,automake,aclocal from configure rules. + * Fix description of XML --help message (no, it's not MySQL). + + -- Petr Cech Wed, 28 Jun 2000 22:55:16 +0200 + +php4 (4.0.0-4) unstable; urgency=low + + * Add -dev package (closes: #65907). + * Add -cgi and -cgi-* packages (closes: #51097, #52855). + * --enable-filepro + * Tweak copyright file a bit. + * Generate mhash module (closes part of 63186). + * Ask to remove libphp4 from httpd.conf upon remove/purge. + * Fixed build-depends, thanks to Roman Hodek (closes: #65938). + (I told you the first time it won't work :)) + * Mark /etc/php4/cgi/php.ini as conffile. + * Every module now ask if it should be enabled on install + (if it's not already) and disabled on remove/purge. + + -- Petr Cech Tue, 20 Jun 2000 14:29:01 +0200 + +php4 (4.0.0-3) unstable; urgency=low + + * Ship correct php.ini (extension_dir=/usr/lib/php4/apache). + * Don't use included libmysqlclient and use system one (fixes + wrong location of mysqld.sock) + * link XML module dynamicly with system xmlparse and xmltok. + + -- Petr Cech Wed, 14 Jun 2000 22:30:07 +0000 + +php4 (4.0.0-2) unstable; urgency=low + + * fix the IS_SLASH bug (closes: #65625 and probably others as well). + * Really change the maintainer field. + + -- Petr Cech Wed, 14 Jun 2000 07:44:05 +0000 + +php4 (4.0.0-1) unstable; urgency=low + + * New maintainer. + * New upstream release. + * Fix dynamic module loading. + * Added Build-Depends (I wonder, if I got them right) + * Standards-Version: 3.1.1 + + -- Petr Cech Tue, 13 Jun 2000 13:40:56 +0000 + +php4 (4.0rc1-2) unstable; urgency=low + + * Compile with latest apache and libraries from woody + (Closes: #62631, #62640) + + -- Gergely Madarasz Wed, 19 Apr 2000 14:39:25 +0200 + +php4 (4.0rc1-1) unstable; urgency=low + + * New upstream version + * Fix db2 support (Closes: #61709) + * Fix gd support (Closes: #61708) + * Remove ucd-snmp-hack from config options + + -- Gergely Madarasz Sun, 16 Apr 2000 17:04:05 +0200 + +php4 (4.0b4pl1-2) unstable; urgency=low + + * Build with --disable-debug so it should work with the zend + optimizer (Closes: #60265) + * Build with --enable-trans-sid (Closes: #60430) + * Write some more about php4/php3 differences in the description + (Closes: #60155) + + -- Gergely Madarasz Fri, 17 Mar 2000 17:35:29 +0100 + +php4 (4.0b4pl1-1) unstable; urgency=low + + * New upstream version + * Upstream reorganized the build system quite a bit, lots of patches + removed + + -- Gergely Madarasz Wed, 23 Feb 2000 17:16:00 +0100 + +php4 (4.0b3-4) unstable; urgency=low + + * Add /etc/php4/apache/php.ini to conffiles (Closes: #54194) + * Add info file for apacheconfig + * Offer to run apacheconfig and/or apache-sslconfig in postinst + * Comment out sendmail_path from php.ini so the default sendmail path + should work (Closes: #51355) + + -- Gergely Madarasz Thu, 6 Jan 2000 14:38:20 +0100 + +php4 (4.0b3-3) unstable; urgency=low + + * Compile with libgd instead of libgd-gif + + -- Gergely Madarasz Tue, 4 Jan 2000 18:07:56 +0100 + +php4 (4.0b3-2) unstable; urgency=low + + * Build imap and ldap modules + * Fix rm -f in rules file (Closes: #51623) + + -- Gergely Madarasz Mon, 3 Jan 2000 16:54:19 +0100 + +php4 (4.0b3-1) unstable; urgency=low + + * Initial Release. + + -- Gergely Madarasz Tue, 16 Nov 1999 19:33:42 +0100 + --- php5-5.3.10.orig/debian/php5-cli.postinst +++ php5-5.3.10/debian/php5-cli.postinst @@ -0,0 +1,20 @@ +#!/bin/sh + +set -e + +#DEBHELPER# + +if [ "$1" != "configure" ]; then + exit 0 +fi + +phpini="/etc/php5/cli/php.ini" + +ucf /usr/share/php5/php.ini-production.cli $phpini +ucfr php5-cli $phpini + +update-alternatives \ + --install /usr/bin/php php /usr/bin/php5 50 \ + --slave /usr/share/man/man1/php.1.gz php.1.gz /usr/share/man/man1/php5.1.gz + +exit 0 --- php5-5.3.10.orig/debian/libapache2-mod-php5filter.prerm +++ php5-5.3.10/debian/libapache2-mod-php5filter.prerm @@ -0,0 +1,18 @@ +#!/bin/sh + +set -e + +#DEBHELPER# + +case "$1" in + remove) + if [ -e /etc/apache2/apache2.conf -a -e /etc/apache2/mods-enabled/php5.load ]; then + # set a flag to remember the original state + # useful when reinstalling the same version. + touch /etc/php5/apache2filter/.start + fi + a2dismod php5filter || true + ;; +esac + +exit 0 --- php5-5.3.10.orig/debian/php5-dev.postinst +++ php5-5.3.10/debian/php5-dev.postinst @@ -0,0 +1,17 @@ +#!/bin/sh + +set -e + +#DEBHELPER# + +if [ "$1" != "configure" ]; then + exit 0 +fi + +for i in php-config phpize; do + update-alternatives \ + --install /usr/bin/"$i" $i /usr/bin/"$i"5 50 \ + --slave /usr/share/man/man1/"$i".1.gz "$i".1.gz /usr/share/man/man1/"$i"5.1.gz +done + +exit 0 --- php5-5.3.10.orig/debian/php5-dev.prerm +++ php5-5.3.10/debian/php5-dev.prerm @@ -0,0 +1,15 @@ +#!/bin/sh + +set -e + +#DEBHELPER# + +if [ "$1" != "remove" -a "$1" != "purge" ]; then + exit 0 +fi + +for i in php-config phpize; do + update-alternatives --remove $i /usr/bin/"$i"5 +done + +exit 0 --- php5-5.3.10.orig/debian/php5-fpm.postinst +++ php5-5.3.10/debian/php5-fpm.postinst @@ -0,0 +1,18 @@ +#!/bin/sh + +set -e + +#DEBHELPER# + +dpkg-maintscript-helper mv_conffile /etc/php5/fpm/main.conf /etc/php5/fpm/php-fpm.conf 5.3.5-1 -- "$@" + +if [ "$1" != "configure" ]; then + exit 0 +fi + +phpini="/etc/php5/fpm/php.ini" + +ucf /usr/share/php5/php.ini-production $phpini +ucfr php5-fpm $phpini + +exit 0 --- php5-5.3.10.orig/debian/php5-sybase.postrm +++ php5-5.3.10/debian/php5-sybase.postrm @@ -0,0 +1,10 @@ +#!/bin/sh +set -e + +NEW_CONFFILE=/etc/php5/conf.d/mssql.ini +if [ "$1" = "upgrade" ] && dpkg --compare-versions "$2" lt 5.2.3-2 +then + rm $NEW_CONFFILE +fi + +#DEBHELPER# --- php5-5.3.10.orig/debian/libapache2-mod-php5filter.postinst +++ php5-5.3.10/debian/libapache2-mod-php5filter.postinst @@ -0,0 +1,48 @@ +#!/bin/sh + +set -e + +#DEBHELPER# + +reload_apache() +{ + if apache2ctl configtest 2>/dev/null; then + invoke-rc.d apache2 $1 || true + else + echo "Your apache2 configuration is broken, so we're not restarting it for you." + fi +} + +# we've registered a trigger to handle extension updates. +if [ "$1" = "triggered" ] && [ "$2" = "/etc/php5/conf.d" ]; then + reload_apache force-reload + exit 0 +elif [ "$1" != "configure" ]; then + exit 0 +fi + +phpini="/etc/php5/apache2filter/php.ini" + +ucf /usr/share/php5/php.ini-production $phpini +ucfr libapache2-mod-php5filter $phpini + +if [ -n "$2" ]; then + # recover the previous state + if [ -e /etc/php5/apache2filter/.start ]; then + a2enmod php5filter >/dev/null || true + fi +# we're upgrading. test if we're enabled, and if so, restart to reload the module. + if [ -e /etc/apache2/mods-enabled/php5filter.load ]; then + reload_apache force-reload + fi + exit 0 +fi + +if [ -e /etc/apache2/apache2.conf ]; then +# Enable the module, but hide a2enmod's misleading message about apachectl +# and force-reload the thing ourselves. + a2enmod php5filter >/dev/null || true + reload_apache restart +fi + +exit 0 --- php5-5.3.10.orig/debian/php5-sapi.postrm +++ php5-5.3.10/debian/php5-sapi.postrm @@ -0,0 +1,28 @@ +#! /bin/sh + +set -e + +phpini=/etc/php5/@sapi@/php.ini + +case "$1" in +purge) + # remove the flag to remember the original state + if [ -e /etc/php5/@sapi@/.start ]; then + rm -f /etc/php5/apache2/.start + fi + for ext in '~' '%' .bak .ucf-new .ucf-old .ucf-dist; do + rm -f $phpini$ext + done + rm -f $phpini + if which ucf >/dev/null; then + ucf --purge $phpini + fi + if which ucfr >/dev/null; then + ucfr --purge @package@ $phpini + fi + ;; +esac + +#DEBHELPER# + +exit 0 --- php5-5.3.10.orig/debian/compat +++ php5-5.3.10/debian/compat @@ -0,0 +1 @@ +5 --- php5-5.3.10.orig/debian/php5-module.ini +++ php5-5.3.10/debian/php5-module.ini @@ -0,0 +1,2 @@ +; configuration for php @extname@ module +extension=@dsoname@.so --- php5-5.3.10.orig/debian/php-pear.doc-base.php-structures-graph +++ php5-5.3.10/debian/php-pear.doc-base.php-structures-graph @@ -0,0 +1,8 @@ +Document: php-structures-graph +Title: PEAR Structures_Graph +Abstract: API documentation of the Structures_Graph module. +Section: Programming + +Format: HTML +Index: /usr/share/doc/php-pear/PEAR/Structures_Graph/docs/html/index.html +Files: /usr/share/doc/php-pear/PEAR/Structures_Graph/docs/html/Structures_Graph/*.html --- php5-5.3.10.orig/debian/libapache2-mod-php5.triggers +++ php5-5.3.10/debian/libapache2-mod-php5.triggers @@ -0,0 +1 @@ +interest /etc/php5/conf.d --- php5-5.3.10.orig/debian/php-pear.dirs +++ php5-5.3.10/debian/php-pear.dirs @@ -0,0 +1,2 @@ +/usr/share/doc/php-pear/PEAR +/usr/share/lintian/overrides --- php5-5.3.10.orig/debian/php5-cgi.postinst +++ php5-5.3.10/debian/php5-cgi.postinst @@ -0,0 +1,23 @@ +#!/bin/sh + +set -e + +#DEBHELPER# + +if [ "$1" != "configure" ]; then + exit 0 +fi + +phpini="/etc/php5/cgi/php.ini" + +ucf /usr/share/php5/php.ini-production $phpini +ucfr php5-cgi $phpini + +update-alternatives \ + --install /usr/bin/php-cgi php-cgi /usr/bin/php5-cgi 50 \ + --slave /usr/share/man/man1/php-cgi.1.gz php-cgi.1.gz /usr/share/man/man1/php5-cgi.1.gz + +update-alternatives \ + --install /usr/lib/cgi-bin/php php-cgi-bin /usr/lib/cgi-bin/php5 50 + +exit 0 --- php5-5.3.10.orig/debian/php5-sqlite.preinst +++ php5-5.3.10/debian/php5-sqlite.preinst @@ -0,0 +1,9 @@ +#!/bin/sh +set -e + +[ -x /usr/bin/dpkg-maintscript-helper ] && \ + dpkg-maintscript-helper rm_conffile /etc/php5/conf.d/sqlite.ini 5.3.9~ -- "$@" + +#DEBHELPER# + +exit 0 --- php5-5.3.10.orig/debian/php5-common.dirs +++ php5-5.3.10/debian/php5-common.dirs @@ -0,0 +1,7 @@ +/usr/lib/php5/libexec +/usr/share/lintian/overrides +/usr/share/doc/php5-common/examples +/usr/share/php5 +/var/lib/php5 +/usr/lib/php5 +/etc/php5/conf.d --- php5-5.3.10.orig/debian/php5-sqlite.postinst.extra +++ php5-5.3.10/debian/php5-sqlite.postinst.extra @@ -0,0 +1,2 @@ +[ -x /usr/bin/dpkg-maintscript-helper ] && \ + dpkg-maintscript-helper rm_conffile /etc/php5/conf.d/sqlite.ini 5.3.9~ -- "$@" --- php5-5.3.10.orig/debian/php5-sqlite.postrm +++ php5-5.3.10/debian/php5-sqlite.postrm @@ -0,0 +1,9 @@ +#!/bin/sh +set -e + +[ -x /usr/bin/dpkg-maintscript-helper ] && \ + dpkg-maintscript-helper rm_conffile /etc/php5/conf.d/sqlite.ini 5.3.9~ -- "$@" + +#DEBHELPER# + +exit 0 --- php5-5.3.10.orig/debian/php5-dev.files +++ php5-5.3.10/debian/php5-dev.files @@ -0,0 +1,6 @@ +usr/bin/php-config +usr/bin/phpize +usr/share/man/man1/php-config.1 +usr/share/man/man1/phpize.1 +usr/include +usr/lib/php5/build --- php5-5.3.10.orig/debian/NEWS +++ php5-5.3.10/debian/NEWS @@ -0,0 +1,114 @@ +php5 (5.3.10-1ubuntu1) precise; urgency=low + + * The Suhosin patch that was disabled by default in the Debian + packages is *enabled* on Ubuntu by default. + + -- Clint Byrum Thu, 16 Feb 2012 00:31:53 -0800 + +php5 (5.3.9-4) unstable; urgency=low + + * The Suhosin patch is now disabled in the default build. + + If you want to re-enable it again for your installation, you can + set the option PHP5_SUHOSIN=yes in debian/rules and recompile PHP. + + -- Ondřej Surý Sat, 28 Jan 2012 08:39:36 +0100 + +php5 (5.3.6-13) unstable; urgency=low + + * Updated blowfish crypt() algorithm fixes the 8-bit character handling + vulnerability (CVE-2011-2483) and adds more self-tests. Unfortunately + this change is incompatible with some old (wrong) generated hashes for + passwords containing 8-bit characters. + + It is recommended that any passwords containing characters with + the 8th bit set be changed after this upgrade. In order to allow users + to log in after the upgrade even if they have a potentially affected + password, the newly introduced backwards compatibility hash encoding + prefix of "$2x$" may be used (in place of the usual "$2a$"). Such + password hashes should only be used during a transition period; when + passwords are changed, the usual "$2a$" prefix is used, denoting the + correct algorithm. + + -- Ondřej Surý Mon, 04 Jul 2011 10:31:16 +0200 + +php5 (5.3.1-3) unstable; urgency=low + + * mod_php disabled in userdirs. + + The default Debian libapache2-mod-php5 package now disables the PHP + engine on ~/public_html directories when mod_userdir is enabled, for + security reasons. Although discouraged, it can be re-enabled by + commenting the block in + /etc/apache2/mods-available/php5.conf + + * PHP 5.2 compatibility settings + + Given the short time to the Squeeze release freeze, the + short_open_tag setting has been turned On again (upstream now + defaults to Off on the php.ini files.) However, the request_order and + auto_globals_jit settings continue to be the default from upstream + ("GP" and On, respectively.) + + -- Raphael Geissert Mon, 11 Jan 2010 16:49:28 -0600 + +php5 (5.2.11.dfsg.1-2) unstable; urgency=high + + * Maximum number of file uploads per request limited + + To prevent Denial of Service attacks by exhausting the number of + available temporary file names, upstream introduced the max_file_uploads + option in 5.3.1 and 5.2.12. + + Due to the nature of this new option a default limit has been set + to 50, hoping it is sensible enough to not to cause disruptions on + existing services. + The value of this new limit can be changed in the php.ini file. + + If you installed the php5-suhosin extension there was a limiting + mechanism in place already. In this case you may want to make sure + the new limit imposed by PHP itself is not smaller than suhosin's. + + -- Raphael Geissert Sat, 21 Nov 2009 13:37:51 -0600 + +php5 (5.2.6-1) unstable; urgency=medium + + * Now uses system timezone database. + + Debian PHP now makes use of the system wide timezone database from the + tzdata package, making sure any updates there are automatically used + by PHP aswell. Note that this requires that the PHP process has access + to /etc/localtime and /usr/share/zoneinfo (this is usually the case). + + * New php5-dbg package. + + We are now shipping a php5-dgb package which will greatly aid in finding + the cause of many crashes that you may experience. So if you are going to + report a bug for a reproducible crash, please install this package before + sending a backtrace. + + * New libapache2-mod-php5filter package. + + We are now also shipping a new libapache2-mod-php5filter package which + uses the "Apache 2.0 filter-module support via DSO through APXS". + + -- Thijs Kinkhorst Wed, 23 Jul 2008 17:42:06 +0200 + +php5 (5.2.3-2) unstable; urgency=low + + The Suhosin patch is now enabled by default! + + For more information, see + . + + Special thanks to Blars Blarson for providing a sparc machine for testing + that the patch seems to work okay on that architecture. If you experience + otherwise let us know! + + Suggestions are welcome for default configuration options, examples, + documentation, etc. + + In any event please report successes and/or failures to us at + pkg-php-maint@lists.alioth.debian.org. + + -- sean finney Thu, 12 Jul 2007 23:38:43 +0200 --- php5-5.3.10.orig/debian/watch +++ php5-5.3.10/debian/watch @@ -0,0 +1,5 @@ +version=3 +opts=downloadurlmangle=s#/a/#/this/#,\ +filenamemangle=s#/get/(php-(5\.[0-9\.]*)\.tar\.gz)/.*#$1#,\ +dversionmangle=s/\.dfsg\.\d+// \ +http://www.php.net/downloads.php /get/php-(5\.[0-9\.]*)\.tar\.gz/from/a/mirror debian --- php5-5.3.10.orig/debian/php5-dev.dirs +++ php5-5.3.10/debian/php5-dev.dirs @@ -0,0 +1,2 @@ +/usr/bin +/usr/share/lintian/overrides --- php5-5.3.10.orig/debian/php5-sapi.links +++ php5-5.3.10/debian/php5-sapi.links @@ -0,0 +1 @@ +etc/php5/conf.d etc/php5/@sapi@/conf.d --- php5-5.3.10.orig/debian/php5-fpm.preinst +++ php5-5.3.10/debian/php5-fpm.preinst @@ -0,0 +1,9 @@ +#!/bin/sh + +set -e + +#DEBHELPER# + +dpkg-maintscript-helper mv_conffile /etc/php5/fpm/main.conf /etc/php5/fpm/php-fpm.conf 5.3.5-1 -- "$@" + +exit 0 --- php5-5.3.10.orig/debian/php5-sapi.lintian-overrides +++ php5-5.3.10/debian/php5-sapi.lintian-overrides @@ -0,0 +1,18 @@ +# The extensions directory must exist, even if empty +@sapi@: package-contains-empty-directory @extdir@/ +# Not a spelling mistake, just a compilation curiosity +@sapi@: spelling-error-in-binary * ment meant +# Not a spelling mistake, tz code for Tahiti +@sapi@: spelling-error-in-binary * taht that +libapache2-mod-php5: embedded-library usr/lib/apache2/modules/libphp5.so: file +libapache2-mod-php5filter: embedded-library usr/lib/apache2/modules/libphp5filter.so: file +php5-cgi: embedded-library usr/bin/php5-cgi: file +php5-cgi: embedded-library usr/lib/cgi-bin/php5: file +php5-cli: embedded-library usr/bin/php5: file +php5-fpm: embedded-library usr/sbin/php5-fpm: file +libapache2-mod-php5: embedded-library ./usr/lib/apache2/modules/libphp5.so: file +libapache2-mod-php5filter: embedded-library ./usr/lib/apache2/modules/libphp5filter.so: file +php5-cgi: embedded-library ./usr/bin/php5-cgi: file +php5-cgi: embedded-library ./usr/lib/cgi-bin/php5: file +php5-cli: embedded-library ./usr/bin/php5: file +php5-fpm: embedded-library ./usr/sbin/php5-fpm: file --- php5-5.3.10.orig/debian/php5-cgi.prerm +++ php5-5.3.10/debian/php5-cgi.prerm @@ -0,0 +1,14 @@ +#!/bin/sh + +set -e + +#DEBHELPER# + +if [ "$1" != "remove" -a "$1" != "purge" ]; then + exit 0 +fi + +update-alternatives --remove php-cgi /usr/bin/php5-cgi +update-alternatives --remove php-cgi-bin /usr/lib/cgi-bin/php5 + +exit 0 --- php5-5.3.10.orig/debian/php5-cli.prerm +++ php5-5.3.10/debian/php5-cli.prerm @@ -0,0 +1,11 @@ +#!/bin/sh + +set -e + +#DEBHELPER# + +if [ "$1" = "remove" -o "$1" = "deconfigure" ]; then + update-alternatives --remove php /usr/bin/php5 +fi + +exit 0 --- php5-5.3.10.orig/debian/README.Debian.security +++ php5-5.3.10/debian/README.Debian.security @@ -0,0 +1,27 @@ +the Debian stable security team does not provide security support +for certain configurations known to be inherently insecure. This +includes the interpreter itself, extensions, and code written in the +PHP language. Most specifically, the security team will not provide +support for flaws in: + +- problems which are not flaws in the design of php but can be problematic + when used by sloppy developers (for example: not checking the contents + of a tar file before extracting it, using unserialize() on + untrusted data, or relying on a specific value of short_open_tag). + +- vulnerabilities involving register_globals being activated, unless + specifically the vulnerability activates this setting when it was + configured as deactivated. + +- vulnerabilities involving any kind of safe_mode or open_basedir + violation, as these are security models flawed by design and no longer + have upstream support either. + +- any "works as expected" vulnerabilities, such as "user can cause php + to crash by writing a malcious php script", unless such vulnerabilities + involve some kind of higher-level DoS or privilege escalation that would + not otherwise be available. + +PHP upstream has published a statement regarding their view on security +and the PHP interpreter: +http://www.php.net/security-note.php --- php5-5.3.10.orig/debian/suhosin_patch.watch +++ php5-5.3.10/debian/suhosin_patch.watch @@ -0,0 +1,8 @@ +# Check for new versions with: +# uscan --watchfile debian/suhosin_patch.watch --package suhosin-patch +# don't forget to update the version in this file when updating the patch! +version=3 + +opts=uversionmangle=s/RC/~RC/ \ +http://www.hardened-php.net/suhosin/download.html \ + http://download.suhosin.org/suhosin-patch-(.*)\.patch\.gz 5.3.1-0.9.8 --- php5-5.3.10.orig/debian/php5-fpm.init +++ php5-5.3.10/debian/php5-fpm.init @@ -0,0 +1,168 @@ +#!/bin/sh +### BEGIN INIT INFO +# Provides: php-fpm php5-fpm +# Required-Start: $remote_fs $network +# Required-Stop: $remote_fs $network +# Default-Start: 2 3 4 5 +# Default-Stop: +# Short-Description: starts php5-fpm +# Description: Starts PHP5 FastCGI Process Manager Daemon +### END INIT INFO + +# Author: Ondrej Sury + +PATH=/sbin:/usr/sbin:/bin:/usr/bin +DESC="PHP5 FastCGI Process Manager" +NAME=php5-fpm +DAEMON=/usr/sbin/$NAME +DAEMON_ARGS="--fpm-config /etc/php5/fpm/php-fpm.conf" +PIDFILE=/var/run/php5-fpm.pid +TIMEOUT=30 +SCRIPTNAME=/etc/init.d/$NAME + +# Exit if the package is not installed +[ -x "$DAEMON" ] || exit 0 + +# Read configuration variable file if it is present +[ -r /etc/default/$NAME ] && . /etc/default/$NAME + +# Load the VERBOSE setting and other rcS variables +. /lib/init/vars.sh + +# Define LSB log_* functions. +# Depend on lsb-base (>= 3.0-6) to ensure that this file is present. +. /lib/lsb/init-functions + +# +# Function to check the correctness of the config file +# +do_check() +{ + [ "$1" != "no" ] && $DAEMON $DAEMON_ARGS -t 2>&1 | grep -v "\[ERROR\]" + FPM_ERROR=$($DAEMON $DAEMON_ARGS -t 2>&1 | grep "\[ERROR\]") + + if [ -n "${FPM_ERROR}" ]; then + echo "Please fix your configuration file..." + $DAEMON $DAEMON_ARGS -t 2>&1 | grep "\[ERROR\]" + return 1 + fi + return 0 +} + +# +# Function that starts the daemon/service +# +do_start() +{ + # Return + # 0 if daemon has been started + # 1 if daemon was already running + # 2 if daemon could not be started + start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON --test > /dev/null \ + || return 1 + start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON -- \ + $DAEMON_ARGS 2>/dev/null \ + || return 2 + # Add code here, if necessary, that waits for the process to be ready + # to handle requests from services started subsequently which depend + # on this one. As a last resort, sleep for some time. +} + +# +# Function that stops the daemon/service +# +do_stop() +{ + # Return + # 0 if daemon has been stopped + # 1 if daemon was already stopped + # 2 if daemon could not be stopped + # other if a failure occurred + start-stop-daemon --stop --quiet --retry=QUIT/$TIMEOUT/TERM/5/KILL/5 --pidfile $PIDFILE --name $NAME + RETVAL="$?" + [ "$RETVAL" = 2 ] && return 2 + # Wait for children to finish too if this is a daemon that forks + # and if the daemon is only ever run from this initscript. + # If the above conditions are not satisfied then add some other code + # that waits for the process to drop all resources that could be + # needed by services started subsequently. A last resort is to + # sleep for some time. + start-stop-daemon --stop --quiet --oknodo --retry=0/30/TERM/5/KILL/5 --exec $DAEMON + [ "$?" = 2 ] && return 2 + # Many daemons don't delete their pidfiles when they exit. + rm -f $PIDFILE + return "$RETVAL" +} + +# +# Function that sends a SIGHUP to the daemon/service +# +do_reload() { + # + # If the daemon can reload its configuration without + # restarting (for example, when it is sent a SIGHUP), + # then implement that here. + # + start-stop-daemon --stop --signal USR2 --quiet --pidfile $PIDFILE --name $NAME + return 0 +} + +case "$1" in + start) + [ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME" + do_check $VERBOSE + case "$?" in + 0) + do_start + case "$?" in + 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; + 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; + esac + ;; + 1) [ "$VERBOSE" != no ] && log_end_msg 1 ;; + esac + ;; + stop) + [ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME" + do_stop + case "$?" in + 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; + 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; + esac + ;; + status) + status_of_proc "$DAEMON" "$NAME" && exit 0 || exit $? + ;; + check) + do_check yes + ;; + reload|force-reload) + log_daemon_msg "Reloading $DESC" "$NAME" + do_reload + log_end_msg $? + ;; + restart) + log_daemon_msg "Restarting $DESC" "$NAME" + do_stop + case "$?" in + 0|1) + do_start + case "$?" in + 0) log_end_msg 0 ;; + 1) log_end_msg 1 ;; # Old process is still running + *) log_end_msg 1 ;; # Failed to start + esac + ;; + *) + # Failed to stop + log_end_msg 1 + ;; + esac + ;; + *) + echo "Usage: $SCRIPTNAME {start|stop|status|restart|reload|force-reload}" >&2 + exit 1 + ;; +esac + +: --- php5-5.3.10.orig/debian/gbp.conf +++ php5-5.3.10/debian/gbp.conf @@ -0,0 +1,13 @@ +[DEFAULT] +debian-branch = debian-testing +debian-tag = debian/%(version)s +upstream-branch = upstream-testing +upstream-tag = upstream/%(version)s +pristine-tar = True + +[git-dch] +meta = 1 + +[git-import-orig] +# those files should not be in the tarball +filter = ['*.bak','*~','*.orig','.cvsignore','.#*','autom4te/*','autom4te.cache/*'] --- php5-5.3.10.orig/debian/php5-common.php5.cron.d +++ php5-5.3.10/debian/php5-common.php5.cron.d @@ -0,0 +1,7 @@ +# /etc/cron.d/php5: crontab fragment for php5 +# This purges session files older than X, where X is defined in seconds +# as the largest value of session.gc_maxlifetime from all your php.ini +# files, or 24 minutes if not defined. See /usr/lib/php5/maxlifetime + +# Look for and purge old sessions every 30 minutes +09,39 * * * * root [ -x /usr/lib/php5/maxlifetime ] && [ -d /var/lib/php5 ] && find /var/lib/php5/ -depth -mindepth 1 -maxdepth 1 -type f -cmin +$(/usr/lib/php5/maxlifetime) ! -execdir fuser -s {} 2>/dev/null \; -delete --- php5-5.3.10.orig/debian/php5-module.postinst +++ php5-5.3.10/debian/php5-module.postinst @@ -0,0 +1,8 @@ +#!/bin/sh + +set -e + +#EXTRA# +#DEBHELPER# + +exit 0 --- php5-5.3.10.orig/debian/php5-common.postrm +++ php5-5.3.10/debian/php5-common.postrm @@ -0,0 +1,12 @@ +#! /bin/bash + +set -e + +if [ "$1" = "purge" ] +then + rm -rf /var/lib/php5 +fi + +#DEBHELPER# + +exit 0 --- php5-5.3.10.orig/debian/maxlifetime +++ php5-5.3.10/debian/maxlifetime @@ -0,0 +1,23 @@ +#!/bin/sh -e + +max=1440 + +if which php5 >/dev/null 2>&1; then + for sapi in apache2 apache2filter cgi fpm; do + if [ -e /etc/php5/${sapi}/php.ini ]; then + cur=$(php5 -c /etc/php5/${sapi}/php.ini -d "error_reporting='~E_ALL'" -r 'print ini_get("session.gc_maxlifetime");') + [ -z "$cur" ] && cur=0 + [ "$cur" -gt "$max" ] && max=$cur + fi + done +else + for ini in /etc/php5/*/php.ini /etc/php5/conf.d/*.ini; do + cur=$(sed -n -e 's/^[[:space:]]*session.gc_maxlifetime[[:space:]]*=[[:space:]]*\([0-9]\+\).*$/\1/p' $ini 2>/dev/null || true); + [ -z "$cur" ] && cur=0 + [ "$cur" -gt "$max" ] && max=$cur + done +fi + +echo $(($max/60)) + +exit 0 --- php5-5.3.10.orig/debian/php5-common.docs +++ php5-5.3.10/debian/php5-common.docs @@ -0,0 +1,10 @@ +CREDITS +EXTENSIONS +TODO +CODING_STANDARDS +README.SVN-RULES +README.EXT_SKEL +README.SELF-CONTAINED-EXTENSIONS +README.Zeus +README.PHP4-TO-PHP5-THIN-CHANGES +debian/README.Debian.security --- php5-5.3.10.orig/debian/libapache2-mod-php5.dirs +++ php5-5.3.10/debian/libapache2-mod-php5.dirs @@ -0,0 +1,3 @@ +/etc/apache2/mods-available +/etc/php5/apache2 +/usr/lib/apache2/modules --- php5-5.3.10.orig/debian/php5-dev.lintian-overrides +++ php5-5.3.10/debian/php5-dev.lintian-overrides @@ -0,0 +1,2 @@ +php5-dev: script-not-executable ./usr/lib/php5/build/run-tests.php +php5-dev: script-not-executable usr/lib/php5/build/run-tests.php --- php5-5.3.10.orig/debian/libapache2-mod-php5filter.load +++ php5-5.3.10/debian/libapache2-mod-php5filter.load @@ -0,0 +1 @@ +LoadModule php5_module /usr/lib/apache2/modules/libphp5filter.so --- php5-5.3.10.orig/debian/libapache2-mod-php5filter.conf +++ php5-5.3.10/debian/libapache2-mod-php5filter.conf @@ -0,0 +1,6 @@ + + + SetInputFilter PHP + SetOutputFilter PHP + + --- php5-5.3.10.orig/debian/libapache2-mod-php5.prerm +++ php5-5.3.10/debian/libapache2-mod-php5.prerm @@ -0,0 +1,18 @@ +#!/bin/sh + +set -e + +#DEBHELPER# + +case "$1" in + remove) + if [ -e /etc/apache2/apache2.conf -a -e /etc/apache2/mods-enabled/php5.load ]; then + # set a flag to remember the original state + # useful when reinstalling the same version. + touch /etc/php5/apache2/.start + fi + a2dismod php5 || true + ;; +esac + +exit 0 --- php5-5.3.10.orig/debian/copyright.header +++ php5-5.3.10/debian/copyright.header @@ -0,0 +1,42 @@ +This package was debianized by Gergely Madarasz on +Tue, 16 Nov 1999 19:33:42 +0100. + +Previous maintainers of the package also include: + Petr Cech , who did a LOT of work on these packages. + Adam Conrad , who got a significant chunk of input and + help from Steve Langasek and + Andres Salomon . + +The current maintainers can be contacted via the debian php packaging list: + pkg-php-maint@lists.alioth.debian.org + +It was downloaded from www.php.net/version5/downloads +Changes: removed ext/dbase dir (non-free) + +Noteworthy/non-trivial patches: + patch: suhosin.patch + contributor: http://www.hardened-php.net/ + copyright © 2006-2007 Stefan Esser + may be used/modified/redistributed under the terms of PHP itself + + patch: use_embedded_timezonedb.patch + contributor: Joe Orton + copyright © 2008 Red Hat, Inc. + may be used/modified/redistributed under the terms of PHP itself + +Upstream Authors: The PHP group for PHP5, Andi Gutmans and Zeev Suraski +for libzend + +The file ext/standard/rand.c contains the following clause with a statement +that isn't compatible with the DFSG: + "The code as Shawn received it included the following notice: + + Copyright (C) 1997 Makoto Matsumoto and Takuji Nishimura. When + you use this, send an e-mail to with + an appropriate reference to your work." +However, this requirement has been rescinded by the copyright holder in +message <48E334A2.6050301@math.sci.hiroshima-u.ac.jp> to bug #498621. + +Two different licences apply to this package, one for PHP5, the other for +libzend. Both licences are shown here below. + --- php5-5.3.10.orig/debian/php5-cli.dirs +++ php5-5.3.10/debian/php5-cli.dirs @@ -0,0 +1,3 @@ +/etc/php5/cli +/usr/bin +/usr/share/man/man1 --- php5-5.3.10.orig/debian/libapache2-mod-php5.postinst +++ php5-5.3.10/debian/libapache2-mod-php5.postinst @@ -0,0 +1,49 @@ +#!/bin/sh + +set -e + +#DEBHELPER# + +reload_apache() +{ + if apache2ctl configtest 2>/dev/null; then + invoke-rc.d apache2 $1 || true + else + echo "Your apache2 configuration is broken, so we're not restarting it for you." + fi +} + +# we've registered a trigger to handle extension updates. +if [ "$1" = "triggered" ] && [ "$2" = "/etc/php5/conf.d" ]; then + reload_apache force-reload + exit 0 +elif [ "$1" != "configure" ]; then + exit 0 +fi + +phpini="/etc/php5/apache2/php.ini" + +ucf /usr/share/php5/php.ini-production $phpini +ucfr libapache2-mod-php5 $phpini + +if [ -n "$2" ]; then + # recover the previous state + if [ -e /etc/php5/apache2/.start ]; then + a2enmod php5 >/dev/null || true + rm -f /etc/php5/apache2/.start + fi +# we're upgrading. test if we're enabled, and if so, restart to reload the module. + if [ -e /etc/apache2/mods-enabled/php5.load ]; then + reload_apache force-reload + fi + exit 0 +fi + +if [ -e /etc/apache2/apache2.conf ]; then +# Enable the module, but hide a2enmod's misleading message about apachectl +# and force-reload the thing ourselves. + a2enmod php5 >/dev/null || true + reload_apache restart +fi + +exit 0 --- php5-5.3.10.orig/debian/rules +++ php5-5.3.10/debian/rules @@ -0,0 +1,761 @@ +#!/usr/bin/make -f +# Sample debian/rules that uses debhelper. +# GNU copyright 1997 by Joey Hess. +# +# This version is for a hypothetical package that builds an +# architecture-dependant package, as well as an architecture-independent +# package. + +# Uncomment this to turn on verbose mode. +#export DH_VERBOSE=1 + +# This has to be exported to make some magic below work. +export DH_OPTIONS + +# Set this flag to 'yes' if you want to disable all modifications breaking abi +# compatibility to upstream +PHP5_COMPAT=no + +# Set this flag to 'yes' if you want to compile PHP5 with suhosin patch +PHP5_SUHOSIN=yes + +DEB_HOST_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_HOST_GNU_TYPE) +DEB_BUILD_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_BUILD_GNU_TYPE) +DEB_HOST_MULTIARCH ?= $(shell dpkg-architecture -qDEB_HOST_MULTIARCH) +export DEB_HOST_MULTIARCH + +PHP5_HOST_GNU_TYPE = $(subst gnulp,gnu,$(DEB_HOST_GNU_TYPE)) +PHP5_BUILD_GNU_TYPE = $(subst gnulp,gnu,$(DEB_BUILD_GNU_TYPE)) + +PHP5_HOST_GNU_TYPE := $(shell echo $(PHP5_HOST_GNU_TYPE) | sed 's/-gnu$$//') +PHP5_BUILD_GNU_TYPE := $(shell echo $(PHP5_BUILD_GNU_TYPE) | sed 's/-gnu$$//') +DEB_HOST_ARCH ?= $(shell dpkg-architecture -qDEB_HOST_ARCH) + +PHP5_SOURCE_VERSION = $(shell dpkg-parsechangelog | grep ^Version | sed "s/Version: //") +PHP5_UPSTREAM_VERSION = $(shell echo $(PHP5_SOURCE_VERSION) | sed -e "s/-.*//" -e "s/.*://") +PHP5_DEBIAN_REVISION = $(shell echo $(PHP5_SOURCE_VERSION) | sed "s/.*-//") + +RUN_TESTS = yes +ifeq (nocheck,$(findstring nocheck,$(DEB_BUILD_OPTIONS))) + $(warning Disabling checks due DEB_BUILD_OPTIONS) + RUN_TESTS = no +endif +ifeq ($(DEB_HOST_ARCH),$(findstring $(DEB_HOST_ARCH),hurd-i386)) + $(warning Disabling checks on hurd-i386) + RUN_TESTS = no +endif + +#ifneq ($(DEB_HOST_ARCH),$(findstring $(DEB_HOST_ARCH),hurd-i386 m68k hppa ppc64)) +# CONFIGURE_APACHE_ARGS = --with-interbase=shared,/usr --with-pdo-firebird=shared,/usr +#else +CONFIGURE_APACHE_ARGS = --without-interbase --without-pdo-firebird +#endif + +ifeq (yes,$(RUN_TESTS)) + MYSQL_PORT := $(shell for i in $$(seq 1025 3600 | sort -R); do nc -z localhost $$i || { echo $$i; exit; } ; done) + MYSQL_DATA_DIR ?= $(shell readlink -f mysql_db) + ifeq (,$(MYSQL_PORT)) + $(error Could not find available port for mysql server) + endif + MYSQL_SOCKET = $(MYSQL_DATA_DIR)/mysql.sock +endif + +# specify some options to our patch system +QUILT_DIFF_OPTS=-p +QUILT_NO_DIFF_TIMESTAMPS=1 +export QUILT_DIFF_OPTS QUILT_NO_DIFF_TIMESTAMPS + +PROG_SENDMAIL = /usr/sbin/sendmail +ifeq (,$(findstring noopt,$(DEB_BUILD_OPTIONS))) + CFLAGS += -O2 +else + CFLAGS += -O0 +endif +CFLAGS += -Wall -fsigned-char -fno-strict-aliasing +# LFS support +ifneq (yes,$(PHP5_COMPAT)) + CFLAGS += $(shell getconf LFS_CFLAGS) +endif + +# Enable IEEE-conformant floating point math on alphas (not the default) +ifeq (alpha-linux-gnu,$(DEB_HOST_GNU_TYPE)) + CFLAGS += -mieee +endif + +ifeq ($(DEB_HOST_GNU_TYPE), $(findstring $(DEB_HOST_GNU_TYPE), ia64-linux-gnu powerpc64-linux-gnu avr32-linux-gnu)) + CFLAGS += -g +else + CFLAGS += -gstabs +endif + +# some other helpful (for readability at least) shorthand variables +PHPIZE_BUILDDIR = debian/php5-dev/usr/lib/php5/build + +# support new (>= 2.2) and older versions of libtool for backporting ease +LIBTOOL_DIRS = /usr/share/libtool/config /usr/share/libtool +LTMAIN = $(firstword $(wildcard $(foreach d,$(LIBTOOL_DIRS),$d/ltmain.sh))) +LTMAIN_DIR = $(dir $(LTMAIN)) + +ifeq ($(LTMAIN_DIR), /usr/share/libtool/) +LIBTOOL_CONFLICTS:=libtool (>= 2.2) +else ifeq ($(LTMAIN_DIR), /usr/share/libtool/config/) +LIBTOOL_CONFLICTS:=libtool (<< 2.2) +else +LIBTOOL_CONFLICTS:=$(error "could not resolve path to ltmain.sh") +endif + +#ifneq (,$(filter parallel=%,$(DEB_BUILD_OPTIONS))) +# NUMJOBS = $(patsubst parallel=%,%,$(filter parallel=%,$(DEB_BUILD_OPTIONS))) +# MAKEFLAGS += -j$(NUMJOBS) +#endif + +# enable the hardening wrapper +DEB_BUILD_HARDENING = 1 +# but disable PIE +DEB_BUILD_HARDENING_PIE = 0 +export DEB_BUILD_HARDENING DEB_BUILD_HARDENING_PIE + +COMMON_CONFIG=--build=$(DEB_BUILD_GNU_TYPE) \ + --host=$(DEB_HOST_GNU_TYPE) \ + --sysconfdir=/etc \ + --localstatedir=/var \ + --mandir=/usr/share/man \ + --disable-debug \ + --with-regex=php \ + --disable-rpath \ + --disable-static \ + --with-pic \ + --with-layout=GNU \ + --with-pear=/usr/share/php \ + --enable-calendar \ + --enable-sysvsem \ + --enable-sysvshm \ + --enable-sysvmsg \ + --enable-bcmath \ + --with-bz2 \ + --enable-ctype \ + --with-db4 \ + --without-gdbm \ + --with-iconv \ + --enable-exif \ + --enable-ftp \ + --with-gettext \ + --enable-mbstring \ + --with-pcre-regex=/usr \ + --enable-shmop \ + --enable-sockets \ + --enable-wddx \ + --with-libxml-dir=/usr \ + --with-zlib \ + --with-kerberos=/usr \ + --with-openssl \ + --enable-soap \ + --enable-zip \ + --with-mhash=yes \ + --with-exec-dir=/usr/lib/php5/libexec \ + --with-system-tzdata \ + --with-mysql-sock=/var/run/mysqld/mysqld.sock + +BUILTIN_EXTENSION_CHECK=$$e=get_loaded_extensions(); natcasesort($$e); \ + $$s="The following extensions are built in:"; \ + foreach($$e as $$i) { $$s .= " $$i"; } \ + echo("php:Extensions=" . wordwrap($$s . ".\n", 75, "\$${Newline} ")); + +# include the patch/unpatch rules from quilt +include /usr/share/quilt/quilt.make + +prepared: prepared-stamp +prepared-stamp: $(QUILT_STAMPFN) + dh_testdir +ifeq (yes,$(PHP5_SUHOSIN)) + QUILT_PATCHES=$(QUILT_PATCH_DIR) \ + quilt --quiltrc /dev/null import debian/patches/suhosin.patch + QUILT_PATCHES=$(QUILT_PATCH_DIR) \ + quilt --quiltrc /dev/null push -a || test $$? = 2 +endif + sed -i -e 's/EXTRA_VERSION=""/EXTRA_VERSION="-$(PHP5_DEBIAN_REVISION)"/' configure.in + ./buildconf --force + touch prepared-stamp + +unprepared: + dh_testdir + sed -i -e 's/EXTRA_VERSION="-$(PHP5_DEBIAN_REVISION)"/EXTRA_VERSION=""/' configure.in + rm -f prepared-stamp + +test-results.txt: build-apache2-stamp build-cli-stamp build-cgi-stamp +ifeq (yes,$(RUN_TESTS)) + mkdir -p temp_session_store + # start our own mysql server for the tests + $(SHELL) debian/setup-mysql.sh $(MYSQL_PORT) $(MYSQL_DATA_DIR) + extensions=""; \ + for f in $(CURDIR)/apache2-build/modules/*.so; do \ + ext=`basename "$$f"`; \ + test -d "$(CURDIR)/ext/$${ext%.so}/tests" || continue; \ + test "$$ext" != "imap.so" || continue; \ + test "$$ext" != "interbase.so" || continue; \ + test "$$ext" != "ldap.so" || continue; \ + test "$$ext" != "odbc.so" || continue; \ + test "$$ext" != "pgsql.so" || continue; \ + test "$$ext" != "pdo_dblib.so" || continue; \ + test "$$ext" != "pdo_firebird.so" || continue; \ + test "$$ext" != "pdo_odbc.so" || continue; \ + test "$$ext" != "pdo_pgsql.so" || continue; \ + test "$$ext" != "snmp.so" || continue; \ + extensions="$$extensions -d extension=$$ext"; \ + done; \ + [ "$$extensions" ] || { echo "extensions list is empty"; exit 1; }; \ + env MYSQL_TEST_PORT=$(MYSQL_PORT) MYSQL_TEST_SOCKET=$(MYSQL_SOCKET) PDO_MYSQL_TEST_PORT=$(MYSQL_PORT) PDO_MYSQL_TEST_SOCKET=$(MYSQL_SOCKET) NO_INTERACTION=1 TEST_PHP_CGI_EXECUTABLE=$(CURDIR)/cgi-build/sapi/cgi/cgi-bin.php5 TEST_PHP_EXECUTABLE=$(CURDIR)/cli-build/sapi/cli/php \ + $(CURDIR)/cli-build/sapi/cli/php run-tests.php -d mysql.default_socket=$(MYSQL_SOCKET) -d mysqli.default_socket=$(MYSQL_SOCKET) -d extension_dir=$(CURDIR)/apache2-build/modules/ $$extensions| tee test-results.txt + rm -rf temp_session_store + @for test in `find . -name '*.log' -a '!' -name 'config.log' -a '!' -name 'bootstrap.log' -a '!' -name 'run.log'`; do \ + echo; \ + echo -n "$${test#./}:"; \ + cat $$test; \ + echo; \ + done | tee -a test-results.txt + $(SHELL) debian/setup-mysql.sh $(MYSQL_PORT) $(MYSQL_DATA_DIR) stop +else + echo 'nocheck found in DEB_BUILD_OPTIONS or unsupported architecture' | tee test-results.txt +endif + +build: build-apache2-stamp build-apache2filter-stamp build-cgi-stamp build-cli-stamp build-fpm-stamp build-pear-stamp test-results.txt + +build-apache2-stamp: configure-apache2-stamp + dh_testdir + cd apache2-build && $(MAKE) + + touch build-apache2-stamp + +build-apache2filter-stamp: configure-apache2filter-stamp + dh_testdir + cd apache2filter-build && $(MAKE) + + touch build-apache2filter-stamp + +build-cli-stamp: configure-cli-stamp + dh_testdir + cd cli-build && $(MAKE) + + touch build-cli-stamp + +build-fpm-stamp: configure-fpm-stamp + dh_testdir + cd fpm-build && $(MAKE) + + touch build-fpm-stamp + + +build-cgi-stamp: configure-cgi-stamp + dh_testdir + cd cgi-build && $(MAKE) && mv sapi/cgi/php-cgi sapi/cgi/cgi-bin.php5 + + # Dirty hack to not rebuild everything twice + cd cgi-build/main && \ + sed -i -e 's/FORCE_CGI_REDIRECT 1/FORCE_CGI_REDIRECT 0/' \ + -e 's/DISCARD_PATH 0/DISCARD_PATH 1/' php_config.h && \ + sed -i -e 's/--enable-force-cgi-redirect/--enable-discard-path/' build-defs.h && \ + touch ../../ext/standard/info.c && \ + touch ../../sapi/cgi/cgi_main.c + + cd cgi-build && $(MAKE) && mv sapi/cgi/php-cgi sapi/cgi/usr.bin.php5-cgi + + touch build-cgi-stamp + +build-pear-stamp: build-cgi-stamp + dh_testdir + -mkdir pear-build + -mkdir pear-build-download + cd cgi-build && PHP_PEAR_DOWNLOAD_DIR=$(CURDIR)/pear-build-download $(MAKE) install-pear PHP_PEAR_PHP_BIN=/usr/bin/php PHP_PEAR_INSTALL_DIR=/usr/share/php PHP_PEAR_SYSCONF_DIR=/etc/pear PHP_PEAR_SIG_BIN=/usr/bin/gpg INSTALL_ROOT=$(CURDIR)/pear-build + sed -i -e 's/-d output_buffering=1 -d open_basedir="" -d safe_mode=0/-d output_buffering=1 -d open_basedir="" -d safe_mode=0 -d memory_limit="-1"/' \ + $(CURDIR)/pear-build/usr/bin/pear && \ + sed -i -e 's/-d output_buffering=1 -d safe_mode=0/-d output_buffering=1 -d open_basedir="" -d safe_mode=0 -d memory_limit="-1"/' \ + $(CURDIR)/pear-build/usr/bin/pecl && \ + sed -i -e 's/-d memory_limit="-1"//' \ + -e 's/-d output_buffering=1 -d open_basedir="" -d safe_mode=0/-d output_buffering=1 -d open_basedir="" -d safe_mode=0 -d memory_limit="-1"/' \ + $(CURDIR)/pear-build/usr/bin/peardev + sed -i -re "s#('PEAR_CONFIG_SYSCONFDIR', PHP_SYSCONFDIR)#\1 . '/pear'#" $(CURDIR)/pear-build/usr/share/php/PEAR/Config.php + patch -s -d $(CURDIR)/pear-build/usr/share/php/ -p1 -i $(CURDIR)/debian/patches/PEAR-Builder-print-info-about-php5-dev.patch + touch build-pear-stamp + +configure: configure-apache2-stamp configure-apache2filter-stamp configure-cli-stamp configure-fpm-stamp configure-cgi-stamp + +configure-apache2-stamp: prepared-stamp + dh_testdir + if [ -d apache2-build ]; then rm -rf apache2-build; fi + -mkdir apache2-build + cd apache2-build && \ + CFLAGS="$(CFLAGS)" PROG_SENDMAIL="$(PROG_SENDMAIL)" ../configure \ + --prefix=/usr --with-apxs2=/usr/bin/apxs2 \ + --with-config-file-path=/etc/php5/apache2 \ + --with-config-file-scan-dir=/etc/php5/apache2/conf.d \ + $(COMMON_CONFIG) \ + --without-mm \ + --with-curl=shared,/usr \ + --with-enchant=shared,/usr \ + --with-zlib-dir=/usr \ + --with-gd=shared,/usr --enable-gd-native-ttf \ + --with-gmp=shared,/usr \ + --with-jpeg-dir=shared,/usr \ + --with-xpm-dir=shared,/usr/X11R6 \ + --with-png-dir=shared,/usr \ + --with-freetype-dir=shared,/usr \ + --enable-intl=shared \ + --with-ttf=shared,/usr \ + --with-t1lib=shared,/usr \ + --with-ldap=shared,/usr \ + --with-ldap-sasl=/usr \ + --with-mysql=shared,/usr \ + --with-mysqli=shared,/usr/bin/mysql_config \ + --with-pspell=shared,/usr \ + --with-unixODBC=shared,/usr \ + --with-recode=shared,/usr \ + --with-xsl=shared,/usr \ + --with-snmp=shared,/usr \ + --without-sqlite \ + --with-sqlite3=shared,/usr \ + --with-mssql=shared,/usr \ + --with-tidy=shared,/usr \ + --with-xmlrpc=shared \ + --with-pgsql=shared,/usr PGSQL_INCLUDE=`pg_config --includedir` \ + --enable-pdo=shared \ + --without-pdo-dblib \ + --with-pdo-mysql=shared,/usr \ + --with-pdo-odbc=shared,unixODBC,/usr \ + --with-pdo-pgsql=shared,/usr/bin/pg_config \ + --with-pdo-sqlite=shared,/usr \ + --with-pdo-dblib=shared,/usr \ + $(CONFIGURE_APACHE_ARGS) + cd apache2-build && \ + cp ../Zend/zend_ini_scanner.c ../Zend/zend_language_scanner.c \ + ../Zend/zend_ini_parser.h ../Zend/zend_language_parser.h \ + ../Zend/zend_ini_parser.c ../Zend/zend_language_parser.c \ + Zend/ + touch configure-apache2-stamp + +configure-apache2filter-stamp: prepared-stamp + dh_testdir + if [ -d apache2filter-build ]; then rm -rf apache2filter-build; fi + -mkdir apache2filter-build + cd apache2filter-build && \ + CFLAGS="$(CFLAGS)" PROG_SENDMAIL="$(PROG_SENDMAIL)" ../configure \ + --prefix=/usr --with-apxs2filter=/usr/bin/apxs2 \ + --with-config-file-path=/etc/php5/apache2filter \ + --with-config-file-scan-dir=/etc/php5/apache2filter/conf.d \ + $(COMMON_CONFIG) \ + --without-mm \ + --disable-pdo \ + --without-mysql --without-sybase-ct --without-mssql \ + --without-sqlite --without-sqlite3 + cd apache2filter-build && \ + cp ../Zend/zend_ini_scanner.c ../Zend/zend_language_scanner.c \ + ../Zend/zend_ini_parser.h ../Zend/zend_language_parser.h \ + ../Zend/zend_ini_parser.c ../Zend/zend_language_parser.c \ + Zend/ + touch configure-apache2filter-stamp + +configure-cgi-stamp: prepared-stamp + dh_testdir + if [ -d cgi-build ]; then rm -rf cgi-build; fi + -mkdir cgi-build + cd cgi-build && \ + CFLAGS="$(CFLAGS)" PROG_SENDMAIL="$(PROG_SENDMAIL)" ../configure \ + --prefix=/usr --enable-force-cgi-redirect --enable-fastcgi \ + --with-config-file-path=/etc/php5/cgi \ + --with-config-file-scan-dir=/etc/php5/cgi/conf.d \ + $(COMMON_CONFIG) \ + --without-mm \ + --enable-pdo=shared \ + --enable-mysqlnd=shared \ + --with-mysql=shared,mysqlnd \ + --with-mysqli=shared,mysqlnd \ + --with-pdo-mysql=shared,mysqlnd \ + --without-pdo-sqlite \ + --without-sybase-ct --without-mssql \ + --without-sqlite --without-sqlite3 \ + --enable-pcntl + cd cgi-build && \ + cp ../Zend/zend_ini_scanner.c ../Zend/zend_language_scanner.c \ + ../Zend/zend_ini_parser.h ../Zend/zend_language_parser.h \ + ../Zend/zend_ini_parser.c ../Zend/zend_language_parser.c \ + Zend/ + touch configure-cgi-stamp + +configure-cli-stamp: prepared-stamp + dh_testdir + if [ -d cli-build ]; then rm -rf cli-build; fi + -mkdir cli-build + cd cli-build && \ + CFLAGS="$(CFLAGS)" PROG_SENDMAIL="$(PROG_SENDMAIL)" ../configure \ + --prefix=/usr --disable-cgi \ + --with-config-file-path=/etc/php5/cli \ + --with-config-file-scan-dir=/etc/php5/cli/conf.d \ + $(COMMON_CONFIG) \ + --with-libedit \ + --without-mm \ + --disable-pdo \ + --without-mysql --without-sybase-ct --without-sqlite \ + --without-mssql --without-sqlite3 --enable-pcntl + cd cli-build && \ + cp ../Zend/zend_ini_scanner.c ../Zend/zend_language_scanner.c \ + ../Zend/zend_ini_parser.h ../Zend/zend_language_parser.h \ + ../Zend/zend_ini_parser.c ../Zend/zend_language_parser.c \ + Zend/ + touch configure-cli-stamp + +configure-fpm-stamp: prepared-stamp + dh_testdir + if [ -d fpm-build ]; then rm -rf fpm-build; fi + -mkdir fpm-build + cd fpm-build && \ + CFLAGS="$(CFLAGS)" PROG_SENDMAIL="$(PROG_SENDMAIL)" ../configure \ + --prefix=/usr --enable-fpm --disable-cgi \ + --with-fpm-user=www-data --with-fpm-group=www-data \ + --with-config-file-path=/etc/php5/fpm \ + --with-config-file-scan-dir=/etc/php5/fpm/conf.d \ + $(COMMON_CONFIG) \ + --with-libevent-dir=/usr \ + --without-mm \ + --disable-pdo \ + --without-mysql --without-sybase-ct --without-sqlite \ + --without-mssql --without-sqlite3 + cd fpm-build && \ + cp ../Zend/zend_ini_scanner.c ../Zend/zend_language_scanner.c \ + ../Zend/zend_ini_parser.h ../Zend/zend_language_parser.h \ + ../Zend/zend_ini_parser.c ../Zend/zend_language_parser.c \ + Zend/ + touch configure-fpm-stamp + +clean: unprepared unpatch + dh_testdir + dh_testroot + +ifeq (yes,$(PHP5_SUHOSIN)) + QUILT_PATCHES=$(QUILT_PATCH_DIR) \ + quilt --quiltrc /dev/null delete debian/patches/suhosin.patch \ + || return 0 +endif + + rm -f configure-apache2-stamp build-apache2-stamp + rm -f configure-apache2filter-stamp build-apache2filter-stamp + rm -f configure-cgi-stamp build-cgi-stamp + rm -f configure-cli-stamp build-cli-stamp + rm -f configure-fpm-stamp build-fpm-stamp + rm -f build-pear-stamp + rm -f install-stamp + rm -rf apache2-build + rm -rf apache2filter-build + rm -rf cgi-build + rm -rf cli-build + rm -rf fpm-build + rm -rf pear-build pear-build-download + rm -f debian/copyright + # just in case the build tests failed, kill the running mysqld + $(SHELL) debian/setup-mysql.sh $(MYSQL_PORT) $(MYSQL_DATA_DIR) stop > /dev/null 2>&1 || exit 0 + rm -rf test-results.txt $(MYSQL_DATA_DIR) + dh_clean -Xorig + + # clean up autogenerated cruft + cat debian/modulelist | while read package extname dsoname priority; do \ + rm -f debian/php5-$$package.postinst; \ + done + for sapi in libapache2-mod-php5 libapache2-mod-php5filter php5-cgi php5-cli php5-fpm; do \ + for cruft in postrm links; do \ + rm -f debian/$${sapi}.$${cruft}; \ + done; \ + done + +PCNTL_FUNCTIONS := $(shell < ext/pcntl/php_pcntl.h sed -ne "/^PHP_FUNCTION/ s/PHP_FUNCTION(\(.*\));/\1/;t end;d;:end p" | tr '\n' ',') + +install: DH_OPTIONS= +install: build + dh_testdir + dh_testroot + dh_prep + dh_installdirs + + chmod 01733 debian/php5-common/var/lib/php5 + + # Add here commands to install the package into debian/php5. + # install apache2 DSO module + cp apache2-build/.libs/libphp5.so \ + debian/libapache2-mod-php5/`apxs2 -q LIBEXECDIR`/ + cp debian/libapache2-mod-php5.load \ + debian/libapache2-mod-php5/etc/apache2/mods-available/php5.load + cp debian/libapache2-mod-php5.conf \ + debian/libapache2-mod-php5/etc/apache2/mods-available/php5.conf + + # Add here commands to install the package into debian/php5. + # install apache2 DSO filter module + cp apache2filter-build/.libs/libphp5.so \ + debian/libapache2-mod-php5filter/`apxs2 -q LIBEXECDIR`/libphp5filter.so + cp debian/libapache2-mod-php5filter.load \ + debian/libapache2-mod-php5filter/etc/apache2/mods-available/php5filter.load + cp debian/libapache2-mod-php5filter.conf \ + debian/libapache2-mod-php5filter/etc/apache2/mods-available/php5filter.conf + + # sanitize php.ini file + cat php.ini-production | tr "\t" " " | sed -e'/short_open_tag =/ s/Off/On/g;/session.gc_probability =/ s/1/0/g;/disable_functions =/ s/$$/ $(PCNTL_FUNCTIONS)/g;' > debian/php5-common/usr/share/php5/php.ini-production + # memory_limit: 16M for cgi/apache; 32M for cli + cat php.ini-production | tr "\t" " " | sed -e'/memory_limit =/ s/128M/-1/g;/short_open_tag =/ s/Off/On/g;/session.gc_probability =/ s/1/0/g' > debian/php5-common/usr/share/php5/php.ini-production.cli + cat php.ini-production | tr "\t" " " | sed -e'/memory_limit =/ s/128M/32M/g' > debian/php5-common/usr/share/php5/php.ini-production-dist + cat php.ini-development | tr "\t" " " > debian/php5-common/usr/share/doc/php5-common/examples/php.ini-development + cp test-results.txt debian/php5-common/usr/share/doc/php5-common/ + + # install the apache modules' files + cd apache2-build && $(MAKE) install-headers install-build install-modules install-programs INSTALL_ROOT=$(CURDIR)/debian/libapache2-mod-php5 + # remove netware and win32 headers that we don't want + cd debian/libapache2-mod-php5/usr/include/php5/ && \ + $(RM) TSRM/readdir.h \ + TSRM/tsrm_config.nw.h TSRM/tsrm_config.w32.h\ + TSRM/tsrm_nw.h TSRM/tsrm_win32.h\ + Zend/zend_config.nw.h Zend/zend_config.w32.h\ + main/config.nw.h main/config.w32.h\ + main/win95nt.h + + # install PEAR + cp -a pear-build/* debian/php-pear/ + + # everything under usr/share/php/data except 'PEAR' is b0rken + # and actually needs to be fixed + [ ! -f debian/php-pear/usr/share/php/data/Structures_Graph/LICENSE ] || \ + $(RM) debian/php-pear/usr/share/php/data/Structures_Graph/LICENSE + [ ! -f debian/php-pear/usr/share/php/doc/PEAR/INSTALL ] || \ + $(RM) debian/php-pear/usr/share/php/doc/PEAR/INSTALL + [ ! -f debian/php-pear/usr/share/php/doc/Structures_Graph/docs/generate.sh ] || \ + $(RM) debian/php-pear/usr/share/php/doc/Structures_Graph/docs/generate.sh + for f in Structures_Graph/publish.sh Structures_Graph/package.sh \ + Structures_Graph/genpackage.xml.pl; do \ + $(RM) debian/php-pear/usr/share/php/data/$$f; \ + done + # we don't want test suites + $(RM) -r debian/php-pear/usr/share/php/test/ + [ -d debian/php-pear/usr/share/php/doc ] && { \ + mkdir -p debian/php-pear/usr/share/doc/php5-common/PEAR; \ + mv debian/php-pear/usr/share/php/doc/* \ + debian/php-pear/usr/share/doc/php5-common/PEAR/; \ + $(RM) -r debian/php-pear/usr/share/php/doc; \ + ln -s ../doc/php-pear/PEAR debian/php-pear/usr/share/php/doc; \ + echo "Dummy placeholder to prevent the directory's deletion" > \ + debian/php-pear/usr/share/doc/php5-common/PEAR/.placeholder; \ + } + + # install extensions + ext=`./debian/libapache2-mod-php5/usr/bin/php-config --extension-dir`;\ + for i in libapache2-mod-php5 libapache2-mod-php5filter php5-cgi php5-fpm php5-cli; do \ + mkdir -p debian/$$i/$${ext}; \ + done; \ + cat debian/modulelist debian/extramodulelist | while read package extname dsoname priority; do \ + if [ "$$package" = "mysqlnd" ]; then \ + modulepath=cgi-build/modules; \ + else \ + modulepath=debian/libapache2-mod-php5/$${ext}; \ + fi; \ + if [ -z "$$dsoname" ]; then dsoname=$$package; fi; \ + mkdir -p debian/php5-$$package$${ext}; \ + install -m 644 -o root -g root \ + $${modulepath}/$$dsoname.so \ + debian/php5-$$package$${ext}/$$dsoname.so; \ + rm debian/libapache2-mod-php5/$${ext}/$$dsoname.so; \ + done + + # install CGI + cp cgi-build/sapi/cgi/cgi-bin.php5 debian/php5-cgi/usr/lib/cgi-bin/php5 + cp cgi-build/sapi/cgi/usr.bin.php5-cgi debian/php5-cgi/usr/bin/php5-cgi + cp cli-build/sapi/cli/php.1 debian/php5-cgi/usr/share/man/man1/php5-cgi.1 + + # install CLI + cp cli-build/sapi/cli/php debian/php5-cli/usr/bin/php5 + cp cli-build/sapi/cli/php.1 debian/php5-cli/usr/share/man/man1/php5.1 + + # install FPM + mkdir -p debian/php5-fpm/usr/sbin debian/php5-fpm/usr/share/man/man8/ debian/php5-fpm/etc/php5/fpm/pool.d + cp fpm-build/sapi/fpm/php-fpm debian/php5-fpm/usr/sbin/php5-fpm + cp fpm-build/sapi/fpm/php-fpm.8 debian/php5-fpm/usr/share/man/man8/php5-fpm.8 + # we don't want the pool definitions on the main file itself: + sed -r '/('"'"'|\[)www('"'"'|\])/Q' < fpm-build/sapi/fpm/php-fpm.conf > \ + debian/php5-fpm/etc/php5/fpm/php-fpm.conf + # extract the first pool, called "www," from the config file: + sed -nr '/('"'"'|\[)www('"'"'|\])/{h;p;d};x;/www/{x;p}' < fpm-build/sapi/fpm/php-fpm.conf \ + > debian/php5-fpm/etc/php5/fpm/pool.d/www.conf + + # move and install -dev files + dh_movefiles --sourcedir=debian/libapache2-mod-php5 + rm -rf debian/libapache2-mod-php5/usr/lib/php5/build/ \ + debian/libapache2-mod-php5/usr/include/ \ + debian/libapache2-mod-php5/usr/bin/ + rm -rf debian/libapache2-mod-php5filter/usr/lib/php5/build/ \ + debian/libapache2-mod-php5filter/usr/include/ \ + debian/libapache2-mod-php5filter/usr/bin/ + for i in Makefile.global acinclude.m4 mkdep.awk phpize.m4 scan_makefile_in.awk; do \ + chmod 644 debian/php5-dev/usr/lib/php5/build/$$i; \ + done + mkdir -p debian/php5-dev/usr/share/php5 + cp -a ext/skeleton ext/ext_skel debian/php5-dev/usr/share/php5 + sed -i 's/skel_dir="skeleton"/skel_dir="\/usr\/share\/php5\/skeleton"/' \ + debian/php5-dev/usr/share/php5/ext_skel + # shipping duplicate files from other packages is hell for security audits + ln -sf /usr/share/misc/config.guess $(PHPIZE_BUILDDIR)/config.guess + ln -sf /usr/share/misc/config.sub $(PHPIZE_BUILDDIR)/config.sub + ln -sf /usr/share/aclocal/libtool.m4 $(PHPIZE_BUILDDIR)/libtool.m4 + ln -sf $(LTMAIN_DIR)ltmain.sh $(PHPIZE_BUILDDIR)/ltmain.sh + ln -sf /usr/bin/shtool $(PHPIZE_BUILDDIR)/shtool + # make php-dev stuff versioned + for i in php-config phpize; do \ + mv debian/php5-dev/usr/bin/$$i debian/php5-dev/usr/bin/"$$i"5; \ + mv debian/php5-dev/usr/share/man/man1/"$$i".1 debian/php5-dev/usr/share/man/man1/"$$i"5.1; \ + done + # remove windows devel file + rm $(CURDIR)/debian/php5-dev/usr/share/php5/skeleton/skeleton.dsp + + # install common files + install -m755 debian/maxlifetime debian/php5-common/usr/lib/php5 + + # install lintian overrides + cp debian/php5.lintian-overrides $(CURDIR)/debian/php5-common/usr/share/lintian/overrides/php5-common + cp debian/php5-dev.lintian-overrides $(CURDIR)/debian/php5-dev/usr/share/lintian/overrides/php5-dev + cp debian/php-pear.lintian-overrides $(CURDIR)/debian/php-pear/usr/share/lintian/overrides/php-pear + + # install the apport hook + install -D -m 644 debian/source_php5.py debian/php5-common/usr/share/apport/package-hooks/source_php5.py + + # install some generic lintian overrides + ext=`debian/php5-dev/usr/bin/php-config5 --extension-dir | cut -b2- `; \ + for sapi in php5-cli php5-fpm php5-cgi libapache2-mod-php5 libapache2-mod-php5filter; do \ + mkdir -p $(CURDIR)/debian/"$$sapi"/usr/share/lintian/overrides/; \ + sed "s/@sapi@/$$sapi/g;s,@extdir@,$$ext,g" \ + < $(CURDIR)/debian/php5-sapi.lintian-overrides | \ + grep -E "^$${sapi}: " \ + >> $(CURDIR)/debian/"$$sapi"/usr/share/lintian/overrides/"$$sapi"; \ + done + + # directories cleanup: + -rmdir -p debian/libapache2-mod-php5/usr/share/man/man1 + -find debian/php-pear -type d -exec rmdir --ignore-fail-on-non-empty -p '{}' \; >/dev/null 2>&1 + + touch install-stamp + +# Build architecture-independent files here. +# Pass -i to all debhelper commands in this target to reduce clutter. +binary-indep: DH_OPTIONS=-i +binary-indep: build install + # Need this version of debhelper for DH_OPTIONS to work. + dh_testdir + dh_testroot + cat debian/copyright.header LICENSE Zend/LICENSE > debian/copyright + + dh_installdocs + + for package in php5 php-pear; do \ + rm -rf debian/$$package/usr/share/doc/$$package; \ + ln -s php5-common debian/$$package/usr/share/doc/$$package; \ + done + + dh_link + dh_compress -Xphp.ini + dh_fixperms + dh_installdeb + dh_gencontrol + dh_md5sums + dh_builddeb + +# Build architecture-dependent files here. +binary-arch: build install + # Need this version of debhelper for DH_OPTIONS to work. + dh_testdir + dh_testroot + # Do this first so we don't overwrite any debhelper-generated files + # + # generate the maintscripts for various php + # modules from the templates. + cat debian/modulelist | while read package extname dsoname priority; do \ + if [ -z "$$dsoname" ]; then dsoname=$$package; fi; \ + sed -e"s/@extname@/$$extname/g; s/@dsoname@/$$dsoname/g; \ + /#EXTRA#/ r debian/php5-$${package}.postinst.extra" \ + < debian/php5-module.postinst \ + | sed -e'/#EXTRA#/ d' \ + > debian/php5-$${package}.postinst; \ + c=`grep -vE '^(#|set|$$|exit 0)' < debian/php5-$${package}.postinst | wc -l`; \ + [ "$$c" != "0" ] || $(RM) debian/php5-$${package}.postinst; \ + done + + # generate the config snippets for various php + # modules from the templates. + cat debian/modulelist debian/extramodulelist | while read package extname dsoname priority; do \ + if [ -z "$$dsoname" ]; then dsoname=$$package; fi; \ + if [ -n "$$priority" ]; then prepend="$${priority}-"; else prepend=""; fi; \ + mkdir -p debian/php5-$$package/etc/php5/conf.d; \ + sed -e"s/@extname@/$$extname/g; s/@dsoname@/$$dsoname/g" \ + < debian/php5-module.ini \ + > debian/php5-$${package}/etc/php5/conf.d/$${prepend}$${dsoname}.ini; \ + done + + # likewise, for the different sapi implementations + for tmpl in postrm links; do \ + for sapi in cgi cli fpm; do \ + sed -e "s/@sapi@/$$sapi/g;s/@package@/php5-$${sapi}/g" \ + < debian/php5-sapi.$$tmpl \ + > debian/php5-$${sapi}.$$tmpl; \ + done; \ + done + for tmpl in postrm links; do \ + sed -e "s/@sapi@/apache2/g;s/@package@/libapache2-mod-php5/g" \ + < debian/php5-sapi.$$tmpl \ + > debian/libapache2-mod-php5.$$tmpl; \ + sed -e "s/@sapi@/apache2filter/g;s/@package@/libapache2-mod-php5filter/g" \ + < debian/php5-sapi.$$tmpl \ + > debian/libapache2-mod-php5filter.$$tmpl; \ + done + + sed -i -e 's|exit 0|[ -x /usr/bin/dpkg-maintscript-helper ] \&\& dpkg-maintscript-helper mv_conffile /etc/php5/fpm/main.conf /etc/php5/fpm/php-fpm.conf 5.3.5-1 -- \"\$\@\"\n\nexit 0|' debian/php5-fpm.postrm + + cat debian/copyright.header LICENSE Zend/LICENSE > debian/copyright + dh_installdocs -s + + cat debian/modulelist | while read package extname dsoname priority; do \ + rm -rf debian/php5-$$package/usr/share/doc/php5-$$package; \ + ln -s php5-common debian/php5-$$package/usr/share/doc/php5-$$package; \ + done + + for package in php5-dbg php5-dev php5-cgi php5-cli php5-fpm libapache2-mod-php5 libapache2-mod-php5filter; do \ + rm -rf debian/$$package/usr/share/doc/$$package; \ + ln -s php5-common debian/$$package/usr/share/doc/$$package; \ + done + dh_installcron -pphp5-common --name=php5 + dh_installchangelogs -pphp5-common NEWS + dh_installinit + dh_strip -s --dbg-package=php5-dbg + dh_link -s + dh_compress -s -Xphp.ini + dh_fixperms -s -X /var/lib/php5 + dh_installdeb -s + dh_shlibdeps -s + + phpapi=`./debian/php5-dev/usr/bin/php-config5 --phpapi`; \ + for i in libapache2-mod-php5 libapache2-mod-php5filter php5-cgi php5-cli php5-fpm; do \ + echo "php:Provides=phpapi-$${phpapi}" >> debian/$$i.substvars; \ + done; \ + cat debian/modulelist | while read package extname dsoname priority; do \ + echo "php:Depends=phpapi-$${phpapi}" >> debian/php5-$$package.substvars; \ + done + + for i in cgi cli fpm; do \ + "$$i"-build/sapi/cli/php -n -r '$(BUILTIN_EXTENSION_CHECK)' \ + >> debian/php5-"$$i".substvars; \ + done + for i in apache2; do \ + "$$i"-build/sapi/cli/php -n -r '$(BUILTIN_EXTENSION_CHECK)' \ + >> debian/lib"$$i"-mod-php5.substvars; \ + "$$i"filter-build/sapi/cli/php -n -r '$(BUILTIN_EXTENSION_CHECK)' \ + >> debian/lib"$$i"-mod-php5filter.substvars; \ + done + + echo "apache2:Depends=apache2-mpm-prefork (>> 2.0.52) | apache2-mpm-itk, apache2.2-common" >>debian/libapache2-mod-php5.substvars + echo "apache2:Depends=apache2-mpm-prefork (>> 2.0.52) | apache2-mpm-itk, apache2.2-common" >>debian/libapache2-mod-php5filter.substvars + + echo "libtool:Conflicts=$(LIBTOOL_CONFLICTS)" >>debian/php5-dev.substvars + dh_gencontrol -s + dh_md5sums -s + dh_builddeb -s + +binary: binary-arch binary-indep +.PHONY: build clean binary-indep binary-arch binary install configure --- php5-5.3.10.orig/debian/source/format +++ php5-5.3.10/debian/source/format @@ -0,0 +1 @@ +1.0 --- php5-5.3.10.orig/debian/patches/CVE-2015-2305.patch +++ php5-5.3.10/debian/patches/CVE-2015-2305.patch @@ -0,0 +1,35 @@ +From fb04dcf6dbb48aecd8d2dc986806cb58c8ae5282 Mon Sep 17 00:00:00 2001 +From: Stanislav Malyshev +Date: Tue, 17 Mar 2015 17:04:57 -0700 +Subject: [PATCH] Fix bug #69248 - heap overflow vulnerability in regcomp.c + +Merged from https://github.com/garyhouston/regex/commit/70bc2965604b6b8aaf260049e64c708dddf85334 +--- + NEWS | 3 +++ + ext/ereg/regex/regcomp.c | 10 +++++++++- + 2 files changed, 12 insertions(+), 1 deletion(-) + +diff --git a/ext/ereg/regex/regcomp.c b/ext/ereg/regex/regcomp.c +index 156eee9..f4bfc1c 100644 +--- a/ext/ereg/regex/regcomp.c ++++ b/ext/ereg/regex/regcomp.c +@@ -117,7 +117,15 @@ int cflags; + (NC-1)*sizeof(cat_t)); + if (g == NULL) + return(REG_ESPACE); +- p->ssize = len/(size_t)2*(size_t)3 + (size_t)1; /* ugh */ ++ { ++ /* Patched for CERT Vulnerability Note VU#695940, Feb 2015. */ ++ size_t new_ssize = len/(size_t)2*(size_t)3 + (size_t)1; /* ugh */ ++ if (new_ssize < len || new_ssize > LONG_MAX / sizeof(sop)) { ++ free((char *) g); ++ return REG_INVARG; ++ } ++ p->ssize = new_ssize; ++ } + p->strip = (sop *)malloc(p->ssize * sizeof(sop)); + p->slen = 0; + if (p->strip == NULL) { +-- +2.1.4 + --- php5-5.3.10.orig/debian/patches/session_save_path.patch +++ php5-5.3.10/debian/patches/session_save_path.patch @@ -0,0 +1,18 @@ +Description: Set the default session.save_path dir to /var/lib/php5. + This is the directory that has been used in Debian to store the + session files and is partially protected by dir permissions. +Origin: vendor +Forwarded: not-needed +Last-Update: 2010-05-01 + +--- a/ext/session/session.c ++++ b/ext/session/session.c +@@ -788,7 +788,7 @@ static PHP_INI_MH(OnUpdateHashFunc) /* { + PHP_INI_BEGIN() + STD_PHP_INI_BOOLEAN("session.bug_compat_42", "1", PHP_INI_ALL, OnUpdateBool, bug_compat, php_ps_globals, ps_globals) + STD_PHP_INI_BOOLEAN("session.bug_compat_warn", "1", PHP_INI_ALL, OnUpdateBool, bug_compat_warn, php_ps_globals, ps_globals) +- STD_PHP_INI_ENTRY("session.save_path", "", PHP_INI_ALL, OnUpdateSaveDir,save_path, php_ps_globals, ps_globals) ++ STD_PHP_INI_ENTRY("session.save_path", "/var/lib/php5", PHP_INI_ALL, OnUpdateSaveDir,save_path, php_ps_globals, ps_globals) + STD_PHP_INI_ENTRY("session.name", "PHPSESSID", PHP_INI_ALL, OnUpdateString, session_name, php_ps_globals, ps_globals) + PHP_INI_ENTRY("session.save_handler", "files", PHP_INI_ALL, OnUpdateSaveHandler) + STD_PHP_INI_BOOLEAN("session.auto_start", "0", PHP_INI_ALL, OnUpdateBool, auto_start, php_ps_globals, ps_globals) --- php5-5.3.10.orig/debian/patches/dont-gitclean-in-build.patch +++ php5-5.3.10/debian/patches/dont-gitclean-in-build.patch @@ -0,0 +1,18 @@ +Author: Sean Finney +Description: Don't run git-clean via buildconf + Calling buildconf indirectly invokes vcsclean, which calls the gitclean-work + target of build/build.mk, which calls among other things git clean -X -f -d, + which in turn nukes the quilt .pc directory making life quite difficult for + us. + . + This patch doesn't need to go upstream, as they likely don't want to support + having a patch system on top of their source. +--- a/build/build.mk ++++ b/build/build.mk +@@ -76,6 +76,5 @@ gitclean-work: + @if (test ! -f '.git/info/exclude' || grep -s "git-ls-files" .git/info/exclude); then \ + (echo "Rebuild .git/info/exclude" && echo '*.o' > .git/info/exclude && git svn propget svn:ignore | grep -v config.nice >> .git/info/exclude); \ + fi; \ +- git clean -X -f -d; + + .PHONY: $(ALWAYS) snapshot --- php5-5.3.10.orig/debian/patches/suhosin.patch +++ php5-5.3.10/debian/patches/suhosin.patch @@ -0,0 +1,5702 @@ +suhosin hardening patch + +this patch was downloaded from: + + http://download.suhosin.org/suhosin-patch-5.3.4-0.9.10.patch.gz + +the following modifications have been made: + + * removed changes to ./configure & ./main/php_config.h.in since those + files are autogenerated + * "quilt refresh" has been run to clean up the offsets, etc +--- a/Zend/Makefile.am ++++ b/Zend/Makefile.am +@@ -17,7 +17,7 @@ libZend_la_SOURCES=\ + zend_objects_API.c zend_ts_hash.c zend_stream.c \ + zend_default_classes.c \ + zend_iterators.c zend_interfaces.c zend_exceptions.c \ +- zend_strtod.c zend_closures.c zend_float.c ++ zend_strtod.c zend_closures.c zend_float.c zend_canary.c zend_alloc_canary.c + + libZend_la_LDFLAGS = + libZend_la_LIBADD = @ZEND_EXTRA_LIBS@ +--- a/Zend/Zend.dsp ++++ b/Zend/Zend.dsp +@@ -247,6 +247,14 @@ SOURCE=.\zend_strtod.c + # End Source File + # Begin Source File + ++SOURCE=.\zend_canary.c ++# End Source File ++# Begin Source File ++ ++SOURCE=.\zend_alloc_canary.c ++# End Source File ++# Begin Source File ++ + SOURCE=.\zend_ts_hash.c + # End Source File + # Begin Source File +--- a/Zend/ZendTS.dsp ++++ b/Zend/ZendTS.dsp +@@ -277,6 +277,14 @@ SOURCE=.\zend_strtod.c + # End Source File + # Begin Source File + ++SOURCE=.\zend_canary.c ++# End Source File ++# Begin Source File ++ ++SOURCE=.\zend_alloc_canary.c ++# End Source File ++# Begin Source File ++ + SOURCE=.\zend_ts_hash.c + # End Source File + # Begin Source File +--- a/Zend/zend.c ++++ b/Zend/zend.c +@@ -60,6 +60,10 @@ int (*zend_vspprintf)(char **pbuf, size_ + ZEND_API char *(*zend_getenv)(char *name, size_t name_len TSRMLS_DC); + ZEND_API char *(*zend_resolve_path)(const char *filename, int filename_len TSRMLS_DC); + ++#if SUHOSIN_PATCH ++ZEND_API void (*zend_suhosin_log)(int loglevel, char *fmt, ...); ++#endif ++ + void (*zend_on_timeout)(int seconds TSRMLS_DC); + + static void (*zend_message_dispatcher_p)(long message, void *data TSRMLS_DC); +@@ -88,6 +92,74 @@ static ZEND_INI_MH(OnUpdateGCEnabled) /* + } + /* }}} */ + ++#if SUHOSIN_PATCH ++static ZEND_INI_MH(OnUpdateSuhosin_log_syslog) ++{ ++ if (!new_value) { ++ SPG(log_syslog) = S_ALL & ~S_SQL | S_MEMORY; ++ } else { ++ SPG(log_syslog) = atoi(new_value) | S_MEMORY; ++ } ++ return SUCCESS; ++} ++static ZEND_INI_MH(OnUpdateSuhosin_log_syslog_facility) ++{ ++ if (!new_value) { ++ SPG(log_syslog_facility) = LOG_USER; ++ } else { ++ SPG(log_syslog_facility) = atoi(new_value); ++ } ++ return SUCCESS; ++} ++static ZEND_INI_MH(OnUpdateSuhosin_log_syslog_priority) ++{ ++ if (!new_value) { ++ SPG(log_syslog_priority) = LOG_ALERT; ++ } else { ++ SPG(log_syslog_priority) = atoi(new_value); ++ } ++ return SUCCESS; ++} ++static ZEND_INI_MH(OnUpdateSuhosin_log_sapi) ++{ ++ if (!new_value) { ++ SPG(log_sapi) = S_ALL & ~S_SQL; ++ } else { ++ SPG(log_sapi) = atoi(new_value); ++ } ++ return SUCCESS; ++} ++static ZEND_INI_MH(OnUpdateSuhosin_log_script) ++{ ++ if (!new_value) { ++ SPG(log_script) = S_ALL & ~S_MEMORY; ++ } else { ++ SPG(log_script) = atoi(new_value) & (~S_MEMORY) & (~S_INTERNAL); ++ } ++ return SUCCESS; ++} ++static ZEND_INI_MH(OnUpdateSuhosin_log_scriptname) ++{ ++ if (SPG(log_scriptname)) { ++ pefree(SPG(log_scriptname),1); ++ } ++ SPG(log_scriptname) = NULL; ++ if (new_value) { ++ SPG(log_scriptname) = pestrdup(new_value,1); ++ } ++ return SUCCESS; ++} ++static ZEND_INI_MH(OnUpdateSuhosin_log_phpscript) ++{ ++ if (!new_value) { ++ SPG(log_phpscript) = S_ALL & ~S_MEMORY; ++ } else { ++ SPG(log_phpscript) = atoi(new_value) & (~S_MEMORY) & (~S_INTERNAL); ++ } ++ return SUCCESS; ++} ++#endif ++ + ZEND_INI_BEGIN() + ZEND_INI_ENTRY("error_reporting", NULL, ZEND_INI_ALL, OnUpdateErrorReporting) + STD_ZEND_INI_BOOLEAN("zend.enable_gc", "1", ZEND_INI_ALL, OnUpdateGCEnabled, gc_enabled, zend_gc_globals, gc_globals) +--- a/Zend/zend.h ++++ b/Zend/zend.h +@@ -627,6 +627,9 @@ extern ZEND_API int (*zend_stream_open_f + extern int (*zend_vspprintf)(char **pbuf, size_t max_len, const char *format, va_list ap); + extern ZEND_API char *(*zend_getenv)(char *name, size_t name_len TSRMLS_DC); + extern ZEND_API char *(*zend_resolve_path)(const char *filename, int filename_len TSRMLS_DC); ++#if SUHOSIN_PATCH ++extern ZEND_API void (*zend_suhosin_log)(int loglevel, char *fmt, ...); ++#endif + + ZEND_API void zend_error(int type, const char *format, ...) ZEND_ATTRIBUTE_FORMAT(printf, 2, 3); + +@@ -774,6 +777,16 @@ ZEND_API void zend_restore_error_handlin + #define DEBUG_BACKTRACE_PROVIDE_OBJECT (1<<0) + #define DEBUG_BACKTRACE_IGNORE_ARGS (1<<1) + ++#if SUHOSIN_PATCH ++#include "suhosin_globals.h" ++#include "suhosin_patch.h" ++#include "php_syslog.h" ++ ++ZEND_API void zend_canary(void *buf, int len); ++ZEND_API char suhosin_get_config(int element); ++ ++#endif ++ + #endif /* ZEND_H */ + + /* +--- a/Zend/zend_alloc.c ++++ b/Zend/zend_alloc.c +@@ -32,6 +32,10 @@ + # include + #endif + ++#if SUHOSIN_PATCH ++#include "suhosin_patch.h" ++#endif ++ + #ifdef ZEND_WIN32 + # include + # include +@@ -59,6 +63,7 @@ + # define PTR_FMT "0x%0.8lx" + #endif + ++#ifndef SUHOSIN_MM_CLONE_FILE + #if ZEND_DEBUG + void zend_debug_alloc_output(char *format, ...) + { +@@ -76,6 +81,7 @@ void zend_debug_alloc_output(char *forma + #endif + } + #endif ++#endif + + #if (defined (__GNUC__) && __GNUC__ > 2 ) && !defined(__INTEL_COMPILER) && !defined(DARWIN) && !defined(__hpux) && !defined(_AIX) + static void zend_mm_panic(const char *message) __attribute__ ((noreturn)); +@@ -134,6 +140,8 @@ static void zend_mm_panic(const char *me + # endif + #endif + ++static zend_intptr_t SUHOSIN_POINTER_GUARD = 0; ++ + static zend_mm_storage* zend_mm_mem_dummy_init(void *params) + { + return malloc(sizeof(zend_mm_storage)); +@@ -332,13 +340,28 @@ static const zend_mm_mem_handlers mem_ha + #define MEM_BLOCK_GUARD 0x2A8FCC84 + #define MEM_BLOCK_LEAK 0x6C5E8F2D + ++#if SUHOSIN_MM_WITH_CANARY_PROTECTION ++# define CANARY_SIZE sizeof(size_t) ++#else ++# define CANARY_SIZE 0 ++#endif ++ + /* mm block type */ + typedef struct _zend_mm_block_info { + #if ZEND_MM_COOKIES + size_t _cookie; + #endif +- size_t _size; +- size_t _prev; ++#if SUHOSIN_MM_WITH_CANARY_PROTECTION ++ size_t canary_1; ++#endif ++ size_t _size; ++ size_t _prev; ++#if SUHOSIN_PATCH ++ size_t size; ++#if SUHOSIN_MM_WITH_CANARY_PROTECTION ++ size_t canary_2; ++#endif ++#endif + } zend_mm_block_info; + + #if ZEND_DEBUG +@@ -412,7 +435,7 @@ typedef struct _zend_mm_free_block { + # define ZEND_MM_CACHE_STAT 0 + #endif + +-struct _zend_mm_heap { ++typedef struct _zend_mm_heap { + int use_zend_alloc; + void *(*_malloc)(size_t); + void (*_free)(void*); +@@ -447,6 +470,9 @@ struct _zend_mm_heap { + int miss; + } cache_stat[ZEND_MM_NUM_BUCKETS+1]; + #endif ++#if SUHOSIN_PATCH ++ size_t canary_1,canary_2,canary_3; ++#endif + }; + + #define ZEND_MM_SMALL_FREE_BUCKET(heap, index) \ +@@ -520,18 +546,31 @@ static unsigned int _zend_mm_cookie = 0; + /* optimized access */ + #define ZEND_MM_FREE_BLOCK_SIZE(b) (b)->info._size + ++#ifndef ZEND_MM_ALIGNMENT ++# define ZEND_MM_ALIGNMENT 8 ++# define ZEND_MM_ALIGNMENT_LOG2 3 ++#elif ZEND_MM_ALIGNMENT < 4 ++# undef ZEND_MM_ALIGNMENT ++# undef ZEND_MM_ALIGNMENT_LOG2 ++# define ZEND_MM_ALIGNMENT 4 ++# define ZEND_MM_ALIGNMENT_LOG2 2 ++#endif ++ ++#define ZEND_MM_ALIGNMENT_MASK ~(ZEND_MM_ALIGNMENT-1) ++ + /* Aligned header size */ ++#define ZEND_MM_ALIGNED_SIZE(size) ((size + ZEND_MM_ALIGNMENT - 1) & ZEND_MM_ALIGNMENT_MASK) + #define ZEND_MM_ALIGNED_HEADER_SIZE ZEND_MM_ALIGNED_SIZE(sizeof(zend_mm_block)) + #define ZEND_MM_ALIGNED_FREE_HEADER_SIZE ZEND_MM_ALIGNED_SIZE(sizeof(zend_mm_small_free_block)) +-#define ZEND_MM_MIN_ALLOC_BLOCK_SIZE ZEND_MM_ALIGNED_SIZE(ZEND_MM_ALIGNED_HEADER_SIZE + END_MAGIC_SIZE) ++#define ZEND_MM_MIN_ALLOC_BLOCK_SIZE ZEND_MM_ALIGNED_SIZE(ZEND_MM_ALIGNED_HEADER_SIZE + END_MAGIC_SIZE + CANARY_SIZE) + #define ZEND_MM_ALIGNED_MIN_HEADER_SIZE (ZEND_MM_MIN_ALLOC_BLOCK_SIZE>ZEND_MM_ALIGNED_FREE_HEADER_SIZE?ZEND_MM_MIN_ALLOC_BLOCK_SIZE:ZEND_MM_ALIGNED_FREE_HEADER_SIZE) + #define ZEND_MM_ALIGNED_SEGMENT_SIZE ZEND_MM_ALIGNED_SIZE(sizeof(zend_mm_segment)) + +-#define ZEND_MM_MIN_SIZE ((ZEND_MM_ALIGNED_MIN_HEADER_SIZE>(ZEND_MM_ALIGNED_HEADER_SIZE+END_MAGIC_SIZE))?(ZEND_MM_ALIGNED_MIN_HEADER_SIZE-(ZEND_MM_ALIGNED_HEADER_SIZE+END_MAGIC_SIZE)):0) ++#define ZEND_MM_MIN_SIZE ((ZEND_MM_ALIGNED_MIN_HEADER_SIZE>(ZEND_MM_ALIGNED_HEADER_SIZE+END_MAGIC_SIZE+CANARY_SIZE))?(ZEND_MM_ALIGNED_MIN_HEADER_SIZE-(ZEND_MM_ALIGNED_HEADER_SIZE+END_MAGIC_SIZE+CANARY_SIZE)):0) + + #define ZEND_MM_MAX_SMALL_SIZE ((ZEND_MM_NUM_BUCKETS<>ZEND_MM_ALIGNMENT_LOG2)-(ZEND_MM_ALIGNED_MIN_HEADER_SIZE>>ZEND_MM_ALIGNMENT_LOG2)) + +@@ -593,6 +632,44 @@ static unsigned int _zend_mm_cookie = 0; + + #endif + ++#if SUHOSIN_MM_WITH_CANARY_PROTECTION ++ ++# define SUHOSIN_MM_CHECK_CANARIES(block, MFUNCTION) do { \ ++ char *p = SUHOSIN_MM_END_CANARY_PTR(block); size_t check; \ ++ if (((block)->info.canary_1 != heap->canary_1) || ((block)->info.canary_2 != heap->canary_2)) { \ ++ canary_mismatch: \ ++ zend_suhosin_log(S_MEMORY, "canary mismatch on " MFUNCTION " - heap overflow detected at %p", (block)); \ ++ if (SUHOSIN_CONFIG(SUHOSIN_MM_IGNORE_CANARY_VIOLATION) == 0) { _exit(1); } else { (block)->info.canary_1 = heap->canary_1; (block)->info.canary_2 = heap->canary_2; }\ ++ } \ ++ memcpy(&check, p, CANARY_SIZE); \ ++ if (check != heap->canary_3) { \ ++ zend_suhosin_log(S_MEMORY, "end canary mismatch on " MFUNCTION " - heap overflow detected at %p", (block)); \ ++ if (SUHOSIN_CONFIG(SUHOSIN_MM_IGNORE_CANARY_VIOLATION) == 0) { _exit(1); } else { memcpy(p, heap->canary_3, CANARY_SIZE); } \ ++ } \ ++ } while (0) ++ ++# define SUHOSIN_MM_SET_CANARIES(block) do { \ ++ (block)->info.canary_1 = heap->canary_1; \ ++ (block)->info.canary_2 = heap->canary_2; \ ++ } while (0) ++ ++# define SUHOSIN_MM_END_CANARY_PTR(block) \ ++ (char *)(((char*)(ZEND_MM_DATA_OF(block))) + ((zend_mm_block*)(block))->info.size + END_MAGIC_SIZE) ++ ++# define SUHOSIN_MM_SET_END_CANARY(block) do { \ ++ char *p = SUHOSIN_MM_END_CANARY_PTR(block); \ ++ memcpy(p, &heap->canary_3, CANARY_SIZE); \ ++ } while (0) ++ ++#else ++ ++# define SUHOSIN_MM_CHECK_CANARIES(block, MFUNCTION) ++# define SUHOSIN_MM_SET_CANARIES(block) ++# define SUHOSIN_MM_END_CANARY_PTR(block) ++# define SUHOSIN_MM_SET_END_CANARY(block) ++ ++#endif ++ + + #if ZEND_MM_HEAP_PROTECTION + +@@ -715,7 +792,7 @@ static inline unsigned int zend_mm_low_b + #endif + } + +-static inline void zend_mm_add_to_rest_list(zend_mm_heap *heap, zend_mm_free_block *mm_block) ++static void zend_mm_add_to_rest_list(zend_mm_heap *heap, zend_mm_free_block *mm_block) + { + zend_mm_free_block *prev, *next; + +@@ -725,14 +802,14 @@ static inline void zend_mm_add_to_rest_l + mm_block->parent = NULL; + } + +- prev = heap->rest_buckets[0]; +- next = prev->next_free_block; +- mm_block->prev_free_block = prev; +- mm_block->next_free_block = next; +- prev->next_free_block = next->prev_free_block = mm_block; ++ prev = SUHOSIN_MANGLE_PTR(heap->rest_buckets[0]); ++ next = SUHOSIN_MANGLE_PTR(prev->next_free_block); ++ mm_block->prev_free_block = SUHOSIN_MANGLE_PTR(prev); ++ mm_block->next_free_block = SUHOSIN_MANGLE_PTR(next); ++ prev->next_free_block = next->prev_free_block = SUHOSIN_MANGLE_PTR(mm_block); + } + +-static inline void zend_mm_add_to_free_list(zend_mm_heap *heap, zend_mm_free_block *mm_block) ++static void zend_mm_add_to_free_list(zend_mm_heap *heap, zend_mm_free_block *mm_block) + { + size_t size; + size_t index; +@@ -749,7 +826,7 @@ static inline void zend_mm_add_to_free_l + if (!*p) { + *p = mm_block; + mm_block->parent = p; +- mm_block->prev_free_block = mm_block->next_free_block = mm_block; ++ mm_block->prev_free_block = mm_block->next_free_block = SUHOSIN_MANGLE_PTR(mm_block); + heap->large_free_bitmap |= (ZEND_MM_LONG_CONST(1) << index); + } else { + size_t m; +@@ -762,15 +839,15 @@ static inline void zend_mm_add_to_free_l + if (!*p) { + *p = mm_block; + mm_block->parent = p; +- mm_block->prev_free_block = mm_block->next_free_block = mm_block; ++ mm_block->prev_free_block = mm_block->next_free_block = SUHOSIN_MANGLE_PTR(mm_block); + break; + } + } else { +- zend_mm_free_block *next = prev->next_free_block; ++ zend_mm_free_block *next = SUHOSIN_MANGLE_PTR(prev->next_free_block); + +- prev->next_free_block = next->prev_free_block = mm_block; +- mm_block->next_free_block = next; +- mm_block->prev_free_block = prev; ++ prev->next_free_block = next->prev_free_block = SUHOSIN_MANGLE_PTR(mm_block); ++ mm_block->next_free_block = SUHOSIN_MANGLE_PTR(next); ++ mm_block->prev_free_block = SUHOSIN_MANGLE_PTR(prev); + mm_block->parent = NULL; + break; + } +@@ -782,27 +859,33 @@ static inline void zend_mm_add_to_free_l + index = ZEND_MM_BUCKET_INDEX(size); + + prev = ZEND_MM_SMALL_FREE_BUCKET(heap, index); +- if (prev->prev_free_block == prev) { ++ if (SUHOSIN_MANGLE_PTR(prev->prev_free_block) == prev) { + heap->free_bitmap |= (ZEND_MM_LONG_CONST(1) << index); + } +- next = prev->next_free_block; ++ next = SUHOSIN_MANGLE_PTR(prev->next_free_block); + +- mm_block->prev_free_block = prev; +- mm_block->next_free_block = next; +- prev->next_free_block = next->prev_free_block = mm_block; ++ mm_block->prev_free_block = SUHOSIN_MANGLE_PTR(prev); ++ mm_block->next_free_block = SUHOSIN_MANGLE_PTR(next); ++ prev->next_free_block = next->prev_free_block = SUHOSIN_MANGLE_PTR(mm_block); + } + } + +-static inline void zend_mm_remove_from_free_list(zend_mm_heap *heap, zend_mm_free_block *mm_block) ++static void zend_mm_remove_from_free_list(zend_mm_heap *heap, zend_mm_free_block *mm_block) + { +- zend_mm_free_block *prev = mm_block->prev_free_block; +- zend_mm_free_block *next = mm_block->next_free_block; ++ zend_mm_free_block *prev = SUHOSIN_MANGLE_PTR(mm_block->prev_free_block); ++ zend_mm_free_block *next = SUHOSIN_MANGLE_PTR(mm_block->next_free_block); + + ZEND_MM_CHECK_MAGIC(mm_block, MEM_BLOCK_FREED); + + if (EXPECTED(prev == mm_block)) { + zend_mm_free_block **rp, **cp; + ++#if SUHOSIN_PATCH ++ if (next != mm_block) { ++ zend_suhosin_log(S_MEMORY, "zend_mm_heap corrupted at %p", mm_block); ++ _exit(1); ++ } ++#endif + #if ZEND_MM_SAFE_UNLINKING + if (UNEXPECTED(next != mm_block)) { + zend_mm_panic("zend_mm_heap corrupted"); +@@ -841,14 +924,21 @@ subst_block: + } + } else { + ++#if SUHOSIN_PATCH ++ if (SUHOSIN_MANGLE_PTR(prev->next_free_block) != mm_block || SUHOSIN_MANGLE_PTR(next->prev_free_block) != mm_block) { ++ zend_suhosin_log(S_MEMORY, "zend_mm_head corrupted at %p", mm_block); ++ _exit(1); ++ } ++#endif ++ + #if ZEND_MM_SAFE_UNLINKING +- if (UNEXPECTED(prev->next_free_block != mm_block) || UNEXPECTED(next->prev_free_block != mm_block)) { ++ if (UNEXPECTED(SUHOSIN_MANGLE_PTR(prev->next_free_block) != mm_block) || UNEXPECTED(SUHOSIN_MANGLE_PTR(next->prev_free_block) != mm_block)) { + zend_mm_panic("zend_mm_heap corrupted"); + } + #endif + +- prev->next_free_block = next; +- next->prev_free_block = prev; ++ prev->next_free_block = SUHOSIN_MANGLE_PTR(next); ++ next->prev_free_block = SUHOSIN_MANGLE_PTR(prev); + + if (EXPECTED(ZEND_MM_SMALL_SIZE(ZEND_MM_FREE_BLOCK_SIZE(mm_block)))) { + if (EXPECTED(prev == next)) { +@@ -864,7 +954,7 @@ subst_block: + } + } + +-static inline void zend_mm_init(zend_mm_heap *heap) ++static void zend_mm_init(zend_mm_heap *heap) + { + zend_mm_free_block* p; + int i; +@@ -882,12 +972,19 @@ static inline void zend_mm_init(zend_mm_ + #endif + p = ZEND_MM_SMALL_FREE_BUCKET(heap, 0); + for (i = 0; i < ZEND_MM_NUM_BUCKETS; i++) { +- p->next_free_block = p; +- p->prev_free_block = p; ++ p->next_free_block = SUHOSIN_MANGLE_PTR(p); ++ p->prev_free_block = SUHOSIN_MANGLE_PTR(p); + p = (zend_mm_free_block*)((char*)p + sizeof(zend_mm_free_block*) * 2); + heap->large_free_buckets[i] = NULL; + } +- heap->rest_buckets[0] = heap->rest_buckets[1] = ZEND_MM_REST_BUCKET(heap); ++ heap->rest_buckets[0] = heap->rest_buckets[1] = SUHOSIN_MANGLE_PTR(ZEND_MM_REST_BUCKET(heap)); ++#if SUHOSIN_PATCH ++ if (SUHOSIN_CONFIG(SUHOSIN_MM_USE_CANARY_PROTECTION)) { ++ zend_canary(&heap->canary_1, sizeof(heap->canary_1)); ++ zend_canary(&heap->canary_2, sizeof(heap->canary_2)); ++ zend_canary(&heap->canary_3, sizeof(heap->canary_3)); ++ } ++#endif + } + + static void zend_mm_del_segment(zend_mm_heap *heap, zend_mm_segment *segment) +@@ -908,12 +1005,13 @@ static void zend_mm_free_cache(zend_mm_h + int i; + + for (i = 0; i < ZEND_MM_NUM_BUCKETS; i++) { ++ /* NULL means NULL even MANGLED */ + if (heap->cache[i]) { +- zend_mm_free_block *mm_block = heap->cache[i]; ++ zend_mm_free_block *mm_block = SUHOSIN_MANGLE_PTR(heap->cache[i]); + + while (mm_block) { + size_t size = ZEND_MM_BLOCK_SIZE(mm_block); +- zend_mm_free_block *q = mm_block->prev_free_block; ++ zend_mm_free_block *q = SUHOSIN_MANGLE_PTR(mm_block->prev_free_block); + zend_mm_block *next_block = ZEND_MM_NEXT_BLOCK(mm_block); + + heap->cached -= size; +@@ -1009,14 +1107,20 @@ static void zend_mm_random(unsigned char + /* }}} */ + #endif + ++ + /* Notes: + * - This function may alter the block_sizes values to match platform alignment + * - This function does *not* perform sanity checks on the arguments + */ +-ZEND_API zend_mm_heap *zend_mm_startup_ex(const zend_mm_mem_handlers *handlers, size_t block_size, size_t reserve_size, int internal, void *params) ++#if SUHOSIN_MM_WITH_CANARY_PROTECTION ++zend_mm_heap *__zend_mm_startup_canary_ex(const zend_mm_mem_handlers *handlers, size_t block_size, size_t reserve_size, int internal, void *params) ++#else ++static zend_mm_heap *__zend_mm_startup_ex(const zend_mm_mem_handlers *handlers, size_t block_size, size_t reserve_size, int internal, void *params) ++#endif + { + zend_mm_storage *storage; + zend_mm_heap *heap; ++ zend_mm_free_block *tmp; + + #if 0 + int i; +@@ -1050,6 +1154,12 @@ ZEND_API zend_mm_heap *zend_mm_startup_e + } + #endif + ++ /* get the pointer guardian and ensure low 3 bits are 1 */ ++ if (SUHOSIN_POINTER_GUARD == 0) { ++ zend_canary(&SUHOSIN_POINTER_GUARD, sizeof(SUHOSIN_POINTER_GUARD)); ++ SUHOSIN_POINTER_GUARD |= 7; ++ } ++ + if (zend_mm_low_bit(block_size) != zend_mm_high_bit(block_size)) { + fprintf(stderr, "'block_size' must be a power of two\n"); + /* See http://support.microsoft.com/kb/190351 */ +@@ -1097,12 +1207,12 @@ ZEND_API zend_mm_heap *zend_mm_startup_e + heap->reserve = NULL; + heap->reserve_size = reserve_size; + if (reserve_size > 0) { +- heap->reserve = _zend_mm_alloc_int(heap, reserve_size ZEND_FILE_LINE_CC ZEND_FILE_LINE_EMPTY_CC); ++ heap->reserve = _zend_mm_alloc(heap, reserve_size ZEND_FILE_LINE_CC ZEND_FILE_LINE_EMPTY_CC); + } + if (internal) { + int i; + zend_mm_free_block *p, *q, *orig; +- zend_mm_heap *mm_heap = _zend_mm_alloc_int(heap, sizeof(zend_mm_heap) ZEND_FILE_LINE_CC ZEND_FILE_LINE_EMPTY_CC); ++ zend_mm_heap *mm_heap = _zend_mm_alloc(heap, sizeof(zend_mm_heap) ZEND_FILE_LINE_CC ZEND_FILE_LINE_EMPTY_CC); + + *mm_heap = *heap; + +@@ -1110,22 +1220,22 @@ ZEND_API zend_mm_heap *zend_mm_startup_e + orig = ZEND_MM_SMALL_FREE_BUCKET(heap, 0); + for (i = 0; i < ZEND_MM_NUM_BUCKETS; i++) { + q = p; +- while (q->prev_free_block != orig) { +- q = q->prev_free_block; ++ while (SUHOSIN_MANGLE_PTR(q->prev_free_block) != orig) { ++ q = SUHOSIN_MANGLE_PTR(q->prev_free_block); + } +- q->prev_free_block = p; ++ q->prev_free_block = SUHOSIN_MANGLE_PTR(p); + q = p; +- while (q->next_free_block != orig) { +- q = q->next_free_block; ++ while (SUHOSIN_MANGLE_PTR(q->next_free_block) != orig) { ++ q = SUHOSIN_MANGLE_PTR(q->next_free_block); + } +- q->next_free_block = p; ++ q->next_free_block = SUHOSIN_MANGLE_PTR(p); + p = (zend_mm_free_block*)((char*)p + sizeof(zend_mm_free_block*) * 2); + orig = (zend_mm_free_block*)((char*)orig + sizeof(zend_mm_free_block*) * 2); + if (mm_heap->large_free_buckets[i]) { + mm_heap->large_free_buckets[i]->parent = &mm_heap->large_free_buckets[i]; + } + } +- mm_heap->rest_buckets[0] = mm_heap->rest_buckets[1] = ZEND_MM_REST_BUCKET(mm_heap); ++ mm_heap->rest_buckets[0] = mm_heap->rest_buckets[1] = SUHOSIN_MANGLE_PTR(ZEND_MM_REST_BUCKET(mm_heap)); + + free(heap); + heap = mm_heap; +@@ -1133,7 +1243,11 @@ ZEND_API zend_mm_heap *zend_mm_startup_e + return heap; + } + +-ZEND_API zend_mm_heap *zend_mm_startup(void) ++#if SUHOSIN_MM_WITH_CANARY_PROTECTION ++zend_mm_heap *__zend_mm_startup_canary(void) ++#else ++static zend_mm_heap *__zend_mm_startup(void) ++#endif + { + int i; + size_t seg_size; +@@ -1203,6 +1317,27 @@ ZEND_API zend_mm_heap *zend_mm_startup(v + return heap; + } + ++#ifndef SUHOSIN_MM_CLONE_FILE ++zend_mm_heap_canary *__zend_mm_startup_canary_ex(const zend_mm_mem_handlers *handlers, size_t block_size, size_t reserve_size, int internal, void *params); ++zend_mm_heap_canary *__zend_mm_startup_canary(void); ++ ++ZEND_API zend_mm_heap *zend_mm_startup_ex(const zend_mm_mem_handlers *handlers, size_t block_size, size_t reserve_size, int internal, void *params) ++{ ++ if (SUHOSIN_CONFIG(SUHOSIN_MM_USE_CANARY_PROTECTION)) { ++ return (zend_mm_heap *)__zend_mm_startup_canary_ex(handlers, block_size, reserve_size, internal, params); ++ } ++ return __zend_mm_startup_ex(handlers, block_size, reserve_size, internal, params); ++} ++ZEND_API zend_mm_heap *zend_mm_startup(void) ++{ ++ if (SUHOSIN_CONFIG(SUHOSIN_MM_USE_CANARY_PROTECTION)) { ++ return (zend_mm_heap *)__zend_mm_startup_canary(); ++ } ++ return __zend_mm_startup(); ++} ++ ++#endif ++ + #if ZEND_DEBUG + static long zend_mm_find_leaks(zend_mm_segment *segment, zend_mm_block *b) + { +@@ -1571,7 +1706,11 @@ static int zend_mm_check_heap(zend_mm_he + } + #endif + +-ZEND_API void zend_mm_shutdown(zend_mm_heap *heap, int full_shutdown, int silent TSRMLS_DC) ++#if SUHOSIN_MM_WITH_CANARY_PROTECTION ++void __zend_mm_shutdown_canary(zend_mm_heap *heap, int full_shutdown, int silent TSRMLS_DC) ++#else ++static void __zend_mm_shutdown(zend_mm_heap *heap, int full_shutdown, int silent TSRMLS_DC) ++#endif + { + zend_mm_storage *storage; + zend_mm_segment *segment; +@@ -1581,7 +1720,7 @@ ZEND_API void zend_mm_shutdown(zend_mm_h + if (heap->reserve) { + #if ZEND_DEBUG + if (!silent) { +- _zend_mm_free_int(heap, heap->reserve ZEND_FILE_LINE_CC ZEND_FILE_LINE_EMPTY_CC); ++ _zend_mm_free(heap, heap->reserve ZEND_FILE_LINE_CC ZEND_FILE_LINE_EMPTY_CC); + } + #endif + heap->reserve = NULL; +@@ -1664,12 +1803,23 @@ ZEND_API void zend_mm_shutdown(zend_mm_h + heap->size = 0; + heap->peak = 0; + if (heap->reserve_size) { +- heap->reserve = _zend_mm_alloc_int(heap, heap->reserve_size ZEND_FILE_LINE_CC ZEND_FILE_LINE_EMPTY_CC); ++ heap->reserve = _zend_mm_alloc(heap, heap->reserve_size ZEND_FILE_LINE_CC ZEND_FILE_LINE_EMPTY_CC); + } + heap->overflow = 0; + } + } + ++#ifndef SUHOSIN_MM_CLONE_FILE ++ZEND_API void zend_mm_shutdown(zend_mm_heap *heap, int full_shutdown, int silent TSRMLS_DC) ++{ ++ if (SUHOSIN_CONFIG(SUHOSIN_MM_USE_CANARY_PROTECTION)) { ++ __zend_mm_shutdown_canary(heap, full_shutdown, silent TSRMLS_CC); ++ return; ++ } ++ __zend_mm_shutdown(heap, full_shutdown, silent TSRMLS_CC); ++} ++#endif ++ + static void zend_mm_safe_error(zend_mm_heap *heap, + const char *format, + size_t limit, +@@ -1680,7 +1830,11 @@ static void zend_mm_safe_error(zend_mm_h + size_t size) + { + if (heap->reserve) { ++#if SUHOSIN_MM_WITH_CANARY_PROTECTION ++ _zend_mm_free_canary_int(heap, heap->reserve ZEND_FILE_LINE_CC ZEND_FILE_LINE_EMPTY_CC); ++#else + _zend_mm_free_int(heap, heap->reserve ZEND_FILE_LINE_CC ZEND_FILE_LINE_EMPTY_CC); ++#endif + heap->reserve = NULL; + } + if (heap->overflow == 0) { +@@ -1755,7 +1909,7 @@ static zend_mm_free_block *zend_mm_searc + p = heap->large_free_buckets[index]; + for (m = true_size << (ZEND_MM_NUM_BUCKETS - index); ; m <<= 1) { + if (UNEXPECTED(ZEND_MM_FREE_BLOCK_SIZE(p) == true_size)) { +- return p->next_free_block; ++ return SUHOSIN_MANGLE_PTR(p->next_free_block); + } else if (ZEND_MM_FREE_BLOCK_SIZE(p) >= true_size && + ZEND_MM_FREE_BLOCK_SIZE(p) < best_size) { + best_size = ZEND_MM_FREE_BLOCK_SIZE(p); +@@ -1779,7 +1933,7 @@ static zend_mm_free_block *zend_mm_searc + + for (p = rst; p; p = p->child[p->child[0] != NULL]) { + if (UNEXPECTED(ZEND_MM_FREE_BLOCK_SIZE(p) == true_size)) { +- return p->next_free_block; ++ return SUHOSIN_MANGLE_PTR(p->next_free_block); + } else if (ZEND_MM_FREE_BLOCK_SIZE(p) > true_size && + ZEND_MM_FREE_BLOCK_SIZE(p) < best_size) { + best_size = ZEND_MM_FREE_BLOCK_SIZE(p); +@@ -1788,7 +1942,7 @@ static zend_mm_free_block *zend_mm_searc + } + + if (best_fit) { +- return best_fit->next_free_block; ++ return SUHOSIN_MANGLE_PTR(best_fit->next_free_block); + } + bitmap = bitmap >> 1; + if (!bitmap) { +@@ -1804,9 +1958,12 @@ static zend_mm_free_block *zend_mm_searc + best_fit = p; + } + } +- return best_fit->next_free_block; ++ return SUHOSIN_MANGLE_PTR(best_fit->next_free_block); + } + ++#if SUHOSIN_PATCH ++void *_zend_mm_alloc_canary_int(zend_mm_heap_canary *heap, size_t size ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC); ++#endif + static void *_zend_mm_alloc_int(zend_mm_heap *heap, size_t size ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC) + { + zend_mm_free_block *best_fit; +@@ -1816,7 +1973,7 @@ static void *_zend_mm_alloc_int(zend_mm_ + size_t segment_size; + zend_mm_segment *segment; + int keep_rest = 0; +- ++ + if (EXPECTED(ZEND_MM_SMALL_SIZE(true_size))) { + size_t index = ZEND_MM_BUCKET_INDEX(true_size); + size_t bitmap; +@@ -1831,9 +1988,14 @@ static void *_zend_mm_alloc_int(zend_mm_ + heap->cache_stat[index].count--; + heap->cache_stat[index].hit++; + #endif +- best_fit = heap->cache[index]; ++ best_fit = SUHOSIN_MANGLE_PTR(heap->cache[index]); + heap->cache[index] = best_fit->prev_free_block; + heap->cached -= true_size; ++#if SUHOSIN_PATCH ++ SUHOSIN_MM_SET_CANARIES(best_fit); ++ ((zend_mm_block*)best_fit)->info.size = size; ++ SUHOSIN_MM_SET_END_CANARY(best_fit); ++#endif + ZEND_MM_CHECK_MAGIC(best_fit, MEM_BLOCK_CACHED); + ZEND_MM_SET_DEBUG_INFO(best_fit, size, 1, 0); + return ZEND_MM_DATA_OF(best_fit); +@@ -1847,7 +2009,7 @@ static void *_zend_mm_alloc_int(zend_mm_ + if (bitmap) { + /* Found some "small" free block that can be used */ + index += zend_mm_low_bit(bitmap); +- best_fit = heap->free_buckets[index*2]; ++ best_fit = SUHOSIN_MANGLE_PTR(heap->free_buckets[index*2]); + #if ZEND_MM_CACHE_STAT + heap->cache_stat[ZEND_MM_NUM_BUCKETS].hit++; + #endif +@@ -1862,7 +2024,7 @@ static void *_zend_mm_alloc_int(zend_mm_ + best_fit = zend_mm_search_large_block(heap, true_size); + + if (!best_fit && heap->real_size >= heap->limit - heap->block_size) { +- zend_mm_free_block *p = heap->rest_buckets[0]; ++ zend_mm_free_block *p = SUHOSIN_MANGLE_PTR(heap->rest_buckets[0]); + size_t best_size = -1; + + while (p != ZEND_MM_REST_BUCKET(heap)) { +@@ -1874,7 +2036,7 @@ static void *_zend_mm_alloc_int(zend_mm_ + best_size = ZEND_MM_FREE_BLOCK_SIZE(p); + best_fit = p; + } +- p = p->prev_free_block; ++ p = SUHOSIN_MANGLE_PTR(p->prev_free_block); + } + } + +@@ -1973,13 +2135,19 @@ zend_mm_finished_searching_for_block: + + ZEND_MM_SET_DEBUG_INFO(best_fit, size, 1, 1); + ++#if SUHOSIN_PATCH ++ SUHOSIN_MM_SET_CANARIES(best_fit); ++ ((zend_mm_block*)best_fit)->info.size = size; ++ SUHOSIN_MM_SET_END_CANARY(best_fit); ++#endif ++ + heap->size += true_size; + if (heap->peak < heap->size) { + heap->peak = heap->size; + } + + HANDLE_UNBLOCK_INTERRUPTIONS(); +- ++ + return ZEND_MM_DATA_OF(best_fit); + } + +@@ -1996,19 +2164,26 @@ static void _zend_mm_free_int(zend_mm_he + + mm_block = ZEND_MM_HEADER_OF(p); + size = ZEND_MM_BLOCK_SIZE(mm_block); ++#if SUHOSIN_PATCH ++ SUHOSIN_MM_CHECK_CANARIES(mm_block, "efree()"); ++#endif + ZEND_MM_CHECK_PROTECTION(mm_block); + + #if ZEND_DEBUG || ZEND_MM_HEAP_PROTECTION + memset(ZEND_MM_DATA_OF(mm_block), 0x5a, mm_block->debug.size); + #endif +- ++#if SUHOSIN_PATCH ++ if (UNEXPECTED(SUHOSIN_CONFIG(SUHOSIN_MM_DESTROY_FREE_MEMORY))) { ++ memset(ZEND_MM_DATA_OF(mm_block), 0x5a, mm_block->info.size); ++ } ++#endif + #if ZEND_MM_CACHE + if (EXPECTED(ZEND_MM_SMALL_SIZE(size)) && EXPECTED(heap->cached < ZEND_MM_CACHE_SIZE)) { + size_t index = ZEND_MM_BUCKET_INDEX(size); + zend_mm_free_block **cache = &heap->cache[index]; + + ((zend_mm_free_block*)mm_block)->prev_free_block = *cache; +- *cache = (zend_mm_free_block*)mm_block; ++ *cache = (zend_mm_free_block*)SUHOSIN_MANGLE_PTR(mm_block); + heap->cached += size; + ZEND_MM_SET_MAGIC(mm_block, MEM_BLOCK_CACHED); + #if ZEND_MM_CACHE_STAT +@@ -2044,6 +2219,9 @@ static void _zend_mm_free_int(zend_mm_he + HANDLE_UNBLOCK_INTERRUPTIONS(); + } + ++#if SUHOSIN_PATCH ++void *_zend_mm_realloc_canary_int(zend_mm_heap_canary *heap, void *p, size_t size ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC); ++#endif + static void *_zend_mm_realloc_int(zend_mm_heap *heap, void *p, size_t size ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC) + { + zend_mm_block *mm_block = ZEND_MM_HEADER_OF(p); +@@ -2053,11 +2231,18 @@ static void *_zend_mm_realloc_int(zend_m + void *ptr; + + if (UNEXPECTED(!p) || !ZEND_MM_VALID_PTR(p)) { ++#ifdef SUHOSIN_MM_WITH_CANARY_PROTECTION ++ return _zend_mm_alloc_canary_int(heap, size ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC); ++#else + return _zend_mm_alloc_int(heap, size ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC); ++#endif + } + mm_block = ZEND_MM_HEADER_OF(p); + true_size = ZEND_MM_TRUE_SIZE(size); + orig_size = ZEND_MM_BLOCK_SIZE(mm_block); ++#if SUHOSIN_PATCH ++ SUHOSIN_MM_CHECK_CANARIES(mm_block, "erealloc()"); ++#endif + ZEND_MM_CHECK_PROTECTION(mm_block); + + if (UNEXPECTED(true_size < size)) { +@@ -2089,6 +2274,11 @@ static void *_zend_mm_realloc_int(zend_m + HANDLE_UNBLOCK_INTERRUPTIONS(); + } + ZEND_MM_SET_DEBUG_INFO(mm_block, size, 0, 0); ++#if SUHOSIN_PATCH ++ SUHOSIN_MM_SET_CANARIES(mm_block); ++ ((zend_mm_block*)mm_block)->info.size = size; ++ SUHOSIN_MM_SET_END_CANARY(mm_block); ++#endif + return p; + } + +@@ -2104,17 +2294,22 @@ static void *_zend_mm_realloc_int(zend_m + heap->cache_stat[index].count--; + heap->cache_stat[index].hit++; + #endif +- best_fit = heap->cache[index]; ++ best_fit = SUHOSIN_MANGLE_PTR(heap->cache[index]); + heap->cache[index] = best_fit->prev_free_block; + ZEND_MM_CHECK_MAGIC(best_fit, MEM_BLOCK_CACHED); +- ZEND_MM_SET_DEBUG_INFO(best_fit, size, 1, 0); +- ++ ZEND_MM_SET_DEBUG_INFO(best_fit, size, 1, 0); ++#if SUHOSIN_PATCH ++ SUHOSIN_MM_SET_CANARIES(best_fit); ++ ((zend_mm_block*)best_fit)->info.size = size; ++ SUHOSIN_MM_SET_END_CANARY(best_fit); ++#endif ++ + ptr = ZEND_MM_DATA_OF(best_fit); + + #if ZEND_DEBUG || ZEND_MM_HEAP_PROTECTION + memcpy(ptr, p, mm_block->debug.size); + #else +- memcpy(ptr, p, orig_size - ZEND_MM_ALIGNED_HEADER_SIZE); ++ memcpy(ptr, p, orig_size - ZEND_MM_ALIGNED_HEADER_SIZE - CANARY_SIZE); + #endif + + heap->cached -= true_size - orig_size; +@@ -2123,14 +2318,13 @@ static void *_zend_mm_realloc_int(zend_m + cache = &heap->cache[index]; + + ((zend_mm_free_block*)mm_block)->prev_free_block = *cache; +- *cache = (zend_mm_free_block*)mm_block; ++ *cache = (zend_mm_free_block*)SUHOSIN_MANGLE_PTR(mm_block); + ZEND_MM_SET_MAGIC(mm_block, MEM_BLOCK_CACHED); + #if ZEND_MM_CACHE_STAT + if (++heap->cache_stat[index].count > heap->cache_stat[index].max_count) { + heap->cache_stat[index].max_count = heap->cache_stat[index].count; + } + #endif +- + return ptr; + } + } +@@ -2173,6 +2367,11 @@ static void *_zend_mm_realloc_int(zend_m + heap->peak = heap->size; + } + HANDLE_UNBLOCK_INTERRUPTIONS(); ++#if SUHOSIN_PATCH ++ SUHOSIN_MM_SET_CANARIES(mm_block); ++ ((zend_mm_block*)mm_block)->info.size = size; ++ SUHOSIN_MM_SET_END_CANARY(mm_block); ++#endif + return p; + } else if (ZEND_MM_IS_FIRST_BLOCK(mm_block) && + ZEND_MM_IS_GUARD_BLOCK(ZEND_MM_BLOCK_AT(next_block, ZEND_MM_FREE_BLOCK_SIZE(next_block)))) { +@@ -2275,38 +2474,90 @@ out_of_memory: + } + + HANDLE_UNBLOCK_INTERRUPTIONS(); ++#if SUHOSIN_PATCH ++ SUHOSIN_MM_SET_CANARIES(mm_block); ++ ((zend_mm_block*)mm_block)->info.size = size; ++ SUHOSIN_MM_SET_END_CANARY(mm_block); ++#endif + return ZEND_MM_DATA_OF(mm_block); + } + ++#ifdef SUHOSIN_MM_WITH_CANARY_PROTECTION ++ ptr = _zend_mm_alloc_canary_int(heap, size ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC); ++#else + ptr = _zend_mm_alloc_int(heap, size ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC); ++#endif + #if ZEND_DEBUG || ZEND_MM_HEAP_PROTECTION + memcpy(ptr, p, mm_block->debug.size); + #else +- memcpy(ptr, p, orig_size - ZEND_MM_ALIGNED_HEADER_SIZE); ++ memcpy(ptr, p, orig_size - ZEND_MM_ALIGNED_HEADER_SIZE - CANARY_SIZE); + #endif ++#ifdef SUHOSIN_MM_WITH_CANARY_PROTECTION ++ _zend_mm_free_canary_int(heap, p ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC); ++#else + _zend_mm_free_int(heap, p ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC); ++#endif + return ptr; + } + ++#ifndef SUHOSIN_MM_CLONE_FILE + ZEND_API void *_zend_mm_alloc(zend_mm_heap *heap, size_t size ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC) + { +- return _zend_mm_alloc_int(heap, size ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC); ++#if SUHOSIN_PATCH ++ if (UNEXPECTED(SUHOSIN_CONFIG(SUHOSIN_MM_USE_CANARY_PROTECTION) == 0)) ++#endif ++ return _zend_mm_alloc_int(heap, size ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC); ++#if SUHOSIN_PATCH ++ return _zend_mm_alloc_canary_int((zend_mm_heap_canary *)heap, size ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC); ++#endif + } + + ZEND_API void _zend_mm_free(zend_mm_heap *heap, void *p ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC) + { +- _zend_mm_free_int(heap, p ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC); ++#if SUHOSIN_PATCH ++ if (UNEXPECTED(SUHOSIN_CONFIG(SUHOSIN_MM_USE_CANARY_PROTECTION) == 0)) ++#endif ++ { _zend_mm_free_int(heap, p ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC); return; } ++#if SUHOSIN_PATCH ++ _zend_mm_free_canary_int((zend_mm_heap_canary *)heap, p ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC); ++#endif + } + + ZEND_API void *_zend_mm_realloc(zend_mm_heap *heap, void *ptr, size_t size ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC) + { +- return _zend_mm_realloc_int(heap, ptr, size ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC); ++#if SUHOSIN_PATCH ++ if (UNEXPECTED(SUHOSIN_CONFIG(SUHOSIN_MM_USE_CANARY_PROTECTION) == 0)) ++#endif ++ return _zend_mm_realloc_int(heap, ptr, size ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC); ++#if SUHOSIN_PATCH ++ return _zend_mm_realloc_canary_int((zend_mm_heap_canary *)heap, ptr, size ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC); ++#endif + } + + ZEND_API size_t _zend_mm_block_size(zend_mm_heap *heap, void *p ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC) + { + zend_mm_block *mm_block; + ++ if (SUHOSIN_CONFIG(SUHOSIN_MM_USE_CANARY_PROTECTION) != 0) { ++ return _zend_mm_block_size_canary((zend_mm_heap_canary *)heap, p ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC); ++ } ++ ++ if (!ZEND_MM_VALID_PTR(p)) { ++ return 0; ++ } ++ mm_block = ZEND_MM_HEADER_OF(p); ++ ZEND_MM_CHECK_PROTECTION(mm_block); ++#if ZEND_DEBUG || ZEND_MM_HEAP_PROTECTION ++ return mm_block->debug.size; ++#else ++ return ZEND_MM_BLOCK_SIZE(mm_block); ++#endif ++} ++#else ++ZEND_API size_t _zend_mm_block_size_canary(zend_mm_heap *heap, void *p ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC) ++{ ++ zend_mm_block *mm_block; ++ + if (!ZEND_MM_VALID_PTR(p)) { + return 0; + } +@@ -2319,6 +2570,8 @@ ZEND_API size_t _zend_mm_block_size(zend + #endif + } + ++#endif ++ + /**********************/ + /* Allocation Manager */ + /**********************/ +@@ -2335,6 +2588,7 @@ static int alloc_globals_id; + static zend_alloc_globals alloc_globals; + #endif + ++#ifndef SUHOSIN_MM_CLONE_FILE + ZEND_API int is_zend_mm(TSRMLS_D) + { + return AG(mm_heap)->use_zend_alloc; +@@ -2347,7 +2601,13 @@ ZEND_API void *_emalloc(size_t size ZEND + if (UNEXPECTED(!AG(mm_heap)->use_zend_alloc)) { + return AG(mm_heap)->_malloc(size); + } ++#if SUHOSIN_PATCH ++ if (UNEXPECTED(SUHOSIN_CONFIG(SUHOSIN_MM_USE_CANARY_PROTECTION) == 0)) ++#endif + return _zend_mm_alloc_int(AG(mm_heap), size ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC); ++#if SUHOSIN_PATCH ++ return _zend_mm_alloc_canary_int((zend_mm_heap_canary *)AG(mm_heap), size ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC); ++#endif + } + + ZEND_API void _efree(void *ptr ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC) +@@ -2358,7 +2618,13 @@ ZEND_API void _efree(void *ptr ZEND_FILE + AG(mm_heap)->_free(ptr); + return; + } +- _zend_mm_free_int(AG(mm_heap), ptr ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC); ++#if SUHOSIN_PATCH ++ if (UNEXPECTED(SUHOSIN_CONFIG(SUHOSIN_MM_USE_CANARY_PROTECTION) == 0)) ++#endif ++ { _zend_mm_free_int(AG(mm_heap), ptr ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC); return; } ++#if SUHOSIN_PATCH ++ _zend_mm_free_canary_int((zend_mm_heap_canary *)AG(mm_heap), ptr ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC); ++#endif + } + + ZEND_API void *_erealloc(void *ptr, size_t size, int allow_failure ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC) +@@ -2368,7 +2634,13 @@ ZEND_API void *_erealloc(void *ptr, size + if (UNEXPECTED(!AG(mm_heap)->use_zend_alloc)) { + return AG(mm_heap)->_realloc(ptr, size); + } ++#if SUHOSIN_PATCH ++ if (UNEXPECTED(SUHOSIN_CONFIG(SUHOSIN_MM_USE_CANARY_PROTECTION) == 0)) ++#endif + return _zend_mm_realloc_int(AG(mm_heap), ptr, size ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC); ++#if SUHOSIN_PATCH ++ return _zend_mm_realloc_canary_int((zend_mm_heap_canary *)AG(mm_heap), ptr, size ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC); ++#endif + } + + ZEND_API size_t _zend_mem_block_size(void *ptr TSRMLS_DC ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC) +@@ -2376,8 +2648,15 @@ ZEND_API size_t _zend_mem_block_size(voi + if (UNEXPECTED(!AG(mm_heap)->use_zend_alloc)) { + return 0; + } +- return _zend_mm_block_size(AG(mm_heap), ptr ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC); ++#if SUHOSIN_PATCH ++ if (UNEXPECTED(SUHOSIN_CONFIG(SUHOSIN_MM_USE_CANARY_PROTECTION) == 0)) ++#endif ++ return _zend_mm_block_size(AG(mm_heap), ptr ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC); ++#if SUHOSIN_PATCH ++ return _zend_mm_block_size_canary((zend_mm_heap_canary *)AG(mm_heap), ptr ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC); ++#endif + } ++#endif + + #if defined(__GNUC__) && defined(i386) + +@@ -2448,7 +2727,7 @@ static inline size_t safe_address(size_t + } + #endif + +- ++#ifndef SUHOSIN_MM_CLONE_FILE + ZEND_API void *_safe_emalloc(size_t nmemb, size_t size, size_t offset ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC) + { + return emalloc_rel(safe_address(nmemb, size, offset)); +@@ -2561,6 +2840,7 @@ ZEND_API void shutdown_memory_manager(in + { + zend_mm_shutdown(AG(mm_heap), full_shutdown, silent TSRMLS_CC); + } ++#endif + + static void alloc_globals_ctor(zend_alloc_globals *alloc_globals TSRMLS_DC) + { +@@ -2585,6 +2865,7 @@ static void alloc_globals_dtor(zend_allo + } + #endif + ++#ifndef SUHOSIN_MM_CLONE_FILE + ZEND_API void start_memory_manager(TSRMLS_D) + { + #ifdef ZTS +@@ -2649,6 +2930,7 @@ ZEND_API void _full_mem_check(int silent + zend_debug_alloc_output("------------------------------------------------\n"); + } + #endif ++#endif + + /* + * Local variables: +--- a/Zend/zend_alloc.h ++++ b/Zend/zend_alloc.h +@@ -203,6 +203,8 @@ END_EXTERN_C() + + /* Heap functions */ + typedef struct _zend_mm_heap zend_mm_heap; ++typedef struct _zend_mm_heap_canary zend_mm_heap_canary; ++ + + ZEND_API zend_mm_heap *zend_mm_startup(void); + ZEND_API void zend_mm_shutdown(zend_mm_heap *heap, int full_shutdown, int silent TSRMLS_DC); +--- /dev/null ++++ b/Zend/zend_alloc_canary.c +@@ -0,0 +1,2498 @@ ++/* ++ +----------------------------------------------------------------------+ ++ | Suhosin-Patch for PHP | ++ +----------------------------------------------------------------------+ ++ | Copyright (c) 2004-2010 Stefan Esser | ++ +----------------------------------------------------------------------+ ++ | This source file is subject to version 2.02 of the PHP license, | ++ | that is bundled with this package in the file LICENSE, and is | ++ | available at through the world-wide-web at | ++ | http://www.php.net/license/2_02.txt. | ++ | If you did not receive a copy of the PHP license and are unable to | ++ | obtain it through the world-wide-web, please send a note to | ++ | license@php.net so we can mail you a copy immediately. | ++ +----------------------------------------------------------------------+ ++ | Author: Stefan Esser | ++ +----------------------------------------------------------------------+ ++ */ ++/* $Id: zend_alloc_canary.c, $ */ ++ ++#include "zend.h" ++#include "zend_alloc.h" ++#include "zend_globals.h" ++#include "zend_operators.h" ++ ++#ifdef HAVE_SIGNAL_H ++# include ++#endif ++#ifdef HAVE_UNISTD_H ++# include ++#endif ++ ++#if SUHOSIN_PATCH ++#include "suhosin_patch.h" ++#endif ++ ++#ifdef ZEND_WIN32 ++# include ++# include ++#endif ++ ++#ifndef ZEND_MM_HEAP_PROTECTION ++# define ZEND_MM_HEAP_PROTECTION ZEND_DEBUG ++#endif ++ ++#ifndef ZEND_MM_SAFE_UNLINKING ++# define ZEND_MM_SAFE_UNLINKING 1 ++#endif ++ ++#ifndef ZEND_MM_COOKIES ++# define ZEND_MM_COOKIES ZEND_DEBUG ++#endif ++ ++#ifdef _WIN64 ++# define PTR_FMT "0x%0.16I64x" ++/* ++#elif sizeof(long) == 8 ++# define PTR_FMT "0x%0.16lx" ++*/ ++#else ++# define PTR_FMT "0x%0.8lx" ++#endif ++ ++#define SUHOSIN_MM_WITH_CANARY_PROTECTION 1 ++ ++#if (defined (__GNUC__) && __GNUC__ > 2 ) && !defined(__INTEL_COMPILER) && !defined(DARWIN) && !defined(__hpux) && !defined(_AIX) ++static void zend_mm_panic(const char *message) __attribute__ ((noreturn)); ++#endif ++ ++static void zend_mm_panic(const char *message) ++{ ++ fprintf(stderr, "%s\n", message); ++/* See http://support.microsoft.com/kb/190351 */ ++#ifdef PHP_WIN32 ++ fflush(stderr); ++#endif ++#if ZEND_DEBUG && defined(HAVE_KILL) && defined(HAVE_GETPID) ++ kill(getpid(), SIGSEGV); ++#endif ++ exit(1); ++} ++ ++/*******************/ ++/* Storage Manager */ ++/*******************/ ++ ++#ifdef ZEND_WIN32 ++# define HAVE_MEM_WIN32 /* use VirtualAlloc() to allocate memory */ ++#endif ++#define HAVE_MEM_MALLOC /* use malloc() to allocate segments */ ++ ++#include ++#include ++#if HAVE_LIMITS_H ++#include ++#endif ++#include ++#include ++ ++#if defined(HAVE_MEM_MMAP_ANON) || defined(HAVE_MEM_MMAP_ZERO) ++# ifdef HAVE_MREMAP ++# ifndef _GNU_SOURCE ++# define _GNU_SOURCE ++# endif ++# ifndef __USE_GNU ++# define __USE_GNU ++# endif ++# endif ++# include ++# ifndef MAP_ANON ++# ifdef MAP_ANONYMOUS ++# define MAP_ANON MAP_ANONYMOUS ++# endif ++# endif ++# ifndef MREMAP_MAYMOVE ++# define MREMAP_MAYMOVE 0 ++# endif ++# ifndef MAP_FAILED ++# define MAP_FAILED ((void*)-1) ++# endif ++#endif ++ ++static zend_intptr_t SUHOSIN_POINTER_GUARD = 0; ++ ++static zend_mm_storage* zend_mm_mem_dummy_init(void *params) ++{ ++ return malloc(sizeof(zend_mm_storage)); ++} ++ ++static void zend_mm_mem_dummy_dtor(zend_mm_storage *storage) ++{ ++ free(storage); ++} ++ ++static void zend_mm_mem_dummy_compact(zend_mm_storage *storage) ++{ ++} ++ ++#if defined(HAVE_MEM_MMAP_ANON) || defined(HAVE_MEM_MMAP_ZERO) ++ ++static zend_mm_segment* zend_mm_mem_mmap_realloc(zend_mm_storage *storage, zend_mm_segment* segment, size_t size) ++{ ++ zend_mm_segment *ret; ++#ifdef HAVE_MREMAP ++#if defined(__NetBSD__) ++ /* NetBSD 5 supports mremap but takes an extra newp argument */ ++ ret = (zend_mm_segment*)mremap(segment, segment->size, segment, size, MREMAP_MAYMOVE); ++#else ++ ret = (zend_mm_segment*)mremap(segment, segment->size, size, MREMAP_MAYMOVE); ++#endif ++ if (ret == MAP_FAILED) { ++#endif ++ ret = storage->handlers->_alloc(storage, size); ++ if (ret) { ++ memcpy(ret, segment, size > segment->size ? segment->size : size); ++ storage->handlers->_free(storage, segment); ++ } ++#ifdef HAVE_MREMAP ++ } ++#endif ++ return ret; ++} ++ ++static void zend_mm_mem_mmap_free(zend_mm_storage *storage, zend_mm_segment* segment) ++{ ++ munmap((void*)segment, segment->size); ++} ++ ++#endif ++ ++#ifdef HAVE_MEM_MMAP_ANON ++ ++static zend_mm_segment* zend_mm_mem_mmap_anon_alloc(zend_mm_storage *storage, size_t size) ++{ ++ zend_mm_segment *ret = (zend_mm_segment*)mmap(NULL, size, PROT_READ | PROT_WRITE, MAP_PRIVATE | MAP_ANON, -1, 0); ++ if (ret == MAP_FAILED) { ++ ret = NULL; ++ } ++ return ret; ++} ++ ++# define ZEND_MM_MEM_MMAP_ANON_DSC {"mmap_anon", zend_mm_mem_dummy_init, zend_mm_mem_dummy_dtor, zend_mm_mem_dummy_compact, zend_mm_mem_mmap_anon_alloc, zend_mm_mem_mmap_realloc, zend_mm_mem_mmap_free} ++ ++#endif ++ ++#ifdef HAVE_MEM_MMAP_ZERO ++ ++static int zend_mm_dev_zero_fd = -1; ++ ++static zend_mm_storage* zend_mm_mem_mmap_zero_init(void *params) ++{ ++ if (zend_mm_dev_zero_fd != -1) { ++ zend_mm_dev_zero_fd = open("/dev/zero", O_RDWR, S_IRUSR | S_IWUSR); ++ } ++ if (zend_mm_dev_zero_fd >= 0) { ++ return malloc(sizeof(zend_mm_storage)); ++ } else { ++ return NULL; ++ } ++} ++ ++static void zend_mm_mem_mmap_zero_dtor(zend_mm_storage *storage) ++{ ++ close(zend_mm_dev_zero_fd); ++ free(storage); ++} ++ ++static zend_mm_segment* zend_mm_mem_mmap_zero_alloc(zend_mm_storage *storage, size_t size) ++{ ++ zend_mm_segment *ret = (zend_mm_segment*)mmap(NULL, size, PROT_READ | PROT_WRITE, MAP_PRIVATE, zend_mm_dev_zero_fd, 0); ++ if (ret == MAP_FAILED) { ++ ret = NULL; ++ } ++ return ret; ++} ++ ++# define ZEND_MM_MEM_MMAP_ZERO_DSC {"mmap_zero", zend_mm_mem_mmap_zero_init, zend_mm_mem_mmap_zero_dtor, zend_mm_mem_dummy_compact, zend_mm_mem_mmap_zero_alloc, zend_mm_mem_mmap_realloc, zend_mm_mem_mmap_free} ++ ++#endif ++ ++#ifdef HAVE_MEM_WIN32 ++ ++static zend_mm_storage* zend_mm_mem_win32_init(void *params) ++{ ++ HANDLE heap = HeapCreate(HEAP_NO_SERIALIZE, 0, 0); ++ zend_mm_storage* storage; ++ ++ if (heap == NULL) { ++ return NULL; ++ } ++ storage = (zend_mm_storage*)malloc(sizeof(zend_mm_storage)); ++ storage->data = (void*) heap; ++ return storage; ++} ++ ++static void zend_mm_mem_win32_dtor(zend_mm_storage *storage) ++{ ++ HeapDestroy((HANDLE)storage->data); ++ free(storage); ++} ++ ++static void zend_mm_mem_win32_compact(zend_mm_storage *storage) ++{ ++ HeapDestroy((HANDLE)storage->data); ++ storage->data = (void*)HeapCreate(HEAP_NO_SERIALIZE, 0, 0); ++} ++ ++static zend_mm_segment* zend_mm_mem_win32_alloc(zend_mm_storage *storage, size_t size) ++{ ++ return (zend_mm_segment*) HeapAlloc((HANDLE)storage->data, HEAP_NO_SERIALIZE, size); ++} ++ ++static void zend_mm_mem_win32_free(zend_mm_storage *storage, zend_mm_segment* segment) ++{ ++ HeapFree((HANDLE)storage->data, HEAP_NO_SERIALIZE, segment); ++} ++ ++static zend_mm_segment* zend_mm_mem_win32_realloc(zend_mm_storage *storage, zend_mm_segment* segment, size_t size) ++{ ++ return (zend_mm_segment*) HeapReAlloc((HANDLE)storage->data, HEAP_NO_SERIALIZE, segment, size); ++} ++ ++# define ZEND_MM_MEM_WIN32_DSC {"win32", zend_mm_mem_win32_init, zend_mm_mem_win32_dtor, zend_mm_mem_win32_compact, zend_mm_mem_win32_alloc, zend_mm_mem_win32_realloc, zend_mm_mem_win32_free} ++ ++#endif ++ ++#ifdef HAVE_MEM_MALLOC ++ ++static zend_mm_segment* zend_mm_mem_malloc_alloc(zend_mm_storage *storage, size_t size) ++{ ++ return (zend_mm_segment*)malloc(size); ++} ++ ++static zend_mm_segment* zend_mm_mem_malloc_realloc(zend_mm_storage *storage, zend_mm_segment *ptr, size_t size) ++{ ++ return (zend_mm_segment*)realloc(ptr, size); ++} ++ ++static void zend_mm_mem_malloc_free(zend_mm_storage *storage, zend_mm_segment *ptr) ++{ ++ free(ptr); ++} ++ ++# define ZEND_MM_MEM_MALLOC_DSC {"malloc", zend_mm_mem_dummy_init, zend_mm_mem_dummy_dtor, zend_mm_mem_dummy_compact, zend_mm_mem_malloc_alloc, zend_mm_mem_malloc_realloc, zend_mm_mem_malloc_free} ++ ++#endif ++ ++static const zend_mm_mem_handlers mem_handlers[] = { ++#ifdef HAVE_MEM_WIN32 ++ ZEND_MM_MEM_WIN32_DSC, ++#endif ++#ifdef HAVE_MEM_MALLOC ++ ZEND_MM_MEM_MALLOC_DSC, ++#endif ++#ifdef HAVE_MEM_MMAP_ANON ++ ZEND_MM_MEM_MMAP_ANON_DSC, ++#endif ++#ifdef HAVE_MEM_MMAP_ZERO ++ ZEND_MM_MEM_MMAP_ZERO_DSC, ++#endif ++ {NULL, NULL, NULL, NULL, NULL, NULL} ++}; ++ ++# define ZEND_MM_STORAGE_DTOR() heap->storage->handlers->dtor(heap->storage) ++# define ZEND_MM_STORAGE_ALLOC(size) heap->storage->handlers->_alloc(heap->storage, size) ++# define ZEND_MM_STORAGE_REALLOC(ptr, size) heap->storage->handlers->_realloc(heap->storage, ptr, size) ++# define ZEND_MM_STORAGE_FREE(ptr) heap->storage->handlers->_free(heap->storage, ptr) ++ ++/****************/ ++/* Heap Manager */ ++/****************/ ++ ++#define MEM_BLOCK_VALID 0x7312F8DC ++#define MEM_BLOCK_FREED 0x99954317 ++#define MEM_BLOCK_CACHED 0xFB8277DC ++#define MEM_BLOCK_GUARD 0x2A8FCC84 ++#define MEM_BLOCK_LEAK 0x6C5E8F2D ++ ++#if SUHOSIN_MM_WITH_CANARY_PROTECTION ++# define CANARY_SIZE sizeof(size_t) ++#else ++# define CANARY_SIZE 0 ++#endif ++ ++/* mm block type */ ++typedef struct _zend_mm_block_info_canary { ++#if ZEND_MM_COOKIES ++ size_t _cookie; ++#endif ++#if SUHOSIN_MM_WITH_CANARY_PROTECTION ++ size_t canary_1; ++#endif ++ size_t _size; ++ size_t _prev; ++#if SUHOSIN_PATCH ++ size_t size; ++#if SUHOSIN_MM_WITH_CANARY_PROTECTION ++ size_t canary_2; ++#endif ++#endif ++} zend_mm_block_info_canary; ++ ++#if ZEND_DEBUG ++ ++typedef struct _zend_mm_debug_info_canary { ++ char *filename; ++ uint lineno; ++ char *orig_filename; ++ uint orig_lineno; ++ size_t size; ++#if ZEND_MM_HEAP_PROTECTION ++ unsigned int start_magic; ++#endif ++} zend_mm_debug_info_canary; ++ ++#elif ZEND_MM_HEAP_PROTECTION ++ ++typedef struct _zend_mm_debug_info_canary { ++ size_t size; ++ unsigned int start_magic; ++} zend_mm_debug_info_canary; ++ ++#endif ++ ++typedef struct _zend_mm_block_canary { ++ zend_mm_block_info_canary info; ++#if ZEND_DEBUG ++ unsigned int magic; ++# ifdef ZTS ++ THREAD_T thread_id; ++# endif ++ zend_mm_debug_info_canary debug; ++#elif ZEND_MM_HEAP_PROTECTION ++ zend_mm_debug_info_canary debug; ++#endif ++} zend_mm_block_canary; ++ ++typedef struct _zend_mm_small_free_block_canary { ++ zend_mm_block_info_canary info; ++#if ZEND_DEBUG ++ unsigned int magic; ++# ifdef ZTS ++ THREAD_T thread_id; ++# endif ++#endif ++ struct _zend_mm_free_block_canary *prev_free_block; ++ struct _zend_mm_free_block_canary *next_free_block; ++} zend_mm_small_free_block_canary; ++ ++typedef struct _zend_mm_free_block_canary { ++ zend_mm_block_info_canary info; ++#if ZEND_DEBUG ++ unsigned int magic; ++# ifdef ZTS ++ THREAD_T thread_id; ++# endif ++#endif ++ struct _zend_mm_free_block_canary *prev_free_block; ++ struct _zend_mm_free_block_canary *next_free_block; ++ ++ struct _zend_mm_free_block_canary **parent; ++ struct _zend_mm_free_block_canary *child[2]; ++} zend_mm_free_block_canary; ++ ++#define ZEND_MM_NUM_BUCKETS (sizeof(size_t) << 3) ++ ++#define ZEND_MM_CACHE 1 ++#define ZEND_MM_CACHE_SIZE (ZEND_MM_NUM_BUCKETS * 4 * 1024) ++ ++#ifndef ZEND_MM_CACHE_STAT ++# define ZEND_MM_CACHE_STAT 0 ++#endif ++ ++typedef struct _zend_mm_heap_canary { ++ int use_zend_alloc; ++ void *(*_malloc)(size_t); ++ void (*_free)(void*); ++ void *(*_realloc)(void*, size_t); ++ size_t free_bitmap; ++ size_t large_free_bitmap; ++ size_t block_size; ++ size_t compact_size; ++ zend_mm_segment *segments_list; ++ zend_mm_storage *storage; ++ size_t real_size; ++ size_t real_peak; ++ size_t limit; ++ size_t size; ++ size_t peak; ++ size_t reserve_size; ++ void *reserve; ++ int overflow; ++ int internal; ++#if ZEND_MM_CACHE ++ unsigned int cached; ++ zend_mm_free_block_canary *cache[ZEND_MM_NUM_BUCKETS]; ++#endif ++ zend_mm_free_block_canary *free_buckets[ZEND_MM_NUM_BUCKETS*2]; ++ zend_mm_free_block_canary *large_free_buckets[ZEND_MM_NUM_BUCKETS]; ++ zend_mm_free_block_canary *rest_buckets[2]; ++#if ZEND_MM_CACHE_STAT ++ struct { ++ int count; ++ int max_count; ++ int hit; ++ int miss; ++ } cache_stat[ZEND_MM_NUM_BUCKETS+1]; ++#endif ++#if SUHOSIN_PATCH ++ size_t canary_1,canary_2,canary_3; ++#endif ++}; ++ ++#define ZEND_MM_SMALL_FREE_BUCKET(heap, index) \ ++ (zend_mm_free_block_canary*) ((char*)&heap->free_buckets[index * 2] + \ ++ sizeof(zend_mm_free_block_canary*) * 2 - \ ++ sizeof(zend_mm_small_free_block_canary)) ++ ++#define ZEND_MM_REST_BUCKET(heap) \ ++ (zend_mm_free_block_canary*)((char*)&heap->rest_buckets[0] + \ ++ sizeof(zend_mm_free_block_canary*) * 2 - \ ++ sizeof(zend_mm_small_free_block_canary)) ++ ++#if ZEND_MM_COOKIES ++ ++static unsigned int _zend_mm_cookie = 0; ++ ++# define ZEND_MM_COOKIE(block) \ ++ (((size_t)(block)) ^ _zend_mm_cookie) ++# define ZEND_MM_SET_COOKIE(block) \ ++ (block)->info._cookie = ZEND_MM_COOKIE(block) ++# define ZEND_MM_CHECK_COOKIE(block) \ ++ if (UNEXPECTED((block)->info._cookie != ZEND_MM_COOKIE(block))) { \ ++ zend_mm_panic("zend_mm_heap corrupted"); \ ++ } ++#else ++# define ZEND_MM_SET_COOKIE(block) ++# define ZEND_MM_CHECK_COOKIE(block) ++#endif ++ ++/* Default memory segment size */ ++#define ZEND_MM_SEG_SIZE (256 * 1024) ++ ++/* Reserved space for error reporting in case of memory overflow */ ++#define ZEND_MM_RESERVE_SIZE (8*1024) ++ ++#ifdef _WIN64 ++# define ZEND_MM_LONG_CONST(x) (x##i64) ++#else ++# define ZEND_MM_LONG_CONST(x) (x##L) ++#endif ++ ++#define ZEND_MM_TYPE_MASK ZEND_MM_LONG_CONST(0x3) ++ ++#define ZEND_MM_FREE_BLOCK ZEND_MM_LONG_CONST(0x0) ++#define ZEND_MM_USED_BLOCK ZEND_MM_LONG_CONST(0x1) ++#define ZEND_MM_GUARD_BLOCK ZEND_MM_LONG_CONST(0x3) ++ ++#define ZEND_MM_BLOCK(b, type, size) do { \ ++ size_t _size = (size); \ ++ (b)->info._size = (type) | _size; \ ++ ZEND_MM_BLOCK_AT(b, _size)->info._prev = (type) | _size; \ ++ ZEND_MM_SET_COOKIE(b); \ ++ } while (0); ++#define ZEND_MM_LAST_BLOCK(b) do { \ ++ (b)->info._size = ZEND_MM_GUARD_BLOCK | ZEND_MM_ALIGNED_HEADER_SIZE; \ ++ ZEND_MM_SET_MAGIC(b, MEM_BLOCK_GUARD); \ ++ } while (0); ++#define ZEND_MM_BLOCK_SIZE(b) ((b)->info._size & ~ZEND_MM_TYPE_MASK) ++#define ZEND_MM_IS_FREE_BLOCK(b) (!((b)->info._size & ZEND_MM_USED_BLOCK)) ++#define ZEND_MM_IS_USED_BLOCK(b) ((b)->info._size & ZEND_MM_USED_BLOCK) ++#define ZEND_MM_IS_GUARD_BLOCK(b) (((b)->info._size & ZEND_MM_TYPE_MASK) == ZEND_MM_GUARD_BLOCK) ++ ++#define ZEND_MM_NEXT_BLOCK(b) ZEND_MM_BLOCK_AT(b, ZEND_MM_BLOCK_SIZE(b)) ++#define ZEND_MM_PREV_BLOCK(b) ZEND_MM_BLOCK_AT(b, -(int)((b)->info._prev & ~ZEND_MM_TYPE_MASK)) ++ ++#define ZEND_MM_PREV_BLOCK_IS_FREE(b) (!((b)->info._prev & ZEND_MM_USED_BLOCK)) ++ ++#define ZEND_MM_MARK_FIRST_BLOCK(b) ((b)->info._prev = ZEND_MM_GUARD_BLOCK) ++#define ZEND_MM_IS_FIRST_BLOCK(b) ((b)->info._prev == ZEND_MM_GUARD_BLOCK) ++ ++/* optimized access */ ++#define ZEND_MM_FREE_BLOCK_SIZE(b) (b)->info._size ++ ++#ifndef ZEND_MM_ALIGNMENT ++# define ZEND_MM_ALIGNMENT 8 ++# define ZEND_MM_ALIGNMENT_LOG2 3 ++#elif ZEND_MM_ALIGNMENT < 4 ++# undef ZEND_MM_ALIGNMENT ++# undef ZEND_MM_ALIGNMENT_LOG2 ++# define ZEND_MM_ALIGNMENT 4 ++# define ZEND_MM_ALIGNMENT_LOG2 2 ++#endif ++ ++#define ZEND_MM_ALIGNMENT_MASK ~(ZEND_MM_ALIGNMENT-1) ++ ++/* Aligned header size */ ++#define ZEND_MM_ALIGNED_SIZE(size) ((size + ZEND_MM_ALIGNMENT - 1) & ZEND_MM_ALIGNMENT_MASK) ++#define ZEND_MM_ALIGNED_HEADER_SIZE ZEND_MM_ALIGNED_SIZE(sizeof(zend_mm_block_canary)) ++#define ZEND_MM_ALIGNED_FREE_HEADER_SIZE ZEND_MM_ALIGNED_SIZE(sizeof(zend_mm_small_free_block_canary)) ++#define ZEND_MM_MIN_ALLOC_BLOCK_SIZE ZEND_MM_ALIGNED_SIZE(ZEND_MM_ALIGNED_HEADER_SIZE + END_MAGIC_SIZE + CANARY_SIZE) ++#define ZEND_MM_ALIGNED_MIN_HEADER_SIZE (ZEND_MM_MIN_ALLOC_BLOCK_SIZE>ZEND_MM_ALIGNED_FREE_HEADER_SIZE?ZEND_MM_MIN_ALLOC_BLOCK_SIZE:ZEND_MM_ALIGNED_FREE_HEADER_SIZE) ++#define ZEND_MM_ALIGNED_SEGMENT_SIZE ZEND_MM_ALIGNED_SIZE(sizeof(zend_mm_segment)) ++ ++#define ZEND_MM_MIN_SIZE ((ZEND_MM_ALIGNED_MIN_HEADER_SIZE>(ZEND_MM_ALIGNED_HEADER_SIZE+END_MAGIC_SIZE+CANARY_SIZE))?(ZEND_MM_ALIGNED_MIN_HEADER_SIZE-(ZEND_MM_ALIGNED_HEADER_SIZE+END_MAGIC_SIZE+CANARY_SIZE)):0) ++ ++#define ZEND_MM_MAX_SMALL_SIZE ((ZEND_MM_NUM_BUCKETS<>ZEND_MM_ALIGNMENT_LOG2)-(ZEND_MM_ALIGNED_MIN_HEADER_SIZE>>ZEND_MM_ALIGNMENT_LOG2)) ++ ++#define ZEND_MM_SMALL_SIZE(true_size) (true_size < ZEND_MM_MAX_SMALL_SIZE) ++ ++/* Memory calculations */ ++#define ZEND_MM_BLOCK_AT(blk, offset) ((zend_mm_block_canary *) (((char *) (blk))+(offset))) ++#define ZEND_MM_DATA_OF(p) ((void *) (((char *) (p))+ZEND_MM_ALIGNED_HEADER_SIZE)) ++#define ZEND_MM_HEADER_OF(blk) ZEND_MM_BLOCK_AT(blk, -(int)ZEND_MM_ALIGNED_HEADER_SIZE) ++ ++/* Debug output */ ++#if ZEND_DEBUG ++ ++# ifdef ZTS ++# define ZEND_MM_SET_THREAD_ID(block) \ ++ ((zend_mm_block_canary*)(block))->thread_id = tsrm_thread_id() ++# define ZEND_MM_BAD_THREAD_ID(block) ((block)->thread_id != tsrm_thread_id()) ++# else ++# define ZEND_MM_SET_THREAD_ID(block) ++# define ZEND_MM_BAD_THREAD_ID(block) 0 ++# endif ++ ++# define ZEND_MM_VALID_PTR(block) \ ++ zend_mm_check_ptr(heap, block, 1 ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC) ++ ++# define ZEND_MM_SET_MAGIC(block, val) do { \ ++ (block)->magic = (val); \ ++ } while (0) ++ ++# define ZEND_MM_CHECK_MAGIC(block, val) do { \ ++ if ((block)->magic != (val)) { \ ++ zend_mm_panic("zend_mm_heap corrupted"); \ ++ } \ ++ } while (0) ++ ++# define ZEND_MM_SET_DEBUG_INFO(block, __size, set_valid, set_thread) do { \ ++ ((zend_mm_block_canary*)(block))->debug.filename = __zend_filename; \ ++ ((zend_mm_block_canary*)(block))->debug.lineno = __zend_lineno; \ ++ ((zend_mm_block_canary*)(block))->debug.orig_filename = __zend_orig_filename; \ ++ ((zend_mm_block_canary*)(block))->debug.orig_lineno = __zend_orig_lineno; \ ++ ZEND_MM_SET_BLOCK_SIZE(block, __size); \ ++ if (set_valid) { \ ++ ZEND_MM_SET_MAGIC(block, MEM_BLOCK_VALID); \ ++ } \ ++ if (set_thread) { \ ++ ZEND_MM_SET_THREAD_ID(block); \ ++ } \ ++ } while (0) ++ ++#else ++ ++# define ZEND_MM_VALID_PTR(ptr) EXPECTED(ptr != NULL) ++ ++# define ZEND_MM_SET_MAGIC(block, val) ++ ++# define ZEND_MM_CHECK_MAGIC(block, val) ++ ++# define ZEND_MM_SET_DEBUG_INFO(block, __size, set_valid, set_thread) ZEND_MM_SET_BLOCK_SIZE(block, __size) ++ ++#endif ++ ++#if SUHOSIN_MM_WITH_CANARY_PROTECTION ++ ++# define SUHOSIN_MM_CHECK_CANARIES(block, MFUNCTION) do { \ ++ char *p = SUHOSIN_MM_END_CANARY_PTR(block); size_t check; \ ++ if (((block)->info.canary_1 != heap->canary_1) || ((block)->info.canary_2 != heap->canary_2)) { \ ++ canary_mismatch: \ ++ zend_suhosin_log(S_MEMORY, "canary mismatch on " MFUNCTION " - heap overflow detected at %p", (block)); \ ++ if (SUHOSIN_CONFIG(SUHOSIN_MM_IGNORE_CANARY_VIOLATION) == 0) { _exit(1); } else { (block)->info.canary_1 = heap->canary_1; (block)->info.canary_2 = heap->canary_2; }\ ++ } \ ++ memcpy(&check, p, CANARY_SIZE); \ ++ if (check != heap->canary_3) { \ ++ zend_suhosin_log(S_MEMORY, "end canary mismatch on " MFUNCTION " - heap overflow detected at %p", (block)); \ ++ if (SUHOSIN_CONFIG(SUHOSIN_MM_IGNORE_CANARY_VIOLATION) == 0) { _exit(1); } else { memcpy(p, heap->canary_3, CANARY_SIZE); } \ ++ } \ ++ } while (0) ++ ++# define SUHOSIN_MM_SET_CANARIES(block) do { \ ++ (block)->info.canary_1 = heap->canary_1; \ ++ (block)->info.canary_2 = heap->canary_2; \ ++ } while (0) ++ ++# define SUHOSIN_MM_END_CANARY_PTR(block) \ ++ (char *)(((char*)(ZEND_MM_DATA_OF(block))) + ((zend_mm_block_canary*)(block))->info.size + END_MAGIC_SIZE) ++ ++# define SUHOSIN_MM_SET_END_CANARY(block) do { \ ++ char *p = SUHOSIN_MM_END_CANARY_PTR(block); \ ++ memcpy(p, &heap->canary_3, CANARY_SIZE); \ ++ } while (0) ++ ++#else ++ ++# define SUHOSIN_MM_CHECK_CANARIES(block, MFUNCTION) ++# define SUHOSIN_MM_SET_CANARIES(block) ++# define SUHOSIN_MM_END_CANARY_PTR(block) ++# define SUHOSIN_MM_SET_END_CANARY(block) ++ ++#endif ++ ++ ++#if ZEND_MM_HEAP_PROTECTION ++ ++# define ZEND_MM_CHECK_PROTECTION(block) \ ++ do { \ ++ if ((block)->debug.start_magic != _mem_block_start_magic || \ ++ memcmp(ZEND_MM_END_MAGIC_PTR(block), &_mem_block_end_magic, END_MAGIC_SIZE) != 0) { \ ++ zend_mm_panic("zend_mm_heap corrupted"); \ ++ } \ ++ } while (0) ++ ++# define ZEND_MM_END_MAGIC_PTR(block) \ ++ (((char*)(ZEND_MM_DATA_OF(block))) + ((zend_mm_block_canary*)(block))->debug.size) ++ ++# define END_MAGIC_SIZE sizeof(unsigned int) ++ ++# define ZEND_MM_SET_BLOCK_SIZE(block, __size) do { \ ++ char *p; \ ++ ((zend_mm_block_canary*)(block))->debug.size = (__size); \ ++ p = ZEND_MM_END_MAGIC_PTR(block); \ ++ ((zend_mm_block_canary*)(block))->debug.start_magic = _mem_block_start_magic; \ ++ memcpy(p, &_mem_block_end_magic, END_MAGIC_SIZE); \ ++ } while (0) ++ ++static unsigned int _mem_block_start_magic = 0; ++static unsigned int _mem_block_end_magic = 0; ++ ++#else ++ ++# if ZEND_DEBUG ++# define ZEND_MM_SET_BLOCK_SIZE(block, _size) \ ++ ((zend_mm_block_canary*)(block))->debug.size = (_size) ++# else ++# define ZEND_MM_SET_BLOCK_SIZE(block, _size) ++# endif ++ ++# define ZEND_MM_CHECK_PROTECTION(block) ++ ++# define END_MAGIC_SIZE 0 ++ ++#endif ++ ++#if ZEND_MM_SAFE_UNLINKING ++# define ZEND_MM_CHECK_BLOCK_LINKAGE(block) \ ++ if (UNEXPECTED((block)->info._size != ZEND_MM_BLOCK_AT(block, ZEND_MM_FREE_BLOCK_SIZE(block))->info._prev) || \ ++ UNEXPECTED(!UNEXPECTED(ZEND_MM_IS_FIRST_BLOCK(block)) && \ ++ UNEXPECTED(ZEND_MM_PREV_BLOCK(block)->info._size != (block)->info._prev))) { \ ++ zend_mm_panic("zend_mm_heap corrupted"); \ ++ } ++#define ZEND_MM_CHECK_TREE(block) \ ++ if (UNEXPECTED(*((block)->parent) != (block))) { \ ++ zend_mm_panic("zend_mm_heap corrupted"); \ ++ } ++#else ++# define ZEND_MM_CHECK_BLOCK_LINKAGE(block) ++# define ZEND_MM_CHECK_TREE(block) ++#endif ++ ++#define ZEND_MM_LARGE_BUCKET_INDEX(S) zend_mm_high_bit(S) ++ ++void *_zend_mm_alloc_canary_int(zend_mm_heap_canary *heap, size_t size ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC) ZEND_ATTRIBUTE_MALLOC; ++void _zend_mm_free_canary_int(zend_mm_heap_canary *heap, void *p ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC); ++void *_zend_mm_realloc_canary_int(zend_mm_heap_canary *heap, void *p, size_t size ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC); ++ ++ ++static inline unsigned int zend_mm_high_bit(size_t _size) ++{ ++#if defined(__GNUC__) && defined(i386) ++ unsigned int n; ++ ++ __asm__("bsrl %1,%0\n\t" : "=r" (n) : "rm" (_size)); ++ return n; ++#elif defined(__GNUC__) && defined(__x86_64__) ++ unsigned long n; ++ ++ __asm__("bsrq %1,%0\n\t" : "=r" (n) : "rm" (_size)); ++ return (unsigned int)n; ++#elif defined(_MSC_VER) && defined(_M_IX86) ++ __asm { ++ bsr eax, _size ++ } ++#else ++ unsigned int n = 0; ++ while (_size != 0) { ++ _size = _size >> 1; ++ n++; ++ } ++ return n-1; ++#endif ++} ++ ++static inline unsigned int zend_mm_low_bit(size_t _size) ++{ ++#if defined(__GNUC__) && defined(i386) ++ unsigned int n; ++ ++ __asm__("bsfl %1,%0\n\t" : "=r" (n) : "rm" (_size)); ++ return n; ++#elif defined(__GNUC__) && defined(__x86_64__) ++ unsigned long n; ++ ++ __asm__("bsfq %1,%0\n\t" : "=r" (n) : "rm" (_size)); ++ return (unsigned int)n; ++#elif defined(_MSC_VER) && defined(_M_IX86) ++ __asm { ++ bsf eax, _size ++ } ++#else ++ static const int offset[16] = {4,0,1,0,2,0,1,0,3,0,1,0,2,0,1,0}; ++ unsigned int n; ++ unsigned int index = 0; ++ ++ n = offset[_size & 15]; ++ while (n == 4) { ++ _size >>= 4; ++ index += n; ++ n = offset[_size & 15]; ++ } ++ ++ return index + n; ++#endif ++} ++ ++static void zend_mm_add_to_rest_list(zend_mm_heap_canary *heap, zend_mm_free_block_canary *mm_block) ++{ ++ zend_mm_free_block_canary *prev, *next; ++ ++ ZEND_MM_SET_MAGIC(mm_block, MEM_BLOCK_FREED); ++ ++ if (!ZEND_MM_SMALL_SIZE(ZEND_MM_FREE_BLOCK_SIZE(mm_block))) { ++ mm_block->parent = NULL; ++ } ++ ++ prev = SUHOSIN_MANGLE_PTR(heap->rest_buckets[0]); ++ next = SUHOSIN_MANGLE_PTR(prev->next_free_block); ++ mm_block->prev_free_block = SUHOSIN_MANGLE_PTR(prev); ++ mm_block->next_free_block = SUHOSIN_MANGLE_PTR(next); ++ prev->next_free_block = next->prev_free_block = SUHOSIN_MANGLE_PTR(mm_block); ++} ++ ++static void zend_mm_add_to_free_list(zend_mm_heap_canary *heap, zend_mm_free_block_canary *mm_block) ++{ ++ size_t size; ++ size_t index; ++ ++ ZEND_MM_SET_MAGIC(mm_block, MEM_BLOCK_FREED); ++ ++ size = ZEND_MM_FREE_BLOCK_SIZE(mm_block); ++ if (EXPECTED(!ZEND_MM_SMALL_SIZE(size))) { ++ zend_mm_free_block_canary **p; ++ ++ index = ZEND_MM_LARGE_BUCKET_INDEX(size); ++ p = &heap->large_free_buckets[index]; ++ mm_block->child[0] = mm_block->child[1] = NULL; ++ if (!*p) { ++ *p = mm_block; ++ mm_block->parent = p; ++ mm_block->prev_free_block = mm_block->next_free_block = SUHOSIN_MANGLE_PTR(mm_block); ++ heap->large_free_bitmap |= (ZEND_MM_LONG_CONST(1) << index); ++ } else { ++ size_t m; ++ ++ for (m = size << (ZEND_MM_NUM_BUCKETS - index); ; m <<= 1) { ++ zend_mm_free_block_canary *prev = *p; ++ ++ if (ZEND_MM_FREE_BLOCK_SIZE(prev) != size) { ++ p = &prev->child[(m >> (ZEND_MM_NUM_BUCKETS-1)) & 1]; ++ if (!*p) { ++ *p = mm_block; ++ mm_block->parent = p; ++ mm_block->prev_free_block = mm_block->next_free_block = SUHOSIN_MANGLE_PTR(mm_block); ++ break; ++ } ++ } else { ++ zend_mm_free_block_canary *next = SUHOSIN_MANGLE_PTR(prev->next_free_block); ++ ++ prev->next_free_block = next->prev_free_block = SUHOSIN_MANGLE_PTR(mm_block); ++ mm_block->next_free_block = SUHOSIN_MANGLE_PTR(next); ++ mm_block->prev_free_block = SUHOSIN_MANGLE_PTR(prev); ++ mm_block->parent = NULL; ++ break; ++ } ++ } ++ } ++ } else { ++ zend_mm_free_block_canary *prev, *next; ++ ++ index = ZEND_MM_BUCKET_INDEX(size); ++ ++ prev = ZEND_MM_SMALL_FREE_BUCKET(heap, index); ++ if (SUHOSIN_MANGLE_PTR(prev->prev_free_block) == prev) { ++ heap->free_bitmap |= (ZEND_MM_LONG_CONST(1) << index); ++ } ++ next = SUHOSIN_MANGLE_PTR(prev->next_free_block); ++ ++ mm_block->prev_free_block = SUHOSIN_MANGLE_PTR(prev); ++ mm_block->next_free_block = SUHOSIN_MANGLE_PTR(next); ++ prev->next_free_block = next->prev_free_block = SUHOSIN_MANGLE_PTR(mm_block); ++ } ++} ++ ++static void zend_mm_remove_from_free_list(zend_mm_heap_canary *heap, zend_mm_free_block_canary *mm_block) ++{ ++ zend_mm_free_block_canary *prev = SUHOSIN_MANGLE_PTR(mm_block->prev_free_block); ++ zend_mm_free_block_canary *next = SUHOSIN_MANGLE_PTR(mm_block->next_free_block); ++ ++ ZEND_MM_CHECK_MAGIC(mm_block, MEM_BLOCK_FREED); ++ ++ if (EXPECTED(prev == mm_block)) { ++ zend_mm_free_block_canary **rp, **cp; ++ ++#if SUHOSIN_PATCH ++ if (next != mm_block) { ++ zend_suhosin_log(S_MEMORY, "zend_mm_heap corrupted at %p", mm_block); ++ _exit(1); ++ } ++#endif ++#if ZEND_MM_SAFE_UNLINKING ++ if (UNEXPECTED(next != mm_block)) { ++ zend_mm_panic("zend_mm_heap corrupted"); ++ } ++#endif ++ ++ rp = &mm_block->child[mm_block->child[1] != NULL]; ++ prev = *rp; ++ if (EXPECTED(prev == NULL)) { ++ size_t index = ZEND_MM_LARGE_BUCKET_INDEX(ZEND_MM_FREE_BLOCK_SIZE(mm_block)); ++ ++ ZEND_MM_CHECK_TREE(mm_block); ++ *mm_block->parent = NULL; ++ if (mm_block->parent == &heap->large_free_buckets[index]) { ++ heap->large_free_bitmap &= ~(ZEND_MM_LONG_CONST(1) << index); ++ } ++ } else { ++ while (*(cp = &(prev->child[prev->child[1] != NULL])) != NULL) { ++ prev = *cp; ++ rp = cp; ++ } ++ *rp = NULL; ++ ++subst_block: ++ ZEND_MM_CHECK_TREE(mm_block); ++ *mm_block->parent = prev; ++ prev->parent = mm_block->parent; ++ if ((prev->child[0] = mm_block->child[0])) { ++ ZEND_MM_CHECK_TREE(prev->child[0]); ++ prev->child[0]->parent = &prev->child[0]; ++ } ++ if ((prev->child[1] = mm_block->child[1])) { ++ ZEND_MM_CHECK_TREE(prev->child[1]); ++ prev->child[1]->parent = &prev->child[1]; ++ } ++ } ++ } else { ++ ++#if SUHOSIN_PATCH ++ if (SUHOSIN_MANGLE_PTR(prev->next_free_block) != mm_block || SUHOSIN_MANGLE_PTR(next->prev_free_block) != mm_block) { ++ zend_suhosin_log(S_MEMORY, "zend_mm_head corrupted at %p", mm_block); ++ _exit(1); ++ } ++#endif ++ ++#if ZEND_MM_SAFE_UNLINKING ++ if (UNEXPECTED(SUHOSIN_MANGLE_PTR(prev->next_free_block) != mm_block) || UNEXPECTED(SUHOSIN_MANGLE_PTR(next->prev_free_block) != mm_block)) { ++ zend_mm_panic("zend_mm_heap corrupted"); ++ } ++#endif ++ ++ prev->next_free_block = SUHOSIN_MANGLE_PTR(next); ++ next->prev_free_block = SUHOSIN_MANGLE_PTR(prev); ++ ++ if (EXPECTED(ZEND_MM_SMALL_SIZE(ZEND_MM_FREE_BLOCK_SIZE(mm_block)))) { ++ if (EXPECTED(prev == next)) { ++ size_t index = ZEND_MM_BUCKET_INDEX(ZEND_MM_FREE_BLOCK_SIZE(mm_block)); ++ ++ if (EXPECTED(heap->free_buckets[index*2] == heap->free_buckets[index*2+1])) { ++ heap->free_bitmap &= ~(ZEND_MM_LONG_CONST(1) << index); ++ } ++ } ++ } else if (UNEXPECTED(mm_block->parent != NULL)) { ++ goto subst_block; ++ } ++ } ++} ++ ++static void zend_mm_init(zend_mm_heap_canary *heap) ++{ ++ zend_mm_free_block_canary* p; ++ int i; ++ ++ heap->free_bitmap = 0; ++ heap->large_free_bitmap = 0; ++#if ZEND_MM_CACHE ++ heap->cached = 0; ++ memset(heap->cache, 0, sizeof(heap->cache)); ++#endif ++#if ZEND_MM_CACHE_STAT ++ for (i = 0; i < ZEND_MM_NUM_BUCKETS; i++) { ++ heap->cache_stat[i].count = 0; ++ } ++#endif ++ p = ZEND_MM_SMALL_FREE_BUCKET(heap, 0); ++ for (i = 0; i < ZEND_MM_NUM_BUCKETS; i++) { ++ p->next_free_block = SUHOSIN_MANGLE_PTR(p); ++ p->prev_free_block = SUHOSIN_MANGLE_PTR(p); ++ p = (zend_mm_free_block_canary*)((char*)p + sizeof(zend_mm_free_block_canary*) * 2); ++ heap->large_free_buckets[i] = NULL; ++ } ++ heap->rest_buckets[0] = heap->rest_buckets[1] = SUHOSIN_MANGLE_PTR(ZEND_MM_REST_BUCKET(heap)); ++#if SUHOSIN_PATCH ++ if (SUHOSIN_CONFIG(SUHOSIN_MM_USE_CANARY_PROTECTION)) { ++ zend_canary(&heap->canary_1, sizeof(heap->canary_1)); ++ zend_canary(&heap->canary_2, sizeof(heap->canary_2)); ++ zend_canary(&heap->canary_3, sizeof(heap->canary_3)); ++ } ++#endif ++} ++ ++static void zend_mm_del_segment(zend_mm_heap_canary *heap, zend_mm_segment *segment) ++{ ++ zend_mm_segment **p = &heap->segments_list; ++ ++ while (*p != segment) { ++ p = &(*p)->next_segment; ++ } ++ *p = segment->next_segment; ++ heap->real_size -= segment->size; ++ ZEND_MM_STORAGE_FREE(segment); ++} ++ ++#if ZEND_MM_CACHE ++static void zend_mm_free_cache(zend_mm_heap_canary *heap) ++{ ++ int i; ++ ++ for (i = 0; i < ZEND_MM_NUM_BUCKETS; i++) { ++ /* SUHOSIN_MANGLE_PTR should NOT affect NULL pointers */ ++ if (heap->cache[i]) { ++ zend_mm_free_block_canary *mm_block = SUHOSIN_MANGLE_PTR(heap->cache[i]); ++ ++ while (mm_block) { ++ size_t size = ZEND_MM_BLOCK_SIZE(mm_block); ++ zend_mm_free_block_canary *q = SUHOSIN_MANGLE_PTR(mm_block->prev_free_block); ++ zend_mm_block_canary *next_block = ZEND_MM_NEXT_BLOCK(mm_block); ++ ++ heap->cached -= size; ++ ++ if (ZEND_MM_PREV_BLOCK_IS_FREE(mm_block)) { ++ mm_block = (zend_mm_free_block_canary*)ZEND_MM_PREV_BLOCK(mm_block); ++ size += ZEND_MM_FREE_BLOCK_SIZE(mm_block); ++ zend_mm_remove_from_free_list(heap, (zend_mm_free_block_canary *) mm_block); ++ } ++ if (ZEND_MM_IS_FREE_BLOCK(next_block)) { ++ size += ZEND_MM_FREE_BLOCK_SIZE(next_block); ++ zend_mm_remove_from_free_list(heap, (zend_mm_free_block_canary *) next_block); ++ } ++ ZEND_MM_BLOCK(mm_block, ZEND_MM_FREE_BLOCK, size); ++ ++ if (ZEND_MM_IS_FIRST_BLOCK(mm_block) && ++ ZEND_MM_IS_GUARD_BLOCK(ZEND_MM_NEXT_BLOCK(mm_block))) { ++ zend_mm_del_segment(heap, (zend_mm_segment *) ((char *)mm_block - ZEND_MM_ALIGNED_SEGMENT_SIZE)); ++ } else { ++ zend_mm_add_to_free_list(heap, (zend_mm_free_block_canary *) mm_block); ++ } ++ ++ mm_block = q; ++ } ++ heap->cache[i] = NULL; ++#if ZEND_MM_CACHE_STAT ++ heap->cache_stat[i].count = 0; ++#endif ++ } ++ } ++} ++#endif ++ ++#if ZEND_MM_HEAP_PROTECTION || ZEND_MM_COOKIES ++static void zend_mm_random(unsigned char *buf, size_t size) /* {{{ */ ++{ ++ size_t i = 0; ++ unsigned char t; ++ ++#ifdef ZEND_WIN32 ++ HCRYPTPROV hCryptProv; ++ int has_context = 0; ++ ++ if (!CryptAcquireContext(&hCryptProv, NULL, NULL, PROV_RSA_FULL, 0)) { ++ /* Could mean that the key container does not exist, let try ++ again by asking for a new one */ ++ if (GetLastError() == NTE_BAD_KEYSET) { ++ if (CryptAcquireContext(&hCryptProv, NULL, NULL, PROV_RSA_FULL, CRYPT_NEWKEYSET)) { ++ has_context = 1; ++ } ++ } ++ } else { ++ has_context = 1; ++ } ++ if (has_context) { ++ do { ++ BOOL ret = CryptGenRandom(hCryptProv, size, buf); ++ CryptReleaseContext(hCryptProv, 0); ++ if (ret) { ++ while (i < size && buf[i] != 0) { ++ i++; ++ } ++ if (i == size) { ++ return; ++ } ++ } ++ } while (0); ++ } ++#elif defined(HAVE_DEV_URANDOM) ++ int fd = open("/dev/urandom", 0); ++ ++ if (fd >= 0) { ++ if (read(fd, buf, size) == size) { ++ while (i < size && buf[i] != 0) { ++ i++; ++ } ++ if (i == size) { ++ close(fd); ++ return; ++ } ++ } ++ close(fd); ++ } ++#endif ++ t = (unsigned char)getpid(); ++ while (i < size) { ++ do { ++ buf[i] = ((unsigned char)rand()) ^ t; ++ } while (buf[i] == 0); ++ t = buf[i++] << 1; ++ } ++} ++/* }}} */ ++#endif ++ ++ ++/* Notes: ++ * - This function may alter the block_sizes values to match platform alignment ++ * - This function does *not* perform sanity checks on the arguments ++ */ ++zend_mm_heap_canary *__zend_mm_startup_canary_ex(const zend_mm_mem_handlers *handlers, size_t block_size, size_t reserve_size, int internal, void *params) ++{ ++ zend_mm_storage *storage; ++ zend_mm_heap_canary *heap; ++ zend_mm_free_block_canary *tmp; ++ ++#if 0 ++ int i; ++ ++ printf("ZEND_MM_ALIGNMENT=%d\n", ZEND_MM_ALIGNMENT); ++ printf("ZEND_MM_ALIGNMENT_LOG2=%d\n", ZEND_MM_ALIGNMENT_LOG2); ++ printf("ZEND_MM_MIN_SIZE=%d\n", ZEND_MM_MIN_SIZE); ++ printf("ZEND_MM_MAX_SMALL_SIZE=%d\n", ZEND_MM_MAX_SMALL_SIZE); ++ printf("ZEND_MM_ALIGNED_HEADER_SIZE=%d\n", ZEND_MM_ALIGNED_HEADER_SIZE); ++ printf("ZEND_MM_ALIGNED_FREE_HEADER_SIZE=%d\n", ZEND_MM_ALIGNED_FREE_HEADER_SIZE); ++ printf("ZEND_MM_MIN_ALLOC_BLOCK_SIZE=%d\n", ZEND_MM_MIN_ALLOC_BLOCK_SIZE); ++ printf("ZEND_MM_ALIGNED_MIN_HEADER_SIZE=%d\n", ZEND_MM_ALIGNED_MIN_HEADER_SIZE); ++ printf("ZEND_MM_ALIGNED_SEGMENT_SIZE=%d\n", ZEND_MM_ALIGNED_SEGMENT_SIZE); ++ for (i = 0; i < ZEND_MM_MAX_SMALL_SIZE; i++) { ++ printf("%3d%c: %3ld %d %2ld\n", i, (i == ZEND_MM_MIN_SIZE?'*':' '), (long)ZEND_MM_TRUE_SIZE(i), ZEND_MM_SMALL_SIZE(ZEND_MM_TRUE_SIZE(i)), (long)ZEND_MM_BUCKET_INDEX(ZEND_MM_TRUE_SIZE(i))); ++ } ++ exit(0); ++#endif ++ ++#if ZEND_MM_HEAP_PROTECTION ++ if (_mem_block_start_magic == 0) { ++ zend_mm_random((unsigned char*)&_mem_block_start_magic, sizeof(_mem_block_start_magic)); ++ } ++ if (_mem_block_end_magic == 0) { ++ zend_mm_random((unsigned char*)&_mem_block_end_magic, sizeof(_mem_block_end_magic)); ++ } ++#endif ++#if ZEND_MM_COOKIES ++ if (_zend_mm_cookie == 0) { ++ zend_mm_random((unsigned char*)&_zend_mm_cookie, sizeof(_zend_mm_cookie)); ++ } ++#endif ++ ++ /* get the pointer guardian and ensure low 3 bits are 1 */ ++ if (SUHOSIN_POINTER_GUARD == 0) { ++ zend_canary(&SUHOSIN_POINTER_GUARD, sizeof(SUHOSIN_POINTER_GUARD)); ++ SUHOSIN_POINTER_GUARD |= 7; ++ } ++ ++ if (zend_mm_low_bit(block_size) != zend_mm_high_bit(block_size)) { ++ fprintf(stderr, "'block_size' must be a power of two\n"); ++/* See http://support.microsoft.com/kb/190351 */ ++#ifdef PHP_WIN32 ++ fflush(stderr); ++#endif ++ exit(255); ++ } ++ storage = handlers->init(params); ++ if (!storage) { ++ fprintf(stderr, "Cannot initialize zend_mm storage [%s]\n", handlers->name); ++/* See http://support.microsoft.com/kb/190351 */ ++#ifdef PHP_WIN32 ++ fflush(stderr); ++#endif ++ exit(255); ++ } ++ storage->handlers = handlers; ++ ++ heap = malloc(sizeof(struct _zend_mm_heap_canary)); ++ ++ heap->storage = storage; ++ heap->block_size = block_size; ++ heap->compact_size = 0; ++ heap->segments_list = NULL; ++ zend_mm_init(heap); ++# if ZEND_MM_CACHE_STAT ++ memset(heap->cache_stat, 0, sizeof(heap->cache_stat)); ++# endif ++ ++ heap->use_zend_alloc = 1; ++ heap->real_size = 0; ++ heap->overflow = 0; ++ heap->real_peak = 0; ++ heap->limit = ZEND_MM_LONG_CONST(1)<<(ZEND_MM_NUM_BUCKETS-2); ++ heap->size = 0; ++ heap->peak = 0; ++ heap->internal = internal; ++ heap->reserve = NULL; ++ heap->reserve_size = reserve_size; ++ if (reserve_size > 0) { ++ heap->reserve = _zend_mm_alloc((zend_mm_heap *)heap, reserve_size ZEND_FILE_LINE_CC ZEND_FILE_LINE_EMPTY_CC); ++ } ++ if (internal) { ++ int i; ++ zend_mm_free_block_canary *p, *q, *orig; ++ zend_mm_heap_canary *mm_heap = _zend_mm_alloc((zend_mm_heap *)heap, sizeof(zend_mm_heap_canary) ZEND_FILE_LINE_CC ZEND_FILE_LINE_EMPTY_CC); ++ ++ *mm_heap = *heap; ++ ++ p = ZEND_MM_SMALL_FREE_BUCKET(mm_heap, 0); ++ orig = ZEND_MM_SMALL_FREE_BUCKET(heap, 0); ++ for (i = 0; i < ZEND_MM_NUM_BUCKETS; i++) { ++ q = p; ++ while (SUHOSIN_MANGLE_PTR(q->prev_free_block) != orig) { ++ q = SUHOSIN_MANGLE_PTR(q->prev_free_block); ++ } ++ q->prev_free_block = SUHOSIN_MANGLE_PTR(p); ++ q = p; ++ while (SUHOSIN_MANGLE_PTR(q->next_free_block) != orig) { ++ q = SUHOSIN_MANGLE_PTR(q->next_free_block); ++ } ++ q->next_free_block = SUHOSIN_MANGLE_PTR(p); ++ p = (zend_mm_free_block_canary*)((char*)p + sizeof(zend_mm_free_block_canary*) * 2); ++ orig = (zend_mm_free_block_canary*)((char*)orig + sizeof(zend_mm_free_block_canary*) * 2); ++ if (mm_heap->large_free_buckets[i]) { ++ mm_heap->large_free_buckets[i]->parent = &mm_heap->large_free_buckets[i]; ++ } ++ } ++ mm_heap->rest_buckets[0] = mm_heap->rest_buckets[1] = SUHOSIN_MANGLE_PTR(ZEND_MM_REST_BUCKET(mm_heap)); ++ ++ free(heap); ++ heap = mm_heap; ++ } ++ return heap; ++} ++ ++zend_mm_heap_canary *__zend_mm_startup_canary(void) ++{ ++ int i; ++ size_t seg_size; ++ char *mem_type = getenv("ZEND_MM_MEM_TYPE"); ++ char *tmp; ++ const zend_mm_mem_handlers *handlers; ++ zend_mm_heap_canary *heap; ++ ++ if (mem_type == NULL) { ++ i = 0; ++ } else { ++ for (i = 0; mem_handlers[i].name; i++) { ++ if (strcmp(mem_handlers[i].name, mem_type) == 0) { ++ break; ++ } ++ } ++ if (!mem_handlers[i].name) { ++ fprintf(stderr, "Wrong or unsupported zend_mm storage type '%s'\n", mem_type); ++ fprintf(stderr, " supported types:\n"); ++/* See http://support.microsoft.com/kb/190351 */ ++#ifdef PHP_WIN32 ++ fflush(stderr); ++#endif ++ for (i = 0; mem_handlers[i].name; i++) { ++ fprintf(stderr, " '%s'\n", mem_handlers[i].name); ++ } ++/* See http://support.microsoft.com/kb/190351 */ ++#ifdef PHP_WIN32 ++ fflush(stderr); ++#endif ++ exit(255); ++ } ++ } ++ handlers = &mem_handlers[i]; ++ ++ tmp = getenv("ZEND_MM_SEG_SIZE"); ++ if (tmp) { ++ seg_size = zend_atoi(tmp, 0); ++ if (zend_mm_low_bit(seg_size) != zend_mm_high_bit(seg_size)) { ++ fprintf(stderr, "ZEND_MM_SEG_SIZE must be a power of two\n"); ++/* See http://support.microsoft.com/kb/190351 */ ++#ifdef PHP_WIN32 ++ fflush(stderr); ++#endif ++ exit(255); ++ } else if (seg_size < ZEND_MM_ALIGNED_SEGMENT_SIZE + ZEND_MM_ALIGNED_HEADER_SIZE) { ++ fprintf(stderr, "ZEND_MM_SEG_SIZE is too small\n"); ++/* See http://support.microsoft.com/kb/190351 */ ++#ifdef PHP_WIN32 ++ fflush(stderr); ++#endif ++ exit(255); ++ } ++ } else { ++ seg_size = ZEND_MM_SEG_SIZE; ++ } ++ ++ heap = __zend_mm_startup_canary_ex(handlers, seg_size, ZEND_MM_RESERVE_SIZE, 0, NULL); ++ if (heap) { ++ tmp = getenv("ZEND_MM_COMPACT"); ++ if (tmp) { ++ heap->compact_size = zend_atoi(tmp, 0); ++ } else { ++ heap->compact_size = 2 * 1024 * 1024; ++ } ++ } ++ return heap; ++} ++ ++#if ZEND_DEBUG ++static long zend_mm_find_leaks(zend_mm_segment *segment, zend_mm_block_canary *b) ++{ ++ long leaks = 0; ++ zend_mm_block_canary *p, *q; ++ ++ p = ZEND_MM_NEXT_BLOCK(b); ++ while (1) { ++ if (ZEND_MM_IS_GUARD_BLOCK(p)) { ++ ZEND_MM_CHECK_MAGIC(p, MEM_BLOCK_GUARD); ++ segment = segment->next_segment; ++ if (!segment) { ++ break; ++ } ++ p = (zend_mm_block_canary *) ((char *) segment + ZEND_MM_ALIGNED_SEGMENT_SIZE); ++ continue; ++ } ++ q = ZEND_MM_NEXT_BLOCK(p); ++ if (q <= p || ++ (char*)q > (char*)segment + segment->size || ++ p->info._size != q->info._prev) { ++ zend_mm_panic("zend_mm_heap corrupted"); ++ } ++ if (!ZEND_MM_IS_FREE_BLOCK(p)) { ++ if (p->magic == MEM_BLOCK_VALID) { ++ if (p->debug.filename==b->debug.filename && p->debug.lineno==b->debug.lineno) { ++ ZEND_MM_SET_MAGIC(p, MEM_BLOCK_LEAK); ++ leaks++; ++ } ++#if ZEND_MM_CACHE ++ } else if (p->magic == MEM_BLOCK_CACHED) { ++ /* skip it */ ++#endif ++ } else if (p->magic != MEM_BLOCK_LEAK) { ++ zend_mm_panic("zend_mm_heap corrupted"); ++ } ++ } ++ p = q; ++ } ++ return leaks; ++} ++ ++static void zend_mm_check_leaks(zend_mm_heap_canary *heap TSRMLS_DC) ++{ ++ zend_mm_segment *segment = heap->segments_list; ++ zend_mm_block_canary *p, *q; ++ zend_uint total = 0; ++ ++ if (!segment) { ++ return; ++ } ++ p = (zend_mm_block_canary *) ((char *) segment + ZEND_MM_ALIGNED_SEGMENT_SIZE); ++ while (1) { ++ q = ZEND_MM_NEXT_BLOCK(p); ++ if (q <= p || ++ (char*)q > (char*)segment + segment->size || ++ p->info._size != q->info._prev) { ++ zend_mm_panic("zend_mm_heap corrupted"); ++ } ++ if (!ZEND_MM_IS_FREE_BLOCK(p)) { ++ if (p->magic == MEM_BLOCK_VALID) { ++ long repeated; ++ zend_leak_info leak; ++ ++ ZEND_MM_SET_MAGIC(p, MEM_BLOCK_LEAK); ++ ++ leak.addr = ZEND_MM_DATA_OF(p); ++ leak.size = p->debug.size; ++ leak.filename = p->debug.filename; ++ leak.lineno = p->debug.lineno; ++ leak.orig_filename = p->debug.orig_filename; ++ leak.orig_lineno = p->debug.orig_lineno; ++ ++ zend_message_dispatcher(ZMSG_LOG_SCRIPT_NAME, NULL TSRMLS_CC); ++ zend_message_dispatcher(ZMSG_MEMORY_LEAK_DETECTED, &leak TSRMLS_CC); ++ repeated = zend_mm_find_leaks(segment, p); ++ total += 1 + repeated; ++ if (repeated) { ++ zend_message_dispatcher(ZMSG_MEMORY_LEAK_REPEATED, (void *)(zend_uintptr_t)repeated TSRMLS_CC); ++ } ++#if ZEND_MM_CACHE ++ } else if (p->magic == MEM_BLOCK_CACHED) { ++ /* skip it */ ++#endif ++ } else if (p->magic != MEM_BLOCK_LEAK) { ++ zend_mm_panic("zend_mm_heap corrupted"); ++ } ++ } ++ if (ZEND_MM_IS_GUARD_BLOCK(q)) { ++ segment = segment->next_segment; ++ if (!segment) { ++ break; ++ } ++ q = (zend_mm_block_canary *) ((char *) segment + ZEND_MM_ALIGNED_SEGMENT_SIZE); ++ } ++ p = q; ++ } ++ if (total) { ++ zend_message_dispatcher(ZMSG_MEMORY_LEAKS_GRAND_TOTAL, &total TSRMLS_CC); ++ } ++} ++ ++static int zend_mm_check_ptr(zend_mm_heap_canary *heap, void *ptr, int silent ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC) ++{ ++ zend_mm_block_canary *p; ++ int no_cache_notice = 0; ++ int had_problems = 0; ++ int valid_beginning = 1; ++ ++ if (silent==2) { ++ silent = 1; ++ no_cache_notice = 1; ++ } else if (silent==3) { ++ silent = 0; ++ no_cache_notice = 1; ++ } ++ if (!silent) { ++ TSRMLS_FETCH(); ++ ++ zend_message_dispatcher(ZMSG_LOG_SCRIPT_NAME, NULL TSRMLS_CC); ++ zend_debug_alloc_output("---------------------------------------\n"); ++ zend_debug_alloc_output("%s(%d) : Block "PTR_FMT" status:\n" ZEND_FILE_LINE_RELAY_CC, ptr); ++ if (__zend_orig_filename) { ++ zend_debug_alloc_output("%s(%d) : Actual location (location was relayed)\n" ZEND_FILE_LINE_ORIG_RELAY_CC); ++ } ++ if (!ptr) { ++ zend_debug_alloc_output("NULL\n"); ++ zend_debug_alloc_output("---------------------------------------\n"); ++ return 0; ++ } ++ } ++ ++ if (!ptr) { ++ if (silent) { ++ return zend_mm_check_ptr(heap, ptr, 0 ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC); ++ } ++ } ++ ++ p = ZEND_MM_HEADER_OF(ptr); ++ ++#ifdef ZTS ++ if (ZEND_MM_BAD_THREAD_ID(p)) { ++ if (!silent) { ++ zend_debug_alloc_output("Invalid pointer: ((thread_id=0x%0.8X) != (expected=0x%0.8X))\n", (long)p->thread_id, (long)tsrm_thread_id()); ++ had_problems = 1; ++ } else { ++ return zend_mm_check_ptr(heap, ptr, 0 ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC); ++ } ++ } ++#endif ++ ++ if (p->info._size != ZEND_MM_NEXT_BLOCK(p)->info._prev) { ++ if (!silent) { ++ zend_debug_alloc_output("Invalid pointer: ((size="PTR_FMT") != (next.prev="PTR_FMT"))\n", p->info._size, ZEND_MM_NEXT_BLOCK(p)->info._prev); ++ had_problems = 1; ++ } else { ++ return zend_mm_check_ptr(heap, ptr, 0 ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC); ++ } ++ } ++ if (p->info._prev != ZEND_MM_GUARD_BLOCK && ++ ZEND_MM_PREV_BLOCK(p)->info._size != p->info._prev) { ++ if (!silent) { ++ zend_debug_alloc_output("Invalid pointer: ((prev="PTR_FMT") != (prev.size="PTR_FMT"))\n", p->info._prev, ZEND_MM_PREV_BLOCK(p)->info._size); ++ had_problems = 1; ++ } else { ++ return zend_mm_check_ptr(heap, ptr, 0 ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC); ++ } ++ } ++ ++ if (had_problems) { ++ zend_debug_alloc_output("---------------------------------------\n"); ++ return 0; ++ } ++ ++ if (!silent) { ++ zend_debug_alloc_output("%10s\t","Beginning: "); ++ } ++ ++ if (!ZEND_MM_IS_USED_BLOCK(p)) { ++ if (!silent) { ++ if (p->magic != MEM_BLOCK_FREED) { ++ zend_debug_alloc_output("Freed (magic=0x%0.8X, expected=0x%0.8X)\n", p->magic, MEM_BLOCK_FREED); ++ } else { ++ zend_debug_alloc_output("Freed\n"); ++ } ++ had_problems = 1; ++ } else { ++ return zend_mm_check_ptr(heap, ptr, 0 ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC); ++ } ++ } else if (ZEND_MM_IS_GUARD_BLOCK(p)) { ++ if (!silent) { ++ if (p->magic != MEM_BLOCK_FREED) { ++ zend_debug_alloc_output("Guard (magic=0x%0.8X, expected=0x%0.8X)\n", p->magic, MEM_BLOCK_FREED); ++ } else { ++ zend_debug_alloc_output("Guard\n"); ++ } ++ had_problems = 1; ++ } else { ++ return zend_mm_check_ptr(heap, ptr, 0 ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC); ++ } ++ } else { ++ switch (p->magic) { ++ case MEM_BLOCK_VALID: ++ case MEM_BLOCK_LEAK: ++ if (!silent) { ++ zend_debug_alloc_output("OK (allocated on %s:%d, %d bytes)\n", p->debug.filename, p->debug.lineno, (int)p->debug.size); ++ } ++ break; /* ok */ ++ case MEM_BLOCK_CACHED: ++ if (!no_cache_notice) { ++ if (!silent) { ++ zend_debug_alloc_output("Cached\n"); ++ had_problems = 1; ++ } else { ++ return zend_mm_check_ptr(heap, ptr, 0 ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC); ++ } ++ } ++ case MEM_BLOCK_FREED: ++ if (!silent) { ++ zend_debug_alloc_output("Freed (invalid)\n"); ++ had_problems = 1; ++ } else { ++ return zend_mm_check_ptr(heap, ptr, 0 ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC); ++ } ++ break; ++ case MEM_BLOCK_GUARD: ++ if (!silent) { ++ zend_debug_alloc_output("Guard (invalid)\n"); ++ had_problems = 1; ++ } else { ++ return zend_mm_check_ptr(heap, ptr, 0 ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC); ++ } ++ break; ++ default: ++ if (!silent) { ++ zend_debug_alloc_output("Unknown (magic=0x%0.8X, expected=0x%0.8X)\n", p->magic, MEM_BLOCK_VALID); ++ had_problems = 1; ++ valid_beginning = 0; ++ } else { ++ return zend_mm_check_ptr(heap, ptr, 0 ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC); ++ } ++ break; ++ } ++ } ++ ++#if ZEND_MM_HEAP_PROTECTION ++ if (!valid_beginning) { ++ if (!silent) { ++ zend_debug_alloc_output("%10s\t", "Start:"); ++ zend_debug_alloc_output("Unknown\n"); ++ zend_debug_alloc_output("%10s\t", "End:"); ++ zend_debug_alloc_output("Unknown\n"); ++ } ++ } else { ++ char *end_magic = ZEND_MM_END_MAGIC_PTR(p); ++ ++ if (p->debug.start_magic == _mem_block_start_magic) { ++ if (!silent) { ++ zend_debug_alloc_output("%10s\t", "Start:"); ++ zend_debug_alloc_output("OK\n"); ++ } ++ } else { ++ char *overflow_ptr, *magic_ptr=(char *) &_mem_block_start_magic; ++ int overflows=0; ++ int i; ++ ++ if (silent) { ++ return _mem_block_check(ptr, 0 ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC); ++ } ++ had_problems = 1; ++ overflow_ptr = (char *) &p->debug.start_magic; ++ i = END_MAGIC_SIZE; ++ while (--i >= 0) { ++ if (overflow_ptr[i]!=magic_ptr[i]) { ++ overflows++; ++ } ++ } ++ zend_debug_alloc_output("%10s\t", "Start:"); ++ zend_debug_alloc_output("Overflown (magic=0x%0.8X instead of 0x%0.8X)\n", p->debug.start_magic, _mem_block_start_magic); ++ zend_debug_alloc_output("%10s\t",""); ++ if (overflows >= END_MAGIC_SIZE) { ++ zend_debug_alloc_output("At least %d bytes overflown\n", END_MAGIC_SIZE); ++ } else { ++ zend_debug_alloc_output("%d byte(s) overflown\n", overflows); ++ } ++ } ++ if (memcmp(end_magic, &_mem_block_end_magic, END_MAGIC_SIZE)==0) { ++ if (!silent) { ++ zend_debug_alloc_output("%10s\t", "End:"); ++ zend_debug_alloc_output("OK\n"); ++ } ++ } else { ++ char *overflow_ptr, *magic_ptr=(char *) &_mem_block_end_magic; ++ int overflows=0; ++ int i; ++ ++ if (silent) { ++ return _mem_block_check(ptr, 0 ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC); ++ } ++ had_problems = 1; ++ overflow_ptr = (char *) end_magic; ++ ++ for (i=0; i < END_MAGIC_SIZE; i++) { ++ if (overflow_ptr[i]!=magic_ptr[i]) { ++ overflows++; ++ } ++ } ++ ++ zend_debug_alloc_output("%10s\t", "End:"); ++ zend_debug_alloc_output("Overflown (magic=0x%0.8X instead of 0x%0.8X)\n", *end_magic, _mem_block_end_magic); ++ zend_debug_alloc_output("%10s\t",""); ++ if (overflows >= END_MAGIC_SIZE) { ++ zend_debug_alloc_output("At least %d bytes overflown\n", END_MAGIC_SIZE); ++ } else { ++ zend_debug_alloc_output("%d byte(s) overflown\n", overflows); ++ } ++ } ++ } ++#endif ++ ++ if (!silent) { ++ zend_debug_alloc_output("---------------------------------------\n"); ++ } ++ return ((!had_problems) ? 1 : 0); ++} ++ ++static int zend_mm_check_heap(zend_mm_heap_canary *heap, int silent ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC) ++{ ++ zend_mm_segment *segment = heap->segments_list; ++ zend_mm_block_canary *p, *q; ++ int errors = 0; ++ ++ if (!segment) { ++ return 0; ++ } ++ p = (zend_mm_block_canary *) ((char *) segment + ZEND_MM_ALIGNED_SEGMENT_SIZE); ++ while (1) { ++ q = ZEND_MM_NEXT_BLOCK(p); ++ if (q <= p || ++ (char*)q > (char*)segment + segment->size || ++ p->info._size != q->info._prev) { ++ zend_mm_panic("zend_mm_heap corrupted"); ++ } ++ if (!ZEND_MM_IS_FREE_BLOCK(p)) { ++ if (p->magic == MEM_BLOCK_VALID || p->magic == MEM_BLOCK_LEAK) { ++ if (!zend_mm_check_ptr(heap, ZEND_MM_DATA_OF(p), (silent?2:3) ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC)) { ++ errors++; ++ } ++#if ZEND_MM_CACHE ++ } else if (p->magic == MEM_BLOCK_CACHED) { ++ /* skip it */ ++#endif ++ } else if (p->magic != MEM_BLOCK_LEAK) { ++ zend_mm_panic("zend_mm_heap corrupted"); ++ } ++ } ++ if (ZEND_MM_IS_GUARD_BLOCK(q)) { ++ segment = segment->next_segment; ++ if (!segment) { ++ return errors; ++ } ++ q = (zend_mm_block_canary *) ((char *) segment + ZEND_MM_ALIGNED_SEGMENT_SIZE); ++ } ++ p = q; ++ } ++} ++#endif ++ ++void __zend_mm_shutdown_canary(zend_mm_heap_canary *heap, int full_shutdown, int silent TSRMLS_DC) ++{ ++ zend_mm_storage *storage; ++ zend_mm_segment *segment; ++ zend_mm_segment *prev; ++ int internal; ++ ++ if (heap->reserve) { ++#if ZEND_DEBUG ++ if (!silent) { ++ _zend_mm_free(heap, heap->reserve ZEND_FILE_LINE_CC ZEND_FILE_LINE_EMPTY_CC); ++ } ++#endif ++ heap->reserve = NULL; ++ } ++ ++#if ZEND_MM_CACHE_STAT ++ if (full_shutdown) { ++ FILE *f; ++ ++ f = fopen("zend_mm.log", "w"); ++ if (f) { ++ int i,j; ++ size_t size, true_size, min_size, max_size; ++ int hit = 0, miss = 0; ++ ++ fprintf(f, "\nidx min_size max_size true_size max_len hits misses\n"); ++ size = 0; ++ while (1) { ++ true_size = ZEND_MM_TRUE_SIZE(size); ++ if (ZEND_MM_SMALL_SIZE(true_size)) { ++ min_size = size; ++ i = ZEND_MM_BUCKET_INDEX(true_size); ++ size++; ++ while (1) { ++ true_size = ZEND_MM_TRUE_SIZE(size); ++ if (ZEND_MM_SMALL_SIZE(true_size)) { ++ j = ZEND_MM_BUCKET_INDEX(true_size); ++ if (j > i) { ++ max_size = size-1; ++ break; ++ } ++ } else { ++ max_size = size-1; ++ break; ++ } ++ size++; ++ } ++ hit += heap->cache_stat[i].hit; ++ miss += heap->cache_stat[i].miss; ++ fprintf(f, "%2d %8d %8d %9d %8d %8d %8d\n", i, (int)min_size, (int)max_size, ZEND_MM_TRUE_SIZE(max_size), heap->cache_stat[i].max_count, heap->cache_stat[i].hit, heap->cache_stat[i].miss); ++ } else { ++ break; ++ } ++ } ++ fprintf(f, " %8d %8d\n", hit, miss); ++ fprintf(f, " %8d %8d\n", heap->cache_stat[ZEND_MM_NUM_BUCKETS].hit, heap->cache_stat[ZEND_MM_NUM_BUCKETS].miss); ++ fclose(f); ++ } ++ } ++#endif ++ ++#if ZEND_DEBUG ++ if (!silent) { ++ zend_mm_check_leaks(heap TSRMLS_CC); ++ } ++#endif ++ ++ internal = heap->internal; ++ storage = heap->storage; ++ segment = heap->segments_list; ++ while (segment) { ++ prev = segment; ++ segment = segment->next_segment; ++ ZEND_MM_STORAGE_FREE(prev); ++ } ++ if (full_shutdown) { ++ storage->handlers->dtor(storage); ++ if (!internal) { ++ free(heap); ++ } ++ } else { ++ if (heap->compact_size && ++ heap->real_peak > heap->compact_size) { ++ storage->handlers->compact(storage); ++ } ++ heap->segments_list = NULL; ++ zend_mm_init(heap); ++ heap->real_size = 0; ++ heap->real_peak = 0; ++ heap->size = 0; ++ heap->peak = 0; ++ if (heap->reserve_size) { ++ heap->reserve = _zend_mm_alloc((zend_mm_heap *)heap, heap->reserve_size ZEND_FILE_LINE_CC ZEND_FILE_LINE_EMPTY_CC); ++ } ++ heap->overflow = 0; ++ } ++} ++ ++static void zend_mm_safe_error(zend_mm_heap_canary *heap, ++ const char *format, ++ size_t limit, ++#if ZEND_DEBUG ++ const char *filename, ++ uint lineno, ++#endif ++ size_t size) ++{ ++ if (heap->reserve) { ++ _zend_mm_free_canary_int(heap, heap->reserve ZEND_FILE_LINE_CC ZEND_FILE_LINE_EMPTY_CC); ++ heap->reserve = NULL; ++ } ++ if (heap->overflow == 0) { ++ char *error_filename; ++ uint error_lineno; ++ TSRMLS_FETCH(); ++ if (zend_is_compiling(TSRMLS_C)) { ++ error_filename = zend_get_compiled_filename(TSRMLS_C); ++ error_lineno = zend_get_compiled_lineno(TSRMLS_C); ++ } else if (EG(in_execution)) { ++ error_filename = EG(active_op_array)?EG(active_op_array)->filename:NULL; ++ error_lineno = EG(opline_ptr)?(*EG(opline_ptr))->lineno:0; ++ } else { ++ error_filename = NULL; ++ error_lineno = 0; ++ } ++ if (!error_filename) { ++ error_filename = "Unknown"; ++ } ++ heap->overflow = 1; ++ zend_try { ++ zend_error_noreturn(E_ERROR, ++ format, ++ limit, ++#if ZEND_DEBUG ++ filename, ++ lineno, ++#endif ++ size); ++ } zend_catch { ++ if (heap->overflow == 2) { ++ fprintf(stderr, "\nFatal error: "); ++ fprintf(stderr, ++ format, ++ limit, ++#if ZEND_DEBUG ++ filename, ++ lineno, ++#endif ++ size); ++ fprintf(stderr, " in %s on line %d\n", error_filename, error_lineno); ++ } ++/* See http://support.microsoft.com/kb/190351 */ ++#ifdef PHP_WIN32 ++ fflush(stderr); ++#endif ++ } zend_end_try(); ++ } else { ++ heap->overflow = 2; ++ } ++ zend_bailout(); ++} ++ ++static zend_mm_free_block_canary *zend_mm_search_large_block(zend_mm_heap_canary *heap, size_t true_size) ++{ ++ zend_mm_free_block_canary *best_fit; ++ size_t index = ZEND_MM_LARGE_BUCKET_INDEX(true_size); ++ size_t bitmap = heap->large_free_bitmap >> index; ++ zend_mm_free_block_canary *p; ++ ++ if (bitmap == 0) { ++ return NULL; ++ } ++ ++ if (UNEXPECTED((bitmap & 1) != 0)) { ++ /* Search for best "large" free block */ ++ zend_mm_free_block_canary *rst = NULL; ++ size_t m; ++ size_t best_size = -1; ++ ++ best_fit = NULL; ++ p = heap->large_free_buckets[index]; ++ for (m = true_size << (ZEND_MM_NUM_BUCKETS - index); ; m <<= 1) { ++ if (UNEXPECTED(ZEND_MM_FREE_BLOCK_SIZE(p) == true_size)) { ++ return SUHOSIN_MANGLE_PTR(p->next_free_block); ++ } else if (ZEND_MM_FREE_BLOCK_SIZE(p) >= true_size && ++ ZEND_MM_FREE_BLOCK_SIZE(p) < best_size) { ++ best_size = ZEND_MM_FREE_BLOCK_SIZE(p); ++ best_fit = p; ++ } ++ if ((m & (ZEND_MM_LONG_CONST(1) << (ZEND_MM_NUM_BUCKETS-1))) == 0) { ++ if (p->child[1]) { ++ rst = p->child[1]; ++ } ++ if (p->child[0]) { ++ p = p->child[0]; ++ } else { ++ break; ++ } ++ } else if (p->child[1]) { ++ p = p->child[1]; ++ } else { ++ break; ++ } ++ } ++ ++ for (p = rst; p; p = p->child[p->child[0] != NULL]) { ++ if (UNEXPECTED(ZEND_MM_FREE_BLOCK_SIZE(p) == true_size)) { ++ return SUHOSIN_MANGLE_PTR(p->next_free_block); ++ } else if (ZEND_MM_FREE_BLOCK_SIZE(p) > true_size && ++ ZEND_MM_FREE_BLOCK_SIZE(p) < best_size) { ++ best_size = ZEND_MM_FREE_BLOCK_SIZE(p); ++ best_fit = p; ++ } ++ } ++ ++ if (best_fit) { ++ return SUHOSIN_MANGLE_PTR(best_fit->next_free_block); ++ } ++ bitmap = bitmap >> 1; ++ if (!bitmap) { ++ return NULL; ++ } ++ index++; ++ } ++ ++ /* Search for smallest "large" free block */ ++ best_fit = p = heap->large_free_buckets[index + zend_mm_low_bit(bitmap)]; ++ while ((p = p->child[p->child[0] != NULL])) { ++ if (ZEND_MM_FREE_BLOCK_SIZE(p) < ZEND_MM_FREE_BLOCK_SIZE(best_fit)) { ++ best_fit = p; ++ } ++ } ++ return SUHOSIN_MANGLE_PTR(best_fit->next_free_block); ++} ++ ++void *_zend_mm_alloc_canary_int(zend_mm_heap_canary *heap, size_t size ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC) ++{ ++ zend_mm_free_block_canary *best_fit; ++ size_t true_size = ZEND_MM_TRUE_SIZE(size); ++ size_t block_size; ++ size_t remaining_size; ++ size_t segment_size; ++ zend_mm_segment *segment; ++ int keep_rest = 0; ++ ++ if (EXPECTED(ZEND_MM_SMALL_SIZE(true_size))) { ++ size_t index = ZEND_MM_BUCKET_INDEX(true_size); ++ size_t bitmap; ++ ++ if (UNEXPECTED(true_size < size)) { ++ goto out_of_memory; ++ } ++#if ZEND_MM_CACHE ++ if (EXPECTED(heap->cache[index] != NULL)) { ++ /* Get block from cache */ ++#if ZEND_MM_CACHE_STAT ++ heap->cache_stat[index].count--; ++ heap->cache_stat[index].hit++; ++#endif ++ best_fit = SUHOSIN_MANGLE_PTR(heap->cache[index]); ++ heap->cache[index] = best_fit->prev_free_block; ++ heap->cached -= true_size; ++#if SUHOSIN_PATCH ++ SUHOSIN_MM_SET_CANARIES(best_fit); ++ ((zend_mm_block_canary*)best_fit)->info.size = size; ++ SUHOSIN_MM_SET_END_CANARY(best_fit); ++#endif ++ ZEND_MM_CHECK_MAGIC(best_fit, MEM_BLOCK_CACHED); ++ ZEND_MM_SET_DEBUG_INFO(best_fit, size, 1, 0); ++ return ZEND_MM_DATA_OF(best_fit); ++ } ++#if ZEND_MM_CACHE_STAT ++ heap->cache_stat[index].miss++; ++#endif ++#endif ++ ++ bitmap = heap->free_bitmap >> index; ++ if (bitmap) { ++ /* Found some "small" free block that can be used */ ++ index += zend_mm_low_bit(bitmap); ++ best_fit = SUHOSIN_MANGLE_PTR(heap->free_buckets[index*2]); ++#if ZEND_MM_CACHE_STAT ++ heap->cache_stat[ZEND_MM_NUM_BUCKETS].hit++; ++#endif ++ goto zend_mm_finished_searching_for_block; ++ } ++ } ++ ++#if ZEND_MM_CACHE_STAT ++ heap->cache_stat[ZEND_MM_NUM_BUCKETS].miss++; ++#endif ++ ++ best_fit = zend_mm_search_large_block(heap, true_size); ++ ++ if (!best_fit && heap->real_size >= heap->limit - heap->block_size) { ++ zend_mm_free_block_canary *p = SUHOSIN_MANGLE_PTR(heap->rest_buckets[0]); ++ size_t best_size = -1; ++ ++ while (p != ZEND_MM_REST_BUCKET(heap)) { ++ if (UNEXPECTED(ZEND_MM_FREE_BLOCK_SIZE(p) == true_size)) { ++ best_fit = p; ++ goto zend_mm_finished_searching_for_block; ++ } else if (ZEND_MM_FREE_BLOCK_SIZE(p) > true_size && ++ ZEND_MM_FREE_BLOCK_SIZE(p) < best_size) { ++ best_size = ZEND_MM_FREE_BLOCK_SIZE(p); ++ best_fit = p; ++ } ++ p = SUHOSIN_MANGLE_PTR(p->prev_free_block); ++ } ++ } ++ ++ if (!best_fit) { ++ if (true_size > heap->block_size - (ZEND_MM_ALIGNED_SEGMENT_SIZE + ZEND_MM_ALIGNED_HEADER_SIZE)) { ++ /* Make sure we add a memory block which is big enough, ++ segment must have header "size" and trailer "guard" block */ ++ segment_size = true_size + ZEND_MM_ALIGNED_SEGMENT_SIZE + ZEND_MM_ALIGNED_HEADER_SIZE; ++ segment_size = (segment_size + (heap->block_size-1)) & ~(heap->block_size-1); ++ keep_rest = 1; ++ } else { ++ segment_size = heap->block_size; ++ } ++ ++ HANDLE_BLOCK_INTERRUPTIONS(); ++ ++ if (segment_size < true_size || ++ heap->real_size + segment_size > heap->limit) { ++ /* Memory limit overflow */ ++#if ZEND_MM_CACHE ++ zend_mm_free_cache(heap); ++#endif ++ HANDLE_UNBLOCK_INTERRUPTIONS(); ++#if ZEND_DEBUG ++ zend_mm_safe_error(heap, "Allowed memory size of %ld bytes exhausted at %s:%d (tried to allocate %lu bytes)", heap->limit, __zend_filename, __zend_lineno, size); ++#else ++ zend_mm_safe_error(heap, "Allowed memory size of %ld bytes exhausted (tried to allocate %lu bytes)", heap->limit, size); ++#endif ++ } ++ ++ segment = (zend_mm_segment *) ZEND_MM_STORAGE_ALLOC(segment_size); ++ ++ if (!segment) { ++ /* Storage manager cannot allocate memory */ ++#if ZEND_MM_CACHE ++ zend_mm_free_cache(heap); ++#endif ++ HANDLE_UNBLOCK_INTERRUPTIONS(); ++out_of_memory: ++#if ZEND_DEBUG ++ zend_mm_safe_error(heap, "Out of memory (allocated %ld) at %s:%d (tried to allocate %lu bytes)", heap->real_size, __zend_filename, __zend_lineno, size); ++#else ++ zend_mm_safe_error(heap, "Out of memory (allocated %ld) (tried to allocate %lu bytes)", heap->real_size, size); ++#endif ++ return NULL; ++ } ++ ++ heap->real_size += segment_size; ++ if (heap->real_size > heap->real_peak) { ++ heap->real_peak = heap->real_size; ++ } ++ ++ segment->size = segment_size; ++ segment->next_segment = heap->segments_list; ++ heap->segments_list = segment; ++ ++ best_fit = (zend_mm_free_block_canary *) ((char *) segment + ZEND_MM_ALIGNED_SEGMENT_SIZE); ++ ZEND_MM_MARK_FIRST_BLOCK(best_fit); ++ ++ block_size = segment_size - ZEND_MM_ALIGNED_SEGMENT_SIZE - ZEND_MM_ALIGNED_HEADER_SIZE; ++ ++ ZEND_MM_LAST_BLOCK(ZEND_MM_BLOCK_AT(best_fit, block_size)); ++ ++ } else { ++zend_mm_finished_searching_for_block: ++ /* remove from free list */ ++ HANDLE_BLOCK_INTERRUPTIONS(); ++ ZEND_MM_CHECK_MAGIC(best_fit, MEM_BLOCK_FREED); ++ ZEND_MM_CHECK_COOKIE(best_fit); ++ ZEND_MM_CHECK_BLOCK_LINKAGE(best_fit); ++ zend_mm_remove_from_free_list(heap, best_fit); ++ ++ block_size = ZEND_MM_FREE_BLOCK_SIZE(best_fit); ++ } ++ ++ remaining_size = block_size - true_size; ++ ++ if (remaining_size < ZEND_MM_ALIGNED_MIN_HEADER_SIZE) { ++ true_size = block_size; ++ ZEND_MM_BLOCK(best_fit, ZEND_MM_USED_BLOCK, true_size); ++ } else { ++ zend_mm_free_block_canary *new_free_block; ++ ++ /* prepare new free block */ ++ ZEND_MM_BLOCK(best_fit, ZEND_MM_USED_BLOCK, true_size); ++ new_free_block = (zend_mm_free_block_canary *) ZEND_MM_BLOCK_AT(best_fit, true_size); ++ ZEND_MM_BLOCK(new_free_block, ZEND_MM_FREE_BLOCK, remaining_size); ++ ++ /* add the new free block to the free list */ ++ if (EXPECTED(!keep_rest)) { ++ zend_mm_add_to_free_list(heap, new_free_block); ++ } else { ++ zend_mm_add_to_rest_list(heap, new_free_block); ++ } ++ } ++ ++ ZEND_MM_SET_DEBUG_INFO(best_fit, size, 1, 1); ++ ++#if SUHOSIN_PATCH ++ SUHOSIN_MM_SET_CANARIES(best_fit); ++ ((zend_mm_block_canary*)best_fit)->info.size = size; ++ SUHOSIN_MM_SET_END_CANARY(best_fit); ++#endif ++ ++ heap->size += true_size; ++ if (heap->peak < heap->size) { ++ heap->peak = heap->size; ++ } ++ ++ HANDLE_UNBLOCK_INTERRUPTIONS(); ++ return ZEND_MM_DATA_OF(best_fit); ++} ++ ++ ++void _zend_mm_free_canary_int(zend_mm_heap_canary *heap, void *p ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC) ++{ ++ zend_mm_block_canary *mm_block; ++ zend_mm_block_canary *next_block; ++ size_t size; ++ ++ if (!ZEND_MM_VALID_PTR(p)) { ++ return; ++ } ++ ++ mm_block = ZEND_MM_HEADER_OF(p); ++ size = ZEND_MM_BLOCK_SIZE(mm_block); ++#if SUHOSIN_PATCH ++ SUHOSIN_MM_CHECK_CANARIES(mm_block, "efree()"); ++#endif ++ ZEND_MM_CHECK_PROTECTION(mm_block); ++ ++#if ZEND_DEBUG || ZEND_MM_HEAP_PROTECTION ++ memset(ZEND_MM_DATA_OF(mm_block), 0x5a, mm_block->debug.size); ++#endif ++#if SUHOSIN_PATCH ++ if (UNEXPECTED(SUHOSIN_CONFIG(SUHOSIN_MM_DESTROY_FREE_MEMORY))) { ++ memset(ZEND_MM_DATA_OF(mm_block), 0x5a, mm_block->info.size); ++ } ++#endif ++#if ZEND_MM_CACHE ++ if (EXPECTED(ZEND_MM_SMALL_SIZE(size)) && EXPECTED(heap->cached < ZEND_MM_CACHE_SIZE)) { ++ size_t index = ZEND_MM_BUCKET_INDEX(size); ++ zend_mm_free_block_canary **cache = &heap->cache[index]; ++ ++ ((zend_mm_free_block_canary*)mm_block)->prev_free_block = *cache; ++ *cache = (zend_mm_free_block_canary*)SUHOSIN_MANGLE_PTR(mm_block); ++ heap->cached += size; ++ ZEND_MM_SET_MAGIC(mm_block, MEM_BLOCK_CACHED); ++#if ZEND_MM_CACHE_STAT ++ if (++heap->cache_stat[index].count > heap->cache_stat[index].max_count) { ++ heap->cache_stat[index].max_count = heap->cache_stat[index].count; ++ } ++#endif ++ return; ++ } ++#endif ++ ++ HANDLE_BLOCK_INTERRUPTIONS(); ++ ++ heap->size -= size; ++ ++ next_block = ZEND_MM_BLOCK_AT(mm_block, size); ++ if (ZEND_MM_IS_FREE_BLOCK(next_block)) { ++ zend_mm_remove_from_free_list(heap, (zend_mm_free_block_canary *) next_block); ++ size += ZEND_MM_FREE_BLOCK_SIZE(next_block); ++ } ++ if (ZEND_MM_PREV_BLOCK_IS_FREE(mm_block)) { ++ mm_block = ZEND_MM_PREV_BLOCK(mm_block); ++ zend_mm_remove_from_free_list(heap, (zend_mm_free_block_canary *) mm_block); ++ size += ZEND_MM_FREE_BLOCK_SIZE(mm_block); ++ } ++ if (ZEND_MM_IS_FIRST_BLOCK(mm_block) && ++ ZEND_MM_IS_GUARD_BLOCK(ZEND_MM_BLOCK_AT(mm_block, size))) { ++ zend_mm_del_segment(heap, (zend_mm_segment *) ((char *)mm_block - ZEND_MM_ALIGNED_SEGMENT_SIZE)); ++ } else { ++ ZEND_MM_BLOCK(mm_block, ZEND_MM_FREE_BLOCK, size); ++ zend_mm_add_to_free_list(heap, (zend_mm_free_block_canary *) mm_block); ++ } ++ HANDLE_UNBLOCK_INTERRUPTIONS(); ++} ++ ++void *_zend_mm_realloc_canary_int(zend_mm_heap_canary *heap, void *p, size_t size ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC) ++{ ++ zend_mm_block_canary *mm_block = ZEND_MM_HEADER_OF(p); ++ zend_mm_block_canary *next_block; ++ size_t true_size; ++ size_t orig_size; ++ void *ptr; ++ ++ if (UNEXPECTED(!p) || !ZEND_MM_VALID_PTR(p)) { ++ return _zend_mm_alloc_canary_int(heap, size ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC); ++ } ++ mm_block = ZEND_MM_HEADER_OF(p); ++ true_size = ZEND_MM_TRUE_SIZE(size); ++ orig_size = ZEND_MM_BLOCK_SIZE(mm_block); ++#if SUHOSIN_PATCH ++ SUHOSIN_MM_CHECK_CANARIES(mm_block, "erealloc()"); ++#endif ++ ZEND_MM_CHECK_PROTECTION(mm_block); ++ ++ if (UNEXPECTED(true_size < size)) { ++ goto out_of_memory; ++ } ++ ++ if (true_size <= orig_size) { ++ size_t remaining_size = orig_size - true_size; ++ ++ if (remaining_size >= ZEND_MM_ALIGNED_MIN_HEADER_SIZE) { ++ zend_mm_free_block_canary *new_free_block; ++ ++ HANDLE_BLOCK_INTERRUPTIONS(); ++ next_block = ZEND_MM_BLOCK_AT(mm_block, orig_size); ++ if (ZEND_MM_IS_FREE_BLOCK(next_block)) { ++ remaining_size += ZEND_MM_FREE_BLOCK_SIZE(next_block); ++ zend_mm_remove_from_free_list(heap, (zend_mm_free_block_canary *) next_block); ++ } ++ ++ /* prepare new free block */ ++ ZEND_MM_BLOCK(mm_block, ZEND_MM_USED_BLOCK, true_size); ++ new_free_block = (zend_mm_free_block_canary *) ZEND_MM_BLOCK_AT(mm_block, true_size); ++ ++ ZEND_MM_BLOCK(new_free_block, ZEND_MM_FREE_BLOCK, remaining_size); ++ ++ /* add the new free block to the free list */ ++ zend_mm_add_to_free_list(heap, new_free_block); ++ heap->size += (true_size - orig_size); ++ HANDLE_UNBLOCK_INTERRUPTIONS(); ++ } ++ ZEND_MM_SET_DEBUG_INFO(mm_block, size, 0, 0); ++#if SUHOSIN_PATCH ++ SUHOSIN_MM_SET_CANARIES(mm_block); ++ ((zend_mm_block_canary*)mm_block)->info.size = size; ++ SUHOSIN_MM_SET_END_CANARY(mm_block); ++#endif ++ return p; ++ } ++ ++#if ZEND_MM_CACHE ++ if (ZEND_MM_SMALL_SIZE(true_size)) { ++ size_t index = ZEND_MM_BUCKET_INDEX(true_size); ++ ++ if (heap->cache[index] != NULL) { ++ zend_mm_free_block_canary *best_fit; ++ zend_mm_free_block_canary **cache; ++ ++#if ZEND_MM_CACHE_STAT ++ heap->cache_stat[index].count--; ++ heap->cache_stat[index].hit++; ++#endif ++ best_fit = SUHOSIN_MANGLE_PTR(heap->cache[index]); ++ heap->cache[index] = best_fit->prev_free_block; ++ ZEND_MM_CHECK_MAGIC(best_fit, MEM_BLOCK_CACHED); ++ ZEND_MM_SET_DEBUG_INFO(best_fit, size, 1, 0); ++#if SUHOSIN_PATCH ++ SUHOSIN_MM_SET_CANARIES(best_fit); ++ ((zend_mm_block_canary*)best_fit)->info.size = size; ++ SUHOSIN_MM_SET_END_CANARY(best_fit); ++#endif ++ ++ ptr = ZEND_MM_DATA_OF(best_fit); ++ ++#if ZEND_DEBUG || ZEND_MM_HEAP_PROTECTION ++ memcpy(ptr, p, mm_block->debug.size); ++#else ++ memcpy(ptr, p, orig_size - ZEND_MM_ALIGNED_HEADER_SIZE - CANARY_SIZE); ++#endif ++ ++ heap->cached -= true_size - orig_size; ++ ++ index = ZEND_MM_BUCKET_INDEX(orig_size); ++ cache = &heap->cache[index]; ++ ++ ((zend_mm_free_block_canary*)mm_block)->prev_free_block = *cache; ++ *cache = (zend_mm_free_block_canary*)SUHOSIN_MANGLE_PTR(mm_block); ++ ZEND_MM_SET_MAGIC(mm_block, MEM_BLOCK_CACHED); ++#if ZEND_MM_CACHE_STAT ++ if (++heap->cache_stat[index].count > heap->cache_stat[index].max_count) { ++ heap->cache_stat[index].max_count = heap->cache_stat[index].count; ++ } ++#endif ++ return ptr; ++ } ++ } ++#endif ++ ++ next_block = ZEND_MM_BLOCK_AT(mm_block, orig_size); ++ ++ if (ZEND_MM_IS_FREE_BLOCK(next_block)) { ++ ZEND_MM_CHECK_COOKIE(next_block); ++ ZEND_MM_CHECK_BLOCK_LINKAGE(next_block); ++ if (orig_size + ZEND_MM_FREE_BLOCK_SIZE(next_block) >= true_size) { ++ size_t block_size = orig_size + ZEND_MM_FREE_BLOCK_SIZE(next_block); ++ size_t remaining_size = block_size - true_size; ++ ++ HANDLE_BLOCK_INTERRUPTIONS(); ++ zend_mm_remove_from_free_list(heap, (zend_mm_free_block_canary *) next_block); ++ ++ if (remaining_size < ZEND_MM_ALIGNED_MIN_HEADER_SIZE) { ++ true_size = block_size; ++ ZEND_MM_BLOCK(mm_block, ZEND_MM_USED_BLOCK, true_size); ++ } else { ++ zend_mm_free_block_canary *new_free_block; ++ ++ /* prepare new free block */ ++ ZEND_MM_BLOCK(mm_block, ZEND_MM_USED_BLOCK, true_size); ++ new_free_block = (zend_mm_free_block_canary *) ZEND_MM_BLOCK_AT(mm_block, true_size); ++ ZEND_MM_BLOCK(new_free_block, ZEND_MM_FREE_BLOCK, remaining_size); ++ ++ /* add the new free block to the free list */ ++ if (ZEND_MM_IS_FIRST_BLOCK(mm_block) && ++ ZEND_MM_IS_GUARD_BLOCK(ZEND_MM_BLOCK_AT(new_free_block, remaining_size))) { ++ zend_mm_add_to_rest_list(heap, new_free_block); ++ } else { ++ zend_mm_add_to_free_list(heap, new_free_block); ++ } ++ } ++ ZEND_MM_SET_DEBUG_INFO(mm_block, size, 0, 0); ++ heap->size = heap->size + true_size - orig_size; ++ if (heap->peak < heap->size) { ++ heap->peak = heap->size; ++ } ++ HANDLE_UNBLOCK_INTERRUPTIONS(); ++#if SUHOSIN_PATCH ++ SUHOSIN_MM_SET_CANARIES(mm_block); ++ ((zend_mm_block_canary*)mm_block)->info.size = size; ++ SUHOSIN_MM_SET_END_CANARY(mm_block); ++#endif ++ return p; ++ } else if (ZEND_MM_IS_FIRST_BLOCK(mm_block) && ++ ZEND_MM_IS_GUARD_BLOCK(ZEND_MM_BLOCK_AT(next_block, ZEND_MM_FREE_BLOCK_SIZE(next_block)))) { ++ HANDLE_BLOCK_INTERRUPTIONS(); ++ zend_mm_remove_from_free_list(heap, (zend_mm_free_block_canary *) next_block); ++ goto realloc_segment; ++ } ++ } else if (ZEND_MM_IS_FIRST_BLOCK(mm_block) && ZEND_MM_IS_GUARD_BLOCK(next_block)) { ++ zend_mm_segment *segment; ++ zend_mm_segment *segment_copy; ++ size_t segment_size; ++ size_t block_size; ++ size_t remaining_size; ++ ++ HANDLE_BLOCK_INTERRUPTIONS(); ++realloc_segment: ++ /* segment size, size of block and size of guard block */ ++ if (true_size > heap->block_size - (ZEND_MM_ALIGNED_SEGMENT_SIZE + ZEND_MM_ALIGNED_HEADER_SIZE)) { ++ segment_size = true_size+ZEND_MM_ALIGNED_SEGMENT_SIZE+ZEND_MM_ALIGNED_HEADER_SIZE; ++ segment_size = (segment_size + (heap->block_size-1)) & ~(heap->block_size-1); ++ } else { ++ segment_size = heap->block_size; ++ } ++ ++ segment_copy = (zend_mm_segment *) ((char *)mm_block - ZEND_MM_ALIGNED_SEGMENT_SIZE); ++ if (segment_size < true_size || ++ heap->real_size + segment_size - segment_copy->size > heap->limit) { ++ if (ZEND_MM_IS_FREE_BLOCK(next_block)) { ++ zend_mm_add_to_free_list(heap, (zend_mm_free_block_canary *) next_block); ++ } ++#if ZEND_MM_CACHE ++ zend_mm_free_cache(heap); ++#endif ++ HANDLE_UNBLOCK_INTERRUPTIONS(); ++#if ZEND_DEBUG ++ zend_mm_safe_error(heap, "Allowed memory size of %ld bytes exhausted at %s:%d (tried to allocate %ld bytes)", heap->limit, __zend_filename, __zend_lineno, size); ++#else ++ zend_mm_safe_error(heap, "Allowed memory size of %ld bytes exhausted (tried to allocate %ld bytes)", heap->limit, size); ++#endif ++ return NULL; ++ } ++ ++ segment = ZEND_MM_STORAGE_REALLOC(segment_copy, segment_size); ++ if (!segment) { ++#if ZEND_MM_CACHE ++ zend_mm_free_cache(heap); ++#endif ++ HANDLE_UNBLOCK_INTERRUPTIONS(); ++out_of_memory: ++#if ZEND_DEBUG ++ zend_mm_safe_error(heap, "Out of memory (allocated %ld) at %s:%d (tried to allocate %ld bytes)", heap->real_size, __zend_filename, __zend_lineno, size); ++#else ++ zend_mm_safe_error(heap, "Out of memory (allocated %ld) (tried to allocate %ld bytes)", heap->real_size, size); ++#endif ++ return NULL; ++ } ++ heap->real_size += segment_size - segment->size; ++ if (heap->real_size > heap->real_peak) { ++ heap->real_peak = heap->real_size; ++ } ++ ++ segment->size = segment_size; ++ ++ if (segment != segment_copy) { ++ zend_mm_segment **seg = &heap->segments_list; ++ while (*seg != segment_copy) { ++ seg = &(*seg)->next_segment; ++ } ++ *seg = segment; ++ mm_block = (zend_mm_block_canary *) ((char *) segment + ZEND_MM_ALIGNED_SEGMENT_SIZE); ++ ZEND_MM_MARK_FIRST_BLOCK(mm_block); ++ } ++ ++ block_size = segment_size - ZEND_MM_ALIGNED_SEGMENT_SIZE - ZEND_MM_ALIGNED_HEADER_SIZE; ++ remaining_size = block_size - true_size; ++ ++ /* setup guard block */ ++ ZEND_MM_LAST_BLOCK(ZEND_MM_BLOCK_AT(mm_block, block_size)); ++ ++ if (remaining_size < ZEND_MM_ALIGNED_MIN_HEADER_SIZE) { ++ true_size = block_size; ++ ZEND_MM_BLOCK(mm_block, ZEND_MM_USED_BLOCK, true_size); ++ } else { ++ zend_mm_free_block_canary *new_free_block; ++ ++ /* prepare new free block */ ++ ZEND_MM_BLOCK(mm_block, ZEND_MM_USED_BLOCK, true_size); ++ new_free_block = (zend_mm_free_block_canary *) ZEND_MM_BLOCK_AT(mm_block, true_size); ++ ZEND_MM_BLOCK(new_free_block, ZEND_MM_FREE_BLOCK, remaining_size); ++ ++ /* add the new free block to the free list */ ++ zend_mm_add_to_rest_list(heap, new_free_block); ++ } ++ ++ ZEND_MM_SET_DEBUG_INFO(mm_block, size, 1, 1); ++ ++ heap->size = heap->size + true_size - orig_size; ++ if (heap->peak < heap->size) { ++ heap->peak = heap->size; ++ } ++ ++ HANDLE_UNBLOCK_INTERRUPTIONS(); ++#if SUHOSIN_PATCH ++ SUHOSIN_MM_SET_CANARIES(mm_block); ++ ((zend_mm_block_canary*)mm_block)->info.size = size; ++ SUHOSIN_MM_SET_END_CANARY(mm_block); ++#endif ++ return ZEND_MM_DATA_OF(mm_block); ++ } ++ ++ ptr = _zend_mm_alloc_canary_int(heap, size ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC); ++#if ZEND_DEBUG || ZEND_MM_HEAP_PROTECTION ++ memcpy(ptr, p, mm_block->debug.size); ++#else ++ memcpy(ptr, p, orig_size - ZEND_MM_ALIGNED_HEADER_SIZE - CANARY_SIZE); ++#endif ++ _zend_mm_free_canary_int(heap, p ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC); ++ return ptr; ++} ++ ++ZEND_API size_t _zend_mm_block_size_canary(zend_mm_heap_canary *heap, void *p ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC) ++{ ++ zend_mm_block_canary *mm_block; ++ ++ if (!ZEND_MM_VALID_PTR(p)) { ++ return 0; ++ } ++ mm_block = ZEND_MM_HEADER_OF(p); ++ ZEND_MM_CHECK_PROTECTION(mm_block); ++#if ZEND_DEBUG || ZEND_MM_HEAP_PROTECTION ++ return mm_block->debug.size; ++#else ++ return ZEND_MM_BLOCK_SIZE(mm_block); ++#endif ++} ++ ++#if defined(__GNUC__) && defined(i386) ++ ++static inline size_t safe_address(size_t nmemb, size_t size, size_t offset) ++{ ++ size_t res = nmemb; ++ unsigned long overflow = 0; ++ ++ __asm__ ("mull %3\n\taddl %4,%0\n\tadcl %1,%1" ++ : "=&a"(res), "=&d" (overflow) ++ : "%0"(res), ++ "rm"(size), ++ "rm"(offset)); ++ ++ if (UNEXPECTED(overflow)) { ++ zend_error_noreturn(E_ERROR, "Possible integer overflow in memory allocation (%zu * %zu + %zu)", nmemb, size, offset); ++ return 0; ++ } ++ return res; ++} ++ ++#elif defined(__GNUC__) && defined(__x86_64__) ++ ++static inline size_t safe_address(size_t nmemb, size_t size, size_t offset) ++{ ++ size_t res = nmemb; ++ unsigned long overflow = 0; ++ ++ __asm__ ("mulq %3\n\taddq %4,%0\n\tadcq %1,%1" ++ : "=&a"(res), "=&d" (overflow) ++ : "%0"(res), ++ "rm"(size), ++ "rm"(offset)); ++ ++ if (UNEXPECTED(overflow)) { ++ zend_error_noreturn(E_ERROR, "Possible integer overflow in memory allocation (%zu * %zu + %zu)", nmemb, size, offset); ++ return 0; ++ } ++ return res; ++} ++ ++#elif SIZEOF_SIZE_T == 4 && defined(HAVE_ZEND_LONG64) ++ ++static inline size_t safe_address(size_t nmemb, size_t size, size_t offset) ++{ ++ zend_ulong64 res = (zend_ulong64)nmemb * (zend_ulong64)size + (zend_ulong64)offset; ++ ++ if (UNEXPECTED(res > (zend_ulong64)0xFFFFFFFFL)) { ++ zend_error_noreturn(E_ERROR, "Possible integer overflow in memory allocation (%zu * %zu + %zu)", nmemb, size, offset); ++ return 0; ++ } ++ return (size_t) res; ++} ++ ++#else ++ ++static inline size_t safe_address(size_t nmemb, size_t size, size_t offset) ++{ ++ size_t res = nmemb * size + offset; ++ double _d = (double)nmemb * (double)size + (double)offset; ++ double _delta = (double)res - _d; ++ ++ if (UNEXPECTED((_d + _delta ) != _d)) { ++ zend_error_noreturn(E_ERROR, "Possible integer overflow in memory allocation (%zu * %zu + %zu)", nmemb, size, offset); ++ return 0; ++ } ++ return res; ++} ++#endif ++ ++/* ++ * Local variables: ++ * tab-width: 4 ++ * c-basic-offset: 4 ++ * indent-tabs-mode: t ++ * End: ++ */ ++ +--- /dev/null ++++ b/Zend/zend_canary.c +@@ -0,0 +1,66 @@ ++/* ++ +----------------------------------------------------------------------+ ++ | Suhosin-Patch for PHP | ++ +----------------------------------------------------------------------+ ++ | Copyright (c) 2004-2009 Stefan Esser | ++ +----------------------------------------------------------------------+ ++ | This source file is subject to version 2.02 of the PHP license, | ++ | that is bundled with this package in the file LICENSE, and is | ++ | available at through the world-wide-web at | ++ | http://www.php.net/license/2_02.txt. | ++ | If you did not receive a copy of the PHP license and are unable to | ++ | obtain it through the world-wide-web, please send a note to | ++ | license@php.net so we can mail you a copy immediately. | ++ +----------------------------------------------------------------------+ ++ | Author: Stefan Esser | ++ +----------------------------------------------------------------------+ ++ */ ++/* $Id: zend_canary.c,v 1.1 2004/11/26 12:45:41 ionic Exp $ */ ++ ++#include "zend.h" ++ ++#include ++#include ++ ++ ++#if SUHOSIN_PATCH ++ ++static size_t last_canary = 0x73625123; ++ ++/* will be replaced later with more compatible method */ ++ZEND_API void zend_canary(void *buf, int len) ++{ ++ time_t t; ++ size_t canary; ++ int fd; ++ ++#ifndef PHP_WIN32 ++ fd = open("/dev/urandom", 0); ++ if (fd != -1) { ++ int r = read(fd, buf, len); ++ close(fd); ++ if (r == len) { ++ return; ++ } ++ } ++#endif ++ /* not good but we never want to do this */ ++ time(&t); ++ canary = *(unsigned int *)&t + getpid() << 16 + last_canary; ++ last_canary ^= (canary << 5) | (canary >> (32-5)); ++ /* When we ensure full win32 compatibility in next version ++ we will replace this with the random number code from zend_alloc.c */ ++ memcpy(buf, &canary, len); ++} ++ ++#endif ++ ++ ++/* ++ * Local variables: ++ * tab-width: 4 ++ * c-basic-offset: 4 ++ * End: ++ * vim600: sw=4 ts=4 fdm=marker ++ * vim<600: sw=4 ts=4 ++ */ +--- a/Zend/zend_compile.c ++++ b/Zend/zend_compile.c +@@ -73,6 +73,11 @@ static void zend_destroy_property_info_i + } + /* }}} */ + ++#if SUHOSIN_PATCH ++void *suhosin_zend_destroy_property_info_internal = zend_destroy_property_info_internal; ++void *suhosin_zend_destroy_property_info = zend_destroy_property_info; ++#endif ++ + static void build_runtime_defined_function_key(zval *result, const char *name, int name_length TSRMLS_DC) /* {{{ */ + { + char char_pos_buf[32]; +--- a/Zend/zend_compile.h ++++ b/Zend/zend_compile.h +@@ -607,6 +607,11 @@ ZEND_API zend_bool zend_is_auto_global(c + ZEND_API int zend_auto_global_disable_jit(const char *varname, zend_uint varname_length TSRMLS_DC); + ZEND_API size_t zend_dirname(char *path, size_t len); + ++#if SUHOSIN_PATCH ++extern void *suhosin_zend_destroy_property_info_internal; ++extern void *suhosin_zend_destroy_property_info; ++#endif ++ + int zendlex(znode *zendlval TSRMLS_DC); + + /* BEGIN: OPCODES */ +--- a/Zend/zend_constants.c ++++ b/Zend/zend_constants.c +@@ -115,6 +115,76 @@ void zend_register_standard_constants(TS + + REGISTER_MAIN_LONG_CONSTANT("DEBUG_BACKTRACE_PROVIDE_OBJECT", DEBUG_BACKTRACE_PROVIDE_OBJECT, CONST_PERSISTENT | CONST_CS); + REGISTER_MAIN_LONG_CONSTANT("DEBUG_BACKTRACE_IGNORE_ARGS", DEBUG_BACKTRACE_IGNORE_ARGS, CONST_PERSISTENT | CONST_CS); ++#if SUHOSIN_PATCH ++ REGISTER_MAIN_LONG_CONSTANT("S_MEMORY", S_MEMORY, CONST_PERSISTENT | CONST_CS); ++ REGISTER_MAIN_LONG_CONSTANT("S_VARS", S_VARS, CONST_PERSISTENT | CONST_CS); ++ REGISTER_MAIN_LONG_CONSTANT("S_FILES", S_FILES, CONST_PERSISTENT | CONST_CS); ++ REGISTER_MAIN_LONG_CONSTANT("S_INCLUDE", S_INCLUDE, CONST_PERSISTENT | CONST_CS); ++ REGISTER_MAIN_LONG_CONSTANT("S_SQL", S_SQL, CONST_PERSISTENT | CONST_CS); ++ REGISTER_MAIN_LONG_CONSTANT("S_EXECUTOR", S_EXECUTOR, CONST_PERSISTENT | CONST_CS); ++ REGISTER_MAIN_LONG_CONSTANT("S_MAIL", S_MAIL, CONST_PERSISTENT | CONST_CS); ++ REGISTER_MAIN_LONG_CONSTANT("S_SESSION", S_SESSION, CONST_PERSISTENT | CONST_CS); ++ REGISTER_MAIN_LONG_CONSTANT("S_MISC", S_MISC, CONST_PERSISTENT | CONST_CS); ++ REGISTER_MAIN_LONG_CONSTANT("S_INTERNAL", S_INTERNAL, CONST_PERSISTENT | CONST_CS); ++ REGISTER_MAIN_LONG_CONSTANT("S_ALL", S_ALL, CONST_PERSISTENT | CONST_CS); ++ ++ /* error levels */ ++ REGISTER_MAIN_LONG_CONSTANT("LOG_EMERG", LOG_EMERG, CONST_CS | CONST_PERSISTENT); /* system unusable */ ++ REGISTER_MAIN_LONG_CONSTANT("LOG_ALERT", LOG_ALERT, CONST_CS | CONST_PERSISTENT); /* immediate action required */ ++ REGISTER_MAIN_LONG_CONSTANT("LOG_CRIT", LOG_CRIT, CONST_CS | CONST_PERSISTENT); /* critical conditions */ ++ REGISTER_MAIN_LONG_CONSTANT("LOG_ERR", LOG_ERR, CONST_CS | CONST_PERSISTENT); ++ REGISTER_MAIN_LONG_CONSTANT("LOG_WARNING", LOG_WARNING, CONST_CS | CONST_PERSISTENT); ++ REGISTER_MAIN_LONG_CONSTANT("LOG_NOTICE", LOG_NOTICE, CONST_CS | CONST_PERSISTENT); ++ REGISTER_MAIN_LONG_CONSTANT("LOG_INFO", LOG_INFO, CONST_CS | CONST_PERSISTENT); ++ REGISTER_MAIN_LONG_CONSTANT("LOG_DEBUG", LOG_DEBUG, CONST_CS | CONST_PERSISTENT); ++ /* facility: type of program logging the message */ ++ REGISTER_MAIN_LONG_CONSTANT("LOG_KERN", LOG_KERN, CONST_CS | CONST_PERSISTENT); ++ REGISTER_MAIN_LONG_CONSTANT("LOG_USER", LOG_USER, CONST_CS | CONST_PERSISTENT); /* generic user level */ ++ REGISTER_MAIN_LONG_CONSTANT("LOG_MAIL", LOG_MAIL, CONST_CS | CONST_PERSISTENT); /* log to email */ ++ REGISTER_MAIN_LONG_CONSTANT("LOG_DAEMON", LOG_DAEMON, CONST_CS | CONST_PERSISTENT); /* other system daemons */ ++ REGISTER_MAIN_LONG_CONSTANT("LOG_AUTH", LOG_AUTH, CONST_CS | CONST_PERSISTENT); ++ REGISTER_MAIN_LONG_CONSTANT("LOG_SYSLOG", LOG_SYSLOG, CONST_CS | CONST_PERSISTENT); ++ REGISTER_MAIN_LONG_CONSTANT("LOG_LPR", LOG_LPR, CONST_CS | CONST_PERSISTENT); ++#ifdef LOG_NEWS ++ /* No LOG_NEWS on HP-UX */ ++ REGISTER_MAIN_LONG_CONSTANT("LOG_NEWS", LOG_NEWS, CONST_CS | CONST_PERSISTENT); /* usenet new */ ++#endif ++#ifdef LOG_UUCP ++ /* No LOG_UUCP on HP-UX */ ++ REGISTER_MAIN_LONG_CONSTANT("LOG_UUCP", LOG_UUCP, CONST_CS | CONST_PERSISTENT); ++#endif ++#ifdef LOG_CRON ++ /* apparently some systems don't have this one */ ++ REGISTER_MAIN_LONG_CONSTANT("LOG_CRON", LOG_CRON, CONST_CS | CONST_PERSISTENT); ++#endif ++#ifdef LOG_AUTHPRIV ++ /* AIX doesn't have LOG_AUTHPRIV */ ++ REGISTER_MAIN_LONG_CONSTANT("LOG_AUTHPRIV", LOG_AUTHPRIV, CONST_CS | CONST_PERSISTENT); ++#endif ++#ifndef PHP_WIN32 ++ REGISTER_MAIN_LONG_CONSTANT("LOG_LOCAL0", LOG_LOCAL0, CONST_CS | CONST_PERSISTENT); ++ REGISTER_MAIN_LONG_CONSTANT("LOG_LOCAL1", LOG_LOCAL1, CONST_CS | CONST_PERSISTENT); ++ REGISTER_MAIN_LONG_CONSTANT("LOG_LOCAL2", LOG_LOCAL2, CONST_CS | CONST_PERSISTENT); ++ REGISTER_MAIN_LONG_CONSTANT("LOG_LOCAL3", LOG_LOCAL3, CONST_CS | CONST_PERSISTENT); ++ REGISTER_MAIN_LONG_CONSTANT("LOG_LOCAL4", LOG_LOCAL4, CONST_CS | CONST_PERSISTENT); ++ REGISTER_MAIN_LONG_CONSTANT("LOG_LOCAL5", LOG_LOCAL5, CONST_CS | CONST_PERSISTENT); ++ REGISTER_MAIN_LONG_CONSTANT("LOG_LOCAL6", LOG_LOCAL6, CONST_CS | CONST_PERSISTENT); ++ REGISTER_MAIN_LONG_CONSTANT("LOG_LOCAL7", LOG_LOCAL7, CONST_CS | CONST_PERSISTENT); ++#endif ++ /* options */ ++ REGISTER_MAIN_LONG_CONSTANT("LOG_PID", LOG_PID, CONST_CS | CONST_PERSISTENT); ++ REGISTER_MAIN_LONG_CONSTANT("LOG_CONS", LOG_CONS, CONST_CS | CONST_PERSISTENT); ++ REGISTER_MAIN_LONG_CONSTANT("LOG_ODELAY", LOG_ODELAY, CONST_CS | CONST_PERSISTENT); ++ REGISTER_MAIN_LONG_CONSTANT("LOG_NDELAY", LOG_NDELAY, CONST_CS | CONST_PERSISTENT); ++#ifdef LOG_NOWAIT ++ REGISTER_MAIN_LONG_CONSTANT("LOG_NOWAIT", LOG_NOWAIT, CONST_CS | CONST_PERSISTENT); ++#endif ++#ifdef LOG_PERROR ++ /* AIX doesn't have LOG_PERROR */ ++ REGISTER_MAIN_LONG_CONSTANT("LOG_PERROR", LOG_PERROR, CONST_CS | CONST_PERSISTENT); /*log to stderr*/ ++#endif ++#endif ++ + /* true/false constants */ + { + zend_constant c; +--- a/Zend/zend_errors.h ++++ b/Zend/zend_errors.h +@@ -41,6 +41,20 @@ + #define E_ALL (E_ERROR | E_WARNING | E_PARSE | E_NOTICE | E_CORE_ERROR | E_CORE_WARNING | E_COMPILE_ERROR | E_COMPILE_WARNING | E_USER_ERROR | E_USER_WARNING | E_USER_NOTICE | E_RECOVERABLE_ERROR | E_DEPRECATED | E_USER_DEPRECATED) + #define E_CORE (E_CORE_ERROR | E_CORE_WARNING) + ++#if SUHOSIN_PATCH ++#define S_MEMORY (1<<0L) ++#define S_MISC (1<<1L) ++#define S_VARS (1<<2L) ++#define S_FILES (1<<3L) ++#define S_INCLUDE (1<<4L) ++#define S_SQL (1<<5L) ++#define S_EXECUTOR (1<<6L) ++#define S_MAIL (1<<7L) ++#define S_SESSION (1<<8L) ++#define S_INTERNAL (1<<29L) ++#define S_ALL (S_MEMORY | S_VARS | S_INCLUDE | S_FILES | S_MAIL | S_SESSION | S_MISC | S_SQL | S_EXECUTOR) ++#endif ++ + #endif /* ZEND_ERRORS_H */ + + /* +--- a/Zend/zend_hash.c ++++ b/Zend/zend_hash.c +@@ -20,6 +20,7 @@ + /* $Id: zend_hash.c 321634 2012-01-01 13:15:04Z felipe $ */ + + #include "zend.h" ++#include "zend_compile.h" + + #define CONNECT_TO_BUCKET_DLLIST(element, list_head) \ + (element)->pNext = (list_head); \ +@@ -136,6 +137,199 @@ ZEND_API ulong zend_hash_func(const char + } + + ++#if SUHOSIN_PATCH ++#ifdef ZTS ++static MUTEX_T zend_hash_dprot_mx_reader; ++static MUTEX_T zend_hash_dprot_mx_writer; ++static unsigned int zend_hash_dprot_reader; ++#endif ++static unsigned int zend_hash_dprot_counter; ++static unsigned int zend_hash_dprot_curmax; ++static dtor_func_t *zend_hash_dprot_table = NULL; ++ ++static void zend_hash_dprot_begin_read() ++{ ++#ifdef ZTS ++ tsrm_mutex_lock(zend_hash_dprot_mx_reader); ++ if ((++(zend_hash_dprot_reader)) == 1) { ++ tsrm_mutex_lock(zend_hash_dprot_mx_writer); ++ } ++ tsrm_mutex_unlock(zend_hash_dprot_mx_reader); ++#endif ++} ++ ++static void zend_hash_dprot_end_read() ++{ ++#ifdef ZTS ++ tsrm_mutex_lock(zend_hash_dprot_mx_reader); ++ if ((--(zend_hash_dprot_reader)) == 0) { ++ tsrm_mutex_unlock(zend_hash_dprot_mx_writer); ++ } ++ tsrm_mutex_unlock(zend_hash_dprot_mx_reader); ++#endif ++} ++ ++static void zend_hash_dprot_begin_write() ++{ ++#ifdef ZTS ++ tsrm_mutex_lock(zend_hash_dprot_mx_writer); ++#endif ++} ++ ++static void zend_hash_dprot_end_write() ++{ ++#ifdef ZTS ++ tsrm_mutex_unlock(zend_hash_dprot_mx_writer); ++#endif ++} ++ ++/*ZEND_API void zend_hash_dprot_dtor() ++{ ++#ifdef ZTS ++ tsrm_mutex_free(zend_hash_dprot_mx_reader); ++ tsrm_mutex_free(zend_hash_dprot_mx_writer); ++#endif ++ free(zend_hash_dprot_table); ++}*/ ++ ++static void zend_hash_add_destructor(dtor_func_t pDestructor) ++{ ++ int left, right, mid; ++ zend_bool found = 0; ++ unsigned long value; ++ ++ if (pDestructor == NULL || pDestructor == ZVAL_PTR_DTOR || pDestructor == ZVAL_INTERNAL_PTR_DTOR ++ || pDestructor == ZEND_FUNCTION_DTOR || pDestructor == ZEND_CLASS_DTOR) { ++ return; ++ } ++ ++ if (zend_hash_dprot_table == NULL) { ++#ifdef ZTS ++ zend_hash_dprot_mx_reader = tsrm_mutex_alloc(); ++ zend_hash_dprot_mx_writer = tsrm_mutex_alloc(); ++ zend_hash_dprot_reader = 0; ++#endif ++ zend_hash_dprot_counter = 0; ++ zend_hash_dprot_curmax = 256; ++ zend_hash_dprot_table = (dtor_func_t *) malloc(256 * sizeof(dtor_func_t)); ++ } ++ ++ zend_hash_dprot_begin_write(); ++ ++ if (zend_hash_dprot_counter == 0) { ++ zend_hash_dprot_counter++; ++ zend_hash_dprot_table[0] = pDestructor; ++ } else { ++ value = (unsigned long) pDestructor; ++ left = 0; ++ right = zend_hash_dprot_counter-1; ++ mid = 0; ++ ++ while (left < right) { ++ mid = (right - left) >> 1; ++ mid += left; ++ if ((unsigned long)zend_hash_dprot_table[mid] == value) { ++ found = 1; ++ break; ++ } ++ if (value < (unsigned long)zend_hash_dprot_table[mid]) { ++ right = mid-1; ++ } else { ++ left = mid+1; ++ } ++ } ++ if ((unsigned long)zend_hash_dprot_table[left] == value) { ++ found = 1; ++ } ++ ++ if (!found) { ++ ++ if (zend_hash_dprot_counter >= zend_hash_dprot_curmax) { ++ zend_hash_dprot_curmax += 256; ++ zend_hash_dprot_table = (dtor_func_t *) realloc(zend_hash_dprot_table, zend_hash_dprot_curmax * sizeof(dtor_func_t)); ++ } ++ ++ if ((unsigned long)zend_hash_dprot_table[left] < value) { ++ memmove(zend_hash_dprot_table+left+2, zend_hash_dprot_table+left+1, (zend_hash_dprot_counter-left-1)*sizeof(dtor_func_t)); ++ zend_hash_dprot_table[left+1] = pDestructor; ++ } else { ++ memmove(zend_hash_dprot_table+left+1, zend_hash_dprot_table+left, (zend_hash_dprot_counter-left)*sizeof(dtor_func_t)); ++ zend_hash_dprot_table[left] = pDestructor; ++ } ++ ++ zend_hash_dprot_counter++; ++ } ++ } ++ ++ zend_hash_dprot_end_write(); ++} ++ ++static void zend_hash_check_destructor(dtor_func_t pDestructor) ++{ ++ unsigned long value; ++ ++ if (pDestructor == NULL || pDestructor == ZVAL_PTR_DTOR || pDestructor == ZVAL_INTERNAL_PTR_DTOR ++#ifdef ZEND_ENGINE_2 ++ || pDestructor == suhosin_zend_destroy_property_info_internal || pDestructor == suhosin_zend_destroy_property_info ++#endif ++ || pDestructor == ZEND_FUNCTION_DTOR || pDestructor == ZEND_CLASS_DTOR) { ++ return; ++ } ++ ++ zend_hash_dprot_begin_read(); ++ ++ if (zend_hash_dprot_counter > 0) { ++ int left, right, mid; ++ zend_bool found = 0; ++ ++ value = (unsigned long) pDestructor; ++ left = 0; ++ right = zend_hash_dprot_counter-1; ++ ++ while (left < right) { ++ mid = (right - left) >> 1; ++ mid += left; ++ if ((unsigned long)zend_hash_dprot_table[mid] == value) { ++ found = 1; ++ break; ++ } ++ if (value < (unsigned long)zend_hash_dprot_table[mid]) { ++ right = mid-1; ++ } else { ++ left = mid+1; ++ } ++ } ++ if ((unsigned long)zend_hash_dprot_table[left] == value) { ++ found = 1; ++ } ++ ++ if (!found) { ++ zend_hash_dprot_end_read(); ++ ++ zend_suhosin_log(S_MEMORY, "possible memory corruption detected - unknown Hashtable destructor"); ++ if (SUHOSIN_CONFIG(SUHOSIN_HT_IGNORE_INVALID_DESTRUCTOR) == 0) { ++ _exit(1); ++ } ++ return; ++ } ++ ++ } else { ++ zend_hash_dprot_end_read(); ++ ++ zend_suhosin_log(S_MEMORY, "possible memory corruption detected - unknown Hashtable destructor"); ++ if (SUHOSIN_CONFIG(SUHOSIN_HT_IGNORE_INVALID_DESTRUCTOR) == 0) { ++ _exit(1); ++ } ++ return; ++ } ++ ++ zend_hash_dprot_end_read(); ++} ++ ++#else ++#define zend_hash_add_destructor(pDestructor) do {} while(0) ++#define zend_hash_check_destructor(pDestructor) do {} while(0) ++#endif + + ZEND_API int _zend_hash_init(HashTable *ht, uint nSize, hash_func_t pHashFunction, dtor_func_t pDestructor, zend_bool persistent ZEND_FILE_LINE_DC) + { +@@ -156,6 +350,7 @@ ZEND_API int _zend_hash_init(HashTable * + + ht->nTableMask = ht->nTableSize - 1; + ht->pDestructor = pDestructor; ++ zend_hash_add_destructor(pDestructor); + ht->arBuckets = NULL; + ht->pListHead = NULL; + ht->pListTail = NULL; +@@ -233,6 +428,7 @@ ZEND_API int _zend_hash_add_or_update(Ha + return FAILURE; + } + #endif ++ zend_hash_check_destructor(ht->pDestructor); + if (ht->pDestructor) { + ht->pDestructor(p->pData); + } +@@ -298,6 +494,7 @@ ZEND_API int _zend_hash_quick_add_or_upd + return FAILURE; + } + #endif ++ zend_hash_check_destructor(ht->pDestructor); + if (ht->pDestructor) { + ht->pDestructor(p->pData); + } +@@ -373,6 +570,7 @@ ZEND_API int _zend_hash_index_update_or_ + return FAILURE; + } + #endif ++ zend_hash_check_destructor(ht->pDestructor); + if (ht->pDestructor) { + ht->pDestructor(p->pData); + } +@@ -496,6 +694,7 @@ ZEND_API int zend_hash_del_key_or_index( + if (ht->pInternalPointer == p) { + ht->pInternalPointer = p->pListNext; + } ++ zend_hash_check_destructor(ht->pDestructor); + if (ht->pDestructor) { + ht->pDestructor(p->pData); + } +@@ -522,6 +721,7 @@ ZEND_API void zend_hash_destroy(HashTabl + SET_INCONSISTENT(HT_IS_DESTROYING); + + p = ht->pListHead; ++ zend_hash_check_destructor(ht->pDestructor); + while (p != NULL) { + q = p; + p = p->pListNext; +@@ -608,6 +808,7 @@ static Bucket *zend_hash_apply_deleter(H + ht->nNumOfElements--; + HANDLE_UNBLOCK_INTERRUPTIONS(); + ++ zend_hash_check_destructor(ht->pDestructor); + if (ht->pDestructor) { + ht->pDestructor(p->pData); + } +@@ -628,6 +829,7 @@ ZEND_API void zend_hash_graceful_destroy + IS_CONSISTENT(ht); + + p = ht->pListHead; ++ zend_hash_check_destructor(ht->pDestructor); + while (p != NULL) { + p = zend_hash_apply_deleter(ht, p); + } +--- a/Zend/zend_llist.c ++++ b/Zend/zend_llist.c +@@ -23,6 +23,194 @@ + #include "zend_llist.h" + #include "zend_qsort.h" + ++#if SUHOSIN_PATCH ++#ifdef ZTS ++static MUTEX_T zend_llist_dprot_mx_reader; ++static MUTEX_T zend_llist_dprot_mx_writer; ++static unsigned int zend_llist_dprot_reader; ++#endif ++static unsigned int zend_llist_dprot_counter; ++static unsigned int zend_llist_dprot_curmax; ++static llist_dtor_func_t *zend_llist_dprot_table = NULL; ++ ++static void zend_llist_dprot_begin_read() ++{ ++#ifdef ZTS ++ tsrm_mutex_lock(zend_llist_dprot_mx_reader); ++ if ((++(zend_llist_dprot_reader)) == 1) { ++ tsrm_mutex_lock(zend_llist_dprot_mx_writer); ++ } ++ tsrm_mutex_unlock(zend_llist_dprot_mx_reader); ++#endif ++} ++ ++static void zend_llist_dprot_end_read() ++{ ++#ifdef ZTS ++ tsrm_mutex_lock(zend_llist_dprot_mx_reader); ++ if ((--(zend_llist_dprot_reader)) == 0) { ++ tsrm_mutex_unlock(zend_llist_dprot_mx_writer); ++ } ++ tsrm_mutex_unlock(zend_llist_dprot_mx_reader); ++#endif ++} ++ ++static void zend_llist_dprot_begin_write() ++{ ++#ifdef ZTS ++ tsrm_mutex_lock(zend_llist_dprot_mx_writer); ++#endif ++} ++ ++static void zend_llist_dprot_end_write() ++{ ++#ifdef ZTS ++ tsrm_mutex_unlock(zend_llist_dprot_mx_writer); ++#endif ++} ++ ++/*ZEND_API void zend_llist_dprot_dtor() ++{ ++#ifdef ZTS ++ tsrm_mutex_free(zend_llist_dprot_mx_reader); ++ tsrm_mutex_free(zend_llist_dprot_mx_writer); ++#endif ++ free(zend_llist_dprot_table); ++}*/ ++ ++static void zend_llist_add_destructor(llist_dtor_func_t pDestructor) ++{ ++ int left, right, mid; ++ zend_bool found = 0; ++ unsigned long value; ++ ++ if (pDestructor == NULL || pDestructor == ZVAL_PTR_DTOR) { ++ return; ++ } ++ ++ if (zend_llist_dprot_table == NULL) { ++#ifdef ZTS ++ zend_llist_dprot_mx_reader = tsrm_mutex_alloc(); ++ zend_llist_dprot_mx_writer = tsrm_mutex_alloc(); ++ zend_llist_dprot_reader = 0; ++#endif ++ zend_llist_dprot_counter = 0; ++ zend_llist_dprot_curmax = 256; ++ zend_llist_dprot_table = (llist_dtor_func_t *) malloc(256 * sizeof(llist_dtor_func_t)); ++ } ++ ++ zend_llist_dprot_begin_write(); ++ ++ if (zend_llist_dprot_counter == 0) { ++ zend_llist_dprot_counter++; ++ zend_llist_dprot_table[0] = pDestructor; ++ } else { ++ value = (unsigned long) pDestructor; ++ left = 0; ++ right = zend_llist_dprot_counter-1; ++ mid = 0; ++ ++ while (left < right) { ++ mid = (right - left) >> 1; ++ mid += left; ++ if ((unsigned long)zend_llist_dprot_table[mid] == value) { ++ found = 1; ++ break; ++ } ++ if (value < (unsigned long)zend_llist_dprot_table[mid]) { ++ right = mid-1; ++ } else { ++ left = mid+1; ++ } ++ } ++ if ((unsigned long)zend_llist_dprot_table[left] == value) { ++ found = 1; ++ } ++ ++ if (!found) { ++ ++ if (zend_llist_dprot_counter >= zend_llist_dprot_curmax) { ++ zend_llist_dprot_curmax += 256; ++ zend_llist_dprot_table = (llist_dtor_func_t *) realloc(zend_llist_dprot_table, zend_llist_dprot_curmax * sizeof(llist_dtor_func_t)); ++ } ++ ++ if ((unsigned long)zend_llist_dprot_table[left] < value) { ++ memmove(zend_llist_dprot_table+left+2, zend_llist_dprot_table+left+1, (zend_llist_dprot_counter-left-1)*sizeof(llist_dtor_func_t)); ++ zend_llist_dprot_table[left+1] = pDestructor; ++ } else { ++ memmove(zend_llist_dprot_table+left+1, zend_llist_dprot_table+left, (zend_llist_dprot_counter-left)*sizeof(llist_dtor_func_t)); ++ zend_llist_dprot_table[left] = pDestructor; ++ } ++ ++ zend_llist_dprot_counter++; ++ } ++ } ++ ++ zend_llist_dprot_end_write(); ++} ++ ++static void zend_llist_check_destructor(llist_dtor_func_t pDestructor) ++{ ++ unsigned long value; ++ ++ if (pDestructor == NULL || pDestructor == ZVAL_PTR_DTOR) { ++ return; ++ } ++ ++ zend_llist_dprot_begin_read(); ++ ++ if (zend_llist_dprot_counter > 0) { ++ int left, right, mid; ++ zend_bool found = 0; ++ ++ value = (unsigned long) pDestructor; ++ left = 0; ++ right = zend_llist_dprot_counter-1; ++ ++ while (left < right) { ++ mid = (right - left) >> 1; ++ mid += left; ++ if ((unsigned long)zend_llist_dprot_table[mid] == value) { ++ found = 1; ++ break; ++ } ++ if (value < (unsigned long)zend_llist_dprot_table[mid]) { ++ right = mid-1; ++ } else { ++ left = mid+1; ++ } ++ } ++ if ((unsigned long)zend_llist_dprot_table[left] == value) { ++ found = 1; ++ } ++ ++ if (!found) { ++ zend_llist_dprot_end_read(); ++ ++ zend_suhosin_log(S_MEMORY, "possible memory corruption detected - unknown llist destructor"); ++ if (SUHOSIN_CONFIG(SUHOSIN_LL_IGNORE_INVALID_DESTRUCTOR) == 0) { ++ _exit(1); ++ } ++ return; ++ } ++ ++ } else { ++ zend_llist_dprot_end_read(); ++ ++ zend_suhosin_log(S_MEMORY, "possible memory corruption detected - unknown llist destructor"); ++ if (SUHOSIN_CONFIG(SUHOSIN_LL_IGNORE_INVALID_DESTRUCTOR) == 0) { ++ _exit(1); ++ } ++ return; ++ } ++ ++ zend_llist_dprot_end_read(); ++} ++#else ++#define zend_llist_add_destructor(pDestructor) do {} while(0) ++#define zend_llist_check_destructor(pDestructor) do {} while(0) ++#endif ++ + ZEND_API void zend_llist_init(zend_llist *l, size_t size, llist_dtor_func_t dtor, unsigned char persistent) + { + l->head = NULL; +@@ -30,6 +218,7 @@ ZEND_API void zend_llist_init(zend_llist + l->count = 0; + l->size = size; + l->dtor = dtor; ++ zend_llist_add_destructor(dtor); + l->persistent = persistent; + } + +@@ -81,6 +270,7 @@ ZEND_API void zend_llist_prepend_element + } else {\ + (l)->tail = (current)->prev;\ + }\ ++ zend_llist_check_destructor((l)->dtor); \ + if ((l)->dtor) {\ + (l)->dtor((current)->data);\ + }\ +@@ -108,6 +298,7 @@ ZEND_API void zend_llist_destroy(zend_ll + { + zend_llist_element *current=l->head, *next; + ++ zend_llist_check_destructor(l->dtor); + while (current) { + next = current->next; + if (l->dtor) { +@@ -133,6 +324,7 @@ ZEND_API void *zend_llist_remove_tail(ze + zend_llist_element *old_tail; + void *data; + ++ zend_llist_check_destructor((l)->dtor); + if ((old_tail = l->tail)) { + if (old_tail->prev) { + old_tail->prev->next = NULL; +--- a/Zend/zend_operators.c ++++ b/Zend/zend_operators.c +@@ -153,9 +153,14 @@ ZEND_API void convert_scalar_to_number(z + case IS_STRING: + { + char *strval; ++ int strl; + + strval = Z_STRVAL_P(op); +- if ((Z_TYPE_P(op)=is_numeric_string(strval, Z_STRLEN_P(op), &Z_LVAL_P(op), &Z_DVAL_P(op), 1)) == 0) { ++ strl = Z_STRLEN_P(op); ++#if SUHOSIN_PATCH ++ Z_STRLEN_P(op) = 0; ++#endif ++ if ((Z_TYPE_P(op)=is_numeric_string(strval, strl, &Z_LVAL_P(op), &Z_DVAL_P(op), 1)) == 0) { + ZVAL_LONG(op, 0); + } + STR_FREE(strval); +@@ -187,7 +192,8 @@ ZEND_API void convert_scalar_to_number(z + } else { \ + switch (Z_TYPE_P(op)) { \ + case IS_STRING: \ +- { \ ++ { \ ++ Z_STRLEN(holder) = 0; \ + if ((Z_TYPE(holder)=is_numeric_string(Z_STRVAL_P(op), Z_STRLEN_P(op), &Z_LVAL(holder), &Z_DVAL(holder), 1)) == 0) { \ + ZVAL_LONG(&(holder), 0); \ + } \ +@@ -229,6 +235,7 @@ ZEND_API void convert_scalar_to_number(z + Z_LVAL(holder) = zend_dval_to_lval(Z_DVAL_P(op)); \ + break; \ + case IS_STRING: \ ++ Z_STRLEN(holder) = 0; \ + Z_LVAL(holder) = strtol(Z_STRVAL_P(op), NULL, 10); \ + break; \ + case IS_ARRAY: \ +@@ -271,6 +278,7 @@ ZEND_API void convert_scalar_to_number(z + Z_LVAL(holder) = (Z_DVAL_P(op) ? 1 : 0); \ + break; \ + case IS_STRING: \ ++ Z_STRLEN(holder) = 0; \ + if (Z_STRLEN_P(op) == 0 \ + || (Z_STRLEN_P(op)==1 && Z_STRVAL_P(op)[0]=='0')) { \ + Z_LVAL(holder) = 0; \ +@@ -356,6 +364,9 @@ ZEND_API void convert_to_long_base(zval + { + char *strval = Z_STRVAL_P(op); + ++#if SUHOSIN_PATCH ++ Z_STRLEN_P(op) = 0; ++#endif + Z_LVAL_P(op) = strtol(strval, NULL, base); + STR_FREE(strval); + } +@@ -416,6 +427,9 @@ ZEND_API void convert_to_double(zval *op + { + char *strval = Z_STRVAL_P(op); + ++#if SUHOSIN_PATCH ++ Z_STRLEN_P(op) = 0; ++#endif + Z_DVAL_P(op) = zend_strtod(strval, NULL); + STR_FREE(strval); + } +@@ -502,8 +516,14 @@ ZEND_API void convert_to_boolean(zval *o + + if (Z_STRLEN_P(op) == 0 + || (Z_STRLEN_P(op)==1 && Z_STRVAL_P(op)[0]=='0')) { ++#if SUHOSIN_PATCH ++ Z_STRLEN_P(op) = 0; ++#endif + Z_LVAL_P(op) = 0; + } else { ++#if SUHOSIN_PATCH ++ Z_STRLEN_P(op) = 0; ++#endif + Z_LVAL_P(op) = 1; + } + STR_FREE(strval); +@@ -617,6 +637,9 @@ static void convert_scalar_to_array(zval + *entry = *op; + INIT_PZVAL(entry); + ++#if SUHOSIN_PATCH ++ Z_STRLEN_P(op) = 0; ++#endif + switch (type) { + case IS_ARRAY: + ALLOC_HASHTABLE(Z_ARRVAL_P(op)); +--- a/Zend/zend_variables.c ++++ b/Zend/zend_variables.c +@@ -34,6 +34,9 @@ ZEND_API void _zval_dtor_func(zval *zval + case IS_CONSTANT: + CHECK_ZVAL_STRING_REL(zvalue); + STR_FREE_REL(zvalue->value.str.val); ++#if SUHOSIN_PATCH ++ zvalue->value.str.len = 0; ++#endif + break; + case IS_ARRAY: + case IS_CONSTANT_ARRAY: { +@@ -78,6 +81,9 @@ ZEND_API void _zval_internal_dtor(zval * + case IS_CONSTANT: + CHECK_ZVAL_STRING_REL(zvalue); + free(zvalue->value.str.val); ++#if SUHOSIN_PATCH ++ zvalue->value.str.len = 0; ++#endif + break; + case IS_ARRAY: + case IS_CONSTANT_ARRAY: +--- a/configure.in ++++ b/configure.in +@@ -291,6 +291,7 @@ sinclude(Zend/Zend.m4) + sinclude(TSRM/threads.m4) + sinclude(TSRM/tsrm.m4) + ++sinclude(main/suhosin_patch.m4) + + dnl divert(2) + +@@ -1406,7 +1407,7 @@ PHP_ADD_SOURCES(main, main.c snprintf.c + php_ini.c SAPI.c rfc1867.c php_content_types.c strlcpy.c \ + strlcat.c mergesort.c reentrancy.c php_variables.c php_ticks.c \ + network.c php_open_temporary_file.c php_logos.c \ +- output.c getopt.c) ++ output.c getopt.c suhosin_patch.c ) + + PHP_ADD_SOURCES(main/streams, streams.c cast.c memory.c filter.c \ + plain_wrapper.c userspace.c transports.c xp_socket.c mmap.c \ +@@ -1434,7 +1435,7 @@ PHP_ADD_SOURCES(Zend, \ + zend_list.c zend_indent.c zend_builtin_functions.c zend_sprintf.c \ + zend_ini.c zend_qsort.c zend_multibyte.c zend_ts_hash.c zend_stream.c \ + zend_iterators.c zend_interfaces.c zend_exceptions.c zend_strtod.c zend_gc.c \ +- zend_closures.c zend_float.c) ++ zend_closures.c zend_float.c zend_canary.c zend_alloc_canary.c ) + + if test -r "$abs_srcdir/Zend/zend_objects.c"; then + PHP_ADD_SOURCES(Zend, zend_objects.c zend_object_handlers.c zend_objects_API.c zend_default_classes.c) +--- a/ext/standard/dl.c ++++ b/ext/standard/dl.c +@@ -249,6 +249,23 @@ PHPAPI int php_load_extension(char *file + return FAILURE; + } + } ++ ++#if SUHOSIN_PATCH ++ if (strncmp("suhosin", module_entry->name, sizeof("suhosin")-1) == 0) { ++ void *log_func; ++ /* sucessfully loaded suhosin extension, now check for logging function replacement */ ++ log_func = (void *) DL_FETCH_SYMBOL(handle, "suhosin_log"); ++ if (log_func == NULL) { ++ log_func = (void *) DL_FETCH_SYMBOL(handle, "_suhosin_log"); ++ } ++ if (log_func != NULL) { ++ zend_suhosin_log = log_func; ++ } else { ++ zend_suhosin_log(S_MISC, "could not replace logging function"); ++ } ++ } ++#endif ++ + return SUCCESS; + } + /* }}} */ +--- a/ext/standard/info.c ++++ b/ext/standard/info.c +@@ -878,6 +878,33 @@ PHPAPI void php_print_info(int flag TSRM + + php_info_print_table_end(); + ++ /* Suhosin Patch */ ++ php_info_print_box_start(0); ++ if (expose_php && !sapi_module.phpinfo_as_text) { ++ PUTS("\"Suhosin\n"); ++ } ++ PUTS("This server is protected with the Suhosin Patch "); ++ if (sapi_module.phpinfo_as_text) { ++ PUTS(SUHOSIN_PATCH_VERSION); ++ } else { ++ zend_html_puts(SUHOSIN_PATCH_VERSION, strlen(SUHOSIN_PATCH_VERSION) TSRMLS_CC); ++ } ++ PUTS(!sapi_module.phpinfo_as_text?"
":"\n"); ++ if (sapi_module.phpinfo_as_text) { ++ PUTS("Copyright (c) 2006-2007 Hardened-PHP Project\n"); ++ PUTS("Copyright (c) 2007-2009 SektionEins GmbH\n"); ++ } else { ++ PUTS("Copyright (c) 2006-2007 Hardened-PHP Project\n"); ++ PUTS("Copyright (c) 2007-2009 SektionEins GmbH\n"); ++ } ++ php_info_print_box_end(); ++ + /* Zend Engine */ + php_info_print_box_start(0); + if (expose_php && !sapi_module.phpinfo_as_text) { +--- a/ext/standard/syslog.c ++++ b/ext/standard/syslog.c +@@ -42,6 +42,7 @@ static void start_syslog(TSRMLS_D); + */ + PHP_MINIT_FUNCTION(syslog) + { ++#if !SUHOSIN_PATCH + /* error levels */ + REGISTER_LONG_CONSTANT("LOG_EMERG", LOG_EMERG, CONST_CS | CONST_PERSISTENT); /* system unusable */ + REGISTER_LONG_CONSTANT("LOG_ALERT", LOG_ALERT, CONST_CS | CONST_PERSISTENT); /* immediate action required */ +@@ -97,6 +98,7 @@ PHP_MINIT_FUNCTION(syslog) + /* AIX doesn't have LOG_PERROR */ + REGISTER_LONG_CONSTANT("LOG_PERROR", LOG_PERROR, CONST_CS | CONST_PERSISTENT); /*log to stderr*/ + #endif ++#endif + BG(syslog_device)=NULL; + + return SUCCESS; +--- a/main/fopen_wrappers.c ++++ b/main/fopen_wrappers.c +@@ -85,13 +85,8 @@ or a tightening during activation/runtim + PHPAPI ZEND_INI_MH(OnUpdateBaseDir) + { + char **p, *pathbuf, *ptr, *end; +-#ifndef ZTS +- char *base = (char *) mh_arg2; +-#else +- char *base = (char *) ts_resource(*((int *) mh_arg2)); +-#endif + +- p = (char **) (base + (size_t) mh_arg1); ++ p = &PG(open_basedir); + + if (stage == PHP_INI_STAGE_STARTUP || stage == PHP_INI_STAGE_SHUTDOWN || stage == PHP_INI_STAGE_ACTIVATE || stage == PHP_INI_STAGE_DEACTIVATE) { + /* We're in a PHP_INI_SYSTEM context, no restrictions */ +--- a/main/main.c ++++ b/main/main.c +@@ -91,6 +91,9 @@ + + #include "SAPI.h" + #include "rfc1867.h" ++#if SUHOSIN_PATCH ++#include "suhosin_globals.h" ++#endif + + #if HAVE_MMAP + # if HAVE_UNISTD_H +@@ -504,7 +507,7 @@ PHP_INI_BEGIN() + STD_PHP_INI_ENTRY("extension_dir", PHP_EXTENSION_DIR, PHP_INI_SYSTEM, OnUpdateStringUnempty, extension_dir, php_core_globals, core_globals) + STD_PHP_INI_ENTRY("include_path", PHP_INCLUDE_PATH, PHP_INI_ALL, OnUpdateStringUnempty, include_path, php_core_globals, core_globals) + PHP_INI_ENTRY("max_execution_time", "30", PHP_INI_ALL, OnUpdateTimeout) +- STD_PHP_INI_ENTRY("open_basedir", NULL, PHP_INI_ALL, OnUpdateBaseDir, open_basedir, php_core_globals, core_globals) ++ PHP_INI_ENTRY("open_basedir", NULL, PHP_INI_ALL, OnUpdateBaseDir) + STD_PHP_INI_ENTRY("safe_mode_exec_dir", PHP_SAFE_MODE_EXEC_DIR, PHP_INI_SYSTEM, OnUpdateString, safe_mode_exec_dir, php_core_globals, core_globals) + + STD_PHP_INI_BOOLEAN("file_uploads", "1", PHP_INI_SYSTEM, OnUpdateBool, file_uploads, php_core_globals, core_globals) +@@ -1810,6 +1813,10 @@ void dummy_invalid_parameter_handler( + } + #endif + ++#if SUHOSIN_PATCH ++PHPAPI void suhosin_startup(); ++#endif ++ + /* {{{ php_module_startup + */ + int php_module_startup(sapi_module_struct *sf, zend_module_entry *additional_modules, uint num_additional_modules) +@@ -1858,6 +1865,10 @@ int php_module_startup(sapi_module_struc + php_win32_init_rng_lock(); + #endif + ++#if SUHOSIN_PATCH ++ suhosin_startup(); ++#endif ++ + module_shutdown = 0; + module_startup = 1; + sapi_initialize_empty_request(TSRMLS_C); +@@ -1980,7 +1991,11 @@ int php_module_startup(sapi_module_struc + REGISTER_MAIN_STRINGL_CONSTANT("PHP_CONFIG_FILE_SCAN_DIR", PHP_CONFIG_FILE_SCAN_DIR, sizeof(PHP_CONFIG_FILE_SCAN_DIR)-1, CONST_PERSISTENT | CONST_CS); + REGISTER_MAIN_STRINGL_CONSTANT("PHP_SHLIB_SUFFIX", PHP_SHLIB_SUFFIX, sizeof(PHP_SHLIB_SUFFIX)-1, CONST_PERSISTENT | CONST_CS); + REGISTER_MAIN_STRINGL_CONSTANT("PHP_EOL", PHP_EOL, sizeof(PHP_EOL)-1, CONST_PERSISTENT | CONST_CS); +- REGISTER_MAIN_LONG_CONSTANT("PHP_MAXPATHLEN", MAXPATHLEN, CONST_PERSISTENT | CONST_CS); ++#if SUHOSIN_PATCH ++ REGISTER_MAIN_LONG_CONSTANT("SUHOSIN_PATCH", 1, CONST_PERSISTENT | CONST_CS); ++ REGISTER_MAIN_STRINGL_CONSTANT("SUHOSIN_PATCH_VERSION", SUHOSIN_PATCH_VERSION, sizeof(SUHOSIN_PATCH_VERSION)-1, CONST_PERSISTENT | CONST_CS); ++#endif ++ REGISTER_MAIN_LONG_CONSTANT("PHP_MAXPATHLEN", MAXPATHLEN, CONST_PERSISTENT | CONST_CS); + REGISTER_MAIN_LONG_CONSTANT("PHP_INT_MAX", LONG_MAX, CONST_PERSISTENT | CONST_CS); + REGISTER_MAIN_LONG_CONSTANT("PHP_INT_SIZE", sizeof(long), CONST_PERSISTENT | CONST_CS); + #ifdef ZEND_MULTIBYTE +--- a/main/php.h ++++ b/main/php.h +@@ -459,6 +459,10 @@ END_EXTERN_C() + #endif + #endif /* !XtOffsetOf */ + ++#if SUHOSIN_PATCH ++#include "suhosin_patch.h" ++#endif ++ + #endif + + /* +--- a/main/php_logos.c ++++ b/main/php_logos.c +@@ -50,6 +50,10 @@ PHPAPI int php_unregister_info_logo(char + return zend_hash_del(&phpinfo_logo_hash, logo_string, strlen(logo_string)); + } + ++#if SUHOSIN_PATCH ++#include "suhosin_logo.h" ++#endif ++ + int php_init_info_logos(void) + { + if(zend_hash_init(&phpinfo_logo_hash, 0, NULL, NULL, 1)==FAILURE) +@@ -58,7 +62,9 @@ int php_init_info_logos(void) + php_register_info_logo(PHP_LOGO_GUID , "image/gif", php_logo , sizeof(php_logo)); + php_register_info_logo(PHP_EGG_LOGO_GUID, "image/gif", php_egg_logo, sizeof(php_egg_logo)); + php_register_info_logo(ZEND_LOGO_GUID , "image/gif", zend_logo , sizeof(zend_logo)); +- ++#if SUHOSIN_PATCH ++ php_register_info_logo(SUHOSIN_LOGO_GUID, "image/jpeg", suhosin_logo , sizeof(suhosin_logo)); ++#endif + return SUCCESS; + } + +--- a/main/snprintf.c ++++ b/main/snprintf.c +@@ -782,6 +782,10 @@ static int format_converter(register buf + */ + switch (*fmt) { + case 'Z': ++#if SUHOSIN_PATCH ++ zend_suhosin_log(S_MISC, "'Z' specifier within format string"); ++ goto skip_output; ++#else + zvp = (zval*) va_arg(ap, zval*); + zend_make_printable_zval(zvp, &zcopy, &free_zcopy); + if (free_zcopy) { +@@ -792,6 +796,7 @@ static int format_converter(register buf + if (adjust_precision && precision < s_len) { + s_len = precision; + } ++#endif + break; + case 'u': + switch(modifier) { +@@ -1093,7 +1098,11 @@ static int format_converter(register buf + + + case 'n': ++#if SUHOSIN_PATCH ++ zend_suhosin_log(S_MISC, "'n' specifier within format string"); ++#else + *(va_arg(ap, int *)) = cc; ++#endif + goto skip_output; + + /* +--- a/main/spprintf.c ++++ b/main/spprintf.c +@@ -390,6 +390,10 @@ static void xbuf_format_converter(smart_ + */ + switch (*fmt) { + case 'Z': ++#if SUHOSIN_PATCH ++ zend_suhosin_log(S_MISC, "'Z' specifier within format string"); ++ goto skip_output; ++#else + zvp = (zval*) va_arg(ap, zval*); + zend_make_printable_zval(zvp, &zcopy, &free_zcopy); + if (free_zcopy) { +@@ -400,6 +404,7 @@ static void xbuf_format_converter(smart_ + if (adjust_precision && precision < s_len) { + s_len = precision; + } ++#endif + break; + case 'u': + switch(modifier) { +@@ -700,7 +705,11 @@ static void xbuf_format_converter(smart_ + + + case 'n': ++#if SUHOSIN_PATCH ++ zend_suhosin_log(S_MISC, "'n' specifier within format string"); ++#else + *(va_arg(ap, int *)) = xbuf->len; ++#endif + goto skip_output; + + /* +--- /dev/null ++++ b/main/suhosin_globals.h +@@ -0,0 +1,61 @@ ++/* ++ +----------------------------------------------------------------------+ ++ | Suhosin-Patch for PHP | ++ +----------------------------------------------------------------------+ ++ | Copyright (c) 2004-2009 Stefan Esser | ++ +----------------------------------------------------------------------+ ++ | This source file is subject to version 2.02 of the PHP license, | ++ | that is bundled with this package in the file LICENSE, and is | ++ | available at through the world-wide-web at | ++ | http://www.php.net/license/2_02.txt. | ++ | If you did not receive a copy of the PHP license and are unable to | ++ | obtain it through the world-wide-web, please send a note to | ++ | license@php.net so we can mail you a copy immediately. | ++ +----------------------------------------------------------------------+ ++ | Author: Stefan Esser | ++ +----------------------------------------------------------------------+ ++ */ ++ ++#ifndef SUHOSIN_GLOBALS_H ++#define SUHOSIN_GLOBALS_H ++ ++typedef struct _suhosin_patch_globals suhosin_patch_globals_struct; ++ ++#ifdef ZTS ++# define SPG(v) TSRMG(suhosin_patch_globals_id, suhosin_patch_globals_struct *, v) ++extern int suhosin_patch_globals_id; ++#else ++# define SPG(v) (suhosin_patch_globals.v) ++extern struct _suhosin_patch_globals suhosin_patch_globals; ++#endif ++ ++ ++struct _suhosin_patch_globals { ++ /* logging */ ++ int log_syslog; ++ int log_syslog_facility; ++ int log_syslog_priority; ++ int log_sapi; ++ int log_script; ++ int log_phpscript; ++ char *log_scriptname; ++ char *log_phpscriptname; ++ zend_bool log_phpscript_is_safe; ++ zend_bool log_use_x_forwarded_for; ++ ++ /* memory manager canary protection */ ++ unsigned int canary_1; ++ unsigned int canary_2; ++ unsigned int canary_3; ++ unsigned int dummy; ++}; ++ ++ ++#endif /* SUHOSIN_GLOBALS_H */ ++ ++/* ++ * Local variables: ++ * tab-width: 4 ++ * c-basic-offset: 4 ++ * End: ++ */ +--- /dev/null ++++ b/main/suhosin_logo.h +@@ -0,0 +1,178 @@ ++static unsigned char suhosin_logo[] = ++ "\xff\xd8\xff\xe0\x00\x10\x4a\x46\x49\x46\x00\x01\x01\x01\x00\x48" ++ "\x00\x48\x00\x00\xff\xe1\x00\x16\x45\x78\x69\x66\x00\x00\x4d\x4d" ++ "\x00\x2a\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\xff\xdb\x00\x43" ++ "\x00\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01" ++ "\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01" ++ "\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01" ++ "\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01" ++ "\x01\xff\xc0\x00\x0b\x08\x00\x27\x00\x71\x01\x01\x22\x00\xff\xc4" ++ "\x00\x1e\x00\x00\x02\x02\x02\x03\x01\x01\x00\x00\x00\x00\x00\x00" ++ "\x00\x00\x00\x00\x09\x06\x08\x05\x07\x02\x03\x0a\x01\x04\xff\xc4" ++ "\x00\x32\x10\x00\x01\x04\x03\x00\x02\x00\x05\x01\x05\x09\x01\x00" ++ "\x00\x00\x00\x05\x02\x03\x04\x06\x01\x07\x08\x00\x09\x11\x12\x13" ++ "\x14\x21\x15\x0a\x16\x31\x56\x96\x17\x18\x19\x23\x32\x41\x58\x98" ++ "\xd4\xd6\xff\xda\x00\x08\x01\x01\x00\x00\x3f\x00\xf4\xc1\xe1\xe5" ++ "\x69\xe9\x3e\xb9\xd1\x7c\x8a\x2e\x9d\x66\xe8\x3b\x29\x4d\x7f\x46" ++ "\xba\x58\x55\x54\x8d\xb1\x5f\xaa\xd9\x8d\x51\x2b\xb6\x27\x5a\x69" ++ "\xd1\x43\xaf\x16\x1a\xf0\xb2\xb1\xe9\x6d\x9f\xc2\xa4\x36\x18\xb5" ++ "\x85\x10\x41\xbe\xfc\x09\xac\x49\x29\x11\xd4\x32\x97\xec\x08\x13" ++ "\xc1\x2d\x20\xc3\x59\xeb\x26\x05\xd8\x6b\x76\x31\x43\x8f\x57\xcf" ++ "\x84\x9f\x14\xa8\x53\x81\x0b\xc3\x64\x80\xa3\x02\x0a\x41\x75\xf8" ++ "\x44\x85\x93\x81\x22\x3c\xd8\x13\xe1\xbe\xf4\x59\x91\x1f\x6a\x44" ++ "\x77\x5c\x69\xc4\x2f\x39\x5f\x0f\x2a\x8d\xeb\xba\xf8\xc3\x56\x6c" ++ "\x3b\x36\xa7\xda\xbd\x4d\xa1\xb5\x4e\xc6\xa7\xa4\x3a\xec\x15\x2d" ++ "\xa5\xb3\xea\x5a\xdc\xac\x46\xac\x01\x60\xd8\x43\xc8\x8e\x8b\xb1" ++ "\x40\x4c\x95\x8b\x34\x41\x28\x52\x91\x28\x43\xd3\xa3\xb6\xa7\x55" ++ "\x15\xe7\x5a\x96\xcb\xf1\xda\xe5\x55\xee\xfe\x1e\xbd\xd9\x41\xd3" ++ "\x28\xfd\x97\xca\x57\x2b\x85\x9c\xa4\x30\x95\xaa\xa5\x57\xa2\x35" ++ "\x15\x86\xcb\x61\x34\x41\xe4\xc7\x80\x20\x18\x21\x17\x09\x85\x0b" ++ "\x14\x9d\x21\x68\x62\x1c\x08\x11\x64\x4b\x92\xf2\xd2\xd3\x2d\x2d" ++ "\x6a\xc2\x73\x6b\x3c\x3c\x8b\x9e\xbc\x52\xaa\xa4\xab\x81\x6c\xf6" ++ "\xfa\xbd\x70\xc5\xc6\x7b\xc2\xaa\x22\x4f\x58\x04\x87\x25\x6a\x27" ++ "\x1d\xa4\x3d\x20\x75\x72\x01\x09\x71\xe5\x1c\x9e\xc3\x2e\x36\xf3" ++ "\xd0\xc6\x35\x2a\x43\x4d\x2d\x0e\x2d\xb4\xa1\x49\xce\x65\x1e\x52" ++ "\x9e\xa1\xf6\x09\xcc\xdc\x63\x66\xa8\x01\xe9\x3b\x0d\xd7\x5a\x85" ++ "\xbb\xc5\x65\xc0\x7b\x2e\x46\xa9\xd9\x56\x1d\x4c\x92\x72\x26\x4e" ++ "\x86\xd5\x68\xae\xc4\xaa\x55\xce\xd7\x83\x59\xb3\x81\xee\xce\x74" ++ "\x39\x39\x31\x9f\x8a\x25\xe8\xa5\xa5\xe5\x81\xf2\x11\x23\xcb\xa1" ++ "\x1e\x43\x12\xe3\xb1\x2a\x2b\xcd\xc8\x8d\x25\x96\xa4\x47\x7d\x95" ++ "\xa5\xc6\x9f\x61\xe4\x25\xc6\x5e\x69\xc4\xe7\x29\x5b\x6e\xb6\xa4" ++ "\xad\x0b\x4e\x72\x95\x25\x58\x56\x33\x9c\x67\xce\xef\x0f\x17\xbf" ++ "\x4c\x7b\x2d\xe6\xfe\x76\x35\x27\x5a\x07\x97\x67\xe8\xae\x8d\x71" ++ "\x0f\xb2\x13\x99\xb9\xbc\x14\xad\xb3\xb7\xe6\x11\x6f\xe0\xda\x58" ++ "\xb1\x08\xac\xa6\x6c\x2d\x7f\x05\xb7\x56\xd2\xe6\xcf\xbb\x4d\x0c" ++ "\xe3\x50\xb2\xec\x91\xf0\x4a\xb8\xd6\x22\xb8\xa7\xf6\x67\xaf\xcf" ++ "\x63\x7e\xd7\xe7\x42\xd8\xbd\xc3\x71\xa1\xf2\x7e\x9b\xa8\x97\x83" ++ "\x6e\xd1\xdc\x4b\x06\x11\x2d\xae\x26\x61\x98\x72\x10\xf4\x42\x5d" ++ "\x20\x4a\xa3\x73\xd7\xf2\xcd\x3c\x48\x32\xe4\x03\x9f\x80\x37\x08" ++ "\x36\x11\xd0\xcb\x97\x6c\x08\xed\x6d\x33\x24\xa2\x1b\xb4\x77\xdf" ++ "\x61\x5d\x5f\xc1\x43\xc2\x82\xeb\x0f\x5d\x84\x08\x68\xaa\xa4\x01" ++ "\xe1\x19\xdf\xbc\x31\x65\xfe\xd1\xf5\x7d\x7a\xb2\x2a\x33\x50\x21" ++ "\x2a\x56\x9d\xb1\x81\xab\xdb\x35\x78\x30\x83\xd9\x89\x1d\x31\xac" ++ "\x96\x14\x07\x61\xbc\x20\x68\x42\x85\x33\x19\xac\xbe\xdb\x34\x56" ++ "\xf1\xd5\xfd\x29\xa9\x28\xdb\xcb\x4c\x5a\x23\xdc\xf5\x96\xc5\x10" ++ "\xa3\x35\x5b\x14\x68\xd3\x61\x62\x64\x76\x26\xcb\x17\x3e\x34\x98" ++ "\x04\xa3\xc4\x20\x38\x90\x92\xe3\xc8\x07\x2c\x36\x74\x66\x26\x0e" ++ "\x29\x02\x64\x29\x2d\x21\xe6\x16\x9c\x6b\xce\xa3\x89\xd9\x4f\xd3" ++ "\xc4\xbd\xc5\x87\x79\x9c\x65\xf6\x39\x45\x60\xe8\xce\x9e\xab\x6d" ++ "\x13\x15\x22\xe1\x5e\x4b\x38\x42\xc4\x1e\xd5\x76\xe0\xc5\xeb\x85" ++ "\x07\x2d\x0f\xb8\xb6\xa6\xd6\x6d\x71\x0d\xa2\x43\x4c\x25\xea\xfa" ++ "\xa1\xae\x4c\xe4\x7d\xbd\x76\xa9\xfb\x06\xc2\x83\x42\xeb\xad\xe7" ++ "\xe9\x5f\x68\x6f\xba\xfb\x2f\x07\xce\xb8\x13\xc1\x9b\xeb\xb0\x76" ++ "\x45\x57\x28\x7b\xea\xbe\x0f\xf4\x30\x7b\xa0\xed\xe4\x22\x93\x21" ++ "\xfc\xbc\xe0\xb9\x75\xc1\x4f\xfc\xef\xb6\xfa\xa1\xfc\x64\xa1\x4a" ++ "\x82\xc7\x33\xad\x75\xed\x82\xbd\x3d\xdb\xf7\xa8\xbe\x5e\xbb\x36" ++ "\x62\x04\x9a\x2e\xc5\xd9\x9e\x9c\x3a\x0b\x98\x0b\x57\xac\xf1\x24" ++ "\x62\x58\x83\x15\x5b\xa6\xf2\xda\x34\x70\x03\xce\x0f\x93\x1b\x12" ++ "\xc7\xce\x54\x87\x33\x15\xd6\x53\x25\x1f\x2a\x90\x87\x12\xe3\x78" ++ "\xef\x55\x77\x4d\x4a\xd8\x7e\xef\xd2\xfd\xd1\xaf\x3a\xaf\x55\xdb" ++ "\x6a\x2d\x3d\x42\xac\x51\x79\xee\x91\xab\xe1\x05\x2d\x3c\x80\xa2" ++ "\x43\xad\x22\x2e\xd5\x33\x13\xa4\x9e\x00\xe0\x04\x10\x84\xc8\xf2" ++ "\x19\x30\x92\x1f\xaa\xc3\x28\xc9\x76\x30\x3f\xe9\x10\x61\x5e\x79" ++ "\xd5\xf7\xdf\xd0\x54\xdb\xae\xb6\xae\xfa\xe8\xa3\x57\xe0\x6c\x2d" ++ "\xf7\xbd\x49\xd6\x6e\x76\x79\xcc\x54\x0c\x5f\xff\x00\xbb\x06\x98" ++ "\xa6\x9e\x89\x61\xb4\x6f\xc3\xe3\x6a\xc2\x4f\x59\x03\xc9\x80\x2c" ++ "\x59\x24\x44\x70\x38\xd5\x96\x6a\x9e\x8b\x81\x64\xe5\xbc\xa0\x3c" ++ "\x33\xaf\x17\x9d\xff\x00\x71\x1a\xd1\x3a\x80\x66\xb3\xd9\x31\x77" ++ "\x0d\x12\xbd\xae\x29\xb5\x6a\xd6\xcf\x8d\x68\x87\x75\xcd\xe8\x65" ++ "\x5a\xbe\x3c\x04\x7b\x34\xdb\x54\x19\xa4\x63\x9c\x2a\x5d\x23\xbe" ++ "\xf4\xb1\x1c\x4d\x90\xec\x92\x2f\x49\x71\xf7\x14\xf2\x97\x9f\x15" ++ "\x57\xed\x13\x21\x2a\xf5\x33\xd1\x2a\x52\x52\xac\xb7\x62\xd1\xcb" ++ "\x46\x73\x8c\x67\x28\x56\x77\x86\xbf\x6f\x2a\x4e\x73\xfe\x95\x65" ++ "\x0b\x5a\x3e\x38\xfc\xfc\xaa\x56\x3f\x86\x73\xe3\xb9\x4a\x52\x84" ++ "\xa5\x08\x4e\x12\x94\x27\x09\x4a\x53\x8c\x61\x29\x4a\x71\xf0\x4a" ++ "\x53\x8c\x7e\x31\x8c\x63\x18\xc6\x31\x8f\xc6\x31\xf8\xc7\x9f\x7c" ++ "\xd5\xbb\xae\x5e\xe2\x1f\xab\x6e\x24\x34\x00\x8a\x25\x83\x70\x40" ++ "\x1c\xcc\xda\x45\x7f\x66\x4e\x30\x2e\x94\x7e\x74\x49\xf0\xe4\x4e" ++ "\x06\x5c\xa8\x2f\x89\x21\x2e\x98\x0e\xd9\x21\xc2\x0b\x21\x0f\xc4" ++ "\x16\x6e\x48\xd9\xe4\xe3\x4a\x19\x1e\x64\x67\x54\xff\x00\x3a\x6d" ++ "\x4f\x62\xb5\x00\x4a\xaa\x51\xfd\x2d\xe8\x0e\x6c\xaf\xc6\x7d\x6d" ++ "\xc8\x88\xc7\x67\xea\x8a\x58\x02\x73\xe3\x65\x4d\xc9\x24\xc0\x3d" ++ "\x57\xa3\x2e\x53\x16\x99\x4f\xe5\xe7\x19\x97\x3e\x3b\xcf\xc9\x4b" ++ "\x99\x7f\x33\x25\xa5\xdf\xba\x77\x2b\xd3\x3e\xc2\x7b\x8b\x94\x07" ++ "\xe9\x52\x5b\x43\x87\x34\x14\x86\x37\xcf\x41\x6b\x8e\x6a\xa5\x22" ++ "\xab\xdb\x96\xa2\xcf\x46\xd8\x9b\x45\x93\xef\xd6\xdf\x3e\x99\x9c" ++ "\x7e\x29\x10\x6b\x6c\xa2\xb8\x43\x05\x09\x44\x70\x8c\xb8\xaa\x54" ++ "\x7c\x30\x36\x5e\x1c\x5e\x5b\x9f\x6c\x0d\x81\xee\xa0\x93\x8d\x67" ++ "\x55\xf3\x87\xaf\xaa\x6b\x58\xf9\xbe\xb2\x36\x07\x42\x6e\xbd\x96" ++ "\xe3\x9f\x1f\x8f\xc9\xf4\x9d\xae\x6a\x7d\x4c\x96\xbe\x5f\xc7\xcd" ++ "\xf3\xb2\xf7\xcd\xf0\xcf\xc3\xe4\xf8\xfe\x37\x4f\x1c\x4d\xf6\x40" ++ "\xf1\x6b\x7c\x4e\xe0\xa6\x71\xad\x56\xa7\x1c\x5c\x15\x6b\xfc\xf3" ++ "\x01\x5d\xac\xf1\x75\x9a\x72\x6b\xaa\x28\xc5\x88\x6d\xfb\x33\x85" ++ "\xe0\x4e\x61\xab\xeb\x31\x2c\x71\x08\x73\x11\x3b\xfc\xb5\xc0\x96" ++ "\xcc\x87\x24\x44\xb5\x9b\x9e\xb3\x71\xba\xe9\xed\xb1\x4e\xd7\x76" ++ "\x6c\xd2\xb6\x05\xb7\x5a\xde\xeb\x34\x5b\x96\x16\xfb\x59\xa9\x5c" ++ "\x4f\x55\xca\x8a\xac\x59\xb0\xe4\x54\x39\x25\xbc\x81\x37\x2a\x09" ++ "\x5f\x9e\x3b\x6b\x7d\x1f\x69\xf3\x34\x85\x39\x84\xa7\x28\x0b\xd3" ++ "\xfd\xfb\x4b\x7a\xea\xe7\xd2\x3c\xd3\xda\x15\x68\xbc\x73\xd3\x22" ++ "\x6f\xd7\x72\x5b\x2b\x66\xee\xa8\x0d\x54\xe8\x5b\xf9\x92\x96\x92" ++ "\x93\xea\x97\x4a\xc7\x43\x10\x46\x35\xc5\xc0\x60\x8a\xe4\xc1\xb5" ++ "\x36\xc6\xae\xed\xf7\x70\xa5\x86\x99\x3d\x91\xf8\xfd\x4e\x53\xeb" ++ "\xbb\xbd\x6d\xec\x8f\xd7\x89\x3d\x31\x7f\xd7\x78\xba\x50\xbb\x74" ++ "\x9d\xf6\xac\x4e\xb9\x03\x9c\x79\xd5\xe1\xbd\x17\x68\xd9\x13\x0b" ++ "\x45\x75\x88\x00\x1d\x1f\xae\x73\x6a\x1d\x5c\x6e\x44\x9f\xa6\xfa" ++ "\x4e\xd8\x25\x8b\xc0\xbc\xb2\x99\xe3\x17\x24\xb3\x23\xe2\x48\x8b" ++ "\xfa\x22\xe7\x7e\x8f\xe6\x3f\x5f\x55\x0d\x75\xd3\x51\x0b\xd7\xed" ++ "\xd3\x6f\x97\x3b\x85\x42\x80\x7e\x5f\xdc\x1b\xd6\xba\xee\xc4\x80" ++ "\xce\x06\xa9\x15\x8c\x97\x5f\x40\x69\xb2\x4d\xc5\xb2\x5c\x1e\x01" ++ "\x87\x7e\xe0\x36\x6d\x78\x80\x4e\x3c\x02\xec\x90\x1d\x11\x81\x74" ++ "\xa5\x8b\xa4\xa0\x56\x06\xd5\x79\x72\x85\x57\x3b\xb2\x2e\xae\x90" ++ "\x18\x8d\x91\xb2\x0e\x44\x19\xaa\xb4\xcc\x08\xed\x46\xfa\xd7\x2b" ++ "\x78\x58\x72\x5d\xbb\x5e\x49\xe7\xee\xf3\x8a\x9d\x22\xa4\x19\xc8" ++ "\xe7\x08\xc3\x90\x9b\x35\x9a\xa4\x25\x8c\x4b\x9b\xa7\xf8\xbf\x81" ++ "\xf5\xdf\x22\x66\xf1\x7e\x9f\x66\x3d\xbb\xfa\x73\x73\x4d\xfd\x67" ++ "\x7b\xf4\xce\xc3\x62\x2e\x6f\xbb\x0c\xa2\xdc\x69\xfc\x8a\x17\x0e" ++ "\x3a\x9e\x83\x46\xd7\xe3\x5e\x65\x86\xc0\x51\x00\xbb\x91\xe3\xe1" ++ "\xc1\x16\xc4\xe9\x65\x5c\x14\x3e\x44\x6a\x6b\xd1\x1e\xb0\x36\xdd" ++ "\x0b\x7d\x8a\xeb\xaf\x58\x5b\x64\x3f\x38\xed\x52\x76\xe8\x46\xf7" ++ "\x86\x84\xb3\x93\xb1\x0b\xe5\xfd\xfd\x0d\xe9\x6d\xe4\xf1\x1b\x1d" ++ "\x56\xb4\x34\xe4\x6a\xf5\xa4\x9c\x2c\xc9\x64\x94\xc1\xf5\x79\x6d" ++ "\x12\x96\xf3\x47\xc5\x48\xa8\xdb\xd8\x95\x64\x29\xcf\xf6\x88\xf1" ++ "\x95\x7a\x98\xe8\xbc\x27\x19\xce\x73\x61\xd1\xb8\xc6\x31\x8c\xe7" ++ "\x39\xce\x77\x9e\xbc\xc6\x31\x8c\x63\xf3\x9c\xe7\x39\xc6\x31\x8f" ++ "\xf7\xce\x7e\x1e\x3b\x7f\x0f\x0f\x0f\x13\x57\xb9\x0a\xe1\x0b\x64" ++ "\x5f\x58\x40\xc6\xc7\x7a\x4b\xf2\x3d\xbc\x71\xf4\xa7\xd2\xca\x14" ++ "\xe2\x98\x1a\x30\x1e\xe0\x26\x5a\x6a\xf0\x9c\x67\x38\x66\x00\xb8" ++ "\x72\xe6\xbe\xac\xfe\x12\xd3\x0b\x56\x73\x8c\x63\xc7\x2b\xe1\xe2" ++ "\xe8\xdd\x7b\xff\x00\xd8\xe5\x23\x6c\xce\xa8\x69\xcf\x5e\x3a\xef" ++ "\x77\xea\xe5\xab\x0e\x82\xdb\xd9\xed\x7a\x9e\xb8\x6d\x51\x32\xdb" ++ "\x79\xc3\x36\x9a\x2d\xa3\x50\x39\x65\x0a\x63\x0e\xe5\xd4\x39\x12" ++ "\xbf\x8b\x98\xa4\xa1\x2d\xad\xb3\xcf\x65\x6a\x43\x78\xb3\x3b\x07" ++ "\xd8\xd5\xea\xae\x76\xad\x6f\xf5\xff\x00\xca\x93\xab\x96\xb0\x64" ++ "\xeb\xd6\x4a\xd5\x87\xba\xec\x24\x60\x97\x06\x76\x03\xe3\x4c\x07" ++ "\x29\x11\x8e\x34\x25\x02\x64\x29\xf0\x25\x48\x85\x3a\x33\x8b\x7a" ++ "\x3c\x86\x1e\x75\xa5\x61\xc6\x97\x9f\x8d\x25\xf5\xc9\xcd\xde\xc9" ++ "\x7d\x77\xf2\xc8\x7e\x70\xaf\x73\x5f\x2d\xec\xa2\x51\x2d\x96\xfb" ++ "\x89\xad\x80\x57\xb2\x36\x1d\x7d\x83\x45\xac\xf3\xdb\xcc\x6c\x31" ++ "\x4f\xcf\x30\x58\xd0\x12\x28\x90\x50\x42\x86\xfb\x48\x16\x3c\xc5" ++ "\x9c\xf8\xe7\xcc\x29\x88\xb3\x4a\x4b\x4e\x6c\xbc\xdb\xc7\xbb\xe9" ++ "\xb6\xa0\x8b\x11\xa1\x7d\x73\xd7\xe9\xbf\x7e\xc2\x6c\x10\x8d\xee" ++ "\x9d\xef\x63\x3a\xe0\xf5\xbe\x8c\x3e\xa1\xc7\xc5\xd1\x00\x44\x1e" ++ "\xf3\x51\xf2\xe2\xb0\xe3\xb5\x13\x7f\x32\xf1\x8c\xa6\x22\xfe\x1f" ++ "\x49\x4d\xbb\xcf\x3a\x5d\xed\x4c\xd2\xfc\x85\xed\x23\xd6\xc7\x50" ++ "\xb6\x5b\x3a\x16\x83\xb8\x6f\xfd\x32\x3f\xaa\x36\x34\xbb\xf5\x96" ++ "\xa9\xab\xcf\x9f\x8f\xac\xc3\xca\xd5\x8b\xd8\x48\x9e\x79\xaa\x30" ++ "\x87\xca\x58\x4d\x59\x96\xb9\x4f\xc5\x1b\x1c\xd2\xda\x5b\xe6\x57" ++ "\x29\xa1\x28\x7a\x2b\x5b\xff\x00\x12\x2f\x5e\x3f\xf3\xbb\x8e\x7f" ++ "\xec\xc6\x98\xff\x00\xed\x3c\xa6\xdd\xa9\xdc\x7e\xa0\xf7\xd6\x99" ++ "\x31\xa2\xf7\xaf\x6b\xe9\x82\x74\x4b\x3d\x8f\x5e\x58\x0b\x33\xab" ++ "\xef\xc3\xaf\x84\x64\xb9\xae\xb6\x25\x5f\x62\x8f\x1c\xe3\xf4\x51" ++ "\xb7\x96\xe3\x0e\x30\x42\xa9\x18\x39\xbf\x9e\x2a\x1f\x74\x19\x02" ++ "\x2d\x43\x93\x06\x63\xb1\xa7\x47\x6a\xfa\x9b\x6c\xeb\xbd\xe9\xae" ++ "\x6a\x7b\x6f\x53\x5a\x60\x5d\xb5\xcd\xe8\x67\xeb\x35\x3b\x48\xc6" ++ "\xa6\xb3\x04\xc8\xdf\xb8\x7e\x26\x64\xb0\xc9\x18\xb0\xa7\x33\xf2" ++ "\x4a\x8b\x22\x3b\x8d\x4b\x89\x1d\xf6\x9d\x65\xc4\x38\xd2\x54\x9c" ++ "\xe3\xcd\x89\xe1\xe1\xe6\x3e\x70\x81\x45\x1d\x18\xf9\x31\x83\xc8" ++ "\xbe\x14\x82\x4b\x87\x7a\x74\x28\xd2\xdd\x12\x55\x30\xe6\x0e\x49" ++ "\x31\x8e\x48\x69\xc5\xc0\x20\x91\xe4\x48\x41\x4c\xd8\xb9\x6a\x4e" ++ "\x21\xce\x99\x1b\x0e\xfd\x09\x4f\xa1\x79\x0f\x0f\x0f\x0f\x0f\x0f" ++ "\x0f\x3f\x3c\xb8\x71\x27\xc7\x72\x24\xe8\xb1\xa6\xc5\x7b\x18\xc3" ++ "\xb1\xa5\xb0\xd4\x98\xee\xe3\x19\xc6\x71\x87\x19\x79\x2b\x6d\x78" ++ "\xc6\x71\x8c\xe3\x0a\x4e\x71\x8c\xe3\x19\xfe\x38\xf2\x3b\xfb\x8b" ++ "\x48\xfe\x4e\xaa\xff\x00\x4f\x08\xff\x00\xc7\xe1\xfb\x8b\x48\xfe" ++ "\x4e\xaa\xff\x00\x4f\x08\xff\x00\xc7\xe4\x95\x86\x18\x8a\xcb\x31" ++ "\xa3\x32\xd4\x78\xf1\xdb\x43\x2c\x47\x61\xb4\x32\xcb\x2c\xb4\x9c" ++ "\x21\xb6\x99\x69\xbc\x25\xb6\xdb\x6d\x18\xc2\x10\xda\x12\x94\xa1" ++ "\x38\xc2\x53\x8c\x63\x18\xc7\x9d\xbe\x7f\xff\xd9" ++ ; +--- /dev/null ++++ b/main/suhosin_patch.c +@@ -0,0 +1,470 @@ ++/* ++ +----------------------------------------------------------------------+ ++ | Suhosin Patch for PHP | ++ +----------------------------------------------------------------------+ ++ | Copyright (c) 2004-2010 Stefan Esser | ++ +----------------------------------------------------------------------+ ++ | This source file is subject to version 2.02 of the PHP license, | ++ | that is bundled with this package in the file LICENSE, and is | ++ | available at through the world-wide-web at | ++ | http://www.php.net/license/2_02.txt. | ++ | If you did not receive a copy of the PHP license and are unable to | ++ | obtain it through the world-wide-web, please send a note to | ++ | license@php.net so we can mail you a copy immediately. | ++ +----------------------------------------------------------------------+ ++ | Author: Stefan Esser | ++ +----------------------------------------------------------------------+ ++ */ ++/* $Id: suhosin_patch.c,v 1.2 2004/11/21 09:38:52 ionic Exp $ */ ++ ++#include "php.h" ++ ++#include ++#include ++#include ++ ++#if HAVE_UNISTD_H ++#include ++#endif ++#include "SAPI.h" ++#include "php_globals.h" ++ ++#if SUHOSIN_PATCH ++ ++#ifdef HAVE_SYS_SOCKET_H ++#include ++#endif ++ ++#if defined(PHP_WIN32) || defined(__riscos__) || defined(NETWARE) ++#undef AF_UNIX ++#endif ++ ++#if defined(AF_UNIX) ++#include ++#endif ++ ++#define SYSLOG_PATH "/dev/log" ++ ++#ifdef PHP_WIN32 ++static HANDLE log_source = 0; ++#endif ++ ++#include "snprintf.h" ++ ++#include "suhosin_patch.h" ++ ++#ifdef ZTS ++#include "suhosin_globals.h" ++int suhosin_patch_globals_id; ++#else ++struct _suhosin_patch_globals suhosin_patch_globals; ++#endif ++ ++static char *suhosin_config = NULL; ++ ++static zend_intptr_t SUHOSIN_POINTER_GUARD = 0; ++ ++static void php_security_log(int loglevel, char *fmt, ...); ++ ++static void suhosin_patch_globals_ctor(suhosin_patch_globals_struct *suhosin_patch_globals TSRMLS_DC) ++{ ++ memset(suhosin_patch_globals, 0, sizeof(*suhosin_patch_globals)); ++} ++ ++ZEND_API char suhosin_get_config(int element) ++{ ++ return ((char *)SUHOSIN_MANGLE_PTR(suhosin_config))[element]; ++} ++ ++static void suhosin_set_config(int element, char value) ++{ ++ ((char *)SUHOSIN_MANGLE_PTR(suhosin_config))[element] = value; ++} ++ ++static void suhosin_read_configuration_from_environment() ++{ ++ char *tmp; ++ ++ /* check if canary protection should be activated or not */ ++ tmp = getenv("SUHOSIN_MM_USE_CANARY_PROTECTION"); ++ /* default to activated */ ++ suhosin_set_config(SUHOSIN_MM_USE_CANARY_PROTECTION, 1); ++ if (tmp) { ++ int flag = zend_atoi(tmp, 0); ++ suhosin_set_config(SUHOSIN_MM_USE_CANARY_PROTECTION, flag); ++ } ++ ++ /* check if free memory should be overwritten with 0xFF or not */ ++ tmp = getenv("SUHOSIN_MM_DESTROY_FREE_MEMORY"); ++ /* default to deactivated */ ++ suhosin_set_config(SUHOSIN_MM_DESTROY_FREE_MEMORY, 0); ++ if (tmp) { ++ int flag = zend_atoi(tmp, 0); ++ suhosin_set_config(SUHOSIN_MM_DESTROY_FREE_MEMORY, flag); ++ } ++ ++ /* check if canary violations should be ignored */ ++ tmp = getenv("SUHOSIN_MM_IGNORE_CANARY_VIOLATION"); ++ /* default to NOT ignore */ ++ suhosin_set_config(SUHOSIN_MM_IGNORE_CANARY_VIOLATION, 0); ++ if (tmp) { ++ int flag = zend_atoi(tmp, 0); ++ suhosin_set_config(SUHOSIN_MM_IGNORE_CANARY_VIOLATION, flag); ++ } ++ ++ /* check if invalid hashtable destructors should be ignored */ ++ tmp = getenv("SUHOSIN_HT_IGNORE_INVALID_DESTRUCTOR"); ++ /* default to NOT ignore */ ++ suhosin_set_config(SUHOSIN_HT_IGNORE_INVALID_DESTRUCTOR, 0); ++ if (tmp) { ++ int flag = zend_atoi(tmp, 0); ++ suhosin_set_config(SUHOSIN_HT_IGNORE_INVALID_DESTRUCTOR, flag); ++ } ++ ++ /* check if invalid linkedlist destructors should be ignored */ ++ tmp = getenv("SUHOSIN_LL_IGNORE_INVALID_DESTRUCTOR"); ++ /* default to NOT ignore */ ++ suhosin_set_config(SUHOSIN_LL_IGNORE_INVALID_DESTRUCTOR, 0); ++ if (tmp) { ++ int flag = zend_atoi(tmp, 0); ++ suhosin_set_config(SUHOSIN_LL_IGNORE_INVALID_DESTRUCTOR, flag); ++ } ++ ++ suhosin_set_config(SUHOSIN_CONFIG_SET, 1); ++} ++ ++static void suhosin_write_protect_configuration() ++{ ++ /* check return value of mprotect() to ensure memory is read only now */ ++ if (mprotect(SUHOSIN_MANGLE_PTR(suhosin_config), sysconf(_SC_PAGESIZE), PROT_READ) != 0) { ++ perror("suhosin"); ++ _exit(1); ++ } ++} ++ ++PHPAPI void suhosin_startup() ++{ ++#ifdef ZTS ++ ts_allocate_id(&suhosin_patch_globals_id, sizeof(suhosin_patch_globals_struct), (ts_allocate_ctor) suhosin_patch_globals_ctor, NULL); ++#else ++ suhosin_patch_globals_ctor(&suhosin_patch_globals TSRMLS_CC); ++#endif ++ zend_suhosin_log = php_security_log; ++ ++ /* get the pointer guardian and ensure low 3 bits are 1 */ ++ if (SUHOSIN_POINTER_GUARD == 0) { ++ zend_canary(&SUHOSIN_POINTER_GUARD, sizeof(SUHOSIN_POINTER_GUARD)); ++ SUHOSIN_POINTER_GUARD |= 7; ++ } ++ ++ if (!suhosin_config) { ++#ifndef MAP_ANONYMOUS ++#define MAP_ANONYMOUS MAP_ANON ++#endif ++ suhosin_config = mmap(NULL, sysconf(_SC_PAGESIZE), PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0); ++ if (suhosin_config == MAP_FAILED) { ++ perror("suhosin"); ++ _exit(1); ++ } ++ suhosin_config = SUHOSIN_MANGLE_PTR(suhosin_config); ++ } ++ if (!SUHOSIN_CONFIG(SUHOSIN_CONFIG_SET)) { ++ suhosin_read_configuration_from_environment(); ++ suhosin_write_protect_configuration(); ++ } ++} ++ ++static char *loglevel2string(int loglevel) ++{ ++ switch (loglevel) { ++ case S_FILES: ++ return "FILES"; ++ case S_INCLUDE: ++ return "INCLUDE"; ++ case S_MEMORY: ++ return "MEMORY"; ++ case S_MISC: ++ return "MISC"; ++ case S_SESSION: ++ return "SESSION"; ++ case S_SQL: ++ return "SQL"; ++ case S_EXECUTOR: ++ return "EXECUTOR"; ++ case S_VARS: ++ return "VARS"; ++ default: ++ return "UNKNOWN"; ++ } ++} ++ ++static void php_security_log(int loglevel, char *fmt, ...) ++{ ++ int s, r, i=0; ++#if defined(AF_UNIX) ++ struct sockaddr_un saun; ++#endif ++#ifdef PHP_WIN32 ++ LPTSTR strs[2]; ++ unsigned short etype; ++ DWORD evid; ++#endif ++ char buf[4096+64]; ++ char error[4096+100]; ++ char *ip_address; ++ char *fname; ++ char *alertstring; ++ int lineno; ++ va_list ap; ++ TSRMLS_FETCH(); ++ ++ /*SDEBUG("(suhosin_log) loglevel: %d log_syslog: %u - log_sapi: %u - log_script: %u", loglevel, SPG(log_syslog), SPG(log_sapi), SPG(log_script));*/ ++ ++ if (SPG(log_use_x_forwarded_for)) { ++ ip_address = sapi_getenv("HTTP_X_FORWARDED_FOR", 20 TSRMLS_CC); ++ if (ip_address == NULL) { ++ ip_address = "X-FORWARDED-FOR not set"; ++ } ++ } else { ++ ip_address = sapi_getenv("REMOTE_ADDR", 11 TSRMLS_CC); ++ if (ip_address == NULL) { ++ ip_address = "REMOTE_ADDR not set"; ++ } ++ } ++ ++ ++ va_start(ap, fmt); ++ ap_php_vsnprintf(error, sizeof(error), fmt, ap); ++ va_end(ap); ++ while (error[i]) { ++ if (error[i] < 32) error[i] = '.'; ++ i++; ++ } ++ ++/* if (SPG(simulation)) { ++ alertstring = "ALERT-SIMULATION"; ++ } else { */ ++ alertstring = "ALERT"; ++/* }*/ ++ ++ if (zend_is_executing(TSRMLS_C)) { ++ if (EG(current_execute_data)) { ++ lineno = EG(current_execute_data)->opline->lineno; ++ fname = EG(current_execute_data)->op_array->filename; ++ } else { ++ lineno = zend_get_executed_lineno(TSRMLS_C); ++ fname = zend_get_executed_filename(TSRMLS_C); ++ } ++ ap_php_snprintf(buf, sizeof(buf), "%s - %s (attacker '%s', file '%s', line %u)", alertstring, error, ip_address, fname, lineno); ++ } else { ++ fname = sapi_getenv("SCRIPT_FILENAME", 15 TSRMLS_CC); ++ if (fname==NULL) { ++ fname = "unknown"; ++ } ++ ap_php_snprintf(buf, sizeof(buf), "%s - %s (attacker '%s', file '%s')", alertstring, error, ip_address, fname); ++ } ++ ++ /* Syslog-Logging disabled? */ ++ if (((SPG(log_syslog)|S_INTERNAL) & loglevel)==0) { ++ goto log_sapi; ++ } ++ ++#if defined(AF_UNIX) ++ ap_php_snprintf(error, sizeof(error), "<%u>suhosin[%u]: %s\n", (unsigned int)(SPG(log_syslog_facility)|SPG(log_syslog_priority)),getpid(),buf); ++ ++ s = socket(AF_UNIX, SOCK_DGRAM, 0); ++ if (s == -1) { ++ goto log_sapi; ++ } ++ ++ memset(&saun, 0, sizeof(saun)); ++ saun.sun_family = AF_UNIX; ++ strcpy(saun.sun_path, SYSLOG_PATH); ++ /*saun.sun_len = sizeof(saun);*/ ++ ++ r = connect(s, (struct sockaddr *)&saun, sizeof(saun)); ++ if (r) { ++ close(s); ++ s = socket(AF_UNIX, SOCK_STREAM, 0); ++ if (s == -1) { ++ goto log_sapi; ++ } ++ ++ memset(&saun, 0, sizeof(saun)); ++ saun.sun_family = AF_UNIX; ++ strcpy(saun.sun_path, SYSLOG_PATH); ++ /*saun.sun_len = sizeof(saun);*/ ++ ++ r = connect(s, (struct sockaddr *)&saun, sizeof(saun)); ++ if (r) { ++ close(s); ++ goto log_sapi; ++ } ++ } ++ send(s, error, strlen(error), 0); ++ ++ close(s); ++#endif ++#ifdef PHP_WIN32 ++ ap_php_snprintf(error, sizeof(error), "suhosin[%u]: %s", getpid(),buf); ++ ++ switch (SPG(log_syslog_priority)) { /* translate UNIX type into NT type */ ++ case 1: /*LOG_ALERT:*/ ++ etype = EVENTLOG_ERROR_TYPE; ++ break; ++ case 6: /*LOG_INFO:*/ ++ etype = EVENTLOG_INFORMATION_TYPE; ++ break; ++ default: ++ etype = EVENTLOG_WARNING_TYPE; ++ } ++ evid = loglevel; ++ strs[0] = error; ++ /* report the event */ ++ if (log_source == NULL) { ++ log_source = RegisterEventSource(NULL, "Suhosin-Patch-" SUHOSIN_PATCH_VERSION); ++ } ++ ReportEvent(log_source, etype, (unsigned short) SPG(log_syslog_priority), evid, NULL, 1, 0, strs, NULL); ++ ++#endif ++log_sapi: ++ /* SAPI Logging activated? */ ++ /*SDEBUG("(suhosin_log) log_syslog: %u - log_sapi: %u - log_script: %u - log_phpscript: %u", SPG(log_syslog), SPG(log_sapi), SPG(log_script), SPG(log_phpscript));*/ ++ if (((SPG(log_sapi)|S_INTERNAL) & loglevel)!=0) { ++ sapi_module.log_message(buf); ++ } ++ ++/*log_script:*/ ++ /* script logging activaed? */ ++ if (((SPG(log_script) & loglevel)!=0) && SPG(log_scriptname)!=NULL) { ++ char cmd[8192], *cmdpos, *bufpos; ++ FILE *in; ++ int space; ++ ++ ap_php_snprintf(cmd, sizeof(cmd), "%s %s \'", SPG(log_scriptname), loglevel2string(loglevel)); ++ space = sizeof(cmd) - strlen(cmd); ++ cmdpos = cmd + strlen(cmd); ++ bufpos = buf; ++ if (space <= 1) return; ++ while (space > 2 && *bufpos) { ++ if (*bufpos == '\'') { ++ if (space<=5) break; ++ *cmdpos++ = '\''; ++ *cmdpos++ = '\\'; ++ *cmdpos++ = '\''; ++ *cmdpos++ = '\''; ++ bufpos++; ++ space-=4; ++ } else { ++ *cmdpos++ = *bufpos++; ++ space--; ++ } ++ } ++ *cmdpos++ = '\''; ++ *cmdpos = 0; ++ ++ if ((in=VCWD_POPEN(cmd, "r"))==NULL) { ++ php_security_log(S_INTERNAL, "Unable to execute logging shell script: %s", SPG(log_scriptname)); ++ return; ++ } ++ /* read and forget the result */ ++ while (1) { ++ int readbytes = fread(cmd, 1, sizeof(cmd), in); ++ if (readbytes<=0) { ++ break; ++ } ++ } ++ pclose(in); ++ } ++/*log_phpscript:*/ ++ if ((SPG(log_phpscript) & loglevel)!=0 && EG(in_execution) && SPG(log_phpscriptname) && SPG(log_phpscriptname)[0]) { ++ zend_file_handle file_handle; ++ zend_op_array *new_op_array; ++ zval *result = NULL; ++ ++ /*long orig_execution_depth = SPG(execution_depth);*/ ++ zend_bool orig_safe_mode = PG(safe_mode); ++ char *orig_basedir = PG(open_basedir); ++ ++ char *phpscript = SPG(log_phpscriptname); ++/*SDEBUG("scriptname %s", SPG(log_phpscriptname));`*/ ++#ifdef ZEND_ENGINE_2 ++ if (zend_stream_open(phpscript, &file_handle TSRMLS_CC) == SUCCESS) { ++#else ++ if (zend_open(phpscript, &file_handle) == SUCCESS && ZEND_IS_VALID_FILE_HANDLE(&file_handle)) { ++ file_handle.filename = phpscript; ++ file_handle.free_filename = 0; ++#endif ++ if (!file_handle.opened_path) { ++ file_handle.opened_path = estrndup(phpscript, strlen(phpscript)); ++ } ++ new_op_array = zend_compile_file(&file_handle, ZEND_REQUIRE TSRMLS_CC); ++ zend_destroy_file_handle(&file_handle TSRMLS_CC); ++ if (new_op_array) { ++ HashTable *active_symbol_table = EG(active_symbol_table); ++ zval *zerror, *zerror_class; ++ ++ if (active_symbol_table == NULL) { ++ active_symbol_table = &EG(symbol_table); ++ } ++ EG(return_value_ptr_ptr) = &result; ++ EG(active_op_array) = new_op_array; ++ ++ MAKE_STD_ZVAL(zerror); ++ MAKE_STD_ZVAL(zerror_class); ++ ZVAL_STRING(zerror, buf, 1); ++ ZVAL_LONG(zerror_class, loglevel); ++ ++ zend_hash_update(active_symbol_table, "SUHOSIN_ERROR", sizeof("SUHOSIN_ERROR"), (void **)&zerror, sizeof(zval *), NULL); ++ zend_hash_update(active_symbol_table, "SUHOSIN_ERRORCLASS", sizeof("SUHOSIN_ERRORCLASS"), (void **)&zerror_class, sizeof(zval *), NULL); ++ ++ /*SPG(execution_depth) = 0;*/ ++ if (SPG(log_phpscript_is_safe)) { ++ PG(safe_mode) = 0; ++ PG(open_basedir) = NULL; ++ } ++ ++ zend_execute(new_op_array TSRMLS_CC); ++ ++ /*SPG(execution_depth) = orig_execution_depth;*/ ++ PG(safe_mode) = orig_safe_mode; ++ PG(open_basedir) = orig_basedir; ++ ++#ifdef ZEND_ENGINE_2 ++ destroy_op_array(new_op_array TSRMLS_CC); ++#else ++ destroy_op_array(new_op_array); ++#endif ++ efree(new_op_array); ++#ifdef ZEND_ENGINE_2 ++ if (!EG(exception)) ++#endif ++ { ++ if (EG(return_value_ptr_ptr)) { ++ zval_ptr_dtor(EG(return_value_ptr_ptr)); ++ EG(return_value_ptr_ptr) = NULL; ++ } ++ } ++ } else { ++ php_security_log(S_INTERNAL, "Unable to execute logging PHP script: %s", SPG(log_phpscriptname)); ++ return; ++ } ++ } else { ++ php_security_log(S_INTERNAL, "Unable to execute logging PHP script: %s", SPG(log_phpscriptname)); ++ return; ++ } ++ } ++ ++} ++ ++ ++#endif ++ ++/* ++ * Local variables: ++ * tab-width: 4 ++ * c-basic-offset: 4 ++ * End: ++ * vim600: sw=4 ts=4 fdm=marker ++ * vim<600: sw=4 ts=4 ++ */ +--- /dev/null ++++ b/main/suhosin_patch.h +@@ -0,0 +1,59 @@ ++/* ++ +----------------------------------------------------------------------+ ++ | Suhosin Patch for PHP | ++ +----------------------------------------------------------------------+ ++ | Copyright (c) 2004-2010 Stefan Esser | ++ +----------------------------------------------------------------------+ ++ | This source file is subject to version 2.02 of the PHP license, | ++ | that is bundled with this package in the file LICENSE, and is | ++ | available at through the world-wide-web at | ++ | http://www.php.net/license/2_02.txt. | ++ | If you did not receive a copy of the PHP license and are unable to | ++ | obtain it through the world-wide-web, please send a note to | ++ | license@php.net so we can mail you a copy immediately. | ++ +----------------------------------------------------------------------+ ++ | Author: Stefan Esser | ++ +----------------------------------------------------------------------+ ++ */ ++ ++#ifndef SUHOSIN_PATCH_H ++#define SUHOSIN_PATCH_H ++ ++#if SUHOSIN_PATCH ++ ++#include "zend.h" ++ ++#define SUHOSIN_PATCH_VERSION "0.9.10" ++ ++#define SUHOSIN_LOGO_GUID "SUHO8567F54-D428-14d2-A769-00DA302A5F18" ++ ++#define SUHOSIN_CONFIG(idx) (suhosin_get_config(idx)) ++ ++#define SUHOSIN_MM_USE_CANARY_PROTECTION 0 ++#define SUHOSIN_MM_DESTROY_FREE_MEMORY 1 ++#define SUHOSIN_MM_IGNORE_CANARY_VIOLATION 2 ++#define SUHOSIN_HT_IGNORE_INVALID_DESTRUCTOR 3 ++#define SUHOSIN_LL_IGNORE_INVALID_DESTRUCTOR 4 ++ ++#define SUHOSIN_CONFIG_SET 100 ++ ++#include ++#include ++#include ++ ++#if defined(DARWIN) ++#include ++#endif ++ ++#define SUHOSIN_MANGLE_PTR(ptr) (ptr==NULL?NULL:((void *)((zend_intptr_t)(ptr)^SUHOSIN_POINTER_GUARD))) ++ ++#endif ++ ++#endif /* SUHOSIN_PATCH_H */ ++ ++/* ++ * Local variables: ++ * tab-width: 4 ++ * c-basic-offset: 4 ++ * End: ++ */ +--- /dev/null ++++ b/main/suhosin_patch.m4 +@@ -0,0 +1,8 @@ ++dnl ++dnl $Id: suhosin_patch.m4,v 1.1 2004/11/14 13:24:24 ionic Exp $ ++dnl ++dnl This file contains Suhosin Patch for PHP specific autoconf functions. ++dnl ++ ++AC_DEFINE(SUHOSIN_PATCH, 1, [Suhosin Patch]) ++ +--- a/sapi/apache/mod_php5.c ++++ b/sapi/apache/mod_php5.c +@@ -969,7 +969,11 @@ static void php_init_handler(server_rec + { + TSRMLS_FETCH(); + if (PG(expose_php)) { ++#if SUHOSIN_PATCH ++ ap_add_version_component("PHP/" PHP_VERSION " with Suhosin-Patch"); ++#else + ap_add_version_component("PHP/" PHP_VERSION); ++#endif + } + } + #endif +--- a/sapi/apache2filter/sapi_apache2.c ++++ b/sapi/apache2filter/sapi_apache2.c +@@ -583,7 +583,11 @@ static void php_apache_add_version(apr_p + { + TSRMLS_FETCH(); + if (PG(expose_php)) { ++#if SUHOSIN_PATCH ++ ap_add_version_component(p, "PHP/" PHP_VERSION " with Suhosin-Patch"); ++#else + ap_add_version_component(p, "PHP/" PHP_VERSION); ++#endif + } + } + +--- a/sapi/apache2handler/sapi_apache2.c ++++ b/sapi/apache2handler/sapi_apache2.c +@@ -407,7 +407,11 @@ static void php_apache_add_version(apr_p + { + TSRMLS_FETCH(); + if (PG(expose_php)) { ++#if SUHOSIN_PATCH ++ ap_add_version_component(p, "PHP/" PHP_VERSION " with Suhosin-Patch"); ++#else + ap_add_version_component(p, "PHP/" PHP_VERSION); ++#endif + } + } + +--- a/sapi/apache_hooks/mod_php5.c ++++ b/sapi/apache_hooks/mod_php5.c +@@ -1256,7 +1256,11 @@ static void php_init_handler(server_rec + { + TSRMLS_FETCH(); + if (PG(expose_php)) { ++#if SUHOSIN_PATCH ++ ap_add_version_component("PHP/" PHP_VERSION " with Suhosin-Patch"); ++#else + ap_add_version_component("PHP/" PHP_VERSION); ++#endif + } + } + #endif +--- a/sapi/cgi/cgi_main.c ++++ b/sapi/cgi/cgi_main.c +@@ -1932,10 +1932,18 @@ consult the installation file that came + SG(headers_sent) = 1; + SG(request_info).no_headers = 1; + } ++#if SUHOSIN_PATCH + #if ZEND_DEBUG +- php_printf("PHP %s (%s) (built: %s %s) (DEBUG)\nCopyright (c) 1997-2012 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version()); ++ php_printf("PHP %s with Suhosin-Patch (%s) (built: %s %s) (DEBUG)\nCopyright (c) 1997-2012 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version()); + #else +- php_printf("PHP %s (%s) (built: %s %s)\nCopyright (c) 1997-2012 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version()); ++ php_printf("PHP %s with Suhosin-Patch (%s) (built: %s %s)\nCopyright (c) 1997-2012 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version()); ++#endif ++#else ++ #if ZEND_DEBUG ++ php_printf("PHP %s (%s) (built: %s %s) (DEBUG)\nCopyright (c) 1997-2012 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version()); ++ #else ++ php_printf("PHP %s (%s) (built: %s %s)\nCopyright (c) 1997-2012 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version()); ++ #endif + #endif + php_request_shutdown((void *) 0); + fcgi_shutdown(); +--- a/sapi/cli/php_cli.c ++++ b/sapi/cli/php_cli.c +@@ -826,7 +826,11 @@ int main(int argc, char *argv[]) + } + + request_started = 1; +- php_printf("PHP %s (%s) (built: %s %s) %s\nCopyright (c) 1997-2012 The PHP Group\n%s", ++ php_printf("PHP %s " ++#if SUHOSIN_PATCH ++ "with Suhosin-Patch " ++#endif ++ "(%s) (built: %s %s) %s\nCopyright (c) 1997-2012 The PHP Group\n%s", + PHP_VERSION, sapi_module.name, __DATE__, __TIME__, + #if ZEND_DEBUG && defined(HAVE_GCOV) + "(DEBUG GCOV)", +--- a/sapi/litespeed/lsapi_main.c ++++ b/sapi/litespeed/lsapi_main.c +@@ -718,10 +718,18 @@ static int cli_main( int argc, char * ar + break; + case 'v': + if (php_request_startup(TSRMLS_C) != FAILURE) { ++#if SUHOSIN_PATCH + #if ZEND_DEBUG +- php_printf("PHP %s (%s) (built: %s %s) (DEBUG)\nCopyright (c) 1997-2004 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version()); ++ php_printf("PHP %s with Suhosin-Patch (%s) (built: %s %s) (DEBUG)\nCopyright (c) 1997-2011 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version()); + #else +- php_printf("PHP %s (%s) (built: %s %s)\nCopyright (c) 1997-2004 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version()); ++ php_printf("PHP %s with Suhosin-Patch (%s) (built: %s %s)\nCopyright (c) 1997-2011 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version()); ++#endif ++#else ++#if ZEND_DEBUG ++ php_printf("PHP %s (%s) (built: %s %s) (DEBUG)\nCopyright (c) 1997-2011 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version()); ++#else ++ php_printf("PHP %s (%s) (built: %s %s)\nCopyright (c) 1997-2011 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version()); ++#endif + #endif + #ifdef PHP_OUTPUT_NEWAPI + php_output_end_all(TSRMLS_C); +--- a/sapi/milter/php_milter.c ++++ b/sapi/milter/php_milter.c +@@ -1111,7 +1111,11 @@ int main(int argc, char *argv[]) + } + SG(headers_sent) = 1; + SG(request_info).no_headers = 1; ++#if SUHOSIN_PATCH ++ php_printf("PHP %s with Suhosin-Patch (%s) (built: %s %s)\nCopyright (c) 1997-2012 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version()); ++#else + php_printf("PHP %s (%s) (built: %s %s)\nCopyright (c) 1997-2012 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version()); ++#endif + php_end_ob_buffers(1 TSRMLS_CC); + exit(1); + break; +--- a/win32/build/config.w32 ++++ b/win32/build/config.w32 +@@ -328,7 +328,7 @@ ADD_SOURCES("Zend", "zend_language_parse + zend_stream.c zend_iterators.c zend_interfaces.c zend_objects.c \ + zend_object_handlers.c zend_objects_API.c \ + zend_default_classes.c zend_execute.c zend_strtod.c zend_gc.c zend_closures.c \ +- zend_float.c"); ++ zend_float.c zend_canary.c zend_alloc_canary.c"); + + if (VCVERS == 1200) { + AC_DEFINE('ZEND_DVAL_TO_LVAL_CAST_OK', 1); +@@ -385,6 +385,7 @@ if (PHP_ZEND_MULTIBYTE == "yes") { + + AC_DEFINE('HAVE_USLEEP', 1); + AC_DEFINE('HAVE_STRCOLL', 1); ++AC_DEFINE('SUHOSIN_PATCH', 1); + + /* For snapshot builders, where can we find the additional + * files that make up the snapshot template? */ +--- a/win32/build/config.w32.h.in ++++ b/win32/build/config.w32.h.in +@@ -152,6 +152,9 @@ + /* Win32 supports strcoll */ + #define HAVE_STRCOLL 1 + ++/* Suhosin Patch support */ ++#define SUHOSIN_PATCH 1 ++ + /* Win32 supports socketpair by the emulation in win32/sockets.c */ + #define HAVE_SOCKETPAIR 1 + #define HAVE_SOCKLEN_T 1 --- php5-5.3.10.orig/debian/patches/CVE-2014-3480.patch +++ php5-5.3.10/debian/patches/CVE-2014-3480.patch @@ -0,0 +1,37 @@ +From 40ef6e07e0b2cdced57c506e08cf18f47122292d Mon Sep 17 00:00:00 2001 +From: Remi Collet +Date: Tue, 10 Jun 2014 14:22:04 +0200 +Subject: [PATCH] Bug #67412 fileinfo: cdf_count_chain insufficient + boundary check + +Upstream: +https://github.com/file/file/commit/40bade80cbe2af1d0b2cd0420cebd5d5905a2382 +--- + ext/fileinfo/libmagic/cdf.c | 7 ++++--- + 1 file changed, 4 insertions(+), 3 deletions(-) + +Index: php5-5.3.10/ext/fileinfo/libmagic/cdf.c +=================================================================== +--- php5-5.3.10.orig/ext/fileinfo/libmagic/cdf.c 2014-07-07 08:26:43.746639038 -0400 ++++ php5-5.3.10/ext/fileinfo/libmagic/cdf.c 2014-07-07 08:26:43.742639038 -0400 +@@ -425,7 +425,8 @@ + cdf_count_chain(const cdf_sat_t *sat, cdf_secid_t sid, size_t size) + { + size_t i, j; +- cdf_secid_t maxsector = (cdf_secid_t)(sat->sat_len * size); ++ cdf_secid_t maxsector = (cdf_secid_t)((sat->sat_len * size) ++ / sizeof(maxsector)); + + DPRINTF(("Chain:")); + for (j = i = 0; sid >= 0; i++, j++) { +@@ -435,8 +436,8 @@ + errno = EFTYPE; + return (size_t)-1; + } +- if (sid > maxsector) { +- DPRINTF(("Sector %d > %d\n", sid, maxsector)); ++ if (sid >= maxsector) { ++ DPRINTF(("Sector %d >= %d\n", sid, maxsector)); + errno = EFTYPE; + return (size_t)-1; + } --- php5-5.3.10.orig/debian/patches/CVE-2012-2143.patch +++ php5-5.3.10/debian/patches/CVE-2012-2143.patch @@ -0,0 +1,41 @@ +Description: fix password truncation via invalid byte +Origin: upstream, http://git.php.net/?p=php-src.git;a=commitdiff;h=aab49e934de1fff046e659cbec46e3d053b41c34 + +Index: php5-5.3.10/ext/standard/crypt_freesec.c +=================================================================== +--- php5-5.3.10.orig/ext/standard/crypt_freesec.c 2010-02-21 19:05:02.000000000 -0500 ++++ php5-5.3.10/ext/standard/crypt_freesec.c 2012-06-12 13:33:33.013077810 -0400 +@@ -629,7 +629,8 @@ + */ + q = (u_char *) keybuf; + while (q - (u_char *) keybuf < sizeof(keybuf)) { +- if ((*q++ = *key << 1)) ++ *q++ = *key << 1; ++ if (*key) + key++; + } + if (des_setkey((u_char *) keybuf, data)) +Index: php5-5.3.10/ext/standard/tests/strings/crypt_chars.phpt +=================================================================== +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ php5-5.3.10/ext/standard/tests/strings/crypt_chars.phpt 2012-06-12 13:33:33.013077810 -0400 +@@ -0,0 +1,19 @@ ++--TEST-- ++crypt() function - characters > 0x80 ++--SKIPIF-- ++ ++--FILE-- ++ + --EXPECTF-- ++ + Warning: Header may not contain more than a single header, new line detected in %s on line %d + foo + --EXPECTHEADERS-- +-X-foo: e +-foo ++Content-type: text/html +Index: php5-5.3.10/ext/standard/tests/general_functions/bug60227_3.phpt +=================================================================== +--- php5-5.3.10.orig/ext/standard/tests/general_functions/bug60227_3.phpt 2016-07-28 15:02:35.294152249 -0400 ++++ php5-5.3.10/ext/standard/tests/general_functions/bug60227_3.phpt 2016-07-28 15:02:35.290152197 -0400 +@@ -1,8 +1,9 @@ + --TEST-- + Bug #60227 (header() cannot detect the multi-line header with CR), \0 before \n ++--INI-- ++expose_php=0 + --FILE-- + +@@ -10,5 +11,4 @@ + Warning: Header may not contain NUL bytes in %s on line %d + foo + --EXPECTHEADERS-- +-X-foo: e +-foo ++Content-type: text/html +Index: php5-5.3.10/ext/standard/tests/general_functions/bug60227_4.phpt +=================================================================== +--- php5-5.3.10.orig/ext/standard/tests/general_functions/bug60227_4.phpt 2016-07-28 15:02:35.294152249 -0400 ++++ php5-5.3.10/ext/standard/tests/general_functions/bug60227_4.phpt 2016-07-28 15:02:35.290152197 -0400 +@@ -1,8 +1,9 @@ + --TEST-- + Bug #60227 (header() cannot detect the multi-line header with CR), CRLF ++--INI-- ++expose_php=0 + --FILE-- + +@@ -10,5 +11,4 @@ + Warning: Header may not contain more than a single header, new line detected in %s on line %d + foo + --EXPECTHEADERS-- +-X-foo: e +- foo ++Content-type: text/html +Index: php5-5.3.10/main/SAPI.c +=================================================================== +--- php5-5.3.10.orig/main/SAPI.c 2016-07-28 15:02:35.294152249 -0400 ++++ php5-5.3.10/main/SAPI.c 2016-07-28 15:02:35.290152197 -0400 +@@ -593,13 +593,8 @@ + /* new line/NUL character safety check */ + int i; + for (i = 0; i < header_line_len; i++) { +- /* RFC 2616 allows new lines if followed by SP or HT */ +- int illegal_break = +- (header_line[i+1] != ' ' && header_line[i+1] != '\t') +- && ( +- header_line[i] == '\n' +- || (header_line[i] == '\r' && header_line[i+1] != '\n')); +- if (illegal_break) { ++ /* RFC 7230 ch. 3.2.4 deprecates folding support */ ++ if (header_line[i] == '\n' || header_line[i] == '\r') { + efree(header_line); + sapi_module.sapi_error(E_WARNING, "Header may not contain " + "more than a single header, new line detected"); --- php5-5.3.10.orig/debian/patches/CVE-2014-1943.patch +++ php5-5.3.10/debian/patches/CVE-2014-1943.patch @@ -0,0 +1,182 @@ +Description: fix denial of service via crafted indirect offset value in fileinfo +Origin: backport, http://git.php.net/?p=php-src.git;a=commitdiff;h=89f864c +Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=739012 + +Index: php5-5.3.10/ext/fileinfo/libmagic/ascmagic.c +=================================================================== +--- php5-5.3.10.orig/ext/fileinfo/libmagic/ascmagic.c 2014-02-28 14:49:07.317551915 -0500 ++++ php5-5.3.10/ext/fileinfo/libmagic/ascmagic.c 2014-02-28 14:50:05.573553475 -0500 +@@ -149,7 +149,7 @@ + if ((utf8_end = encode_utf8(utf8_buf, mlen, ubuf, ulen)) == NULL) + goto done; + if ((rv = file_softmagic(ms, utf8_buf, (size_t)(utf8_end - utf8_buf), +- TEXTTEST)) != 0) ++ 0, TEXTTEST)) != 0) + goto done; + else + rv = -1; +Index: php5-5.3.10/ext/fileinfo/libmagic/file.h +=================================================================== +--- php5-5.3.10.orig/ext/fileinfo/libmagic/file.h 2014-02-28 14:49:07.317551915 -0500 ++++ php5-5.3.10/ext/fileinfo/libmagic/file.h 2014-02-28 14:50:25.397554006 -0500 +@@ -370,7 +370,7 @@ + unichar **, size_t *, const char **, const char **, const char **); + protected int file_is_tar(struct magic_set *, const unsigned char *, size_t); + protected int file_softmagic(struct magic_set *, const unsigned char *, size_t, +- int); ++ size_t, int); + protected struct mlist *file_apprentice(struct magic_set *, const char *, int); + protected uint64_t file_signextend(struct magic_set *, struct magic *, + uint64_t); +Index: php5-5.3.10/ext/fileinfo/libmagic/funcs.c +=================================================================== +--- php5-5.3.10.orig/ext/fileinfo/libmagic/funcs.c 2014-02-28 14:49:07.317551915 -0500 ++++ php5-5.3.10/ext/fileinfo/libmagic/funcs.c 2014-02-28 14:50:38.465554356 -0500 +@@ -231,7 +231,7 @@ + + /* try soft magic tests */ + if ((ms->flags & MAGIC_NO_CHECK_SOFT) == 0) +- if ((m = file_softmagic(ms, ubuf, nb, BINTEST)) != 0) { ++ if ((m = file_softmagic(ms, ubuf, nb, 0, BINTEST)) != 0) { + if ((ms->flags & MAGIC_DEBUG) != 0) + (void)fprintf(stderr, "softmagic %d\n", m); + #ifdef BUILTIN_ELF +Index: php5-5.3.10/ext/fileinfo/libmagic/softmagic.c +=================================================================== +--- php5-5.3.10.orig/ext/fileinfo/libmagic/softmagic.c 2014-02-28 14:49:07.317551915 -0500 ++++ php5-5.3.10/ext/fileinfo/libmagic/softmagic.c 2014-02-28 14:53:49.045559459 -0500 +@@ -48,9 +48,9 @@ + + + private int match(struct magic_set *, struct magic *, uint32_t, +- const unsigned char *, size_t, int); ++ const unsigned char *, size_t, int, int); + private int mget(struct magic_set *, const unsigned char *, +- struct magic *, size_t, unsigned int); ++ struct magic *, size_t, unsigned int, int); + private int magiccheck(struct magic_set *, struct magic *); + private int32_t mprint(struct magic_set *, struct magic *); + private int32_t moffset(struct magic_set *, struct magic *); +@@ -71,12 +71,13 @@ + */ + /*ARGSUSED1*/ /* nbytes passed for regularity, maybe need later */ + protected int +-file_softmagic(struct magic_set *ms, const unsigned char *buf, size_t nbytes, int mode) ++file_softmagic(struct magic_set *ms, const unsigned char *buf, size_t nbytes, ++ size_t level, int mode) + { + struct mlist *ml; + int rv; + for (ml = ms->mlist->next; ml != ms->mlist; ml = ml->next) +- if ((rv = match(ms, ml->magic, ml->nmagic, buf, nbytes, mode)) != 0) ++ if ((rv = match(ms, ml->magic, ml->nmagic, buf, nbytes, mode, level)) != 0) + return rv; + + return 0; +@@ -111,7 +112,7 @@ + */ + private int + match(struct magic_set *ms, struct magic *magic, uint32_t nmagic, +- const unsigned char *s, size_t nbytes, int mode) ++ const unsigned char *s, size_t nbytes, int mode, int recursion_level) + { + uint32_t magindex = 0; + unsigned int cont_level = 0; +@@ -140,7 +141,7 @@ + ms->line = m->lineno; + + /* if main entry matches, print it... */ +- switch (mget(ms, s, m, nbytes, cont_level)) { ++ switch (mget(ms, s, m, nbytes, cont_level, recursion_level + 1)) { + case -1: + return -1; + case 0: +@@ -222,7 +223,7 @@ + continue; + } + #endif +- switch (mget(ms, s, m, nbytes, cont_level)) { ++ switch (mget(ms, s, m, nbytes, cont_level, recursion_level + 1)) { + case -1: + return -1; + case 0: +@@ -1001,12 +1002,17 @@ + + private int + mget(struct magic_set *ms, const unsigned char *s, +- struct magic *m, size_t nbytes, unsigned int cont_level) ++ struct magic *m, size_t nbytes, unsigned int cont_level, int recursion_level) + { + uint32_t offset = ms->offset; + uint32_t count = m->str_range; + union VALUETYPE *p = &ms->ms_value; + ++ if (recursion_level >= 20) { ++ file_error(ms, 0, "recursion nesting exceeded"); ++ return -1; ++ } ++ + if (mcopy(ms, p, m->type, m->flag & INDIR, s, offset, nbytes, count) == -1) + return -1; + +@@ -1554,13 +1560,15 @@ + break; + + case FILE_INDIRECT: ++ if (offset == 0) ++ return 0; + if ((ms->flags & (MAGIC_MIME|MAGIC_APPLE)) == 0 && + file_printf(ms, m->desc) == -1) + return -1; + if (nbytes < offset) + return 0; + return file_softmagic(ms, s + offset, nbytes - offset, +- BINTEST); ++ recursion_level, BINTEST); + + case FILE_DEFAULT: /* nothing to check */ + default: +Index: php5-5.3.10/ext/fileinfo/tests/cve-2014-1943.phpt +=================================================================== +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ php5-5.3.10/ext/fileinfo/tests/cve-2014-1943.phpt 2014-02-28 14:49:07.317551915 -0500 +@@ -0,0 +1,39 @@ ++--TEST-- ++Bug #66731: file: infinite recursion ++--SKIPIF-- ++(1.b) indirect x\n"; ++ ++file_put_contents($fd, $a); ++$fi = finfo_open(FILEINFO_NONE); ++var_dump(finfo_file($fi, $fd)); ++finfo_close($fi); ++ ++file_put_contents($fd, $b); ++file_put_contents($fm, $m); ++$fi = finfo_open(FILEINFO_NONE, $fm); ++var_dump(finfo_file($fi, $fd)); ++finfo_close($fi); ++?> ++Done ++--CLEAN-- ++ ++--EXPECTF-- ++string(%d) "%s" ++ ++Warning: finfo_file(): Failed identify data 0:(null) in %s on line %d ++bool(false) ++Done --- php5-5.3.10.orig/debian/patches/CVE-2015-7803.patch +++ php5-5.3.10/debian/patches/CVE-2015-7803.patch @@ -0,0 +1,23 @@ +Description: fix null pointer dereference in phar_get_fp_offset() +Origin: upstream, http://git.php.net/?p=php-src.git;a=commit;h=d698f0ae51f67c9cce870b09c59df3d6ba959244 +Origin: upstream, http://git.php.net/?p=php-src.git;a=commit;h=f98ab19dc0c978e3caaa2614579e4a61f2c317f5 +Bug: https://bugs.php.net/bug.php?id=69720 + +Index: php5-5.3.10/ext/phar/util.c +=================================================================== +--- php5-5.3.10.orig/ext/phar/util.c 2015-10-27 16:56:39.174358303 -0400 ++++ php5-5.3.10/ext/phar/util.c 2015-10-27 16:56:39.166358219 -0400 +@@ -719,7 +719,12 @@ + (*ret)->is_tar = entry->is_tar; + (*ret)->fp = phar_get_efp(entry, 1 TSRMLS_CC); + if (entry->link) { +- (*ret)->zero = phar_get_fp_offset(phar_get_link_source(entry TSRMLS_CC) TSRMLS_CC); ++ phar_entry_info *link = phar_get_link_source(entry TSRMLS_CC); ++ if(!link) { ++ efree(*ret); ++ return FAILURE; ++ } ++ (*ret)->zero = phar_get_fp_offset(link TSRMLS_CC); + } else { + (*ret)->zero = phar_get_fp_offset(entry TSRMLS_CC); + } --- php5-5.3.10.orig/debian/patches/CVE-2015-6831-1.patch +++ php5-5.3.10/debian/patches/CVE-2015-6831-1.patch @@ -0,0 +1,76 @@ +Backport of: + +From 7381b6accc5559b2de039af3a22f6ec1003b03b3 Mon Sep 17 00:00:00 2001 +From: Stanislav Malyshev +Date: Sat, 1 Aug 2015 21:45:19 -0700 +Subject: [PATCH] Fixed bug #70166 - Use After Free Vulnerability in + unserialize() with SPLArrayObject + +--- + ext/spl/spl_array.c | 3 +++ + ext/spl/tests/bug70166.phpt | 29 +++++++++++++++++++++++++++++ + 2 files changed, 32 insertions(+) + create mode 100644 ext/spl/tests/bug70166.phpt + +Index: php5-5.3.10/ext/spl/spl_array.c +=================================================================== +--- php5-5.3.10.orig/ext/spl/spl_array.c 2015-09-29 12:30:19.221447856 -0400 ++++ php5-5.3.10/ext/spl/spl_array.c 2015-09-29 12:30:19.217447881 -0400 +@@ -1755,6 +1755,7 @@ + goto outexcept; + } + ++ var_push_dtor(var_hash_p, &pflags); + --p; /* for ';' */ + flags = Z_LVAL_P(pflags); + zval_ptr_dtor(&pflags); +@@ -1779,6 +1780,7 @@ + if (!php_var_unserialize(&intern->array, &p, s + buf_len, var_hash_p TSRMLS_CC)) { + goto outexcept; + } ++ var_push_dtor(var_hash_p, &intern->array); + } + if (*p != ';') { + goto outexcept; +@@ -1797,6 +1799,7 @@ + goto outexcept; + } + ++ var_push_dtor(var_hash_p, &pmembers); + /* copy members */ + zend_hash_copy(intern->std.properties, Z_ARRVAL_P(pmembers), (copy_ctor_func_t) zval_add_ref, (void *) NULL, sizeof(zval *)); + zval_ptr_dtor(&pmembers); +Index: php5-5.3.10/ext/spl/tests/bug70166.phpt +=================================================================== +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ php5-5.3.10/ext/spl/tests/bug70166.phpt 2015-09-29 12:30:19.217447881 -0400 +@@ -0,0 +1,29 @@ ++--TEST-- ++SPL: Bug #70166 Use After Free Vulnerability in unserialize() with SPLArrayObject ++--FILE-- ++ ++===DONE=== ++--EXPECTF-- ++array(2) { ++ [0]=> ++ object(ArrayObject)#%d (1) { ++ ["storage":"ArrayObject":private]=> ++ array(0) { ++ } ++ } ++ [1]=> ++ array(0) { ++ } ++} ++===DONE=== --- php5-5.3.10.orig/debian/patches/temporary-path-fixes-for-multiarch.patch +++ php5-5.3.10/debian/patches/temporary-path-fixes-for-multiarch.patch @@ -0,0 +1,106 @@ +Description: transitional workaround for multiarch + As a stopgap for natty, patch the various config.m4 files for modules whose + libraries have moved to the multiarch dir; we can't use --with-libdir yet + because that requires all the build-deps to have moved. +Author: Jonathan Marsden +Bug-Ubuntu: https://bugs.launchpad.net/bugs/739977 +Forwarded: not-needed +Reviewed-by: Steve Langasek + +--- a/ext/dba/config.m4 ++++ b/ext/dba/config.m4 +@@ -204,7 +204,7 @@ AC_DEFUN([PHP_DBA_DB_CHECK],[ + AC_MSG_ERROR([DBA: Could not find necessary header file(s).]) + fi + for LIB in $2; do +- if test -f $THIS_PREFIX/$PHP_LIBDIR/lib$LIB.a || test -f $THIS_PREFIX/$PHP_LIBDIR/lib$LIB.$SHLIB_SUFFIX_NAME; then ++ if test -f $THIS_PREFIX/$PHP_LIBDIR/lib$LIB.a || test -f $THIS_PREFIX/$PHP_LIBDIR/$DEB_HOST_MULTIARCH/lib$LIB.$SHLIB_SUFFIX_NAME || test -f $THIS_PREFIX/$PHP_LIBDIR/lib$LIB.$SHLIB_SUFFIX_NAME; then + lib_found=""; + PHP_TEMP_LDFLAGS(-L$THIS_PREFIX/$PHP_LIBDIR, -l$LIB,[ + AC_TRY_LINK([ +--- a/ext/gd/config.m4 ++++ b/ext/gd/config.m4 +@@ -128,7 +128,7 @@ AC_DEFUN([PHP_GD_XPM],[ + if test "$PHP_XPM_DIR" != "no"; then + + for i in $PHP_XPM_DIR /usr/local /usr/X11R6 /usr; do +- test -f $i/$PHP_LIBDIR/libXpm.$SHLIB_SUFFIX_NAME || test -f $i/$PHP_LIBDIR/libXpm.a && GD_XPM_DIR=$i && break ++ test -f $i/$PHP_LIBDIR/libXpm.$SHLIB_SUFFIX_NAME || test -f $i/$PHP_LIBDIR/$DEB_HOST_MULTIARCH/libXpm.$SHLIB_SUFFIX_NAME || test -f $i/$PHP_LIBDIR/libXpm.a && GD_XPM_DIR=$i && break + done + + if test -z "$GD_XPM_DIR"; then +--- a/ext/pcre/config0.m4 ++++ b/ext/pcre/config0.m4 +@@ -21,7 +21,7 @@ PHP_ARG_WITH(pcre-regex,, + AC_MSG_RESULT([$PCRE_INCDIR]) + + AC_MSG_CHECKING([for PCRE library location]) +- for j in $PHP_PCRE_REGEX $PHP_PCRE_REGEX/$PHP_LIBDIR; do ++ for j in $PHP_PCRE_REGEX $PHP_PCRE_REGEX/$PHP_LIBDIR/$DEB_HOST_MULTIARCH $PHP_PCRE_REGEX/$PHP_LIBDIR; do + test -f $j/libpcre.a || test -f $j/libpcre.$SHLIB_SUFFIX_NAME && PCRE_LIBDIR=$j + done + +--- a/acinclude.m4 ++++ b/acinclude.m4 +@@ -2271,7 +2271,7 @@ AC_DEFUN([PHP_SETUP_KERBEROS],[ + fi + + for i in $PHP_KERBEROS; do +- if test -f $i/$PHP_LIBDIR/libkrb5.a || test -f $i/$PHP_LIBDIR/libkrb5.$SHLIB_SUFFIX_NAME; then ++ if test -f $i/$PHP_LIBDIR/libkrb5.$SHLIB_SUFFIX_NAME || test -f $i/$PHP_LIBDIR/$DEB_HOST_MULTIARCH/libkrb5.$SHLIB_SUFFIX_NAME || test -f $i/$PHP_LIBDIR/libkrb5.a; then + PHP_KERBEROS_DIR=$i + break + fi +@@ -2348,7 +2348,7 @@ AC_DEFUN([PHP_SETUP_OPENSSL],[ + if test -r $i/include/openssl/evp.h; then + OPENSSL_INCDIR=$i/include + fi +- if test -r $i/$PHP_LIBDIR/libssl.a -o -r $i/$PHP_LIBDIR/libssl.$SHLIB_SUFFIX_NAME; then ++ if test -r $i/$PHP_LIBDIR/libssl.a -o -r $i/$PHP_LIBDIR/$DEB_HOST_MULTIARCH/libssl.$SHLIB_SUFFIX_NAME -o -r $i/$PHP_LIBDIR/libssl.$SHLIB_SUFFIX_NAME; then + OPENSSL_LIBDIR=$i/$PHP_LIBDIR + fi + test -n "$OPENSSL_INCDIR" && test -n "$OPENSSL_LIBDIR" && break +--- a/ext/ldap/config.m4 ++++ b/ext/ldap/config.m4 +@@ -95,7 +95,7 @@ if test "$PHP_LDAP" != "no"; then + LDAP_PTHREAD= + fi + +- if test -f $LDAP_LIBDIR/liblber.a || test -f $LDAP_LIBDIR/liblber.$SHLIB_SUFFIX_NAME; then ++ if test -f $LDAP_LIBDIR/liblber.a || test -f $LDAP_LIBDIR/$DEB_HOST_MULTIARCH/liblber.$SHLIB_SUFFIX_NAME || test -f $LDAP_LIBDIR/liblber.$SHLIB_SUFFIX_NAME; then + PHP_ADD_LIBRARY_WITH_PATH(lber, $LDAP_LIBDIR, LDAP_SHARED_LIBADD) + PHP_ADD_LIBRARY_WITH_PATH(ldap, $LDAP_LIBDIR, LDAP_SHARED_LIBADD) + +--- a/ext/mssql/config.m4 ++++ b/ext/mssql/config.m4 +@@ -38,7 +38,7 @@ if test "$PHP_MSSQL" != "no"; then + fi + fi + +- if test ! -r "$FREETDS_INSTALLATION_DIR/$PHP_LIBDIR/libsybdb.a" && test ! -r "$FREETDS_INSTALLATION_DIR/$PHP_LIBDIR/libsybdb.so"; then ++ if test ! -r "$FREETDS_INSTALLATION_DIR/$PHP_LIBDIR/libsybdb.a" && test ! -r "$FREETDS_INSTALLATION_DIR/$PHP_LIBDIR/$DEB_HOST_MULTIARCH/libsybdb.so" && test ! -r "$FREETDS_INSTALLATION_DIR/$PHP_LIBDIR/libsybdb.so"; then + AC_MSG_ERROR(Could not find $FREETDS_INSTALLATION_DIR/$PHP_LIBDIR/libsybdb.[a|so]) + fi + +--- a/ext/pdo_dblib/config.m4 ++++ b/ext/pdo_dblib/config.m4 +@@ -46,7 +46,7 @@ if test "$PHP_PDO_DBLIB" != "no"; then + PHP_LIBDIR=lib + fi + +- if test ! -r "$PDO_FREETDS_INSTALLATION_DIR/$PHP_LIBDIR/libsybdb.a" && test ! -r "$PDO_FREETDS_INSTALLATION_DIR/$PHP_LIBDIR/libsybdb.so"; then ++ if test ! -r "$PDO_FREETDS_INSTALLATION_DIR/$PHP_LIBDIR/libsybdb.a" && test ! -r "$PDO_FREETDS_INSTALLATION_DIR/$PHP_LIBDIR/$DEB_HOST_MULTIARCH/libsybdb.so" && test ! -r "$PDO_FREETDS_INSTALLATION_DIR/$PHP_LIBDIR/libsybdb.so"; then + AC_MSG_ERROR(Could not find $PDO_FREETDS_INSTALLATION_DIR/$PHP_LIBDIR/libsybdb.[a|so]) + fi + +--- a/ext/mysql/config.m4 ++++ b/ext/mysql/config.m4 +@@ -94,7 +94,7 @@ Note that the MySQL client library is no + PHP_LIBDIR=lib + fi + +- for i in $PHP_LIBDIR $PHP_LIBDIR/mysql; do ++ for i in $PHP_LIBDIR/$DEB_HOST_MULTIARCH $PHP_LIBDIR $PHP_LIBDIR/mysql; do + MYSQL_LIB_CHK($i) + done + --- php5-5.3.10.orig/debian/patches/112-proc_open.patch +++ php5-5.3.10/debian/patches/112-proc_open.patch @@ -0,0 +1,11 @@ +--- a/ext/standard/proc_open.c ++++ b/ext/standard/proc_open.c +@@ -62,7 +62,7 @@ + * */ + #ifdef PHP_CAN_SUPPORT_PROC_OPEN + +-#if 0 && HAVE_PTSNAME && HAVE_GRANTPT && HAVE_UNLOCKPT && HAVE_SYS_IOCTL_H && HAVE_TERMIOS_H ++#if HAVE_PTSNAME && HAVE_GRANTPT && HAVE_UNLOCKPT && HAVE_SYS_IOCTL_H && HAVE_TERMIOS_H + # include + # include + # define PHP_CAN_DO_PTS 1 --- php5-5.3.10.orig/debian/patches/CVE-2014-3587.patch +++ php5-5.3.10/debian/patches/CVE-2014-3587.patch @@ -0,0 +1,18 @@ +From 7ba1409a1aee5925180de546057ddd84ff267947 Mon Sep 17 00:00:00 2001 +From: Remi Collet +Date: Thu, 14 Aug 2014 17:19:03 -0700 +Subject: [PATCH] Fix bug #67716 - Segfault in cdf.c + +Index: b/ext/fileinfo/libmagic/cdf.c +=================================================================== +--- a/ext/fileinfo/libmagic/cdf.c ++++ b/ext/fileinfo/libmagic/cdf.c +@@ -759,7 +759,7 @@ + for (i = 0; i < sh.sh_properties; i++) { + q = (const uint32_t *)((const char *)p + + CDF_TOLE4(p[(i << 1) + 1])) - 2; +- if (q > e) { ++ if (q < p || q > e) { + DPRINTF(("Ran of the end %p > %p\n", q, e)); + goto out; + } --- php5-5.3.10.orig/debian/patches/hurd-noptrace.diff +++ php5-5.3.10/debian/patches/hurd-noptrace.diff @@ -0,0 +1,14 @@ +--- a/sapi/fpm/config.m4 ++++ b/sapi/fpm/config.m4 +@@ -146,6 +146,11 @@ AC_DEFUN([AC_FPM_TRACE], + pid_t child; + int status; + ++ /* broken ptrace on Hurd, avoid hanging */ ++ #ifdef __GNU__ ++ return 10; ++ #endif ++ + if ( (child = fork()) ) { /* parent */ + int ret = 0; + --- php5-5.3.10.orig/debian/patches/php5-CVE-2012-1823.patch +++ php5-5.3.10/debian/patches/php5-CVE-2012-1823.patch @@ -0,0 +1,63 @@ +From: Rasmus Lerdorf +Subject: U#520827 - PHP-CGI query string parameter vulnerability +Bug: https://bugs.php.net/bug.php?id=61910 + +When PHP is used in a CGI-based setup (such as Apache's mod_cgid), +the php-cgi receives a processed query string parameter as command +line arguments which allows command-line switches, such as -s, -d +or -c to be passed to the php-cgi binary, which can be exploited to +disclose source code and obtain arbitrary code execution. + +CVE-2012-1823 + +Ubuntu note: this patch differs from the upstream fix in +that the *undecoded* string is examined for '=' rather than +the decoded string; elsewise queries that begin with '-' and +contain an encoded '=' will be passed along to php_getopt(); e.g. +http://localhost/test.php?-dallow_url_include%3dOn will set the +allow_url_include to On. This has been assigned CVE-2012-2311. + +--- + sapi/cgi/cgi_main.c | 15 ++++++++++++++- + 1 file changed, 14 insertions(+), 1 deletion(-) + +Index: b/sapi/cgi/cgi_main.c +=================================================================== +--- a/sapi/cgi/cgi_main.c ++++ b/sapi/cgi/cgi_main.c +@@ -70,6 +70,7 @@ + #include "php_main.h" + #include "fopen_wrappers.h" + #include "ext/standard/php_standard.h" ++#include "ext/standard/url.h" + + #ifdef PHP_WIN32 + # include +@@ -1503,6 +1504,9 @@ int main(int argc, char *argv[]) + #ifndef PHP_WIN32 + int status = 0; + #endif ++ char *query_string; ++ char *decoded_query_string; ++ int skip_getopt = 0; + + #if 0 && defined(PHP_DEBUG) + /* IIS is always making things more difficult. This allows +@@ -1552,7 +1556,16 @@ int main(int argc, char *argv[]) + } + } + +- while ((c = php_getopt(argc, argv, OPTIONS, &php_optarg, &php_optind, 0, 2)) != -1) { ++ if(query_string = getenv("QUERY_STRING")) { ++ decoded_query_string = strdup(query_string); ++ php_url_decode(decoded_query_string, strlen(decoded_query_string)); ++ if(*decoded_query_string == '-' && strchr(query_string, '=') == NULL) { ++ skip_getopt = 1; ++ } ++ free(decoded_query_string); ++ } ++ ++ while (!skip_getopt && (c = php_getopt(argc, argv, OPTIONS, &php_optarg, &php_optind, 0, 2)) != -1) { + switch (c) { + case 'c': + if (cgi_sapi_module.php_ini_path_override) { --- php5-5.3.10.orig/debian/patches/CVE-2016-4342.patch +++ php5-5.3.10/debian/patches/CVE-2016-4342.patch @@ -0,0 +1,27 @@ +Backport of: + +From 13ad4d3e971807f9a58ab5933182907dc2958539 Mon Sep 17 00:00:00 2001 +From: Stanislav Malyshev +Date: Wed, 13 Jan 2016 16:32:29 -0800 +Subject: [PATCH] Fix bug #71354 - remove UMR when size is 0 + +--- + ext/phar/phar_object.c | 1 + + ext/phar/tests/bug71354.phpt | 13 +++++++++++++ + ext/phar/tests/bug71354.tar | Bin 0 -> 1536 bytes + 3 files changed, 14 insertions(+) + create mode 100644 ext/phar/tests/bug71354.phpt + create mode 100644 ext/phar/tests/bug71354.tar + +Index: php5-5.3.10/ext/phar/phar_object.c +=================================================================== +--- php5-5.3.10.orig/ext/phar/phar_object.c 2016-05-19 12:46:08.276814815 -0400 ++++ php5-5.3.10/ext/phar/phar_object.c 2016-05-19 12:47:10.901651008 -0400 +@@ -5165,6 +5165,7 @@ + + phar_seek_efp(link, 0, SEEK_SET, 0, 0 TSRMLS_CC); + Z_TYPE_P(return_value) = IS_STRING; ++ Z_STRVAL_P(return_value) = NULL; + #if PHP_MAJOR_VERSION >= 6 + Z_STRLEN_P(return_value) = php_stream_copy_to_mem(fp, (void **) &(Z_STRVAL_P(return_value)), link->uncompressed_filesize, 0); + #else --- php5-5.3.10.orig/debian/patches/libtool2.2.patch +++ php5-5.3.10/debian/patches/libtool2.2.patch @@ -0,0 +1,31 @@ +--- a/scripts/phpize.in ++++ b/scripts/phpize.in +@@ -5,10 +5,16 @@ prefix='@prefix@' + exec_prefix="`eval echo @exec_prefix@`" + phpdir="$prefix/lib/php5/build" + includedir="$prefix/include/php5" ++aclocaldir="$prefix/share/aclocal" + builddir="`pwd`" + SED="@SED@" + +-FILES_BUILD="mkdep.awk scan_makefile_in.awk shtool libtool.m4" ++FILES_BUILD="mkdep.awk scan_makefile_in.awk shtool" ++if [ -f "$aclocaldir/ltsugar.m4" ]; then ++ LIBTOOL_FILES="libtool.m4 ltoptions.m4 ltsugar.m4 ltversion.m4 lt~obsolete.m4" ++else ++ LIBTOOL_FILES="libtool.m4" ++fi + FILES="acinclude.m4 Makefile.global config.sub config.guess ltmain.sh run-tests*.php" + CLEAN_FILES="$FILES *.o *.lo *.la .deps .libs/ build/ include/ modules/ install-sh \ + mkinstalldirs missing config.nice config.sub config.guess configure configure.in \ +@@ -144,8 +150,9 @@ phpize_copy_files() + test -d build || mkdir build + + (cd "$phpdir" && cp $FILES_BUILD "$builddir"/build) ++ (cd "$aclocaldir" && cp $LIBTOOL_FILES "$builddir"/build) + (cd "$phpdir" && cp $FILES "$builddir") +- (cd "$builddir" && cat acinclude.m4 ./build/libtool.m4 > aclocal.m4) ++ (cd "$builddir/build" && cat ../acinclude.m4 $LIBTOOL_FILES > ../aclocal.m4) + } + + phpize_replace_prefix() --- php5-5.3.10.orig/debian/patches/052-phpinfo_no_configure.patch +++ php5-5.3.10/debian/patches/052-phpinfo_no_configure.patch @@ -0,0 +1,33 @@ +Description: Disable configure parameters on phpinfo() output + . + Patch needs to be discussed with upstream and the issues that lead to + its addition re-checked. Quoting changelog entry: + . + Add [...], which disables the display of our "Configure Command" in + phpinfo(), which was the source of many bogus bug reports over the + years, due to people misinterpreting its meaning. +Origin: vendor +Forwarded: no +Last-Update: 2010-01-18 + +--- a/ext/standard/info.c ++++ b/ext/standard/info.c +@@ -704,7 +704,7 @@ PHPAPI void php_print_info(int flag TSRM + #ifdef ARCHITECTURE + php_info_print_table_row(2, "Architecture", ARCHITECTURE); + #endif +-#ifdef CONFIGURE_COMMAND ++#if 0 + php_info_print_table_row(2, "Configure Command", CONFIGURE_COMMAND ); + #endif + +--- a/ext/standard/tests/general_functions/phpinfo.phpt ++++ b/ext/standard/tests/general_functions/phpinfo.phpt +@@ -20,7 +20,6 @@ PHP Version => %s + + System => %s + Build Date => %s%a +-Configure Command => %s + Server API => Command Line Interface + Virtual Directory Support => %s + Configuration File (php.ini) Path => %s --- php5-5.3.10.orig/debian/patches/CVE-2015-4147.patch +++ php5-5.3.10/debian/patches/CVE-2015-4147.patch @@ -0,0 +1,330 @@ +Description: fix arbitrary code execution via crafted serialized data + with unexpected data type +Origin: backport, http://git.php.net/?p=php-src.git;a=commit;h=d5248f67b58ac3107fec82c5b937fc3f4c89784a +Origin: backport, http://git.php.net/?p=php-src.git;a=commit;h=0c136a2abd49298b66acb0cad504f0f972f5bfe8 +Origin: backport, http://git.php.net/?p=php-src.git;a=commit;h=c8eaca013a3922e8383def6158ece2b63f6ec483 +Origin: backport, http://git.php.net/?p=php-src.git;a=commit;h=75f40ae1f3a7ca837d230f099627d121f9b3a32f +Origin: backport, http://git.php.net/?p=php-src.git;a=commit;h=ff70b40dc978f3f4c457f72a71bb43fd17ee360b +Bug: https://bugs.php.net/bug.php?id=69085 +Bug: https://bugs.php.net/bug.php?id=69293 (regression) + +Index: php5-5.3.10/ext/soap/php_encoding.c +=================================================================== +--- php5-5.3.10.orig/ext/soap/php_encoding.c 2015-06-26 13:38:22.646141764 -0400 ++++ php5-5.3.10/ext/soap/php_encoding.c 2015-06-26 13:38:22.642141719 -0400 +@@ -405,12 +405,15 @@ + encodePtr enc = NULL; + HashTable *ht = Z_OBJPROP_P(data); + +- if (zend_hash_find(ht, "enc_type", sizeof("enc_type"), (void **)&ztype) == FAILURE) { ++ if (zend_hash_find(ht, "enc_type", sizeof("enc_type"), (void **)&ztype) == FAILURE || ++ Z_TYPE_PP(ztype) != IS_LONG) { + soap_error0(E_ERROR, "Encoding: SoapVar has no 'enc_type' property"); + } + +- if (zend_hash_find(ht, "enc_stype", sizeof("enc_stype"), (void **)&zstype) == SUCCESS) { +- if (zend_hash_find(ht, "enc_ns", sizeof("enc_ns"), (void **)&zns) == SUCCESS) { ++ if (zend_hash_find(ht, "enc_stype", sizeof("enc_stype"), (void **)&zstype) == SUCCESS && ++ Z_TYPE_PP(zstype) == IS_STRING) { ++ if (zend_hash_find(ht, "enc_ns", sizeof("enc_ns"), (void **)&zns) == SUCCESS && ++ Z_TYPE_PP(zns) == IS_STRING) { + enc = get_encoder(SOAP_GLOBAL(sdl), Z_STRVAL_PP(zns), Z_STRVAL_PP(zstype)); + } else { + zns = NULL; +@@ -446,8 +449,10 @@ + } + + if (style == SOAP_ENCODED || (SOAP_GLOBAL(sdl) && encode != enc)) { +- if (zend_hash_find(ht, "enc_stype", sizeof("enc_stype"), (void **)&zstype) == SUCCESS) { +- if (zend_hash_find(ht, "enc_ns", sizeof("enc_ns"), (void **)&zns) == SUCCESS) { ++ if (zend_hash_find(ht, "enc_stype", sizeof("enc_stype"), (void **)&zstype) == SUCCESS && ++ Z_TYPE_PP(zstype) == IS_STRING) { ++ if (zend_hash_find(ht, "enc_ns", sizeof("enc_ns"), (void **)&zns) == SUCCESS && ++ Z_TYPE_PP(zns) == IS_STRING) { + set_ns_and_type_ex(node, Z_STRVAL_PP(zns), Z_STRVAL_PP(zstype)); + } else { + set_ns_and_type_ex(node, NULL, Z_STRVAL_PP(zstype)); +@@ -455,10 +460,12 @@ + } + } + +- if (zend_hash_find(ht, "enc_name", sizeof("enc_name"), (void **)&zname) == SUCCESS) { ++ if (zend_hash_find(ht, "enc_name", sizeof("enc_name"), (void **)&zname) == SUCCESS && ++ Z_TYPE_PP(zname) == IS_STRING) { + xmlNodeSetName(node, BAD_CAST(Z_STRVAL_PP(zname))); + } +- if (zend_hash_find(ht, "enc_namens", sizeof("enc_namens"), (void **)&znamens) == SUCCESS) { ++ if (zend_hash_find(ht, "enc_namens", sizeof("enc_namens"), (void **)&znamens) == SUCCESS && ++ Z_TYPE_PP(znamens) == IS_STRING) { + xmlNsPtr nsp = encode_add_ns(node, Z_STRVAL_PP(znamens)); + xmlSetNs(node, nsp); + } +@@ -3671,18 +3678,21 @@ + Z_OBJCE_PP(tmp) == soap_var_class_entry) { + zval **ztype; + +- if (zend_hash_find(Z_OBJPROP_PP(tmp), "enc_type", sizeof("enc_type"), (void **)&ztype) == FAILURE) { ++ if (zend_hash_find(Z_OBJPROP_PP(tmp), "enc_type", sizeof("enc_type"), (void **)&ztype) == FAILURE || ++ Z_TYPE_PP(ztype) != IS_LONG) { + soap_error0(E_ERROR, "Encoding: SoapVar has no 'enc_type' property"); + } + cur_type = Z_LVAL_PP(ztype); + +- if (zend_hash_find(Z_OBJPROP_PP(tmp), "enc_stype", sizeof("enc_stype"), (void **)&ztype) == SUCCESS) { ++ if (zend_hash_find(Z_OBJPROP_PP(tmp), "enc_stype", sizeof("enc_stype"), (void **)&ztype) == SUCCESS && ++ Z_TYPE_PP(ztype) == IS_STRING) { + cur_stype = Z_STRVAL_PP(ztype); + } else { + cur_stype = NULL; + } + +- if (zend_hash_find(Z_OBJPROP_PP(tmp), "enc_ns", sizeof("enc_ns"), (void **)&ztype) == SUCCESS) { ++ if (zend_hash_find(Z_OBJPROP_PP(tmp), "enc_ns", sizeof("enc_ns"), (void **)&ztype) == SUCCESS && ++ Z_TYPE_PP(ztype) == IS_STRING) { + cur_ns = Z_STRVAL_PP(ztype); + } else { + cur_ns = NULL; +Index: php5-5.3.10/ext/soap/php_http.c +=================================================================== +--- php5-5.3.10.orig/ext/soap/php_http.c 2015-06-26 13:38:22.646141764 -0400 ++++ php5-5.3.10/ext/soap/php_http.c 2015-06-26 13:38:22.642141719 -0400 +@@ -36,14 +36,16 @@ + { + zval **login, **password; + +- if (zend_hash_find(Z_OBJPROP_P(this_ptr), "_proxy_login", sizeof("_proxy_login"), (void **)&login) == SUCCESS) { ++ if (zend_hash_find(Z_OBJPROP_P(this_ptr), "_proxy_login", sizeof("_proxy_login"), (void **)&login) == SUCCESS && ++ Z_TYPE_PP(login) == IS_STRING) { + unsigned char* buf; + int len; + smart_str auth = {0}; + + smart_str_appendl(&auth, Z_STRVAL_PP(login), Z_STRLEN_PP(login)); + smart_str_appendc(&auth, ':'); +- if (zend_hash_find(Z_OBJPROP_P(this_ptr), "_proxy_password", sizeof("_proxy_password"), (void **)&password) == SUCCESS) { ++ if (zend_hash_find(Z_OBJPROP_P(this_ptr), "_proxy_password", sizeof("_proxy_password"), (void **)&password) == SUCCESS && ++ Z_TYPE_PP(password) == IS_STRING) { + smart_str_appendl(&auth, Z_STRVAL_PP(password), Z_STRLEN_PP(password)); + } + smart_str_0(&auth); +@@ -62,14 +64,16 @@ + zval **login, **password; + + if (zend_hash_find(Z_OBJPROP_P(this_ptr), "_login", sizeof("_login"), (void **)&login) == SUCCESS && +- !zend_hash_exists(Z_OBJPROP_P(this_ptr), "_digest", sizeof("_digest"))) { ++ Z_TYPE_PP(login) == IS_STRING && ++ !zend_hash_exists(Z_OBJPROP_P(this_ptr), "_digest", sizeof("_digest"))) { + unsigned char* buf; + int len; + smart_str auth = {0}; + + smart_str_appendl(&auth, Z_STRVAL_PP(login), Z_STRLEN_PP(login)); + smart_str_appendc(&auth, ':'); +- if (zend_hash_find(Z_OBJPROP_P(this_ptr), "_password", sizeof("_password"), (void **)&password) == SUCCESS) { ++ if (zend_hash_find(Z_OBJPROP_P(this_ptr), "_password", sizeof("_password"), (void **)&password) == SUCCESS && ++ Z_TYPE_PP(password) == IS_STRING) { + smart_str_appendl(&auth, Z_STRVAL_PP(password), Z_STRLEN_PP(password)); + } + smart_str_0(&auth); +@@ -667,7 +671,8 @@ + } + + /* Send cookies along with request */ +- if (zend_hash_find(Z_OBJPROP_P(this_ptr), "_cookies", sizeof("_cookies"), (void **)&cookies) == SUCCESS) { ++ if (zend_hash_find(Z_OBJPROP_P(this_ptr), "_cookies", sizeof("_cookies"), (void **)&cookies) == SUCCESS && ++ Z_TYPE_PP(cookies) == IS_ARRAY) { + zval **data; + char *key; + int i, n; +@@ -768,7 +773,7 @@ + smart_str_append_const(&soap_headers, "\r\n"); + smart_str_0(&soap_headers); + if (zend_hash_find(Z_OBJPROP_P(this_ptr), "trace", sizeof("trace"), (void **) &trace) == SUCCESS && +- Z_LVAL_PP(trace) > 0) { ++ (Z_TYPE_PP(trace) == IS_BOOL || Z_TYPE_PP(trace) == IS_LONG) && Z_LVAL_PP(trace) != 0) { + add_property_stringl(this_ptr, "__last_request_headers", soap_headers.c, soap_headers.len, 1); + } + smart_str_appendl(&soap_headers, request, request_size); +@@ -813,7 +818,7 @@ + } + + if (zend_hash_find(Z_OBJPROP_P(this_ptr), "trace", sizeof("trace"), (void **) &trace) == SUCCESS && +- Z_LVAL_PP(trace) > 0) { ++ (Z_TYPE_PP(trace) == IS_BOOL || Z_TYPE_PP(trace) == IS_LONG) && Z_LVAL_PP(trace) != 0) { + add_property_stringl(this_ptr, "__last_response_headers", http_headers, http_header_size, 1); + } + +@@ -862,7 +867,8 @@ + char *eqpos, *sempos; + zval **cookies; + +- if (zend_hash_find(Z_OBJPROP_P(this_ptr), "_cookies", sizeof("_cookies"), (void **)&cookies) == FAILURE) { ++ if (zend_hash_find(Z_OBJPROP_P(this_ptr), "_cookies", sizeof("_cookies"), (void **)&cookies) == FAILURE || ++ Z_TYPE_PP(cookies) != IS_ARRAY) { + zval *tmp_cookies; + MAKE_STD_ZVAL(tmp_cookies); + array_init(tmp_cookies); +Index: php5-5.3.10/ext/soap/soap.c +=================================================================== +--- php5-5.3.10.orig/ext/soap/soap.c 2015-06-26 13:38:22.646141764 -0400 ++++ php5-5.3.10/ext/soap/soap.c 2015-06-26 13:40:41.067732055 -0400 +@@ -2727,7 +2727,7 @@ + } + + if (zend_hash_find(Z_OBJPROP_P(this_ptr), "trace", sizeof("trace"), (void **) &trace) == SUCCESS && +- Z_LVAL_PP(trace) > 0) { ++ (Z_TYPE_PP(trace) == IS_BOOL || Z_TYPE_PP(trace) == IS_LONG) && Z_LVAL_PP(trace) != 0) { + add_property_stringl(this_ptr, "__last_request", buf, buf_size, 1); + } + +@@ -2767,7 +2767,7 @@ + } + ret = FALSE; + } else if (zend_hash_find(Z_OBJPROP_P(this_ptr), "trace", sizeof("trace"), (void **) &trace) == SUCCESS && +- Z_LVAL_PP(trace) > 0) { ++ (Z_TYPE_PP(trace) == IS_BOOL || Z_TYPE_PP(trace) == IS_LONG) && Z_LVAL_PP(trace) != 0) { + add_property_stringl(this_ptr, "__last_response", Z_STRVAL_P(response), Z_STRLEN_P(response), 1); + } + xmlFree(buf); +@@ -2806,13 +2806,13 @@ + + SOAP_CLIENT_BEGIN_CODE(); + +- if (zend_hash_find(Z_OBJPROP_P(this_ptr), "trace", sizeof("trace"), (void **) &trace) == SUCCESS +- && Z_LVAL_PP(trace) > 0) { ++ if (zend_hash_find(Z_OBJPROP_P(this_ptr), "trace", sizeof("trace"), (void **) &trace) == SUCCESS && ++ (Z_TYPE_PP(trace) == IS_BOOL || Z_TYPE_PP(trace) == IS_LONG) && Z_LVAL_PP(trace) != 0) { + zend_hash_del(Z_OBJPROP_P(this_ptr), "__last_request", sizeof("__last_request")); + zend_hash_del(Z_OBJPROP_P(this_ptr), "__last_response", sizeof("__last_response")); + } +- if (zend_hash_find(Z_OBJPROP_P(this_ptr), "_soap_version", sizeof("_soap_version"), (void **) &tmp) == SUCCESS +- && Z_LVAL_PP(tmp) == SOAP_1_2) { ++ if (zend_hash_find(Z_OBJPROP_P(this_ptr), "_soap_version", sizeof("_soap_version"), (void **) &tmp) == SUCCESS && ++ Z_TYPE_PP(tmp) == IS_LONG && Z_LVAL_PP(tmp) == SOAP_1_2) { + soap_version = SOAP_1_2; + } else { + soap_version = SOAP_1_1; +@@ -2908,7 +2908,7 @@ + zval **uri; + smart_str action = {0}; + +- if (zend_hash_find(Z_OBJPROP_P(this_ptr), "uri", sizeof("uri"), (void *)&uri) == FAILURE) { ++ if (zend_hash_find(Z_OBJPROP_P(this_ptr), "uri", sizeof("uri"), (void *)&uri) == FAILURE || Z_TYPE_PP(uri) != IS_STRING) { + add_soap_fault(this_ptr, "Client", "Error finding \"uri\" property", NULL, NULL TSRMLS_CC); + } else if (location == NULL) { + add_soap_fault(this_ptr, "Client", "Error could not find \"location\" property", NULL, NULL TSRMLS_CC); +@@ -3057,7 +3057,8 @@ + } + + /* Add default headers */ +- if (zend_hash_find(Z_OBJPROP_P(this_ptr), "__default_headers", sizeof("__default_headers"), (void **) &tmp)==SUCCESS) { ++ if (zend_hash_find(Z_OBJPROP_P(this_ptr), "__default_headers", sizeof("__default_headers"), (void **) &tmp)==SUCCESS && ++ Z_TYPE_PP(tmp) == IS_ARRAY) { + HashTable *default_headers = Z_ARRVAL_P(*tmp); + if (soap_headers) { + if (!free_soap_headers) { +@@ -3178,7 +3179,8 @@ + return; + } + +- if (zend_hash_find(Z_OBJPROP_P(this_ptr), "__last_request", sizeof("__last_request"), (void **)&tmp) == SUCCESS) { ++ if (zend_hash_find(Z_OBJPROP_P(this_ptr), "__last_request", sizeof("__last_request"), (void **)&tmp) == SUCCESS && ++ Z_TYPE_PP(tmp) == IS_STRING) { + RETURN_STRINGL(Z_STRVAL_PP(tmp), Z_STRLEN_PP(tmp), 1); + } + RETURN_NULL(); +@@ -3196,7 +3198,8 @@ + return; + } + +- if (zend_hash_find(Z_OBJPROP_P(this_ptr), "__last_response", sizeof("__last_response"), (void **)&tmp) == SUCCESS) { ++ if (zend_hash_find(Z_OBJPROP_P(this_ptr), "__last_response", sizeof("__last_response"), (void **)&tmp) == SUCCESS && ++ Z_TYPE_PP(tmp) == IS_STRING) { + RETURN_STRINGL(Z_STRVAL_PP(tmp), Z_STRLEN_PP(tmp), 1); + } + RETURN_NULL(); +@@ -3214,7 +3217,8 @@ + return; + } + +- if (zend_hash_find(Z_OBJPROP_P(this_ptr), "__last_request_headers", sizeof("__last_request_headers"), (void **)&tmp) == SUCCESS) { ++ if (zend_hash_find(Z_OBJPROP_P(this_ptr), "__last_request_headers", sizeof("__last_request_headers"), (void **)&tmp) == SUCCESS && ++ Z_TYPE_PP(tmp) == IS_STRING) { + RETURN_STRINGL(Z_STRVAL_PP(tmp), Z_STRLEN_PP(tmp), 1); + } + RETURN_NULL(); +@@ -3232,7 +3236,8 @@ + return; + } + +- if (zend_hash_find(Z_OBJPROP_P(this_ptr), "__last_response_headers", sizeof("__last_response_headers"), (void **)&tmp) == SUCCESS) { ++ if (zend_hash_find(Z_OBJPROP_P(this_ptr), "__last_response_headers", sizeof("__last_response_headers"), (void **)&tmp) == SUCCESS && ++ Z_TYPE_PP(tmp) == IS_STRING) { + RETURN_STRINGL(Z_STRVAL_PP(tmp), Z_STRLEN_PP(tmp), 1); + } + RETURN_NULL(); +@@ -3288,13 +3293,15 @@ + } + + if (val == NULL) { +- if (zend_hash_find(Z_OBJPROP_P(this_ptr), "_cookies", sizeof("_cookies"), (void **)&cookies) == SUCCESS) { ++ if (zend_hash_find(Z_OBJPROP_P(this_ptr), "_cookies", sizeof("_cookies"), (void **)&cookies) == SUCCESS && ++ Z_TYPE_PP(cookies) == IS_ARRAY) { + zend_hash_del(Z_ARRVAL_PP(cookies), name, name_len+1); + } + } else { + zval *zcookie; + +- if (zend_hash_find(Z_OBJPROP_P(this_ptr), "_cookies", sizeof("_cookies"), (void **)&cookies) == FAILURE) { ++ if (zend_hash_find(Z_OBJPROP_P(this_ptr), "_cookies", sizeof("_cookies"), (void **)&cookies) == FAILURE || ++ Z_TYPE_PP(cookies) != IS_ARRAY) { + zval *tmp_cookies; + + MAKE_STD_ZVAL(tmp_cookies); +@@ -4125,7 +4132,8 @@ + } + + if (version == SOAP_1_1) { +- if (zend_hash_find(prop, "faultcode", sizeof("faultcode"), (void**)&tmp) == SUCCESS) { ++ if (zend_hash_find(prop, "faultcode", sizeof("faultcode"), (void**)&tmp) == SUCCESS && ++ Z_TYPE_PP(tmp) == IS_STRING) { + int new_len; + xmlNodePtr node = xmlNewNode(NULL, BAD_CAST("faultcode")); + char *str = php_escape_html_entities((unsigned char*)Z_STRVAL_PP(tmp), Z_STRLEN_PP(tmp), &new_len, 0, 0, NULL TSRMLS_CC); +@@ -4150,7 +4158,8 @@ + } + detail_name = "detail"; + } else { +- if (zend_hash_find(prop, "faultcode", sizeof("faultcode"), (void**)&tmp) == SUCCESS) { ++ if (zend_hash_find(prop, "faultcode", sizeof("faultcode"), (void**)&tmp) == SUCCESS && ++ Z_TYPE_PP(tmp) == IS_STRING) { + int new_len; + xmlNodePtr node = xmlNewChild(param, ns, BAD_CAST("Code"), NULL); + char *str = php_escape_html_entities((unsigned char*)Z_STRVAL_PP(tmp), Z_STRLEN_PP(tmp), &new_len, 0, 0, NULL TSRMLS_CC); +@@ -4382,7 +4391,8 @@ + } + } + } else { +- if (zend_hash_find(Z_OBJPROP_P(this_ptr), "style", sizeof("style"), (void **)&zstyle) == SUCCESS) { ++ if (zend_hash_find(Z_OBJPROP_P(this_ptr), "style", sizeof("style"), (void **)&zstyle) == SUCCESS && ++ Z_TYPE_PP(zstyle) == IS_LONG) { + style = Z_LVAL_PP(zstyle); + } else { + style = SOAP_RPC; +@@ -4405,7 +4415,7 @@ + } + + if (zend_hash_find(Z_OBJPROP_P(this_ptr), "use", sizeof("use"), (void **)&zuse) == SUCCESS && +- Z_LVAL_PP(zuse) == SOAP_LITERAL) { ++ Z_TYPE_PP(zuse) == IS_LONG && Z_LVAL_PP(zuse) == SOAP_LITERAL) { + use = SOAP_LITERAL; + } else { + use = SOAP_ENCODED; +@@ -4566,6 +4576,7 @@ + zval **param_data; + + if (zend_hash_find(Z_OBJPROP_P(param_val), "param_name", sizeof("param_name"), (void **)¶m_name) == SUCCESS && ++ Z_TYPE_PP(param_name) == IS_STRING && + zend_hash_find(Z_OBJPROP_P(param_val), "param_data", sizeof("param_data"), (void **)¶m_data) == SUCCESS) { + param_val = *param_data; + name = Z_STRVAL_PP(param_name); --- php5-5.3.10.orig/debian/patches/CVE-2012-1172.patch +++ php5-5.3.10/debian/patches/CVE-2012-1172.patch @@ -0,0 +1,95 @@ +Description: fix denial of service or directory traversal via invalid filename. +Origin: upstream, http://git.php.net/?p=php-src.git;a=commit;h=95dcd799fb6fdccbc60d3bba3cd759f6b421ee69 +Origin: upstream, http://git.php.net/?p=php-src.git;a=commit;h=baeaafd3951451c7dadf949c7677e90141c1e17a +Bug: https://bugs.php.net/bug.php?id=55500 +Bug: https://bugs.php.net/bug.php?id=54374 +Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=663760 + +Index: php5-5.3.10/main/rfc1867.c +=================================================================== +--- php5-5.3.10.orig/main/rfc1867.c 2012-01-01 08:15:04.000000000 -0500 ++++ php5-5.3.10/main/rfc1867.c 2012-06-12 13:32:10.761078598 -0400 +@@ -1008,6 +1008,10 @@ + } + tmp++; + } ++ /* Brackets should always be closed */ ++ if(c != 0) { ++ skip_upload = 1; ++ } + } + + total_bytes = cancel_upload = 0; +Index: php5-5.3.10/tests/basic/bug55500.phpt +=================================================================== +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ php5-5.3.10/tests/basic/bug55500.phpt 2012-06-12 13:32:13.209078572 -0400 +@@ -0,0 +1,68 @@ ++--TEST-- ++Bug #55500 (Corrupted $_FILES indices lead to security concern) ++--INI-- ++file_uploads=1 ++error_reporting=E_ALL&~E_NOTICE ++upload_max_filesize=1024 ++max_file_uploads=10 ++--POST_RAW-- ++Content-Type: multipart/form-data; boundary=---------------------------20896060251896012921717172737 ++-----------------------------20896060251896012921717172737 ++Content-Disposition: form-data; name="file[]"; filename="file1.txt" ++Content-Type: text/plain-file1 ++ ++1 ++-----------------------------20896060251896012921717172737 ++Content-Disposition: form-data; name="file[[type]"; filename="file2.txt" ++Content-Type: text/plain-file2 ++ ++2 ++-----------------------------20896060251896012921717172737 ++Content-Disposition: form-data; name="file[[name]"; filename="file3.txt" ++Content-Type: text/plain-file3 ++ ++3 ++-----------------------------20896060251896012921717172737 ++Content-Disposition: form-data; name="file[name]["; filename="file4.txt" ++Content-Type: text/plain-file3 ++ ++4 ++-----------------------------20896060251896012921717172737-- ++--FILE-- ++ ++--EXPECTF-- ++array(1) { ++ [%u|b%"file"]=> ++ array(5) { ++ [%u|b%"name"]=> ++ array(1) { ++ [0]=> ++ %unicode|string%(9) "file1.txt" ++ } ++ [%u|b%"type"]=> ++ array(1) { ++ [0]=> ++ %unicode|string%(16) "text/plain-file1" ++ } ++ [%u|b%"tmp_name"]=> ++ array(1) { ++ [0]=> ++ %unicode|string%(%d) "%s" ++ } ++ [%u|b%"error"]=> ++ array(1) { ++ [0]=> ++ int(0) ++ } ++ [%u|b%"size"]=> ++ array(1) { ++ [0]=> ++ int(1) ++ } ++ } ++} ++array(0) { ++} --- php5-5.3.10.orig/debian/patches/CVE-2016-6291.patch +++ php5-5.3.10/debian/patches/CVE-2016-6291.patch @@ -0,0 +1,72 @@ +From eebcbd5de38a0f1c2876035402cb770e37476519 Mon Sep 17 00:00:00 2001 +From: Stanislav Malyshev +Date: Sun, 17 Jul 2016 16:34:21 -0700 +Subject: [PATCH] Fix bug #72603: Out of bound read in + exif_process_IFD_in_MAKERNOTE + +--- + ext/exif/exif.c | 22 ++++++++++++++++++++-- + ext/exif/tests/bug72603.jpeg | Bin 0 -> 3711 bytes + ext/exif/tests/bug72603.phpt | 11 +++++++++++ + 3 files changed, 31 insertions(+), 2 deletions(-) + create mode 100644 ext/exif/tests/bug72603.jpeg + create mode 100644 ext/exif/tests/bug72603.phpt + +Index: php5-5.3.10/ext/exif/exif.c +=================================================================== +--- php5-5.3.10.orig/ext/exif/exif.c 2016-07-28 15:27:24.997608350 -0400 ++++ php5-5.3.10/ext/exif/exif.c 2016-07-28 15:27:24.997608350 -0400 +@@ -2764,6 +2764,12 @@ + break; + } + ++ if (maker_note->offset >= value_len) { ++ /* Do not go past the value end */ ++ exif_error_docref("exif_read_data#error_ifd" EXIFERR_CC, ImageInfo, E_WARNING, "IFD data too short: 0x%04X offset 0x%04X", value_len, maker_note->offset); ++ return FALSE; ++ } ++ + dir_start = value_ptr + maker_note->offset; + + #ifdef EXIF_DEBUG +@@ -2792,10 +2798,19 @@ + offset_base = value_ptr; + break; + case MN_OFFSET_GUESS: ++ if (maker_note->offset + 10 + 4 >= value_len) { ++ /* Can not read dir_start+10 since it's beyond value end */ ++ exif_error_docref("exif_read_data#error_ifd" EXIFERR_CC, ImageInfo, E_WARNING, "IFD data too short: 0x%04X", value_len); ++ return FALSE; ++ } + offset_diff = 2 + NumDirEntries*12 + 4 - php_ifd_get32u(dir_start+10, ImageInfo->motorola_intel); + #ifdef EXIF_DEBUG + exif_error_docref(NULL EXIFERR_CC, ImageInfo, E_NOTICE, "Using automatic offset correction: 0x%04X", ((int)dir_start-(int)offset_base+maker_note->offset+displacement) + offset_diff); + #endif ++ if (offset_diff < 0 || offset_diff >= value_len ) { ++ exif_error_docref("exif_read_data#error_ifd" EXIFERR_CC, ImageInfo, E_WARNING, "IFD data bad offset: 0x%04X length 0x%04X", offset_diff, value_len); ++ return FALSE; ++ } + offset_base = value_ptr + offset_diff; + break; + default: +@@ -2804,7 +2819,7 @@ + } + + if ((2+NumDirEntries*12) > value_len) { +- exif_error_docref("exif_read_data#error_ifd" EXIFERR_CC, ImageInfo, E_WARNING, "Illegal IFD size: 2 + x%04X*12 = x%04X > x%04X", NumDirEntries, 2+NumDirEntries*12, value_len); ++ exif_error_docref("exif_read_data#error_ifd" EXIFERR_CC, ImageInfo, E_WARNING, "Illegal IFD size: 2 + 0x%04X*12 = 0x%04X > 0x%04X", NumDirEntries, 2+NumDirEntries*12, value_len); + return FALSE; + } + +@@ -3085,7 +3100,10 @@ + break; + + case TAG_MAKER_NOTE: +- exif_process_IFD_in_MAKERNOTE(ImageInfo, value_ptr, byte_count, offset_base, IFDlength, displacement TSRMLS_CC); ++ if (!exif_process_IFD_in_MAKERNOTE(ImageInfo, value_ptr, byte_count, offset_base, IFDlength, displacement TSRMLS_CC)) { ++ EFREE_IF(outside); ++ return FALSE; ++ } + break; + + case TAG_EXIF_IFD_POINTER: --- php5-5.3.10.orig/debian/patches/PEAR-Builder-print-info-about-php5-dev.patch +++ php5-5.3.10/debian/patches/PEAR-Builder-print-info-about-php5-dev.patch @@ -0,0 +1,10 @@ +--- a/PEAR/Builder.php 2011-05-14 20:43:01.000000000 +0000 ++++ b/PEAR/Builder.php 2011-05-26 15:56:41.096485701 +0000 +@@ -309,6 +309,8 @@ class PEAR_Builder extends PEAR_Common + } + + if (!$err) { ++ print "If the command failed with 'phpize: not found' then you need to install php5-dev package"; ++ print "You can do it by running 'apt-get install php5-dev' as a root user"; + return $this->raiseError("`phpize' failed"); + } --- php5-5.3.10.orig/debian/patches/backport-upstream-lp592442.patch +++ php5-5.3.10/debian/patches/backport-upstream-lp592442.patch @@ -0,0 +1,21 @@ +--- a/ext/openssl/xp_ssl.c ++++ b/ext/openssl/xp_ssl.c +@@ -391,6 +391,18 @@ static inline int php_openssl_setup_cryp + } + #endif + ++#if OPENSSL_VERSION_NUMBER >= 0x0090806fL ++ { ++ zval **val; ++ ++ if (stream->context && SUCCESS == php_stream_context_get_option( ++ stream->context, "ssl", "no_ticket", &val) && ++ zval_is_true(*val)) { ++ SSL_CTX_set_options(sslsock->ctx, SSL_OP_NO_TICKET); ++ } ++ } ++#endif ++ + sslsock->ssl_handle = php_SSL_new_from_context(sslsock->ctx, stream TSRMLS_CC); + if (sslsock->ssl_handle == NULL) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "failed to create an SSL handle"); --- php5-5.3.10.orig/debian/patches/use_embedded_timezonedb.patch +++ php5-5.3.10/debian/patches/use_embedded_timezonedb.patch @@ -0,0 +1,655 @@ + +Add support for use of the system timezone database, rather +than embedding a copy. Discussed upstream but was not desired. + +History: +r7: per Sean Finney's review: simpler lat/long rounding, + use stat() not access() to check existence of timezone, + improve comments throughout. +r6: fix fd leak in r5, fix country code/BC flag use in + timezone_identifiers_list() using system db, + fix use of PECL timezonedb to override system db, +r5: reverts addition of "System/Localtime" fake tzname. + updated for 5.3.0, parses zone.tab to pick up mapping between + timezone name, country code and long/lat coords +r4: added "System/Localtime" tzname which uses /etc/localtime +r3: fix a crash if /usr/share/zoneinfo doesn't exist (Raphael Geissert) +r2: add filesystem trawl to set up name alias index +r1: initial revision + +--- a/ext/date/lib/parse_tz.c ++++ b/ext/date/lib/parse_tz.c +@@ -24,6 +24,16 @@ + + #include "timelib.h" + ++#ifdef HAVE_SYSTEM_TZDATA ++#include ++#include ++#include ++#include ++#include ++ ++#include "php_scandir.h" ++#endif ++ + #include + + #ifdef HAVE_LOCALE_H +@@ -35,7 +45,12 @@ + #else + #include + #endif ++ ++#ifndef HAVE_SYSTEM_TZDATA + #include "timezonedb.h" ++#endif ++ ++#include + + #if (defined(__APPLE__) || defined(__APPLE_CC__)) && (defined(__BIG_ENDIAN__) || defined(__LITTLE_ENDIAN__)) + # if defined(__LITTLE_ENDIAN__) +@@ -55,6 +70,11 @@ + + static void read_preamble(const unsigned char **tzf, timelib_tzinfo *tz) + { ++ if (memcmp(tzf, "TZif", 4) == 0) { ++ *tzf += 20; ++ return; ++ } ++ + /* skip ID */ + *tzf += 4; + +@@ -260,7 +280,435 @@ void timelib_dump_tzinfo(timelib_tzinfo + } + } + +-static int seek_to_tz_position(const unsigned char **tzf, char *timezone, const timelib_tzdb *tzdb) ++#ifdef HAVE_SYSTEM_TZDATA ++ ++#ifdef HAVE_SYSTEM_TZDATA_PREFIX ++#define ZONEINFO_PREFIX HAVE_SYSTEM_TZDATA_PREFIX ++#else ++#define ZONEINFO_PREFIX "/usr/share/zoneinfo" ++#endif ++ ++/* Hash table entry for the cache of the zone.tab mapping table. */ ++struct location_info { ++ char code[2]; /* Country code. */ ++ double latitude, longitude; ++ char name[64]; ++ char *comment; ++ struct location_info *next; ++}; ++ ++/* System timezone database pointer. */ ++static const timelib_tzdb *timezonedb_system = NULL; ++ ++/* Cache of zone.tab location data. */ ++static struct location_info **system_location_table; ++ ++/* Size of the zone.tab hash table; a random-ish prime big enough to ++ * prevent too many collisions. */ ++#define LOCINFO_HASH_SIZE (1021) ++ ++/* Hash function for indexing the location_info hash table. */ ++static uint32_t tz_hash(const char *str) ++{ ++ const unsigned char *p = (const unsigned char *)str; ++ uint32_t hash = 5381; ++ int c; ++ ++ while ((c = *p++) != '\0') { ++ hash = (hash << 5) ^ hash ^ c; ++ } ++ ++ return hash % LOCINFO_HASH_SIZE; ++} ++ ++/* Parse an ISO-6709 co-ordinate as used in zone.tab. Returns end of ++ * the parsed string on success, or NULL on parse error. On success, ++ * writes the parsed number to *result. */ ++static char *parse_iso6709(char *p, double *result) ++{ ++ double v, sign; ++ char *pend; ++ size_t len; ++ ++ if (*p == '+') ++ sign = 1.0; ++ else if (*p == '-') ++ sign = -1.0; ++ else ++ return NULL; ++ ++ p++; ++ for (pend = p; *pend >= '0' && *pend <= '9'; pend++) ++ ;; ++ ++ /* Annoying encoding used by zone.tab has no decimal point, so use ++ * the length to determine the format: ++ * ++ * 4 = DDMM ++ * 5 = DDDMM ++ * 6 = DDMMSS ++ * 7 = DDDMMSS ++ */ ++ len = pend - p; ++ if (len < 4 || len > 7) { ++ return NULL; ++ } ++ ++ /* p => [D]DD */ ++ v = (p[0] - '0') * 10.0 + (p[1] - '0'); ++ p += 2; ++ if (len == 5 || len == 7) ++ v = v * 10.0 + (*p++ - '0'); ++ /* p => MM[SS] */ ++ v += (10.0 * (p[0] - '0') ++ + p[1] - '0') / 60.0; ++ p += 2; ++ /* p => [SS] */ ++ if (len > 5) { ++ v += (10.0 * (p[0] - '0') ++ + p[1] - '0') / 3600.0; ++ p += 2; ++ } ++ ++ /* Round to five decimal place, not because it's a good idea, ++ * but, because the builtin data uses rounded data, so, match ++ * that. */ ++ *result = sign * (int)(v * 100000.0 + 0.5) / 100000.0; ++ ++ return p; ++} ++ ++/* This function parses the zone.tab file to build up the mapping of ++ * timezone to country code and geographic location, and returns a ++ * hash table. The hash table is indexed by the function: ++ * ++ * tz_hash(timezone-name) ++ */ ++static struct location_info **create_location_table(void) ++{ ++ struct location_info **li, *i; ++ char zone_tab[PATH_MAX]; ++ char line[512]; ++ FILE *fp; ++ ++ strncpy(zone_tab, ZONEINFO_PREFIX "/zone.tab", sizeof zone_tab); ++ ++ fp = fopen(zone_tab, "r"); ++ if (!fp) { ++ return NULL; ++ } ++ ++ li = calloc(LOCINFO_HASH_SIZE, sizeof *li); ++ ++ while (fgets(line, sizeof line, fp)) { ++ char *p = line, *code, *name, *comment; ++ uint32_t hash; ++ double latitude, longitude; ++ ++ while (isspace(*p)) ++ p++; ++ ++ if (*p == '#' || *p == '\0' || *p == '\n') ++ continue; ++ ++ if (!isalpha(p[0]) || !isalpha(p[1]) || p[2] != '\t') ++ continue; ++ ++ /* code => AA */ ++ code = p; ++ p[2] = 0; ++ p += 3; ++ ++ /* coords => [+-][D]DDMM[SS][+-][D]DDMM[SS] */ ++ p = parse_iso6709(p, &latitude); ++ if (!p) { ++ continue; ++ } ++ p = parse_iso6709(p, &longitude); ++ if (!p) { ++ continue; ++ } ++ ++ if (!p || *p != '\t') { ++ continue; ++ } ++ ++ /* name = string */ ++ name = ++p; ++ while (*p != '\t' && *p && *p != '\n') ++ p++; ++ ++ *p++ = '\0'; ++ ++ /* comment = string */ ++ comment = p; ++ while (*p != '\t' && *p && *p != '\n') ++ p++; ++ ++ if (*p == '\n' || *p == '\t') ++ *p = '\0'; ++ ++ hash = tz_hash(name); ++ i = malloc(sizeof *i); ++ memcpy(i->code, code, 2); ++ strncpy(i->name, name, sizeof i->name); ++ i->comment = strdup(comment); ++ i->longitude = longitude; ++ i->latitude = latitude; ++ i->next = li[hash]; ++ li[hash] = i; ++ /* printf("%s [%u, %f, %f]\n", name, hash, latitude, longitude); */ ++ } ++ ++ fclose(fp); ++ ++ return li; ++} ++ ++/* Return location info from hash table, using given timezone name. ++ * Returns NULL if the name could not be found. */ ++const struct location_info *find_zone_info(struct location_info **li, ++ const char *name) ++{ ++ uint32_t hash = tz_hash(name); ++ const struct location_info *l; ++ ++ if (!li) { ++ return NULL; ++ } ++ ++ for (l = li[hash]; l; l = l->next) { ++ if (strcasecmp(l->name, name) == 0) ++ return l; ++ } ++ ++ return NULL; ++} ++ ++/* Filter out some non-tzdata files and the posix/right databases, if ++ * present. */ ++static int index_filter(const struct dirent *ent) ++{ ++ return strcmp(ent->d_name, ".") != 0 ++ && strcmp(ent->d_name, "..") != 0 ++ && strcmp(ent->d_name, "posix") != 0 ++ && strcmp(ent->d_name, "posixrules") != 0 ++ && strcmp(ent->d_name, "right") != 0 ++ && strstr(ent->d_name, ".tab") == NULL; ++} ++ ++/* Comparison callback for qsort(), used to alpha-sort the index ++ * array by timezone name. */ ++static int sysdbcmp(const void *first, const void *second) ++{ ++ const timelib_tzdb_index_entry *alpha = first, *beta = second; ++ ++ return strcmp(alpha->id, beta->id); ++} ++ ++ ++/* Create the zone identifier index by trawling the filesystem. */ ++static void create_zone_index(timelib_tzdb *db) ++{ ++ size_t dirstack_size, dirstack_top; ++ size_t index_size, index_next; ++ timelib_tzdb_index_entry *db_index; ++ char **dirstack; ++ ++ /* LIFO stack to hold directory entries to scan; each slot is a ++ * directory name relative to the zoneinfo prefix. */ ++ dirstack_size = 32; ++ dirstack = malloc(dirstack_size * sizeof *dirstack); ++ dirstack_top = 1; ++ dirstack[0] = strdup(""); ++ ++ /* Index array. */ ++ index_size = 64; ++ db_index = malloc(index_size * sizeof *db_index); ++ index_next = 0; ++ ++ do { ++ struct dirent **ents; ++ char name[PATH_MAX], *top; ++ int count; ++ ++ /* Pop the top stack entry, and iterate through its contents. */ ++ top = dirstack[--dirstack_top]; ++ snprintf(name, sizeof name, ZONEINFO_PREFIX "/%s", top); ++ ++ count = php_scandir(name, &ents, index_filter, php_alphasort); ++ ++ while (count > 0) { ++ struct stat st; ++ const char *leaf = ents[count - 1]->d_name; ++ ++ snprintf(name, sizeof name, ZONEINFO_PREFIX "/%s/%s", ++ top, leaf); ++ ++ if (strlen(name) && stat(name, &st) == 0) { ++ /* Name, relative to the zoneinfo prefix. */ ++ const char *root = top; ++ ++ if (root[0] == '/') root++; ++ ++ snprintf(name, sizeof name, "%s%s%s", root, ++ *root ? "/": "", leaf); ++ ++ if (S_ISDIR(st.st_mode)) { ++ if (dirstack_top == dirstack_size) { ++ dirstack_size *= 2; ++ dirstack = realloc(dirstack, ++ dirstack_size * sizeof *dirstack); ++ } ++ dirstack[dirstack_top++] = strdup(name); ++ } ++ else { ++ if (index_next == index_size) { ++ index_size *= 2; ++ db_index = realloc(db_index, ++ index_size * sizeof *db_index); ++ } ++ ++ db_index[index_next++].id = strdup(name); ++ } ++ } ++ ++ free(ents[--count]); ++ } ++ ++ if (count != -1) free(ents); ++ free(top); ++ } while (dirstack_top); ++ ++ /* Alpha-sort the index array; shouldn't be technically necessary ++ * but some of the test cases rely on this, and, it matches the ++ * builtin database. */ ++ qsort(db_index, index_next, sizeof *db_index, sysdbcmp); ++ ++ db->index = db_index; ++ db->index_size = index_next; ++ ++ free(dirstack); ++} ++ ++#define FAKE_HEADER "1234\0??\1??" ++#define FAKE_BC_POS (0) ++#define FAKE_UTC_POS (7 - 4) ++ ++/* Create a fake data segment for database 'sysdb'. This mocks ++ * up a fake ->data segment for the given timezone database. ++ * php_date.c::timezone_identifiers_list() looks at data[pos + 4] ++ * through data[pos + 6] to compare the country code and BC flag, ++ * which are stored in the builtin data array like: ++ * ++ * (pos + 4) => BC flag ++ * (pos + 5, pos + 6) => Two chars of country code ++ * ++ * where pos is the index corresponding to the timezone name. ++ * ++ * Timezone names are classified here into three types: ++ * 1) UTC, which is special ++ * 2) "normal" zone names ++ * 3) "backwards-compat" zone names ++ * ++ * (boolean logic of the BC flag seems to be inverted, but hey) ++ * ++ * UTC is special since it has BC=\1, code = "??" ++ * "normal" zones exist in zone.tab and have the given c-code and BC=\1 ++ * "backwards-compat" zones don't exist in zone.tab and have BC=\0 ++ * ++ * Since UTC and the BC zones are constant, they are encoded in the ++ * FAKE_HEADER prefix, and pos pointers index into that. ++ * ++ * FAKE_HEADER is hence four random bytes, then the BC zone segment ++ * (three bytes), then the UTC zone segment (another three). ++ * ++ * For all "normal" zones, three bytes are appended to the data array; ++ * the BC flag, always 1, and the two bytes of country code. ++ */ ++static void fake_data_segment(timelib_tzdb *sysdb, ++ struct location_info **info) ++{ ++ size_t n; ++ char *data, *p; ++ ++ /* Worst case maximum is 3 bytes per zone, plus the header. */ ++ data = malloc((3 * sysdb->index_size) + sizeof(FAKE_HEADER) - 1); ++ ++ /* Append the fake header, p then = next byte */ ++ p = mempcpy(data, FAKE_HEADER, sizeof(FAKE_HEADER) - 1); ++ ++ for (n = 0; n < sysdb->index_size; n++) { ++ const struct location_info *li; ++ timelib_tzdb_index_entry *ent; ++ ++ /* Lost const'ness since we're modifying the pos pointer. */ ++ ent = (timelib_tzdb_index_entry *)&sysdb->index[n]; ++ ++ /* Lookup the timezone name in the hash table. */ ++ if (strcmp(ent->id, "UTC") == 0) { ++ ent->pos = FAKE_UTC_POS; ++ continue; ++ } ++ ++ li = find_zone_info(info, ent->id); ++ if (li) { ++ /* If found, append the BC byte and the country code; set ++ * the position index for the timezone to point to ++ * this. */ ++ ent->pos = (p - data) - 4; ++ *p++ = '\x01'; ++ *p++ = li->code[0]; ++ *p++ = li->code[1]; ++ } ++ else { ++ /* If not found, the timezone data can ++ * point at the header. */ ++ ent->pos = 0; ++ } ++ } ++ ++ /* Store the fake data array */ ++ sysdb->data = (unsigned char *)data; ++} ++ ++/* Evaluates to true if given timezone name is valid. */ ++#define is_valid_tz_name(tz_) (tz_[0] && strstr(tz_, "..") == NULL) ++ ++/* Return the mmap()ed tzfile if found, else NULL. On success, the ++ * length of the mapped data is placed in *length. */ ++static char *map_tzfile(const char *timezone, size_t *length) ++{ ++ char fname[PATH_MAX]; ++ struct stat st; ++ char *p; ++ int fd; ++ ++ if (!is_valid_tz_name(timezone)) { ++ return NULL; ++ } ++ ++ snprintf(fname, sizeof fname, ZONEINFO_PREFIX "/%s", timezone); ++ ++ fd = open(fname, O_RDONLY); ++ if (fd == -1) { ++ return NULL; ++ } else if (fstat(fd, &st) != 0 || st.st_size < 21) { ++ close(fd); ++ return NULL; ++ } ++ ++ *length = st.st_size; ++ p = mmap(NULL, st.st_size, PROT_READ, MAP_SHARED, fd, 0); ++ close(fd); ++ ++ return p != MAP_FAILED ? p : NULL; ++} ++#endif ++ ++/* seek_to_tz_position() for a builtin/external database. */ ++static int inmem_seek_to_tz_position(const unsigned char **tzf, ++ char *timezone, const timelib_tzdb *tzdb) + { + int left = 0, right = tzdb->index_size - 1; + #ifdef HAVE_SETLOCALE +@@ -299,36 +747,131 @@ static int seek_to_tz_position(const uns + return 0; + } + ++/* Modified seek_to_tz_position wrapper which handles the system ++ * database and the builtin/external databases in the same way. ++ * Returns zero on failure on non-zero on success. On success, (*map, ++ * *maplen) is an mmap'ed region if *map is non-NULL, and must be ++ * munmaped after use. */ ++static int seek_to_tz_position(const unsigned char **tzf, char *timezone, ++ char **map, size_t *maplen, ++ const timelib_tzdb *tzdb) ++{ ++#ifdef HAVE_SYSTEM_TZDATA ++ if (tzdb == timezonedb_system) { ++ char *orig; ++ ++ orig = map_tzfile(timezone, maplen); ++ if (orig == NULL) { ++ return 0; ++ } ++ ++ (*tzf) = (unsigned char *)orig ; ++ *map = orig; ++ ++ return 1; ++ } ++ else ++#endif ++ { ++ return inmem_seek_to_tz_position(tzf, timezone, tzdb); ++ } ++} ++ + const timelib_tzdb *timelib_builtin_db(void) + { ++#ifdef HAVE_SYSTEM_TZDATA ++ if (timezonedb_system == NULL) { ++ timelib_tzdb *tmp = malloc(sizeof *tmp); ++ ++ tmp->version = "0.system"; ++ tmp->data = NULL; ++ create_zone_index(tmp); ++ system_location_table = create_location_table(); ++ fake_data_segment(tmp, system_location_table); ++ timezonedb_system = tmp; ++ } ++ ++ return timezonedb_system; ++#else + return &timezonedb_builtin; ++#endif + } + + const timelib_tzdb_index_entry *timelib_timezone_builtin_identifiers_list(int *count) + { ++#ifdef HAVE_SYSTEM_TZDATA ++ *count = timezonedb_system->index_size; ++ return timezonedb_system->index; ++#else + *count = sizeof(timezonedb_idx_builtin) / sizeof(*timezonedb_idx_builtin); + return timezonedb_idx_builtin; ++#endif + } + + int timelib_timezone_id_is_valid(char *timezone, const timelib_tzdb *tzdb) + { + const unsigned char *tzf; +- return (seek_to_tz_position(&tzf, timezone, tzdb)); ++ ++#ifdef HAVE_SYSTEM_TZDATA ++ if (tzdb == timezonedb_system) { ++ char fname[PATH_MAX]; ++ struct stat st; ++ ++ if (!is_valid_tz_name(timezone)) { ++ return 0; ++ } ++ ++ snprintf(fname, sizeof fname, ZONEINFO_PREFIX "/%s", timezone); ++ ++ return stat(fname, &st) == 0 && S_ISREG(st.st_mode); ++ } ++#endif ++ ++ return (inmem_seek_to_tz_position(&tzf, timezone, tzdb)); + } + + timelib_tzinfo *timelib_parse_tzfile(char *timezone, const timelib_tzdb *tzdb) + { + const unsigned char *tzf; ++ char *memmap = NULL; ++ size_t maplen; + timelib_tzinfo *tmp; + +- if (seek_to_tz_position(&tzf, timezone, tzdb)) { ++ if (seek_to_tz_position(&tzf, timezone, &memmap, &maplen, tzdb)) { + tmp = timelib_tzinfo_ctor(timezone); + + read_preamble(&tzf, tmp); + read_header(&tzf, tmp); + read_transistions(&tzf, tmp); + read_types(&tzf, tmp); +- read_location(&tzf, tmp); ++ ++#ifdef HAVE_SYSTEM_TZDATA ++ if (memmap) { ++ const struct location_info *li; ++ ++ /* TZif-style - grok the location info from the system database, ++ * if possible. */ ++ if ((li = find_zone_info(system_location_table, timezone)) != NULL) { ++ tmp->location.comments = strdup(li->comment); ++ strncpy(tmp->location.country_code, li->code, 2); ++ tmp->location.longitude = li->longitude; ++ tmp->location.latitude = li->latitude; ++ tmp->bc = 1; ++ } ++ else { ++ strcpy(tmp->location.country_code, "??"); ++ tmp->bc = 0; ++ tmp->location.comments = strdup(""); ++ } ++ ++ /* Now done with the mmap segment - discard it. */ ++ munmap(memmap, maplen); ++ } else ++#endif ++ { ++ /* PHP-style - use the embedded info. */ ++ read_location(&tzf, tmp); ++ } + } else { + tmp = NULL; + } +--- a/ext/date/lib/timelib.m4 ++++ b/ext/date/lib/timelib.m4 +@@ -78,3 +78,17 @@ stdlib.h + + dnl Check for strtoll, atoll + AC_CHECK_FUNCS(strtoll atoll strftime) ++ ++PHP_ARG_WITH(system-tzdata, for use of system timezone data, ++[ --with-system-tzdata[=DIR] to specify use of system timezone data], ++no, no) ++ ++if test "$PHP_SYSTEM_TZDATA" != "no"; then ++ AC_DEFINE(HAVE_SYSTEM_TZDATA, 1, [Define if system timezone data is used]) ++ ++ if test "$PHP_SYSTEM_TZDATA" != "yes"; then ++ AC_DEFINE_UNQUOTED(HAVE_SYSTEM_TZDATA_PREFIX, "$PHP_SYSTEM_TZDATA", ++ [Define for location of system timezone data]) ++ fi ++fi ++ --- php5-5.3.10.orig/debian/patches/bug71860.patch +++ php5-5.3.10/debian/patches/bug71860.patch @@ -0,0 +1,258 @@ +Backport of: + +From 72281f29dd4691b2f741362d3581162fcf85f502 Mon Sep 17 00:00:00 2001 +From: Stanislav Malyshev +Date: Sun, 20 Mar 2016 20:54:09 -0700 +Subject: [PATCH] Fix bug #71860: Require valid paths for phar filenames + +--- + ext/phar/phar.c | 4 +++ + ext/phar/phar_object.c | 40 ++++++++++++++-------------- + ext/phar/tests/badparameters.phpt | 18 ++++++------- + ext/phar/tests/bug64931/bug64931.phpt | 5 ++-- + ext/phar/tests/create_path_error.phpt | 3 +-- + ext/phar/tests/phar_extract.phpt | 2 +- + ext/phar/tests/phar_isvalidpharfilename.phpt | 2 +- + ext/phar/tests/phar_unlinkarchive.phpt | 2 +- + ext/phar/tests/pharfileinfo_construct.phpt | 2 +- + 9 files changed, 41 insertions(+), 37 deletions(-) + +Index: php5-5.3.10/ext/phar/phar.c +=================================================================== +--- php5-5.3.10.orig/ext/phar/phar.c 2016-04-19 22:41:12.489499162 -0400 ++++ php5-5.3.10/ext/phar/phar.c 2016-04-19 22:41:12.481499073 -0400 +@@ -2264,6 +2264,10 @@ + #endif + int ext_len, free_filename = 0; + ++ if (CHECK_NULL_PATH(filename, filename_len)) { ++ return FAILURE; ++ } ++ + if (!strncasecmp(filename, "phar://", 7)) { + filename += 7; + filename_len -= 7; +Index: php5-5.3.10/ext/phar/phar_object.c +=================================================================== +--- php5-5.3.10.orig/ext/phar/phar_object.c 2016-04-19 22:41:12.489499162 -0400 ++++ php5-5.3.10/ext/phar/phar_object.c 2016-04-19 22:41:12.485499118 -0400 +@@ -574,6 +574,14 @@ + return; + } + ++ if (path_len && (strlen(path) != path_len)) { ++ return; ++ } ++ ++ if (actual_len && (strlen(actual) != actual_len)) { ++ return; ++ } ++ + fname = zend_get_executed_filename(TSRMLS_C); + fname_len = strlen(fname); + +@@ -1095,6 +1103,14 @@ + return; + } + ++ if (index_len && (strlen(index) != index_len)) { ++ return; ++ } ++ ++ if (webindex_len && (strlen(webindex) != webindex_len)) { ++ return; ++ } ++ + stub = phar_create_default_stub(index, webindex, &stub_len, &error TSRMLS_CC); + + if (error) { +@@ -1139,6 +1155,10 @@ + return; + } + ++ if (fname_len && (strlen(fname) != fname_len)) { ++ return; ++ } ++ + phar_request_initialize(TSRMLS_C); + + RETVAL_BOOL(phar_open_from_filename(fname, fname_len, alias, alias_len, REPORT_ERRORS, NULL, &error TSRMLS_CC) == SUCCESS); +@@ -1218,6 +1238,10 @@ + return; + } + ++ if (fname_len && (strlen(fname) != fname_len)) { ++ return; ++ } ++ + is_executable = executable; + RETVAL_BOOL(phar_detect_phar_fname_ext(fname, fname_len, &ext_str, &ext_len, is_executable, 2, 1 TSRMLS_CC) == SUCCESS); + } +@@ -1298,6 +1322,10 @@ + } + } + ++ if (fname_len && (strlen(fname) != fname_len)) { ++ return; ++ } ++ + if (phar_obj->arc.archive) { + zend_throw_exception_ex(spl_ce_BadMethodCallException, 0 TSRMLS_CC, "Cannot call constructor twice"); + return; +@@ -1465,6 +1493,10 @@ + RETURN_FALSE; + } + ++ if (fname_len && (strlen(fname) != fname_len)) { ++ RETURN_FALSE; ++ } ++ + if (!fname_len) { + zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, "Unknown phar archive \"\""); + return; +@@ -1946,6 +1978,10 @@ + RETURN_FALSE; + } + ++ if (dir_len && (strlen(dir) != dir_len)) { ++ RETURN_FALSE; ++ } ++ + MAKE_STD_ZVAL(iter); + + if (SUCCESS != object_init_ex(iter, spl_ce_RecursiveDirectoryIterator)) { +@@ -2816,6 +2852,10 @@ + RETURN_FALSE; + } + ++ if (fname_len && (strlen(fname) != fname_len)) { ++ RETURN_FALSE; ++ } ++ + if (phar_obj->arc.archive->is_persistent && FAILURE == phar_copy_on_write(&(phar_obj->arc.archive) TSRMLS_CC)) { + zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, "phar \"%s\" is persistent, unable to copy on write", phar_obj->arc.archive->fname); + return; +@@ -3628,6 +3668,14 @@ + return; + } + ++ if (oldfile_len && (strlen(oldfile) != oldfile_len)) { ++ return; ++ } ++ ++ if (newfile_len && (strlen(newfile) != newfile_len)) { ++ return; ++ } ++ + if (PHAR_G(readonly) && !phar_obj->arc.archive->is_data) { + zend_throw_exception_ex(spl_ce_UnexpectedValueException, 0 TSRMLS_CC, + "Cannot copy \"%s\" to \"%s\", phar is read-only", oldfile, newfile); +@@ -3738,6 +3786,10 @@ + return; + } + ++ if (fname_len && (strlen(fname) != fname_len)) { ++ return; ++ } ++ + if (zend_hash_exists(&phar_obj->arc.archive->manifest, fname, (uint) fname_len)) { + if (SUCCESS == zend_hash_find(&phar_obj->arc.archive->manifest, fname, (uint) fname_len, (void**)&entry)) { + if (entry->is_deleted) { +@@ -3775,6 +3827,10 @@ + return; + } + ++ if (fname_len && (strlen(fname) != fname_len)) { ++ return; ++ } ++ + /* security is 0 here so that we can get a better error message than "entry doesn't exist" */ + if (!(entry = phar_get_entry_info_dir(phar_obj->arc.archive, fname, fname_len, 1, &error, 0 TSRMLS_CC))) { + zend_throw_exception_ex(spl_ce_BadMethodCallException, 0 TSRMLS_CC, "Entry %s does not exist%s%s", fname, error?", ":"", error?error:""); +@@ -3924,6 +3980,10 @@ + return; + } + ++ if (fname_len && (strlen(fname) != fname_len)) { ++ return; ++ } ++ + if (fname_len == sizeof(".phar/stub.php")-1 && !memcmp(fname, ".phar/stub.php", sizeof(".phar/stub.php")-1)) { + zend_throw_exception_ex(spl_ce_BadMethodCallException, 0 TSRMLS_CC, "Cannot set stub \".phar/stub.php\" directly in phar \"%s\", use setStub", phar_obj->arc.archive->fname); + return; +@@ -3962,6 +4022,10 @@ + return; + } + ++ if (fname_len && (strlen(fname) != fname_len)) { ++ return; ++ } ++ + if (zend_hash_exists(&phar_obj->arc.archive->manifest, fname, (uint) fname_len)) { + if (SUCCESS == zend_hash_find(&phar_obj->arc.archive->manifest, fname, (uint) fname_len, (void**)&entry)) { + if (entry->is_deleted) { +@@ -4009,6 +4073,10 @@ + return; + } + ++ if (dirname_len && (strlen(dirname) != dirname_len)) { ++ return; ++ } ++ + if (dirname_len >= sizeof(".phar")-1 && !memcmp(dirname, ".phar", sizeof(".phar")-1)) { + zend_throw_exception_ex(spl_ce_BadMethodCallException, 0 TSRMLS_CC, "Cannot create a directory in magic \".phar\" directory"); + return; +@@ -4034,6 +4102,10 @@ + return; + } + ++ if (fname_len && (strlen(fname) != fname_len)) { ++ return; ++ } ++ + #if PHP_API_VERSION < 20100412 + if (PG(safe_mode) && (!php_checkuid(fname, NULL, CHECKUID_ALLOW_ONLY_FILE))) { + zend_throw_exception_ex(spl_ce_RuntimeException, 0 TSRMLS_CC, "phar error: unable to open file \"%s\" to add to phar archive, safe_mode restrictions prevent this", fname); +@@ -4078,6 +4150,10 @@ + return; + } + ++ if (localname_len && (strlen(localname) != localname_len)) { ++ return; ++ } ++ + phar_add_file(&(phar_obj->arc.archive), localname, localname_len, cont_str, cont_len, NULL TSRMLS_CC); + } + /* }}} */ +@@ -4504,6 +4580,10 @@ + return; + } + ++ if (pathto_len && (strlen(pathto) != pathto_len)) { ++ return; ++ } ++ + fp = php_stream_open_wrapper(phar_obj->arc.archive->fname, "rb", IGNORE_URL|STREAM_MUST_SEEK, &actual); + + if (!fp) { +@@ -4653,6 +4733,10 @@ + return; + } + ++ if (fname_len && (strlen(fname) != fname_len)) { ++ return; ++ } ++ + entry_obj = (phar_entry_object*)zend_object_store_get_object(getThis() TSRMLS_CC); + + if (entry_obj->ent.entry) { +Index: php5-5.3.10/ext/phar/tests/create_path_error.phpt +=================================================================== +--- php5-5.3.10.orig/ext/phar/tests/create_path_error.phpt 2016-04-18 14:43:02.000000000 -0400 ++++ php5-5.3.10/ext/phar/tests/create_path_error.phpt 2016-04-19 22:42:18.854234752 -0400 +@@ -58,5 +58,4 @@ + Error: file_put_contents(phar://%s/.): failed to open stream: phar error: file "" in phar "%s" cannot be empty + Error: file_put_contents(phar://%s/../): failed to open stream: phar error: file "" in phar "%s" cannot be empty + Error: file_put_contents(phar://%s/a/..): failed to open stream: phar error: file "" in phar "%s" cannot be empty +-Exception: Entry a does not exist and cannot be created: phar error: invalid path "a" contains illegal character + ===DONE=== --- php5-5.3.10.orig/debian/patches/013-force_getaddrinfo.patch +++ php5-5.3.10/debian/patches/013-force_getaddrinfo.patch @@ -0,0 +1,103 @@ +Description: Always use getaddrinfo + . + The patch should probably be dropped and the configure check verified. +Origin: vendor +Forwarded: no +Last-Update: 2010-01-18 + +--- a/configure.in ++++ b/configure.in +@@ -616,50 +616,50 @@ PHP_CHECK_FUNC_LIB(nanosleep, rt) + + dnl Check for getaddrinfo, should be a better way, but... + dnl Also check for working getaddrinfo +-AC_CACHE_CHECK([for getaddrinfo], ac_cv_func_getaddrinfo, +-[AC_TRY_LINK([#include ], +- [struct addrinfo *g,h;g=&h;getaddrinfo("","",g,&g);], +- AC_TRY_RUN([ +-#include +-#include +-#ifndef AF_INET +-# include +-#endif +-int main(void) { +- struct addrinfo *ai, *pai, hints; +- +- memset(&hints, 0, sizeof(hints)); +- hints.ai_flags = AI_NUMERICHOST; +- +- if (getaddrinfo("127.0.0.1", 0, &hints, &ai) < 0) { +- exit(1); +- } +- +- if (ai == 0) { +- exit(1); +- } +- +- pai = ai; +- +- while (pai) { +- if (pai->ai_family != AF_INET) { +- /* 127.0.0.1/NUMERICHOST should only resolve ONE way */ +- exit(1); +- } +- if (pai->ai_addr->sa_family != AF_INET) { +- /* 127.0.0.1/NUMERICHOST should only resolve ONE way */ +- exit(1); +- } +- pai = pai->ai_next; +- } +- freeaddrinfo(ai); +- exit(0); +-} +- ],ac_cv_func_getaddrinfo=yes, ac_cv_func_getaddrinfo=no, ac_cv_func_getaddrinfo=no), +-ac_cv_func_getaddrinfo=no)]) +-if test "$ac_cv_func_getaddrinfo" = yes; then ++dnl AC_CACHE_CHECK([for getaddrinfo], ac_cv_func_getaddrinfo, ++dnl [AC_TRY_LINK([#include ], ++dnl [struct addrinfo *g,h;g=&h;getaddrinfo("","",g,&g);], ++dnl AC_TRY_RUN([ ++dnl #include ++dnl #include ++dnl #ifndef AF_INET ++dnl # include ++dnl #endif ++dnl int main(void) { ++dnl struct addrinfo *ai, *pai, hints; ++dnl ++dnl memset(&hints, 0, sizeof(hints)); ++dnl hints.ai_flags = AI_NUMERICHOST; ++dnl ++dnl if (getaddrinfo("127.0.0.1", 0, &hints, &ai) < 0) { ++dnl exit(1); ++dnl } ++dnl ++dnl if (ai == 0) { ++dnl exit(1); ++dnl } ++dnl ++dnl pai = ai; ++dnl ++dnl while (pai) { ++dnl if (pai->ai_family != AF_INET) { ++dnl /* 127.0.0.1/NUMERICHOST should only resolve ONE way */ ++dnl exit(1); ++dnl } ++dnl if (pai->ai_addr->sa_family != AF_INET) { ++dnl /* 127.0.0.1/NUMERICHOST should only resolve ONE way */ ++dnl exit(1); ++dnl } ++dnl pai = pai->ai_next; ++dnl } ++dnl freeaddrinfo(ai); ++dnl exit(0); ++dnl } ++dnl ],ac_cv_func_getaddrinfo=yes, ac_cv_func_getaddrinfo=no, ac_cv_func_getaddrinfo=no), ++dnl ac_cv_func_getaddrinfo=no)]) ++dnl if test "$ac_cv_func_getaddrinfo" = yes; then + AC_DEFINE(HAVE_GETADDRINFO,1,[Define if you have the getaddrinfo function]) +-fi ++dnl fi + + dnl Check for the __sync_fetch_and_add builtin + AC_CACHE_CHECK([for __sync_fetch_and_add], ac_cv_func_sync_fetch_and_add, --- php5-5.3.10.orig/debian/patches/CVE-2015-6831-2.patch +++ php5-5.3.10/debian/patches/CVE-2015-6831-2.patch @@ -0,0 +1,32 @@ +From c2e197e4efc663ca55f393bf0e799848842286f3 Mon Sep 17 00:00:00 2001 +From: Stanislav Malyshev +Date: Sat, 1 Aug 2015 21:12:38 -0700 +Subject: [PATCH] Fix bug #70168 - Use After Free Vulnerability in + unserialize() with SplObjectStorage + +--- + ext/spl/spl_observer.c | 68 +++++++++++++++++++++++---------------------- + ext/spl/tests/bug70168.phpt | 19 +++++++++++++ + 2 files changed, 54 insertions(+), 33 deletions(-) + create mode 100644 ext/spl/tests/bug70168.phpt + +Index: php5-5.3.10/ext/spl/spl_observer.c +=================================================================== +--- php5-5.3.10.orig/ext/spl/spl_observer.c 2015-09-29 12:30:29.525383812 -0400 ++++ php5-5.3.10/ext/spl/spl_observer.c 2015-09-29 12:31:27.517028534 -0400 +@@ -743,6 +743,7 @@ + goto outexcept; + } + ++ var_push_dtor(&var_hash, &pcount); + --p; /* for ';' */ + count = Z_LVAL_P(pcount); + zval_ptr_dtor(&pcount); +@@ -806,6 +807,7 @@ + goto outexcept; + } + ++ var_push_dtor(&var_hash, &pmembers); + /* copy members */ + zend_hash_copy(intern->std.properties, Z_ARRVAL_P(pmembers), (copy_ctor_func_t) zval_add_ref, (void *) NULL, sizeof(zval *)); + zval_ptr_dtor(&pmembers); --- php5-5.3.10.orig/debian/patches/CVE-2014-3670.patch +++ php5-5.3.10/debian/patches/CVE-2014-3670.patch @@ -0,0 +1,40 @@ +From ddb207e7fa2e9adeba021a1303c3781efda5409b Mon Sep 17 00:00:00 2001 +From: Stanislav Malyshev +Date: Sun, 28 Sep 2014 16:57:42 -0700 +Subject: [PATCH] Fix bug #68113 (Heap corruption in exif_thumbnail()) + +--- + create mode 100755 ext/exif/tests/bug68113.jpg + create mode 100644 ext/exif/tests/bug68113.phpt + +From ddb207e7fa2e9adeba021a1303c3781efda5409b Mon Sep 17 00:00:00 2001 +From: Stanislav Malyshev +Date: Sun, 28 Sep 2014 16:57:42 -0700 +Subject: [PATCH] Fix bug #68113 (Heap corruption in exif_thumbnail()) + +--- + ext/exif/exif.c | 4 ++-- + ext/exif/tests/bug68113.jpg | Bin 0 -> 368 bytes + ext/exif/tests/bug68113.phpt | 17 +++++++++++++++++ + 3 files changed, 19 insertions(+), 2 deletions(-) + create mode 100755 ext/exif/tests/bug68113.jpg + create mode 100644 ext/exif/tests/bug68113.phpt + +Index: php5-5.3.10/ext/exif/exif.c +=================================================================== +--- php5-5.3.10.orig/ext/exif/exif.c 2014-10-28 10:48:06.317008432 -0400 ++++ php5-5.3.10/ext/exif/exif.c 2014-10-28 10:48:06.317008432 -0400 +@@ -2446,11 +2446,11 @@ + data_ptr += 8; + break; + case TAG_FMT_SINGLE: +- memmove(data_ptr, &info_data->value.f, byte_count); ++ memmove(data_ptr, &info_value->f, 4); + data_ptr += 4; + break; + case TAG_FMT_DOUBLE: +- memmove(data_ptr, &info_data->value.d, byte_count); ++ memmove(data_ptr, &info_value->d, 8); + data_ptr += 8; + break; + } --- php5-5.3.10.orig/debian/patches/zend_int_overflow.patch +++ php5-5.3.10/debian/patches/zend_int_overflow.patch @@ -0,0 +1,110 @@ +Author: Sean Finney +Description: Another integer overflow/underflow logic fix. + Once again, don't rely on undefined behavior and instead detect + the overflow/underflow conditions intelligently. +Bug: http://bugs.php.net/bug.php?id=51008 +Bug-Debian: http://bugs.debian.org/570144 +--- a/Zend/zend_hash.h ++++ b/Zend/zend_hash.h +@@ -306,9 +306,11 @@ END_EXTERN_C() + + #define ZEND_HANDLE_NUMERIC(key, length, func) do { \ + register const char *tmp = key; \ ++ int negative = 0; \ + \ + if (*tmp == '-') { \ + tmp++; \ ++ negative = 1; \ + } \ + if (*tmp >= '0' && *tmp <= '9') { /* possibly a numeric index */ \ + const char *end = key + length - 1; \ +@@ -322,19 +324,19 @@ END_EXTERN_C() + *tmp > '2')) { /* overflow */ \ + break; \ + } \ +- idx = (*tmp - '0'); \ ++ idx = ((negative)?-1:1) * (*tmp - '0'); \ + while (++tmp != end && *tmp >= '0' && *tmp <= '9') { \ +- idx = (idx * 10) + (*tmp - '0'); \ +- } \ +- if (tmp == end) { \ +- if (*key == '-') { \ +- if (idx-1 > LONG_MAX) { /* overflow */ \ +- break; \ +- } \ +- idx = (ulong)(-(long)idx); \ +- } else if (idx > LONG_MAX) { /* overflow */ \ ++ int digit = (*tmp - '0'); \ ++ if ( (!negative) && idx <= (LONG_MAX-digit)/10 ) { \ ++ idx = (idx * 10) + digit; \ ++ } else if ( (negative) && idx >= (LONG_MIN+digit)/10 ) { \ ++ idx = (idx * 10) - digit; \ ++ } else { \ ++ --tmp; /* overflow or underflow, make sure tmp != end */ \ + break; \ + } \ ++ } \ ++ if (tmp == end) { \ + return func; \ + } \ + } \ +--- a/Zend/tests/bug45877.phpt ++++ b/Zend/tests/bug45877.phpt +@@ -1,23 +1,40 @@ + --TEST-- + Bug #45877 (Array key '2147483647' left as string) +---INI-- +-precision=16 + --FILE-- + +---EXPECTF-- +-array(3) { +- [%d7]=> +- int(1) +- [-%d8]=> +- int(1) +- ["%s"]=> +- int(1) ++function test_value($val, $msg) { ++ $a = array($val => 1); ++ $keys = array_keys($a); ++ if ($val == $keys[0]) $result = "ok"; ++ else $result = "failed ($val != $keys[0])"; ++ echo "$msg: $result\n"; + } ++ ++test_value($max, "max"); ++test_value($overflow, "overflow"); ++test_value($min, "min"); ++test_value($underflow, "underflow"); ++ ++?> ++--EXPECT-- ++max: ok ++overflow: ok ++min: ok ++underflow: ok --- php5-5.3.10.orig/debian/patches/CVE-2015-2301.patch +++ php5-5.3.10/debian/patches/CVE-2015-2301.patch @@ -0,0 +1,24 @@ +From b2cf3f064b8f5efef89bb084521b61318c71781b Mon Sep 17 00:00:00 2001 +From: Xinchen Hui +Date: Thu, 29 Jan 2015 00:00:09 +0800 +Subject: [PATCH] Fixed bug #68901 (use after free) + +--- + NEWS | 3 +++ + ext/phar/phar_object.c | 2 +- + 2 files changed, 4 insertions(+), 1 deletion(-) + +Index: php5-5.3.10/ext/phar/phar_object.c +=================================================================== +--- php5-5.3.10.orig/ext/phar/phar_object.c 2015-03-16 13:56:47.878348393 -0400 ++++ php5-5.3.10/ext/phar/phar_object.c 2015-03-16 13:56:47.826347993 -0400 +@@ -2320,8 +2320,8 @@ + } + its_ok: + if (SUCCESS == php_stream_stat_path(newpath, &ssb)) { +- efree(oldpath); + zend_throw_exception_ex(spl_ce_BadMethodCallException, 0 TSRMLS_CC, "phar \"%s\" exists and must be unlinked prior to conversion", newpath); ++ efree(oldpath); + return NULL; + } + if (!phar->is_data) { --- php5-5.3.10.orig/debian/patches/php_crypt_revamped.patch +++ php5-5.3.10/debian/patches/php_crypt_revamped.patch @@ -0,0 +1,585 @@ +--- a/ext/standard/config.m4 ++++ b/ext/standard/config.m4 +@@ -60,6 +60,12 @@ if test "$ac_cv_func_crypt" = "no"; then + AC_DEFINE(HAVE_CRYPT, 1, [ ]) + ]) + fi ++ ++AC_CHECK_FUNCS(crypt_r, [ php_crypt_r="1" ], [ php_crypt_r="0" ]) ++if test "x$php_crypt_r" = "x1"; then ++ PHP_CRYPT_R_STYLE ++ AC_DEFINE(HAVE_CRYPT_R, 1, [ ]) ++fi + + AC_CACHE_CHECK(for standard DES crypt, ac_cv_crypt_des,[ + AC_TRY_RUN([ +@@ -231,11 +237,68 @@ main() { + ac_cv_crypt_SHA256=no + ])]) + ++dnl ++dnl Define PHP_*_CRYPT according to system ++dnl ++ ++if test "$ac_cv_crypt_des" = "yes"; then ++ ac_result=1 ++ ac_crypt_des=1 ++else ++ ac_result=0 ++ ac_crypt_des=0 ++fi ++AC_DEFINE_UNQUOTED(PHP_STD_DES_CRYPT, $ac_result, [Whether the system supports standard DES salt]) ++ ++if test "$ac_cv_crypt_md5" = "yes"; then ++ ac_result=1 ++ ac_crypt_md5=1 ++else ++ ac_result=0 ++ ac_crypt_md5=0 ++fi ++AC_DEFINE_UNQUOTED(PHP_MD5_CRYPT, $ac_result, [Whether the system supports MD5 salt]) ++ ++if test "$ac_cv_crypt_blowfish" = "yes"; then ++ ac_result=1 ++ ac_crypt_blowfish=1 ++else ++ ac_result=0 ++ ac_crypt_blowfish=0 ++fi ++AC_DEFINE_UNQUOTED(PHP_BLOWFISH_CRYPT, $ac_result, [Whether the system supports BlowFish salt]) ++ ++if test "$ac_cv_crypt_ext_des" = "yes"; then ++ ac_result=1 ++ ac_crypt_edes=1 ++else ++ ac_result=0 ++ ac_crypt_edes=0 ++fi ++AC_DEFINE_UNQUOTED(PHP_EXT_DES_CRYPT, $ac_result, [Whether the system supports extended DES salt]) ++ ++if test "$ac_cv_crypt_SHA512" = "yes"; then ++ ac_result=1 ++ ac_crypt_sha512=1 ++else ++ ac_result=0 ++ ac_crypt_sha512=0 ++fi ++AC_DEFINE_UNQUOTED(PHP_SHA512_CRYPT, $ac_result, [Whether the system supports SHA512 salt]) ++ ++if test "$ac_cv_crypt_SHA256" = "yes"; then ++ ac_result=1 ++ ac_crypt_sha256=1 ++else ++ ac_result=0 ++ ac_crypt_sha256=0 ++fi ++AC_DEFINE_UNQUOTED(PHP_SHA256_CRYPT, $ac_result, [Whether the system supports SHA256 salt]) + + dnl + dnl If one of them is missing, use our own implementation, portable code is then possible + dnl +-if test "$ac_cv_crypt_blowfish" = "no" || test "$ac_cv_crypt_des" = "no" || test "$ac_cv_crypt_ext_des" = "no" || test "x$php_crypt_r" = "x0"; then ++if test "$ac_cv_crypt_SHA512" = no || test "$ac_cv_crypt_SHA256" = "no" || test "$ac_cv_crypt_blowfish" = "no" || test "$ac_cv_crypt_des" = "no" || test "$ac_cv_crypt_md5" = "no" || test "$ac_cv_crypt_ext_des" = "no" || test "x$php_crypt_r" = "x0"; then + + dnl + dnl Check for __alignof__ support in the compiler +@@ -269,74 +332,15 @@ if test "$ac_cv_crypt_blowfish" = "no" | + AC_DEFINE([HAVE_ATTRIBUTE_ALIGNED], 1, [whether the compiler supports __attribute__ ((__aligned__))]) + fi + +- +- AC_DEFINE_UNQUOTED(PHP_USE_PHP_CRYPT_R, 1, [Whether PHP has to use its own crypt_r for blowfish, des, ext des and md5]) +- AC_DEFINE_UNQUOTED(PHP_STD_DES_CRYPT, 1, [Whether the system supports standard DES salt]) +- AC_DEFINE_UNQUOTED(PHP_BLOWFISH_CRYPT, 1, [Whether the system supports BlowFish salt]) +- AC_DEFINE_UNQUOTED(PHP_EXT_DES_CRYPT, 1, [Whether the system supports extended DES salt]) +- AC_DEFINE_UNQUOTED(PHP_MD5_CRYPT, 1, [Whether the system supports MD5 salt]) +- AC_DEFINE_UNQUOTED(PHP_SHA512_CRYPT, 1, [Whether the system supports SHA512 salt]) +- AC_DEFINE_UNQUOTED(PHP_SHA256_CRYPT, 1, [Whether the system supports SHA256 salt]) ++ ac_result=1 + + PHP_ADD_SOURCES(PHP_EXT_DIR(standard), crypt_freesec.c crypt_blowfish.c crypt_sha512.c crypt_sha256.c php_crypt_r.c) + else +- if test "$ac_cv_crypt_des" = "yes"; then +- ac_result=1 +- ac_crypt_des=1 +- else +- ac_result=0 +- ac_crypt_des=0 +- fi +- AC_DEFINE_UNQUOTED(PHP_STD_DES_CRYPT, $ac_result, [Whether the system supports standard DES salt]) +- +- if test "$ac_cv_crypt_blowfish" = "yes"; then +- ac_result=1 +- ac_crypt_blowfish=1 +- else +- ac_result=0 +- ac_crypt_blowfish=0 +- fi +- AC_DEFINE_UNQUOTED(PHP_BLOWFISH_CRYPT, $ac_result, [Whether the system supports BlowFish salt]) +- +- if test "$ac_cv_crypt_ext_des" = "yes"; then +- ac_result=1 +- ac_crypt_edes=1 +- else +- ac_result=0 +- ac_crypt_edes=0 +- fi +- AC_DEFINE_UNQUOTED(PHP_EXT_DES_CRYPT, $ac_result, [Whether the system supports extended DES salt]) +- +- if test "$ac_cv_crypt_md5" = "yes"; then +- ac_result=1 +- ac_crypt_md5=1 +- else +- ac_result=0 +- ac_crypt_md5=0 +- fi +- AC_DEFINE_UNQUOTED(PHP_MD5_CRYPT, $ac_result, [Whether the system supports MD5 salt]) +- +- if test "$ac_cv_crypt_sha512" = "yes"; then +- ac_result=1 +- ac_crypt_sha512=1 +- else +- ac_result=0 +- ac_crypt_sha512=0 +- fi +- AC_DEFINE_UNQUOTED(PHP_SHA512_CRYPT, $ac_result, [Whether the system supports SHA512 salt]) +- +- if test "$ac_cv_crypt_sha256" = "yes"; then +- ac_result=1 +- ac_crypt_sha256=1 +- else +- ac_result=0 +- ac_crypt_sha256=0 +- fi +- AC_DEFINE_UNQUOTED(PHP_SHA256_CRYPT, $ac_result, [Whether the system supports SHA256 salt]) +- +- AC_DEFINE_UNQUOTED(PHP_USE_PHP_CRYPT_R, 0, [Whether PHP has to use its own crypt_r for blowfish, des and ext des]) ++ ac_result=0 + fi + ++AC_DEFINE_UNQUOTED(PHP_USE_PHP_CRYPT_R, $ac_result, [Whether PHP has to use its own crypt_r for blowfish, des and ext des]) ++ + dnl + dnl Check for available functions + dnl +--- a/ext/standard/crypt.c ++++ b/ext/standard/crypt.c +@@ -32,13 +32,12 @@ + #if PHP_USE_PHP_CRYPT_R + # include "php_crypt_r.h" + # include "crypt_freesec.h" +-#else +-# if HAVE_CRYPT_H +-# if defined(CRYPT_R_GNU_SOURCE) && !defined(_GNU_SOURCE) +-# define _GNU_SOURCE +-# endif +-# include ++#endif ++#if HAVE_CRYPT_H ++# if defined(CRYPT_R_GNU_SOURCE) && !defined(_GNU_SOURCE) ++# define _GNU_SOURCE + # endif ++# include + #endif + #if TM_IN_SYS_TIME + #include +@@ -64,56 +63,50 @@ + * PHP_EXT_DES_CRYPT, PHP_MD5_CRYPT and PHP_BLOWFISH_CRYPT as appropriate + * for the target platform. */ + +-#if PHP_STD_DES_CRYPT +-#define PHP_MAX_SALT_LEN 2 +-#endif +- +-#if PHP_EXT_DES_CRYPT +-#undef PHP_MAX_SALT_LEN +-#define PHP_MAX_SALT_LEN 9 ++#if defined(HAVE_CRYPT_R) && (defined(_REENTRANT) || defined(_THREAD_SAFE)) ++# define PHP_USE_SYSTEM_CRYPT_R + #endif + +-#if PHP_MD5_CRYPT +-#undef PHP_MAX_SALT_LEN +-#define PHP_MAX_SALT_LEN 12 +-#endif ++#define PHP_MAX_STD_DES_SALT_LEN 2 ++#define PHP_MAX_STD_DES_HASH_LEN 11 + +-#if PHP_BLOWFISH_CRYPT +-#undef PHP_MAX_SALT_LEN +-#define PHP_MAX_SALT_LEN 60 +-#endif +- +-#if PHP_SHA512_CRYPT +-#undef PHP_MAX_SALT_LEN +-#define PHP_MAX_SALT_LEN 123 +-#endif +- +- +-/* If the configure-time checks fail, we provide DES. +- * XXX: This is a hack. Fix the real problem! */ +- +-#ifndef PHP_MAX_SALT_LEN +-#define PHP_MAX_SALT_LEN 2 +-#undef PHP_STD_DES_CRYPT +-#define PHP_STD_DES_CRYPT 1 +-#endif ++#define PHP_MAX_EXT_DES_SALT_LEN 9 ++#define PHP_MAX_EXT_DES_HASH_LEN 11 ++ ++#define PHP_MAX_MD5_SALT_LEN 12 ++#define PHP_MAX_MD5_HASH_LEN 22 ++ ++#define PHP_MAX_BLOWFISH_SALT_LEN 29 ++#define PHP_MAX_BLOWFISH_HASH_LEN 31 ++ ++#define PHP_MAX_SHA256_SALT_LEN 37 ++#define PHP_MAX_SHA256_HASH_LEN 43 ++ ++#define PHP_MAX_SHA512_SALT_LEN 37 ++#define PHP_MAX_SHA512_HASH_LEN 86 ++ ++/* ++ * Maximum salt length is from SHA512 ++ * Maximum hash length is from SHA512 ++ */ ++#define PHP_MAX_SALT_LEN 37 ++#define PHP_MAX_HASH_LEN 86 + + #define PHP_CRYPT_RAND php_rand(TSRMLS_C) + + PHP_MINIT_FUNCTION(crypt) /* {{{ */ + { + REGISTER_LONG_CONSTANT("CRYPT_SALT_LENGTH", PHP_MAX_SALT_LEN, CONST_CS | CONST_PERSISTENT); +- REGISTER_LONG_CONSTANT("CRYPT_STD_DES", PHP_STD_DES_CRYPT, CONST_CS | CONST_PERSISTENT); +- REGISTER_LONG_CONSTANT("CRYPT_EXT_DES", PHP_EXT_DES_CRYPT, CONST_CS | CONST_PERSISTENT); +- REGISTER_LONG_CONSTANT("CRYPT_MD5", PHP_MD5_CRYPT, CONST_CS | CONST_PERSISTENT); +- REGISTER_LONG_CONSTANT("CRYPT_BLOWFISH", PHP_BLOWFISH_CRYPT, CONST_CS | CONST_PERSISTENT); +- ++ REGISTER_LONG_CONSTANT("CRYPT_STD_DES", PHP_STD_DES_CRYPT | PHP_USE_PHP_CRYPT_R, CONST_CS | CONST_PERSISTENT); ++ REGISTER_LONG_CONSTANT("CRYPT_EXT_DES", PHP_EXT_DES_CRYPT | PHP_USE_PHP_CRYPT_R, CONST_CS | CONST_PERSISTENT); ++ REGISTER_LONG_CONSTANT("CRYPT_MD5", PHP_MD5_CRYPT | PHP_USE_PHP_CRYPT_R, CONST_CS | CONST_PERSISTENT); ++ REGISTER_LONG_CONSTANT("CRYPT_BLOWFISH", PHP_BLOWFISH_CRYPT | PHP_USE_PHP_CRYPT_R, CONST_CS | CONST_PERSISTENT); + #ifdef PHP_SHA256_CRYPT +- REGISTER_LONG_CONSTANT("CRYPT_SHA256", PHP_SHA256_CRYPT, CONST_CS | CONST_PERSISTENT); ++ REGISTER_LONG_CONSTANT("CRYPT_SHA256", PHP_SHA256_CRYPT | PHP_USE_PHP_CRYPT_R, CONST_CS | CONST_PERSISTENT); + #endif + + #ifdef PHP_SHA512_CRYPT +- REGISTER_LONG_CONSTANT("CRYPT_SHA512", PHP_SHA512_CRYPT, CONST_CS | CONST_PERSISTENT); ++ REGISTER_LONG_CONSTANT("CRYPT_SHA512", PHP_SHA512_CRYPT | PHP_USE_PHP_CRYPT_R, CONST_CS | CONST_PERSISTENT); + #endif + + #if PHP_USE_PHP_CRYPT_R +@@ -124,15 +117,15 @@ PHP_MINIT_FUNCTION(crypt) /* {{{ */ + } + /* }}} */ + ++#if PHP_USE_PHP_CRYPT_R + PHP_MSHUTDOWN_FUNCTION(crypt) /* {{{ */ + { +-#if PHP_USE_PHP_CRYPT_R + php_shutdown_crypt_r(); +-#endif + + return SUCCESS; + } + /* }}} */ ++#endif + + static unsigned char itoa64[] = "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"; + +@@ -150,160 +143,160 @@ static void php_to64(char *s, long v, in + PHP_FUNCTION(crypt) + { + char salt[PHP_MAX_SALT_LEN + 1]; ++ int salt_len = 0; ++ char output[PHP_MAX_SALT_LEN + PHP_MAX_HASH_LEN + 1]; + char *str, *salt_in = NULL; + int str_len, salt_in_len = 0; +- char *crypt_res; +- salt[0] = salt[PHP_MAX_SALT_LEN] = '\0'; ++ char *crypt_res = NULL; ++#if PHP_USE_PHP_CRYPT_R ++ struct php_crypt_extended_data extended_buffer; ++#endif ++#if defined(PHP_USE_SYSTEM_CRYPT_R) ++# if defined(CRYPT_R_STRUCT_CRYPT_DATA) ++ struct crypt_data buffer; ++# elif defined(CRYPT_R_CRYPTD) ++ CRYPTD buffer; ++# else ++# error Data struct used by crypt_r() is unknown. Please report. ++# endif ++#endif + +- /* This will produce suitable results if people depend on DES-encryption +- * available (passing always 2-character salt). At least for glibc6.1 */ +- memset(&salt[1], '$', PHP_MAX_SALT_LEN - 1); ++ salt[0] = salt[PHP_MAX_SALT_LEN] = '\0'; + + if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s|s", &str, &str_len, &salt_in, &salt_in_len) == FAILURE) { + return; + } + +- if (salt_in) { +- memcpy(salt, salt_in, MIN(PHP_MAX_SALT_LEN, salt_in_len)); +- } +- +- /* The automatic salt generation covers standard DES, md5-crypt and Blowfish (simple) */ +- if (!*salt) { +-#if PHP_MD5_CRYPT +- strncpy(salt, "$1$", PHP_MAX_SALT_LEN); ++ if (salt_in && (salt_in_len > 0)) { ++ salt_len = MIN(PHP_MAX_SALT_LEN, salt_in_len); ++ memcpy(salt, salt_in, salt_len); ++ salt[salt_len] = '\0'; ++ } else { ++ /* Use SHA512 as default algorithm */ ++ salt[0] = '$'; salt[1] = '6'; salt[2] = '$'; + php_to64(&salt[3], PHP_CRYPT_RAND, 4); + php_to64(&salt[7], PHP_CRYPT_RAND, 4); +- strncpy(&salt[11], "$", PHP_MAX_SALT_LEN - 11); +-#elif PHP_STD_DES_CRYPT +- php_to64(&salt[0], PHP_CRYPT_RAND, 2); +- salt[2] = '\0'; +-#endif +- salt_in_len = strlen(salt); +- } else { +- salt_in_len = MIN(PHP_MAX_SALT_LEN, salt_in_len); ++ salt[11] = '$'; salt[12] = '\0'; ++ salt_len = 12; + } + + /* Windows (win32/crypt) has a stripped down version of libxcrypt and + a CryptoApi md5_crypt implementation */ +-#if PHP_USE_PHP_CRYPT_R + { +- struct php_crypt_extended_data buffer; ++#if PHP_USE_PHP_CRYPT_R ++ memset(&extended_buffer, 0, sizeof(extended_buffer)); ++#endif ++#if defined(PHP_USE_SYSTEM_CRYPT_R) ++# if defined(CRYPT_R_STRUCT_CRYPT_DATA) ++ buffer->initialized = 0; ++# else ++ memset(&buffer, 0, sizeof(buffer)); ++# endif ++#endif + + if (salt[0]=='$' && salt[1]=='1' && salt[2]=='$') { +- char output[MD5_HASH_MAX_LEN]; +- +- RETURN_STRING(php_md5_crypt_r(str, salt, output), 1); ++ /* CRYPT_MD5 */ ++#if PHP_MD5_CRYPT ++# if defined(PHP_USE_SYSTEM_CRYPT_R) ++# warning Using system MD5 crypt function, which is OK on Debian system ++ crypt_res = crypt_r(str, salt, &buffer); ++# else ++ crypt_res = crypt(str, salt); ++# endif ++#elif PHP_USE_PHP_CRYPT_R ++# error Using PHP MD5 crypt function, should not happen on Debian system ++ crypt_res = php_md5_crypt_r(str, salt, output); ++#endif + } else if (salt[0]=='$' && salt[1]=='6' && salt[2]=='$') { +- const char sha512_salt_prefix[] = "$6$"; +- const char sha512_rounds_prefix[] = "rounds="; +- char *output; +- int needed = (sizeof(sha512_salt_prefix) - 1 +- + sizeof(sha512_rounds_prefix) + 9 + 1 +- + strlen(salt) + 1 + 43 + 1); +- output = emalloc(needed * sizeof(char *)); +- salt[salt_in_len] = '\0'; +- +- crypt_res = php_sha512_crypt_r(str, salt, output, needed); +- if (!crypt_res) { +- if (salt[0]=='*' && salt[1]=='0') { +- RETVAL_STRING("*1", 1); +- } else { +- RETVAL_STRING("*0", 1); +- } +- } else { +- RETVAL_STRING(output, 1); +- } +- +- memset(output, 0, PHP_MAX_SALT_LEN + 1); +- efree(output); ++ /* CRYPT_SHA512 */ ++#if PHP_SHA512_CRYPT ++# warning Using system SHA512 crypt function, which is OK on Debian system ++# if defined(PHP_USE_SYSTEM_CRYPT_R) ++ crypt_res = crypt_r(str, salt, &buffer); ++# else ++ crypt_res = crypt(str, salt); ++# endif ++#elif PHP_USE_PHP_CRYPT_R ++# error Using PHP SHA512 crypt function, should not happen on Debian system ++ crypt_res = php_sha512_crypt_r(str, salt, output, sizeof(output)); ++#endif + } else if (salt[0]=='$' && salt[1]=='5' && salt[2]=='$') { +- const char sha256_salt_prefix[] = "$5$"; +- const char sha256_rounds_prefix[] = "rounds="; +- char *output; +- int needed = (sizeof(sha256_salt_prefix) - 1 +- + sizeof(sha256_rounds_prefix) + 9 + 1 +- + strlen(salt) + 1 + 43 + 1); +- output = emalloc(needed * sizeof(char *)); +- salt[salt_in_len] = '\0'; +- +- crypt_res = php_sha256_crypt_r(str, salt, output, needed); +- if (!crypt_res) { +- if (salt[0]=='*' && salt[1]=='0') { +- RETVAL_STRING("*1", 1); +- } else { +- RETVAL_STRING("*0", 1); +- } +- } else { +- RETVAL_STRING(output, 1); +- } +- +- memset(output, 0, PHP_MAX_SALT_LEN + 1); +- efree(output); ++ /* CRYPT_SHA256 */ ++#if PHP_SHA256_CRYPT ++# warning Using system SHA256 crypt function, which is OK on Debian system ++# if defined(PHP_USE_SYSTEM_CRYPT_R) ++ crypt_res = crypt_r(str, salt, &buffer); ++# else ++ crypt_res = crypt(str, salt); ++# endif ++#elif PHP_USE_PHP_CRYPT_R ++# error Using PHP SHA256 crypt function, should not happen on Debian system ++ crypt_res = php_sha256_crypt_r(str, salt, output, sizeof(output)); ++#endif + } else if ( + salt[0] == '$' && + salt[1] == '2' && + salt[2] >= 'a' && salt[2] <= 'z' && + salt[3] == '$' && +- salt[4] >= '0' && salt[4] <= '3' && +- salt[5] >= '0' && salt[5] <= '9' && + salt[6] == '$') { +- char output[PHP_MAX_SALT_LEN + 1]; +- +- memset(output, 0, PHP_MAX_SALT_LEN + 1); +- ++ /* CRYPT_BLOWFISH */ ++#if PHP_BLOWFISH_CRYPT ++# error Using system BlowFish crypt function, should not happen on Debian system ++# if defined(PHP_USE_SYSTEM_CRYPT_R) ++ crypt_res = crypt_r(str, salt, &buffer); ++# else ++ crypt_res = crypt(str, salt); ++# endif ++#elif PHP_USE_PHP_CRYPT_R ++# warning Using PHP BlowFish crypt function, which is OK on Debian system + crypt_res = php_crypt_blowfish_rn(str, salt, output, sizeof(output)); +- if (!crypt_res) { +- if (salt[0]=='*' && salt[1]=='0') { +- RETVAL_STRING("*1", 1); +- } else { +- RETVAL_STRING("*0", 1); +- } +- } else { +- RETVAL_STRING(output, 1); +- } +- +- memset(output, 0, PHP_MAX_SALT_LEN + 1); ++#endif ++ } else if (salt[0]=='_' && ++ salt_len == 9) { ++ /* CRYPT_EXT_DES */ ++#if PHP_EXT_DES_CRYPT ++# error Using system extended DES crypt function, should not happen on Debian system ++# if defined(PHP_USE_SYSTEM_CRYPT_R) ++ crypt_res = crypt_r(str, salt, &buffer); ++# else ++ crypt_res = crypt(str, salt); ++# endif ++#elif PHP_USE_PHP_CRYPT_R ++# warning Using PHP extended DES crypt function, which is OK on Debian system ++ _crypt_extended_init_r(); ++ crypt_res = _crypt_extended_r(str, salt, &extended_buffer); ++#endif + } else { +- memset(&buffer, 0, sizeof(buffer)); ++ /* CRYPT_STD_DES */ ++#if PHP_STD_DES_CRYPT ++# warning Using system standard DES crypt function, which is OK on Debian system ++# if defined(PHP_USE_SYSTEM_CRYPT_R) ++ crypt_res = crypt_r(str, salt, &buffer); ++# else ++ crypt_res = crypt(str, salt); ++# endif ++#elif PHP_USE_PHP_CRYPT_R ++# error Using PHP standard DES crypt function, should not happen on Debian system + _crypt_extended_init_r(); ++ crypt_res = _crypt_extended_r(str, salt, &extended_buffer); ++#endif ++ } + +- crypt_res = _crypt_extended_r(str, salt, &buffer); +- if (!crypt_res) { +- if (salt[0]=='*' && salt[1]=='0') { +- RETURN_STRING("*1", 1); +- } else { +- RETURN_STRING("*0", 1); +- } ++ if (!crypt_res) { ++ if (salt[0]=='*' && salt[1]=='0') { ++ RETVAL_STRING("*1", 1); + } else { +- RETURN_STRING(crypt_res, 1); ++ RETVAL_STRING("*0", 1); + } ++ } else { ++ RETVAL_STRING(crypt_res, 1); + } +- } +-#else + +-# if defined(HAVE_CRYPT_R) && (defined(_REENTRANT) || defined(_THREAD_SAFE)) +- { +-# if defined(CRYPT_R_STRUCT_CRYPT_DATA) +- struct crypt_data buffer; +- memset(&buffer, 0, sizeof(buffer)); +-# elif defined(CRYPT_R_CRYPTD) +- CRYPTD buffer; +-# else +-# error Data struct used by crypt_r() is unknown. Please report. +-# endif +- crypt_res = crypt_r(str, salt, &buffer); +- if (!crypt_res) { +- if (salt[0]=='*' && salt[1]=='0') { +- RETURN_STRING("*1", 1); +- } else { +- RETURN_STRING("*0", 1); +- } +- } else { +- RETURN_STRING(crypt_res, 1); ++ memset(salt, 0, sizeof(salt)); ++ if (output[0]!='\0') { ++ memset(output, 0, sizeof(output)); + } + } +-# endif +-#endif + } + /* }}} */ + #endif +--- a/configure.in ++++ b/configure.in +@@ -678,11 +678,6 @@ PHP_TIME_R_TYPE + PHP_READDIR_R_TYPE + PHP_CHECK_IN_ADDR_T + +-AC_CHECK_FUNCS(crypt_r, [ php_crypt_r="1" ], [ php_crypt_r="0" ]) +-if test "x$php_crypt_r" = "x1"; then +- PHP_CRYPT_R_STYLE +-fi +- + dnl divert(4) + + dnl ## In diversion 4 we check user-configurable general settings. --- php5-5.3.10.orig/debian/patches/fpm-config.patch +++ php5-5.3.10/debian/patches/fpm-config.patch @@ -0,0 +1,80 @@ +Description: Add major version number to paths and allow process pools + to be configured in individual files in /etc/php5/fpm/pool.d/ +Origin: vendor +Forwarded: not-needed +Last-Update: 2010-07-30 + +--- a/sapi/fpm/php-fpm.conf.in ++++ b/sapi/fpm/php-fpm.conf.in +@@ -12,7 +12,7 @@ + ; Relative path can also be used. They will be prefixed by: + ; - the global prefix if it's been set (-p arguement) + ; - @prefix@ otherwise +-;include=etc/fpm.d/*.conf ++;include=@EXPANDED_SYSCONFDIR@/php5/fpm/*.conf + + ;;;;;;;;;;;;;;;;;; + ; Global Options ; +@@ -23,6 +23,7 @@ + ; Note: the default prefix is @EXPANDED_LOCALSTATEDIR@ + ; Default Value: none + ;pid = run/php-fpm.pid ++pid = @EXPANDED_LOCALSTATEDIR@/run/php5-fpm.pid + + ; Error log file + ; If it's set to "syslog", log is sent to syslogd instead of being written +@@ -30,6 +31,7 @@ + ; Note: the default prefix is @EXPANDED_LOCALSTATEDIR@ + ; Default Value: log/php-fpm.log + ;error_log = log/php-fpm.log ++error_log = @EXPANDED_LOCALSTATEDIR@/log/php5-fpm.log + + ; syslog_facility is used to specify what type of program is logging the + ; message. This lets syslogd specify that messages from different facilities +@@ -108,6 +110,10 @@ + ; used in logs and stats. There is no limitation on the number of pools which + ; FPM can handle. Your system will tell you anyway :) + ++; To configure the pools it is recommended to have one .conf file per ++; pool in the following directory: ++include=@EXPANDED_SYSCONFDIR@/php5/fpm/pool.d/*.conf ++ + ; Start a new pool named 'www'. + ; the variable $pool can we used in any directive and will be replaced by the + ; pool name ('www' here) +@@ -198,22 +204,22 @@ pm = dynamic + ; forget to tweak pm.* to fit your needs. + ; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand' + ; Note: This value is mandatory. +-pm.max_children = 5 ++pm.max_children = 10 + + ; The number of child processes created on startup. + ; Note: Used only when pm is set to 'dynamic' + ; Default Value: min_spare_servers + (max_spare_servers - min_spare_servers) / 2 +-pm.start_servers = 2 ++pm.start_servers = 4 + + ; The desired minimum number of idle server processes. + ; Note: Used only when pm is set to 'dynamic' + ; Note: Mandatory when pm is set to 'dynamic' +-pm.min_spare_servers = 1 ++pm.min_spare_servers = 2 + + ; The desired maximum number of idle server processes. + ; Note: Used only when pm is set to 'dynamic' + ; Note: Mandatory when pm is set to 'dynamic' +-pm.max_spare_servers = 3 ++pm.max_spare_servers = 6 + + ; The number of seconds after which an idle process will be killed. + ; Note: Used only when pm is set to 'ondemand' +@@ -442,7 +448,7 @@ pm.max_spare_servers = 3 + ; Chdir to this directory at the start. + ; Note: relative path can be used. + ; Default Value: current directory or / when chroot +-;chdir = /var/www ++chdir = / + + ; Redirect worker stdout and stderr into main error log. If not set, stdout and + ; stderr will be redirected to /dev/null according to FastCGI specs. --- php5-5.3.10.orig/debian/patches/CVE-2016-6297.patch +++ php5-5.3.10/debian/patches/CVE-2016-6297.patch @@ -0,0 +1,43 @@ +Description: fix integer overflow in php_stream_zip_opener +Origin: backport, http://git.php.net/?p=php-src.git;a=commit;h=81406c0c1d45f75fcc7972ed974d2597abb0b9e9 +Origin: backport, http://git.php.net/?p=php-src.git;a=commit;h=8ebdb1f5fd19cb15dd6ac7700c781ede5dcbba95 +Bug: https://bugs.php.net/bug.php?id=72520 + +Index: php5-5.5.9+dfsg/ext/zip/zip_stream.c +=================================================================== +--- php5-5.5.9+dfsg.orig/ext/zip/zip_stream.c 2014-02-05 05:00:36.000000000 -0500 ++++ php5-5.5.9+dfsg/ext/zip/zip_stream.c 2016-07-28 08:55:59.659839504 -0400 +@@ -101,13 +101,13 @@ + { + struct zip_stat sb; + const char *path = stream->orig_path; +- int path_len = strlen(stream->orig_path); ++ size_t path_len = strlen(stream->orig_path); + char *file_basename; + size_t file_basename_len; + char file_dirname[MAXPATHLEN]; + struct zip *za; + char *fragment; +- int fragment_len; ++ size_t fragment_len; + int err; + + fragment = strchr(path, '#'); +@@ -241,7 +241,7 @@ + char **opened_path, + php_stream_context *context STREAMS_DC TSRMLS_DC) + { +- int path_len; ++ size_t path_len; + + char *file_basename; + size_t file_basename_len; +@@ -250,7 +250,7 @@ + struct zip *za; + struct zip_file *zf = NULL; + char *fragment; +- int fragment_len; ++ size_t fragment_len; + int err; + + php_stream *stream = NULL; --- php5-5.3.10.orig/debian/patches/CVE-2015-2787.patch +++ php5-5.3.10/debian/patches/CVE-2015-2787.patch @@ -0,0 +1,29 @@ +Description: fix arbitrary code exection via process_nested_data use-after-free +Origin: backport, https://github.com/php/php-src/commit/780222f97f47644a6a118ada86a269a96a1e8134 +Origin: backport, https://github.com/php/php-src/commit/d76b293ac71aa5bd4e9a433192afef6e0dd5a4ee +Bug: https://bugs.php.net/bug.php?id=68976 + +Index: php5-5.3.10/ext/standard/var_unserializer.c +=================================================================== +--- php5-5.3.10.orig/ext/standard/var_unserializer.c 2015-04-17 06:24:38.154295164 -0400 ++++ php5-5.3.10/ext/standard/var_unserializer.c 2015-04-17 06:24:38.154295164 -0400 +@@ -304,6 +304,7 @@ + zend_hash_update(ht, Z_STRVAL_P(key), Z_STRLEN_P(key) + 1, &data, + sizeof data, NULL); + } ++ var_push_dtor(var_hash, &data); + + zval_dtor(key); + FREE_ZVAL(key); +Index: php5-5.3.10/ext/standard/var_unserializer.re +=================================================================== +--- php5-5.3.10.orig/ext/standard/var_unserializer.re 2015-04-17 06:24:38.154295164 -0400 ++++ php5-5.3.10/ext/standard/var_unserializer.re 2015-04-17 06:24:38.154295164 -0400 +@@ -310,6 +310,7 @@ + zend_hash_update(ht, Z_STRVAL_P(key), Z_STRLEN_P(key) + 1, &data, + sizeof data, NULL); + } ++ var_push_dtor(var_hash, &data); + + zval_dtor(key); + FREE_ZVAL(key); --- php5-5.3.10.orig/debian/patches/116-posixness_fix.patch +++ php5-5.3.10/debian/patches/116-posixness_fix.patch @@ -0,0 +1,52 @@ +--- a/TSRM/tsrm_config_common.h ++++ b/TSRM/tsrm_config_common.h +@@ -1,6 +1,10 @@ + #ifndef TSRM_CONFIG_COMMON_H + #define TSRM_CONFIG_COMMON_H + ++#ifndef PATH_MAX ++#define PATH_MAX 4096 ++#endif ++ + #ifndef __CYGWIN__ + # if WINNT|WIN32 + # define TSRM_WIN32 +--- a/ext/date/lib/parse_tz.c ++++ b/ext/date/lib/parse_tz.c +@@ -18,6 +18,10 @@ + + /* $Id: parse_tz.c 311110 2011-05-16 21:29:45Z johannes $ */ + ++#ifndef PATH_MAX ++#define PATH_MAX 4096 ++#endif ++ + #include "timelib.h" + + #include +--- a/ext/standard/proc_open.c ++++ b/ext/standard/proc_open.c +@@ -24,6 +24,10 @@ + # define __EXTENSIONS__ 1 /* Solaris: uint */ + #endif + ++#ifndef PATH_MAX ++#define PATH_MAX 4096 ++#endif ++ + #include "php.h" + #include + #include +--- a/main/php.h ++++ b/main/php.h +@@ -248,6 +248,10 @@ END_EXTERN_C() + /* macros */ + #define STR_PRINT(str) ((str)?(str):"") + ++#ifndef PATH_MAX ++#define PATH_MAX 4096 ++#endif ++ + #ifndef MAXPATHLEN + # ifdef PATH_MAX + # define MAXPATHLEN PATH_MAX --- php5-5.3.10.orig/debian/patches/CVE-2015-6832.patch +++ php5-5.3.10/debian/patches/CVE-2015-6832.patch @@ -0,0 +1,49 @@ +Backport of: + +From b7fa67742cd8d2b0ca0c0273b157f6ffee9ad6e2 Mon Sep 17 00:00:00 2001 +From: Stanislav Malyshev +Date: Sun, 26 Jul 2015 17:25:25 -0700 +Subject: [PATCH] Fix bug #70068 (Dangling pointer in the unserialization of + ArrayObject items) + +--- + ext/spl/spl_array.c | 90 +++++++++++++++++++++++---------------------- + ext/spl/tests/bug70068.phpt | 9 +++++ + 2 files changed, 56 insertions(+), 43 deletions(-) + create mode 100644 ext/spl/tests/bug70068.phpt + +Index: php5-5.3.10/ext/spl/spl_array.c +=================================================================== +--- php5-5.3.10.orig/ext/spl/spl_array.c 2015-09-29 18:21:20.612164371 -0400 ++++ php5-5.3.10/ext/spl/spl_array.c 2015-09-29 18:21:43.812004104 -0400 +@@ -1751,14 +1751,12 @@ + + ALLOC_INIT_ZVAL(pflags); + if (!php_var_unserialize(&pflags, &p, s + buf_len, var_hash_p TSRMLS_CC) || Z_TYPE_P(pflags) != IS_LONG) { +- zval_ptr_dtor(&pflags); + goto outexcept; + } + + var_push_dtor(var_hash_p, &pflags); + --p; /* for ';' */ + flags = Z_LVAL_P(pflags); +- zval_ptr_dtor(&pflags); + /* flags needs to be verified and we also need to verify whether the next + * thing we get is ';'. After that we require an 'm' or somethign else + * where 'm' stands for members and anything else should be an array. If +@@ -1805,9 +1803,15 @@ + zval_ptr_dtor(&pmembers); + + /* done reading $serialized */ ++ if (pflags) { ++ zval_ptr_dtor(&pflags); ++ } + return; + + outexcept: ++ if (pflags) { ++ zval_ptr_dtor(&pflags); ++ } + zend_throw_exception_ex(spl_ce_UnexpectedValueException, 0 TSRMLS_CC, "Error at offset %ld of %d bytes", (long)((char*)p - (char *)buf), buf_len); + return; + --- php5-5.3.10.orig/debian/patches/CVE-2014-9767.patch +++ php5-5.3.10/debian/patches/CVE-2014-9767.patch @@ -0,0 +1,66 @@ +From f9c2bf73adb2ede0a486b0db466c264f2b27e0bb Mon Sep 17 00:00:00 2001 +From: Stanislav Malyshev +Date: Sun, 30 Aug 2015 00:38:08 -0700 +Subject: [PATCH] Fixed bug #70350: ZipArchive::extractTo allows for directory + traversal when creating directories + +--- + ext/zip/php_zip.c | 78 ++++++++++++++++++++++----------------------- + ext/zip/tests/bug70350.phpt | 33 +++++++++++++++++++ + 2 files changed, 72 insertions(+), 39 deletions(-) + create mode 100644 ext/zip/tests/bug70350.phpt + +Note: +Also includes http://git.php.net/?p=php-src.git;a=commit;h=906f19f1365488f90f7473e833a7a13f2c1387ac + +Index: php5-5.3.10/ext/zip/php_zip.c +=================================================================== +--- php5-5.3.10.orig/ext/zip/php_zip.c 2016-04-18 09:45:17.387392277 -0400 ++++ php5-5.3.10/ext/zip/php_zip.c 2016-04-18 09:45:17.379396242 -0400 +@@ -173,7 +173,7 @@ + + /* it is a directory only, see #40228 */ + if (path_cleaned_len > 1 && IS_SLASH(path_cleaned[path_cleaned_len - 1])) { +- len = spprintf(&file_dirname_fullpath, 0, "%s/%s", dest, file); ++ len = spprintf(&file_dirname_fullpath, 0, "%s/%s", dest, path_cleaned); + is_dir_only = 1; + } else { + memcpy(file_dirname, path_cleaned, path_cleaned_len); +Index: php5-5.3.10/ext/zip/tests/bug70350.phpt +=================================================================== +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ php5-5.3.10/ext/zip/tests/bug70350.phpt 2016-04-18 09:45:17.383394259 -0400 +@@ -0,0 +1,33 @@ ++--TEST-- ++Bug #70350 (ZipArchive::extractTo allows for directory traversal when creating directories) ++--SKIPIF-- ++ ++--FILE-- ++open("$dir/a.zip",ZipArchive::CREATE); ++$archive->addEmptyDir("../down2/"); ++$archive->close(); ++ ++$archive2 = new ZipArchive(); ++$archive2->open("$dir/a.zip"); ++$archive2->extractTo($dir); ++$archive2->close(); ++var_dump(file_exists("$dir/down2/")); ++var_dump(file_exists("../down2/")); ++?> ++--CLEAN-- ++ ++--EXPECT-- ++bool(true) ++bool(false) --- php5-5.3.10.orig/debian/patches/029-php.ini_paranoid.patch +++ php5-5.3.10/debian/patches/029-php.ini_paranoid.patch @@ -0,0 +1,1512 @@ +Description: php.ini with paranoid settings +Origin: other +Forwarded: no +Last-Update: 2010-01-18 + +--- /dev/null ++++ b/php.ini-paranoid +@@ -0,0 +1,1504 @@ ++[PHP] ++ ++;;;;;;;;;;; ++; WARNING ; ++;;;;;;;;;;; ++; This file enables many features in the PHP configuration that will ++; break applications that rely on this. Make sure you test applications ++; with this configuration file before enabling it on production. ++ ++;;;;;;;;;;;;;;;;;;; ++; About php.ini ; ++;;;;;;;;;;;;;;;;;;; ++; This file controls many aspects of PHP's behavior. In order for PHP to ++; read it, it must be named 'php.ini'. PHP looks for it in the current ++; working directory, in the path designated by the environment variable ++; PHPRC, and in the path that was defined in compile time (in that order). ++; Under Windows, the compile-time path is the Windows directory. The ++; path in which the php.ini file is looked for can be overridden using ++; the -c argument in command line mode. ++; ++; The syntax of the file is extremely simple. Whitespace and Lines ++; beginning with a semicolon are silently ignored (as you probably guessed). ++; Section headers (e.g. [Foo]) are also silently ignored, even though ++; they might mean something in the future. ++; ++; Directives are specified using the following syntax: ++; directive = value ++; Directive names are *case sensitive* - foo=bar is different from FOO=bar. ++; ++; The value can be a string, a number, a PHP constant (e.g. E_ALL or M_PI), one ++; of the INI constants (On, Off, True, False, Yes, No and None) or an expression ++; (e.g. E_ALL & ~E_NOTICE), or a quoted string ("foo"). ++; ++; Expressions in the INI file are limited to bitwise operators and parentheses: ++; | bitwise OR ++; & bitwise AND ++; ~ bitwise NOT ++; ! boolean NOT ++; ++; Boolean flags can be turned on using the values 1, On, True or Yes. ++; They can be turned off using the values 0, Off, False or No. ++; ++; An empty string can be denoted by simply not writing anything after the equal ++; sign, or by using the None keyword: ++; ++; foo = ; sets foo to an empty string ++; foo = none ; sets foo to an empty string ++; foo = "none" ; sets foo to the string 'none' ++; ++; If you use constants in your value, and these constants belong to a ++; dynamically loaded extension (either a PHP extension or a Zend extension), ++; you may only use these constants *after* the line that loads the extension. ++; ++; ++;;;;;;;;;;;;;;;;;;; ++; About this file ; ++;;;;;;;;;;;;;;;;;;; ++; ++; This is the paranoid, PHP version of the php.ini-dist file. It ++; sets some non standard settings, that make PHP more efficient, more secure ++; in a very paranoid way. Note that these security settings will make some ++; applications not work properly. ++; ++; The price is that with these settings, PHP may be incompatible with some ++; applications, and sometimes, more difficult to develop with. Using this ++; file is recommended for production sites which want a high degree of ++; security. As all of the changes from the standard settings are thoroughly ++; documented, you can go over each one, ++; and decide whether you want to use it or not. ++; ++; For general information about the php.ini file, please consult the ++; php.ini-dist file, included in your PHP distribution. ++; ++; For further information see ++; http://www.php.net/features.safe-mode ++; http://www.phpsecure.info/ ++; ++; This file is different from the php.ini-dist file in the fact that it features ++; different values for several directives, in order to improve performance, while ++; possibly breaking compatibility with the standard out-of-the-box behavior of ++; PHP 3. Please make sure you read what's different, and modify your scripts ++; accordingly, if you decide to use this file instead. ++; ++; Notice that the paranoid configuration file might not be fully up-to-date ++; with the latest variables available so the diff will catch both the changes ++; to the default variable values as well as the variables that are missing in ++; the paranoid configuration file) ++; ++; This version was generated using the version 5.2.4-2 as a basis. ++; ++; Debian users can find the differences between both configurations might ++; be found by running: ++; ++; $ diff -u /usr/share/doc/php5-common/examples/php.ini-dist \ ++; /usr/share/doc/php5-common/examples/php.ini-paranoid |less ++; ++; ++; This is a (not complete) list of some of the changes introduced in this file: ++; ++; - safe_mode = On [Security, Performance loss] ++; Do UID checks when opening files. Enabling safe_mode also enables ++; other functions related to this mode. For more information read: ++; http://www.php.net/features.safe-mode ++; ++; However, this feature by itself cannot be relied on to protect all applications. ++; It is worthwhile reading also: ++; http://ilia.ws/archives/18_PHPs_safe_mode_or_how_not_to_implement_security.html ++; Bottomline: Do not trust that safe_mode will drive all your security vulnerabilities ++; away. ++; ++; - safe_mode_protected_env_vars = LD_LIBRARY_PATH, PATH [Security] ++; Environment variables that users will not be able to modify through ++; putenv(). PATH is added so that scripts cannot overwrite it ++; ++; - open_basedir = /var/www/:/usr/lib/php4/ [Security, Performance loss] ++; Limits the files that PHP can access to the directories specified. ++; This includes the webroot and the usual location of PHP libraries ++; (e.g. PEAR). Since all file locations are checked against this list ++; before any access is allowed, this impacts in the performance of all ++; file operations. ++; ++; - disable_functions = dl, phpinfo, system, .... [Security] ++; Some functions can be used by attackers and can be malversed by ++; applications, the list (not complete) of functions disabled includes ++; functions which might have a severe impact to the system if wrongly used ++; in scripts or subverted remotely by attackers. ++; ++; - expose_php = Off [?Security?] ++; Not exposing that PHP is used in the site (nor its version) can affect ++; how some dumb worms attempt to attack the site. Many might ++; not check this and attempt to compromise the server nevertheless, ++; however. This setting is just 'security by obscurity' so no real ++; security at all (save vs. the dumbest attackers) ++; ++; - error_log = syslog [Security, Performance log] ++; All errors are reported to syslog so that the errors can be easily ++; sent outsite the site to a syslog server. This prevents an intruder ++; from tampering with them in an attempt to hide his tracks since the ++; logs are stored in a different location. It also helps in forensic ++; investigation or when using automatic tools to produce reports or ++; generate alarms based on the syslog information. ++; ++; - error_reporting = E_ALL [Code Cleanliness, Security(?)] ++; By default, PHP surpresses errors of type E_NOTICE. These error messages ++; are emitted for non-critical errors, but that could be a symptom of a bigger ++; problem. Most notably, this will cause error messages about the use ++; of uninitialized variables to be displayed. ++; ++; - display_errors = Off [Security] ++; With this directive set to off, errors that occur during the execution of ++; scripts will no longer be displayed as a part of the script output, and thus, ++; will no longer be exposed to remote users. With some errors, the error message ++; content may expose information about your script, web server, or database ++; server that may be exploitable for hacking. Production sites should have this ++; directive set to off. ++; - log_errors = On [Security] ++; This directive complements the above one. Any errors that occur during the ++; execution of your script will be logged (typically, to your server's error log, ++; but can be configured in several ways). Along with setting display_errors to off, ++; this setup gives you the ability to fully understand what may have gone wrong, ++; without exposing any sensitive information to remote users. ++; - output_buffering = 4096 [Performance] ++; Set a 4KB output buffer. Enabling output buffering typically results in less ++; writes, and sometimes less packets sent on the wire, which can often lead to ++; better performance. The gain this directive actually yields greatly depends ++; on which Web server you're working with, and what kind of scripts you're using. ++; - register_globals = Off [Security, Performance] ++; Global variables are no longer registered for input data (POST, GET, cookies, ++; environment and other server variables). Instead of using $foo, you must use ++; you can use $_REQUEST["foo"] (includes any variable that arrives through the ++; request, namely, POST, GET and cookie variables), or use one of the specific ++; $_GET["foo"], $_POST["foo"], $_COOKIE["foo"] or $_FILES["foo"], depending ++; on where the input originates. Also, you can look at the ++; import_request_variables() function. ++; Note that register_globals is deprecated in PHP 6.0, because it often ++; leads to security bugs. ++; Read http://php.net/manual/en/security.registerglobals.php for further ++; information. ++; Also notice that applications should not rely on this feature being turned Off ++; to remain secure. ++; - register_long_arrays = Off [Performance] ++; Disables registration of HTTP_GET_VARS ++; - register_argc_argv = Off [Performance] ++; Disables registration of the somewhat redundant $argv and $argc global ++; variables. ++; - include_path = "/usr/share/php" [Security] ++; Only files under /usr can be included, this prevents applications from ++; including files from the same directory they are running in. ++; - magic_quotes_gpc = On [Security] ++; Input data is escaped with slashes so that applications that do ++; not use addslashes() are not so easily subjected to SQL injection ++; when talking to SQL databases. ++; This features is deprecated in PHP 6.0, applications should be fixed to ++; prevent SQL injection attacks through input data and not rely on this feature. ++; - magic_quotes_runtime = On [Security] ++; Quotes in data returned from functions that access external data sources (such as ++; databases) are escapted with a backslash. ++; This features is deprecated in PHP 6.0, applications should be fixed to ++; prevent SQL injection attacks through input data and not rely on this feature. ++; ++; - variables_order = "GPCS" [Performance] ++; The environment variables are not hashed into the $HTTP_ENV_VARS[]. To access ++; environment variables, you can use getenv() instead. ++; - allow_call_time_pass_reference = Off [Code cleanliness] ++; It's not possible to decide to force a variable to be passed by reference ++; when calling a function. The PHP 4 style to do this is by making the ++; function require the relevant argument by reference. ++; ++; - enable_dl = Off [Security] ++; The dl() function is not needed in most environments and does introduce ++; a number of security issues. ++; - file_uploads = Off [Security] ++; File uploads should not be allowed to the server. ++; - allow_url_fopen = Off [Security] ++; File calls should not transparently retrieve files from the network ++; since this could be subverted by attackers in poorly coded scripts ++; by forcing them to download (and execute) malicious remote content ++; from compromised hosts. This behaviour has been observed in automatic ++; worms/tools that use it to scan and propagate through badly written ++; applications (in conjuntion with other unsafe features) ++; http://myhost/myapplication.php?include=http://roguesever/rogueapp.php ++; ++; - session.save_path = /var/lib/php5 [Security] ++; This is defined to a non-world readable directory so users cannot ++; hihack sessions of other users by getting a list of the files. ++; ++; Notice that on on shared servers on a per application basis, otherwise ++; other users would be able to get access to other applications' data by ++; setting a proper session id in a different application. If session paths ++; are not shared sessions of one application will be invalid on another. ++; For more information see: ++; http://php.net/manual/en/ref.session.php#ini.session.save-path ++; and ++; http://php.net/manual/en/function.session-save-path.php ++; - session.cookie_secure = 1 [Security] ++; Cookies will only be sent through secure (SSL) connections. ++; - session.use_only_cookies = 1 [Security] ++; Session ids are not allowed in URLs which make it more difficult for ++; cross site scripting (XSS) attacks to be succesfull and also has the ++; advantaged that session ids will not be stored in the server's logs making ++; them vulnerable to reuse by people with access to the server logs. ++; - session.cookie_httponly = 1 [Security] ++; Cookies can only be set through the HTTP protocol, JavaScript can not ++; modify them, making applications less vulnerable to XSS attacks. This is ++; not supported, however, by all browsers. ++; - session.hash_function = 1 [Security, Performance loss] ++; Use SHA-1 instead of MD5 which is not (yet) broken but there are some known ++; attacks. Slight performance loss as it takes more time to compute. ++; ++; ++; This file is maintained by Javier Fernandez-Sanguino ++; please forward him any suggestions or changes you believe might be appropiate ++ ++ ++;;;;;;;;;;;;;;;;;;;; ++; Language Options ; ++;;;;;;;;;;;;;;;;;;;; ++ ++; Enable the PHP scripting language engine under Apache. ++engine = On ++ ++; Enable compatibility mode with Zend Engine 1 (PHP 4.x) ++zend.ze1_compatibility_mode = Off ++ ++; Allow the tags are recognized. ++; NOTE: Using short tags should be avoided when developing applications or ++; libraries that are meant for redistribution, or deployment on PHP ++; servers which are not under your control, because short tags may not ++; be supported on the target server. For portable, redistributable code, ++; be sure not to use short tags. ++short_open_tag = On ++ ++; Allow ASP-style <% %> tags. ++asp_tags = Off ++ ++; The number of significant digits displayed in floating point numbers. ++precision = 12 ++ ++; Enforce year 2000 compliance (will cause problems with non-compliant browsers) ++y2k_compliance = On ++ ++; Output buffering allows you to send header lines (including cookies) even ++; after you send body content, at the price of slowing PHP's output layer a ++; bit. You can enable output buffering during runtime by calling the output ++; buffering functions. You can also enable output buffering for all files by ++; setting this directive to On. If you wish to limit the size of the buffer ++; to a certain size - you can use a maximum number of bytes instead of 'On', as ++; a value for this directive (e.g., output_buffering=4096). ++output_buffering = 4096 ++ ++; You can redirect all of the output of your scripts to a function. For ++; example, if you set output_handler to "mb_output_handler", character ++; encoding will be transparently converted to the specified encoding. ++; Setting any output handler automatically turns on output buffering. ++; Note: People who wrote portable scripts should not depend on this ini ++; directive. Instead, explicitly set the output handler using ob_start(). ++; Using this ini directive may cause problems unless you know what script ++; is doing. ++; Note: You cannot use both "mb_output_handler" with "ob_iconv_handler" ++; and you cannot use both "ob_gzhandler" and "zlib.output_compression". ++; Note: output_handler must be empty if this is set 'On' !!!! ++; Instead you must use zlib.output_handler. ++;output_handler = ++ ++; Transparent output compression using the zlib library ++; Valid values for this option are 'off', 'on', or a specific buffer size ++; to be used for compression (default is 4KB) ++; Note: Resulting chunk size may vary due to nature of compression. PHP ++; outputs chunks that are few hundreds bytes each as a result of ++; compression. If you prefer a larger chunk size for better ++; performance, enable output_buffering in addition. ++; Note: You need to use zlib.output_handler instead of the standard ++; output_handler, or otherwise the output will be corrupted. ++zlib.output_compression = Off ++ ++; You cannot specify additional output handlers if zlib.output_compression ++; is activated here. This setting does the same as output_handler but in ++; a different order. ++;zlib.output_handler = ++ ++; Implicit flush tells PHP to tell the output layer to flush itself ++; automatically after every output block. This is equivalent to calling the ++; PHP function flush() after each and every call to print() or echo() and each ++; and every HTML block. Turning this option on has serious performance ++; implications and is generally recommended for debugging purposes only. ++implicit_flush = Off ++ ++; The unserialize callback function will be called (with the undefined class' ++; name as parameter), if the unserializer finds an undefined class ++; which should be instantiated. ++; A warning appears if the specified function is not defined, or if the ++; function doesn't include/implement the missing class. ++; So only set this entry, if you really want to implement such a ++; callback-function. ++unserialize_callback_func= ++ ++; When floats & doubles are serialized store serialize_precision significant ++; digits after the floating point. The default value ensures that when floats ++; are decoded with unserialize, the data will remain the same. ++serialize_precision = 100 ++ ++; Whether to enable the ability to force arguments to be passed by reference ++; at function call time. This method is deprecated and is likely to be ++; unsupported in future versions of PHP/Zend. The encouraged method of ++; specifying which arguments should be passed by reference is in the function ++; declaration. You're encouraged to try and turn this option Off and make ++; sure your scripts work properly with it in order to ensure they will work ++; with future versions of the language (you will receive a warning each time ++; you use this feature, and the argument will be passed by value instead of by ++; reference). ++allow_call_time_pass_reference = Off ++ ++; ++; Safe Mode ++; ++; Notice that with this mode on PHP will not create new files in ++; directories which have different owner than the owner of the script. This ++; typically applies to /tmp, so contrary to Unix intuition, you will not be able ++; to create new files there (even if the /tmp rights are set correctly). ++; ++; NOTE: this is considered a "broken" security measure. ++; Applications relying on this feature will not recieve full ++; support by the security team. For more information please ++; see /usr/share/doc/php5-common/README.Debian.security ++; ++safe_mode = On ++ ++; By default, Safe Mode does a UID compare check when ++; opening files. If you want to relax this to a GID compare, ++; then turn on safe_mode_gid. ++safe_mode_gid = Off ++ ++; When safe_mode is on, UID/GID checks are bypassed when ++; including files from this directory and its subdirectories. ++; (directory must also be in include_path or full path must ++; be used when including) ++safe_mode_include_dir = ++ ++; When safe_mode is on, only executables located in the safe_mode_exec_dir ++; will be allowed to be executed via the exec family of functions. ++; ++; Note: This should be customised per site (if exec is permitted) ++safe_mode_exec_dir = ++ ++; Setting certain environment variables may be a potential security breach. ++; This directive contains a comma-delimited list of prefixes. In Safe Mode, ++; the user may only alter environment variables whose names begin with the ++; prefixes supplied here. By default, users will only be able to set ++; environment variables that begin with PHP_ (e.g. PHP_FOO=BAR). ++; ++; Note: If this directive is empty, PHP will let the user modify ANY ++; environment variable! ++safe_mode_allowed_env_vars = PHP_ ++ ++; This directive contains a comma-delimited list of environment variables that ++; the end user won't be able to change using putenv(). These variables will be ++; protected even if safe_mode_allowed_env_vars is set to allow to change them. ++safe_mode_protected_env_vars = LD_LIBRARY_PATH,PATH ++ ++; open_basedir, if set, limits all file operations to the defined directory ++; and below. This directive makes most sense if used in a per-directory ++; or per-virtualhost web server configuration file. This directive is ++; *NOT* affected by whether Safe Mode is turned On or Off. ++; ++; In Debian, the WebRoot is /var/www/ so we limit file operations to it. ++; ++; NOTE: this is considered a "broken" security measure. ++; Applications relying on this feature will not recieve full ++; support by the security team. For more information please ++; see /usr/share/doc/php5-common/README.Debian.security ++open_basedir = /var/www/:/usr/lib/php4/ ++ ++; This directive allows you to disable certain functions for security reasons. ++; It receives a comma-delimited list of function names. This directive is ++; *NOT* affected by whether Safe Mode is turned On or Off. ++; ++; Notes: ++; - The list of functions disabled here might break some applications ++; however, they are considered dangerous and often subverted by attackers ++; remotely. ++; - 'include' is not in the list, if your applications do not depend on it ++; make sure you add it here too. ++disable_functions = dl, phpinfo, system, mail, shell_exec, exec, escapeshellarg, escapeshellcmd, passthru, proc_close, proc_open, proc_get_status, proc_nice, proc_open, proc_terminate, popen, pclose, chown, disk_free_space, disk_total_space, diskfreespace, fileinode, max_execution_time, set_time_limit, highlight_file, show_source ++ ++; This directive allows you to disable certain classes for security reasons. ++; It receives a comma-delimited list of class names. This directive is ++; *NOT* affected by whether Safe Mode is turned On or Off. ++disable_classes = ++ ++; Colors for Syntax Highlighting mode. Anything that's acceptable in ++; would work. ++;highlight.string = #DD0000 ++;highlight.comment = #FF9900 ++;highlight.keyword = #007700 ++;highlight.bg = #FFFFFF ++;highlight.default = #0000BB ++;highlight.html = #000000 ++ ++; If enabled, the request will be allowed to complete even if the user aborts ++; the request. Consider enabling it if executing long request, which may end up ++; being interrupted by the user or a browser timing out. ++; ignore_user_abort = On ++ ++; Determines the size of the realpath cache to be used by PHP. This value should ++; be increased on systems where PHP opens many files to reflect the quantity of ++; the file operations performed. ++; realpath_cache_size=16k ++ ++; Duration of time, in seconds for which to cache realpath information for a given ++; file or directory. For systems with rarely changing files, consider increasing this ++; value. ++; realpath_cache_ttl=120 ++ ++; ++; Misc ++; ++; Decides whether PHP may expose the fact that it is installed on the server ++; (e.g. by adding its signature to the Web server header). It is no security ++; threat in any way, but it makes it possible to determine whether you use PHP ++; on your server or not. ++expose_php = Off ++ ++ ++;;;;;;;;;;;;;;;;;;; ++; Resource Limits ; ++;;;;;;;;;;;;;;;;;;; ++ ++max_execution_time = 30 ; Maximum execution time of each script, in seconds ++max_input_time = 60 ; Maximum amount of time each script may spend parsing request data ++max_input_nesting_level = 64 ; Maximum input variable nesting level ++memory_limit = 8M ; Maximum amount of memory a script may consume (8MB) ++ ++ ++;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ++; Error handling and logging ; ++;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ++ ++; error_reporting is a bit-field. Or each number up to get desired error ++; reporting level ++; E_ALL - All errors and warnings (doesn't include E_STRICT) ++; E_ERROR - fatal run-time errors ++; E_RECOVERABLE_ERROR - almost fatal run-time errors ++; E_WARNING - run-time warnings (non-fatal errors) ++; E_PARSE - compile-time parse errors ++; E_NOTICE - run-time notices (these are warnings which often result ++; from a bug in your code, but it's possible that it was ++; intentional (e.g., using an uninitialized variable and ++; relying on the fact it's automatically initialized to an ++; empty string) ++; E_STRICT - run-time notices, enable to have PHP suggest changes ++; to your code which will ensure the best interoperability ++; and forward compatibility of your code ++; E_CORE_ERROR - fatal errors that occur during PHP's initial startup ++; E_CORE_WARNING - warnings (non-fatal errors) that occur during PHP's ++; initial startup ++; E_COMPILE_ERROR - fatal compile-time errors ++; E_COMPILE_WARNING - compile-time warnings (non-fatal errors) ++; E_USER_ERROR - user-generated error message ++; E_USER_WARNING - user-generated warning message ++; E_USER_NOTICE - user-generated notice message ++; ++; Examples: ++; ++; - Show all errors, except for notices and coding standards warnings ++; ++;error_reporting = E_ALL & ~E_NOTICE ++; ++; - Show all errors, except for notices ++; ++;error_reporting = E_ALL & ~E_NOTICE | E_STRICT ++; ++; - Show only errors ++; ++;error_reporting = E_COMPILE_ERROR|E_RECOVERABLE_ERROR|E_ERROR|E_CORE_ERROR ++; ++; - Show all errors ++; ++error_reporting = E_ALL ++ ++; Print out errors (as a part of the output). For production web sites, ++; you're strongly encouraged to turn this feature off, and use error logging ++; instead (see below). Keeping display_errors enabled on a production web site ++; may reveal security information to end users, such as file paths on your Web ++; server, your database schema or other information. ++; ++; possible values for display_errors: ++; ++; Off - Do not display any errors ++; stderr - Display errors to STDERR (affects only CGI/CLI binaries!) ++; stdout (On) - Display errors to STDOUT ++; ++display_errors = Off ++ ++; Even when display_errors is on, errors that occur during PHP's startup ++; sequence are not displayed. It's strongly recommended to keep ++; display_startup_errors off, except for when debugging. ++display_startup_errors = Off ++ ++; Log errors into a log file (server-specific log, stderr, or error_log (below)) ++; As stated above, you're strongly advised to use error logging in place of ++; error displaying on production web sites. ++log_errors = On ++ ++; Set maximum length of log_errors. In error_log information about the source is ++; added. The default is 1024 and 0 allows to not apply any maximum length at all. ++log_errors_max_len = 1024 ++ ++; Do not log repeated messages. Repeated errors must occur in same file on same ++; line until ignore_repeated_source is set true. ++ignore_repeated_errors = Off ++ ++; Ignore source of message when ignoring repeated messages. When this setting ++; is On you will not log errors with repeated messages from different files or ++; source lines. ++ignore_repeated_source = Off ++ ++; If this parameter is set to Off, then memory leaks will not be shown (on ++; stdout or in the log). This has only effect in a debug compile, and if ++; error reporting includes E_WARNING in the allowed list ++report_memleaks = On ++ ++;report_zend_debug = 0 ++ ++; Store the last error/warning message in $php_errormsg (boolean). ++track_errors = Off ++ ++; Disable the inclusion of HTML tags in error messages. ++; Note: Never use this feature for production boxes. ++html_errors = Off ++ ++; If html_errors is set On PHP produces clickable error messages that direct ++; to a page describing the error or function causing the error in detail. ++; You can download a copy of the PHP manual from http://www.php.net/docs.php ++; and change docref_root to the base URL of your local copy including the ++; leading '/'. You must also specify the file extension being used including ++; the dot. ++; Note: Never use this feature for production boxes. ++;docref_root = "/phpmanual/" ++;docref_ext = .html ++ ++; String to output before an error message. ++;error_prepend_string = "" ++ ++; String to output after an error message. ++;error_append_string = "" ++ ++; Log errors to specified file. ++;error_log = filename ++ ++; Log errors to syslog (Event Log on NT, not valid in Windows 95). ++error_log = syslog ++ ++ ++;;;;;;;;;;;;;;;;; ++; Data Handling ; ++;;;;;;;;;;;;;;;;; ++; ++; Note - track_vars is ALWAYS enabled as of PHP 4.0.3 ++ ++; The separator used in PHP generated URLs to separate arguments. ++; Default is "&". ++;arg_separator.output = "&" ++ ++; List of separator(s) used by PHP to parse input URLs into variables. ++; Default is "&". ++; NOTE: Every character in this directive is considered as separator! ++;arg_separator.input = ";&" ++ ++; This directive describes the order in which PHP registers GET, POST, Cookie, ++; Environment and Built-in variables (G, P, C, E & S respectively, often ++; referred to as EGPCS or GPC). Registration is done from left to right, newer ++; values override older values. ++variables_order = "GPCS" ++ ++; Whether or not to register the EGPCS variables as global variables. You may ++; want to turn this off if you don't want to clutter your scripts' global scope ++; with user data. This makes most sense when coupled with track_vars - in which ++; case you can access all of the GPC variables through the $HTTP_*_VARS[], ++; variables. ++; ++; You should do your best to write your scripts so that they do not require ++; register_globals to be on; Using form variables as globals can easily lead ++; to possible security problems, if the code is not very well thought of. ++ ++; NOTE: applications relying on this feature will not recieve full ++; support by the security team. For more information please ++; see /usr/share/doc/php5-common/README.Debian.security ++; ++register_globals = Off ++ ++; Whether or not to register the old-style input arrays, HTTP_GET_VARS ++; and friends. If you're not using them, it's recommended to turn them off, ++; for performance reasons. ++register_long_arrays = Off ++ ++; This directive tells PHP whether to declare the argv&argc variables (that ++; would contain the GET information). If you don't use these variables, you ++; should turn it off for increased performance. ++register_argc_argv = Off ++ ++; When enabled, the SERVER and ENV variables are created when they're first ++; used (Just In Time) instead of when the script starts. If these variables ++; are not used within a script, having this directive on will result in a ++; performance gain. The PHP directives register_globals, register_long_arrays, ++; and register_argc_argv must be disabled for this directive to have any affect. ++auto_globals_jit = On ++ ++; Maximum size of POST data that PHP will accept. ++post_max_size = 8M ++ ++; Magic quotes ++; ++ ++; Magic quotes for incoming GET/POST/Cookie data. ++; Note: This feature is deprecated in PHP 6.0. Applications should not rely ++; on this feature to prevent security attacks. ++magic_quotes_gpc = On ++ ++; Magic quotes for runtime-generated data, e.g. data from SQL, from exec(), etc. ++; Note: This feature is deprecated in PHP 6.0. Applications should not rely ++; on this feature to prevent security attacks. ++magic_quotes_runtime = On ++ ++; Use Sybase-style magic quotes (escape ' with '' instead of \'). ++magic_quotes_sybase = Off ++ ++; Automatically add files before or after any PHP document. ++auto_prepend_file = ++auto_append_file = ++ ++; As of 4.0b4, PHP always outputs a character encoding by default in ++; the Content-type: header. To disable sending of the charset, simply ++; set it to be empty. ++; ++; PHP's built-in default is text/html ++default_mimetype = "text/html" ++;default_charset = "iso-8859-1" ++ ++; Always populate the $HTTP_RAW_POST_DATA variable. ++;always_populate_raw_post_data = On ++ ++ ++;;;;;;;;;;;;;;;;;;;;;;;;; ++; Paths and Directories ; ++;;;;;;;;;;;;;;;;;;;;;;;;; ++ ++; UNIX: "/path1:/path2" ++; Note (paranoid): ++; - '.' (the default) is not allowed here, applications that rely on it ++; need to be modified ++; - /usr is allowed, but files there should be protected against being ++; overwritten by mounting the filesystem read-only and should be ++; monitored with a system integrity check tool. ++include_path = "/usr/share/php" ++ ++; Windows: "\path1;\path2" ++;include_path = ".;c:\php\includes" ++ ++; The root of the PHP pages, used only if nonempty. ++; if PHP was not compiled with FORCE_REDIRECT, you SHOULD set doc_root ++; if you are running php as a CGI under any web server (other than IIS) ++; see documentation for security issues. The alternate is to use the ++; cgi.force_redirect configuration below ++doc_root = ++ ++; The directory under which PHP opens the script using /~username used only ++; if nonempty. ++user_dir = ++ ++; Directory in which the loadable extensions (modules) reside. ++; extension_dir = "./" ++ ++; Whether or not to enable the dl() function. The dl() function does NOT work ++; properly in multithreaded servers, such as IIS or Zeus, and is automatically ++; disabled on them. ++; ++; NOTE: this is a potential security hole and is disabled by default in debian ++enable_dl = Off ++ ++; cgi.force_redirect is necessary to provide security running PHP as a CGI under ++; most web servers. Left undefined, PHP turns this on by default. You can ++; turn it off here AT YOUR OWN RISK ++; **You CAN safely turn this off for IIS, in fact, you MUST.** ++; cgi.force_redirect = 1 ++ ++; if cgi.nph is enabled it will force cgi to always sent Status: 200 with ++; every request. ++; cgi.nph = 1 ++ ++; if cgi.force_redirect is turned on, and you are not running under Apache or Netscape ++; (iPlanet) web servers, you MAY need to set an environment variable name that PHP ++; will look for to know it is OK to continue execution. Setting this variable MAY ++; cause security issues, KNOW WHAT YOU ARE DOING FIRST. ++; cgi.redirect_status_env = ; ++ ++; cgi.fix_pathinfo provides *real* PATH_INFO/PATH_TRANSLATED support for CGI. PHP's ++; previous behaviour was to set PATH_TRANSLATED to SCRIPT_FILENAME, and to not grok ++; what PATH_INFO is. For more information on PATH_INFO, see the cgi specs. Setting ++; this to 1 will cause PHP CGI to fix it's paths to conform to the spec. A setting ++; of zero causes PHP to behave as before. Default is 1. You should fix your scripts ++; to use SCRIPT_FILENAME rather than PATH_TRANSLATED. ++cgi.fix_pathinfo=1 ++ ++; FastCGI under IIS (on WINNT based OS) supports the ability to impersonate ++; security tokens of the calling client. This allows IIS to define the ++; security context that the request runs under. mod_fastcgi under Apache ++; does not currently support this feature (03/17/2002) ++; Set to 1 if running under IIS. Default is zero. ++; fastcgi.impersonate = 1; ++ ++; Disable logging through FastCGI connection ++; fastcgi.logging = 0 ++ ++; cgi.rfc2616_headers configuration option tells PHP what type of headers to ++; use when sending HTTP response code. If it's set 0 PHP sends Status: header that ++; is supported by Apache. When this option is set to 1 PHP will send ++; RFC2616 compliant header. ++; Default is zero. ++;cgi.rfc2616_headers = 0 ++ ++ ++;;;;;;;;;;;;;;;; ++; File Uploads ; ++;;;;;;;;;;;;;;;; ++ ++; Whether to allow HTTP file uploads. ++file_uploads = Off ++ ++; Temporary directory for HTTP uploaded files (will use system default if not ++; specified). ++; ++; Note: If enabled above you have to create this directory and set appropiate ++; permissions. The default (/tmp) is insecure since other users might be able ++; to access upload files or make symlink tricks. ++upload_tmp_dir = /var/lib/php5/uploads ++ ++; Maximum allowed size for uploaded files. ++upload_max_filesize = 2M ++ ++ ++;;;;;;;;;;;;;;;;;; ++; Fopen wrappers ; ++;;;;;;;;;;;;;;;;;; ++ ++; Whether to allow the treatment of URLs (like http:// or ftp://) as files. ++; ++; This is turned off to avoid variable redefinition by remote attacker ++; that attempts to have the server download (and execute) a remote file ++; from a compromised host. This behaviour has been observed in automatic ++; scanning against badly written applications: ++; http://myhost/myapplication.php?include=http://roguesever/rogueapp.php ++allow_url_fopen = Off ++ ++; Whether to allow include/require to open URLs (like http:// or ftp://) as files. ++allow_url_include = Off ++ ++; Define the anonymous ftp password (your email address) ++;from="john@doe.com" ++ ++; Define the User-Agent string ++; user_agent="PHP" ++ ++; Default timeout for socket based streams (seconds) ++default_socket_timeout = 60 ++ ++; If your scripts have to deal with files from Macintosh systems, ++; or you are running on a Mac and need to deal with files from ++; unix or win32 systems, setting this flag will cause PHP to ++; automatically detect the EOL character in those files so that ++; fgets() and file() will work regardless of the source of the file. ++; auto_detect_line_endings = Off ++ ++ ++;;;;;;;;;;;;;;;;;;;;;; ++; Dynamic Extensions ; ++;;;;;;;;;;;;;;;;;;;;;; ++; ++; If you wish to have an extension loaded automatically, use the following ++; syntax: ++; ++; extension=modulename.extension ++; ++; For example, on Windows: ++; ++; extension=msql.dll ++; ++; ... or under UNIX: ++; ++; extension=msql.so ++; ++; Note that it should be the name of the module only; no directory information ++; needs to go here. Specify the location of the extension with the ++; extension_dir directive above. ++ ++ ++;;;;;;;;;;;;;;;;;;; ++; Module Settings ; ++;;;;;;;;;;;;;;;;;;; ++ ++[Date] ++; Defines the default timezone used by the date functions ++;date.timezone = ++ ++;date.default_latitude = 31.7667 ++;date.default_longitude = 35.2333 ++ ++;date.sunrise_zenith = 90.583333 ++;date.sunset_zenith = 90.583333 ++ ++[filter] ++;filter.default = unsafe_raw ++;filter.default_flags = ++ ++[iconv] ++;iconv.input_encoding = ISO-8859-1 ++;iconv.internal_encoding = ISO-8859-1 ++;iconv.output_encoding = ISO-8859-1 ++ ++[sqlite] ++;sqlite.assoc_case = 0 ++ ++[xmlrpc] ++;xmlrpc_error_number = 0 ++;xmlrpc_errors = 0 ++ ++[Pcre] ++;PCRE library backtracking limit. ++;pcre.backtrack_limit=100000 ++ ++;PCRE library recursion limit. ++;Please note that if you set this value to a high number you may consume all ++;the available process stack and eventually crash PHP (due to reaching the ++;stack size limit imposed by the Operating System). ++;pcre.recursion_limit=100000 ++ ++[Syslog] ++; Whether or not to define the various syslog variables (e.g. $LOG_PID, ++; $LOG_CRON, etc.). Turning it off is a good idea performance-wise. In ++; runtime, you can define these variables by calling define_syslog_variables(). ++define_syslog_variables = Off ++ ++[mail function] ++; For Win32 only. ++SMTP = localhost ++smtp_port = 25 ++ ++; For Win32 only. ++;sendmail_from = me@example.com ++ ++; For Unix only. You may supply arguments as well (default: "sendmail -t -i"). ++;sendmail_path = ++ ++; Force the addition of the specified parameters to be passed as extra parameters ++; to the sendmail binary. These parameters will always replace the value of ++; the 5th parameter to mail(), even in safe mode. ++;mail.force_extra_parameters = ++ ++[SQL] ++; This configuration directive is unrelated to safe_mode. ++; If enabled, connections to databases (like mysql_connect() or mysql_pconnect()) ++; will ignore the arguments provided (which include username and password) and ++; will attempt to connect always using default values. These default values ++; are typically host=localhost, user=the script owner,password=empty password. ++; ++; Note (paranoid): This is disabled as it is not actually a security measure, unless ++; you want script to not have users and passwords hardcoded in them. ++sql.safe_mode = Off ++ ++[ODBC] ++;odbc.default_db = Not yet implemented ++;odbc.default_user = Not yet implemented ++;odbc.default_pw = Not yet implemented ++ ++; Allow or prevent persistent links. ++odbc.allow_persistent = On ++ ++; Check that a connection is still valid before reuse. ++odbc.check_persistent = On ++ ++; Maximum number of persistent links. -1 means no limit. ++odbc.max_persistent = -1 ++ ++; Maximum number of links (persistent + non-persistent). -1 means no limit. ++odbc.max_links = -1 ++ ++; Handling of LONG fields. Returns number of bytes to variables. 0 means ++; passthru. ++odbc.defaultlrl = 4096 ++ ++; Handling of binary data. 0 means passthru, 1 return as is, 2 convert to char. ++; See the documentation on odbc_binmode and odbc_longreadlen for an explanation ++; of uodbc.defaultlrl and uodbc.defaultbinmode ++odbc.defaultbinmode = 1 ++ ++[MySQL] ++; Allow or prevent persistent links. ++mysql.allow_persistent = On ++ ++; Maximum number of persistent links. -1 means no limit. ++mysql.max_persistent = -1 ++ ++; Maximum number of links (persistent + non-persistent). -1 means no limit. ++mysql.max_links = -1 ++ ++; Default port number for mysql_connect(). If unset, mysql_connect() will use ++; the $MYSQL_TCP_PORT or the mysql-tcp entry in /etc/services or the ++; compile-time value defined MYSQL_PORT (in that order). Win32 will only look ++; at MYSQL_PORT. ++mysql.default_port = ++ ++; Default socket name for local MySQL connects. If empty, uses the built-in ++; MySQL defaults. ++mysql.default_socket = ++ ++; Default host for mysql_connect() (doesn't apply in safe mode). ++mysql.default_host = ++ ++; Default user for mysql_connect() (doesn't apply in safe mode). ++mysql.default_user = ++ ++; Default password for mysql_connect() (doesn't apply in safe mode). ++; Note that this is generally a *bad* idea to store passwords in this file. ++; *Any* user with PHP access can run 'echo get_cfg_var("mysql.default_password") ++; and reveal this password! And of course, any users with read access to this ++; file will be able to reveal the password as well. ++mysql.default_password = ++ ++; Maximum time (in seconds) for connect timeout. -1 means no limit ++mysql.connect_timeout = 60 ++ ++; Trace mode. When trace_mode is active (=On), warnings for table/index scans and ++; SQL-Errors will be displayed. ++mysql.trace_mode = Off ++ ++[MySQLi] ++ ++; Maximum number of links. -1 means no limit. ++mysqli.max_links = -1 ++ ++; Default port number for mysqli_connect(). If unset, mysqli_connect() will use ++; the $MYSQL_TCP_PORT or the mysql-tcp entry in /etc/services or the ++; compile-time value defined MYSQL_PORT (in that order). Win32 will only look ++; at MYSQL_PORT. ++mysqli.default_port = 3306 ++ ++; Default socket name for local MySQL connects. If empty, uses the built-in ++; MySQL defaults. ++mysqli.default_socket = ++ ++; Default host for mysql_connect() (doesn't apply in safe mode). ++mysqli.default_host = ++ ++; Default user for mysql_connect() (doesn't apply in safe mode). ++mysqli.default_user = ++ ++; Default password for mysqli_connect() (doesn't apply in safe mode). ++; Note that this is generally a *bad* idea to store passwords in this file. ++; *Any* user with PHP access can run 'echo get_cfg_var("mysqli.default_pw") ++; and reveal this password! And of course, any users with read access to this ++; file will be able to reveal the password as well. ++mysqli.default_pw = ++ ++; Allow or prevent reconnect ++mysqli.reconnect = Off ++ ++[mSQL] ++; Allow or prevent persistent links. ++msql.allow_persistent = On ++ ++; Maximum number of persistent links. -1 means no limit. ++msql.max_persistent = -1 ++ ++; Maximum number of links (persistent+non persistent). -1 means no limit. ++msql.max_links = -1 ++ ++[OCI8] ++; enables privileged connections using external credentials (OCI_SYSOPER, OCI_SYSDBA) ++;oci8.privileged_connect = Off ++ ++; Connection: The maximum number of persistent OCI8 connections per ++; process. Using -1 means no limit. ++;oci8.max_persistent = -1 ++ ++; Connection: The maximum number of seconds a process is allowed to ++; maintain an idle persistent connection. Using -1 means idle ++; persistent connections will be maintained forever. ++;oci8.persistent_timeout = -1 ++ ++; Connection: The number of seconds that must pass before issuing a ++; ping during oci_pconnect() to check the connection validity. When ++; set to 0, each oci_pconnect() will cause a ping. Using -1 disables ++; pings completely. ++;oci8.ping_interval = 60 ++ ++; Tuning: This option enables statement caching, and specifies how ++; many statements to cache. Using 0 disables statement caching. ++;oci8.statement_cache_size = 20 ++ ++; Tuning: Enables statement prefetching and sets the default number of ++; rows that will be fetched automatically after statement execution. ++;oci8.default_prefetch = 10 ++ ++; Compatibility. Using On means oci_close() will not close ++; oci_connect() and oci_new_connect() connections. ++;oci8.old_oci_close_semantics = Off ++ ++[PostgresSQL] ++; Allow or prevent persistent links. ++pgsql.allow_persistent = On ++ ++; Detect broken persistent links always with pg_pconnect(). ++; Auto reset feature requires a little overheads. ++pgsql.auto_reset_persistent = Off ++ ++; Maximum number of persistent links. -1 means no limit. ++pgsql.max_persistent = -1 ++ ++; Maximum number of links (persistent+non persistent). -1 means no limit. ++pgsql.max_links = -1 ++ ++; Ignore PostgreSQL backends Notice message or not. ++; Notice message logging require a little overheads. ++pgsql.ignore_notice = 0 ++ ++; Log PostgreSQL backends Noitce message or not. ++; Unless pgsql.ignore_notice=0, module cannot log notice message. ++pgsql.log_notice = 0 ++ ++[Sybase] ++; Allow or prevent persistent links. ++sybase.allow_persistent = On ++ ++; Maximum number of persistent links. -1 means no limit. ++sybase.max_persistent = -1 ++ ++; Maximum number of links (persistent + non-persistent). -1 means no limit. ++sybase.max_links = -1 ++ ++;sybase.interface_file = "/usr/sybase/interfaces" ++ ++; Minimum error severity to display. ++sybase.min_error_severity = 10 ++ ++; Minimum message severity to display. ++sybase.min_message_severity = 10 ++ ++; Compatibility mode with old versions of PHP 3.0. ++; If on, this will cause PHP to automatically assign types to results according ++; to their Sybase type, instead of treating them all as strings. This ++; compatibility mode will probably not stay around forever, so try applying ++; whatever necessary changes to your code, and turn it off. ++sybase.compatability_mode = Off ++ ++[Sybase-CT] ++; Allow or prevent persistent links. ++sybct.allow_persistent = On ++ ++; Maximum number of persistent links. -1 means no limit. ++sybct.max_persistent = -1 ++ ++; Maximum number of links (persistent + non-persistent). -1 means no limit. ++sybct.max_links = -1 ++ ++; Minimum server message severity to display. ++sybct.min_server_severity = 10 ++ ++; Minimum client message severity to display. ++sybct.min_client_severity = 10 ++ ++[bcmath] ++; Number of decimal digits for all bcmath functions. ++bcmath.scale = 0 ++ ++[browscap] ++;browscap = extra/browscap.ini ++ ++[Informix] ++; Default host for ifx_connect() (doesn't apply in safe mode). ++ifx.default_host = ++ ++; Default user for ifx_connect() (doesn't apply in safe mode). ++ifx.default_user = ++ ++; Default password for ifx_connect() (doesn't apply in safe mode). ++ifx.default_password = ++ ++; Allow or prevent persistent links. ++ifx.allow_persistent = On ++ ++; Maximum number of persistent links. -1 means no limit. ++ifx.max_persistent = -1 ++ ++; Maximum number of links (persistent + non-persistent). -1 means no limit. ++ifx.max_links = -1 ++ ++; If on, select statements return the contents of a text blob instead of its id. ++ifx.textasvarchar = 0 ++ ++; If on, select statements return the contents of a byte blob instead of its id. ++ifx.byteasvarchar = 0 ++ ++; Trailing blanks are stripped from fixed-length char columns. May help the ++; life of Informix SE users. ++ifx.charasvarchar = 0 ++ ++; If on, the contents of text and byte blobs are dumped to a file instead of ++; keeping them in memory. ++ifx.blobinfile = 0 ++ ++; NULL's are returned as empty strings, unless this is set to 1. In that case, ++; NULL's are returned as string 'NULL'. ++ifx.nullformat = 0 ++ ++[Session] ++; Handler used to store/retrieve data. ++session.save_handler = files ++ ++; Argument passed to save_handler. In the case of files, this is the path ++; where data files are stored. Note: Windows users have to change this ++; variable in order to use PHP's session functions. ++; ++; As of PHP 4.0.1, you can define the path as: ++; ++; session.save_path = "N;/path" ++; ++; where N is an integer. Instead of storing all the session files in ++; /path, what this will do is use subdirectories N-levels deep, and ++; store the session data in those directories. This is useful if you ++; or your OS have problems with lots of files in one directory, and is ++; a more efficient layout for servers that handle lots of sessions. ++; ++; NOTE 1: PHP will not create this directory structure automatically. ++; You can use the script in the ext/session dir for that purpose. ++; NOTE 2: See the section on garbage collection below if you choose to ++; use subdirectories for session storage ++; ++; The file storage module creates files using mode 600 by default. ++; You can change that by using ++; ++; session.save_path = "N;MODE;/path" ++; ++; where MODE is the octal representation of the mode. Note that this ++; does not overwrite the process's umask. ++session.save_path = /var/lib/php5 ++ ++; Substring to check each HTTP Referer for. If the Referer was sent by the ++; client and the substring was not found, the embedded session id will be marked ++; as invalid. Defaults to the empty string. ++; Note (paranoid): to prevent some XSS attacks should be defined to the server's URI ++; session.referer_check = ++ ++ ++; Path to an external resource (file) which will be used as an additional ++; entropy source in the session id creation process. ++; Note (paranoid): /dev/urandom is not fully random but if /dev/random is used ++; the entropy pool could be exhaused by constantly asking for session ids and ++; would compromise other applications relying on randomness ++session.entropy_file = "/dev/urandom" ++ ++; Number of bytes which will be read from the file specified above. ++; Defaults to 0 (disabled). ++session.entropy_length = 6 ++ ++; Whether to use cookies. ++session.use_cookies = 1 ++ ++; If this option is enabled cookies are only sent through secure (SSL) ++; connections and, consequently, are more difficult to intercept. ++; (disabled by default) ++session.cookie_secure = 1 ++ ++; This option enables administrators to make their users invulnerable to ++; attacks which involve passing session ids in URLs; defaults to 1 (since PHP 6.0). ++session.use_only_cookies = 1 ++ ++; Name of the session (used as cookie name). ++session.name = PHPSESSID ++ ++; Initialize session on request startup. ++session.auto_start = 0 ++ ++; Lifetime in seconds of cookie or, if 0, until browser is restarted. ++session.cookie_lifetime = 0 ++ ++; The path for which the cookie is valid. ++; Note (paranoid): Applications should restrict the path where the cookie ++; is valid through use of session_set_cookie_params(). ++session.cookie_path = / ++ ++; The domain for which the cookie is valid. ++; Note (paranoid): Make sure you configure this for your site ++session.cookie_domain = ++ ++; Whether or not to add the httpOnly flag to the cookie, which makes it inaccessible to browser scripting languages such as JavaScript. ++session.cookie_httponly = 1 ++ ++; Handler used to serialize data. php is the standard serializer of PHP. ++session.serialize_handler = php ++ ++; Define the probability that the 'garbage collection' process is started ++; on every session initialization. ++; The probability is calculated by using gc_probability/gc_divisor, ++; e.g. 1/100 means there is a 1% chance that the GC process starts ++; on each request. ++ ++; This is disabled in the Debian packages, due to the strict permissions ++; on /var/lib/php5. Instead of setting this here, see the cronjob at ++; /etc/cron.d/php5, which uses the session.gc_maxlifetime setting below ++;session.gc_probability = 0 ++session.gc_divisor = 100 ++ ++; After this number of seconds, stored data will be seen as 'garbage' and ++; cleaned up by the garbage collection process. ++session.gc_maxlifetime = 1440 ++ ++; NOTE: If you are using the subdirectory option for storing session files ++; (see session.save_path above), then garbage collection does *not* ++; happen automatically. You will need to do your own garbage ++; collection through a shell script, cron entry, or some other method. ++; For example, the following script would is the equivalent of ++; setting session.gc_maxlifetime to 1440 (1440 seconds = 24 minutes): ++; cd /path/to/sessions; find -cmin +24 | xargs rm ++ ++; PHP 4.2 and less have an undocumented feature/bug that allows you to ++; to initialize a session variable in the global scope, albeit register_globals ++; is disabled. PHP 4.3 and later will warn you, if this feature is used. ++; You can disable the feature and the warning separately. At this time, ++; the warning is only displayed, if bug_compat_42 is enabled. ++ ++session.bug_compat_42 = 0 ++session.bug_compat_warn = 1 ++ ++; Check HTTP Referer to invalidate externally stored URLs containing ids. ++; HTTP_REFERER has to contain this substring for the session to be ++; considered as valid. ++session.referer_check = ++ ++; How many bytes to read from the file. ++session.entropy_length = 0 ++ ++; Specified here to create the session id. ++session.entropy_file = ++ ++;session.entropy_length = 16 ++ ++;session.entropy_file = /dev/urandom ++ ++; Set to {nocache,private,public,} to determine HTTP caching aspects ++; or leave this empty to avoid sending anti-caching headers. ++session.cache_limiter = nocache ++ ++; Document expires after n minutes. ++session.cache_expire = 180 ++ ++; trans sid support is disabled by default. ++; Use of trans sid may risk your users security. ++; Use this option with caution. ++; - User may send URL contains active session ID ++; to other person via. email/irc/etc. ++; - URL that contains active session ID may be stored ++; in publically accessible computer. ++; - User may access your site with the same session ID ++; always using URL stored in browser's history or bookmarks. ++session.use_trans_sid = 0 ++ ++; Select a hash function ++; 0: MD5 (128 bits) ++; 1: SHA-1 (160 bits) ++; Note (paranoic): Set to SHA-1 since there are known attacks against MD5 ++; although the algorithm is not yet broken) ++session.hash_function = 1 ++ ++; Define how many bits are stored in each character when converting ++; the binary hash data to something readable. ++; ++; 4 bits: 0-9, a-f ++; 5 bits: 0-9, a-v ++; 6 bits: 0-9, a-z, A-Z, "-", "," ++session.hash_bits_per_character = 4 ++ ++; The URL rewriter will look for URLs in a defined set of HTML tags. ++; form/fieldset are special; if you include them here, the rewriter will ++; add a hidden field with the info which is otherwise appended ++; to URLs. If you want XHTML conformity, remove the form entry. ++; Note that all valid entries require a "=", even if no value follows. ++url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=fakeentry,fieldset=" ++ ++[MSSQL] ++; Allow or prevent persistent links. ++mssql.allow_persistent = On ++ ++; Maximum number of persistent links. -1 means no limit. ++mssql.max_persistent = -1 ++ ++; Maximum number of links (persistent+non persistent). -1 means no limit. ++mssql.max_links = -1 ++ ++; Minimum error severity to display. ++mssql.min_error_severity = 10 ++ ++; Minimum message severity to display. ++mssql.min_message_severity = 10 ++ ++; Compatibility mode with old versions of PHP 3.0. ++mssql.compatability_mode = Off ++ ++; Connect timeout ++;mssql.connect_timeout = 5 ++ ++; Query timeout ++;mssql.timeout = 60 ++ ++; Valid range 0 - 2147483647. Default = 4096. ++;mssql.textlimit = 4096 ++ ++; Valid range 0 - 2147483647. Default = 4096. ++;mssql.textsize = 4096 ++ ++; Limits the number of records in each batch. 0 = all records in one batch. ++;mssql.batchsize = 0 ++ ++; Specify how datetime and datetim4 columns are returned ++; On => Returns data converted to SQL server settings ++; Off => Returns values as YYYY-MM-DD hh:mm:ss ++;mssql.datetimeconvert = On ++ ++; Use NT authentication when connecting to the server ++mssql.secure_connection = On ++ ++; Specify max number of processes. -1 = library default ++; msdlib defaults to 25 ++; FreeTDS defaults to 4096 ++;mssql.max_procs = -1 ++ ++; Specify client character set. ++; If empty or not set the client charset from freetds.comf is used ++; This is only used when compiled with FreeTDS ++;mssql.charset = "ISO-8859-1" ++ ++[Assertion] ++; Assert(expr); active by default. ++;assert.active = On ++ ++; Issue a PHP warning for each failed assertion. ++;assert.warning = On ++ ++; Don't bail out by default. ++;assert.bail = Off ++ ++; User-function to be called if an assertion fails. ++;assert.callback = 0 ++ ++; Eval the expression with current error_reporting(). Set to true if you want ++; error_reporting(0) around the eval(). ++;assert.quiet_eval = 0 ++ ++[COM] ++; path to a file containing GUIDs, IIDs or filenames of files with TypeLibs ++;com.typelib_file = ++; allow Distributed-COM calls ++;com.allow_dcom = true ++; autoregister constants of a components typlib on com_load() ++;com.autoregister_typelib = true ++; register constants casesensitive ++;com.autoregister_casesensitive = false ++; show warnings on duplicate constant registrations ++;com.autoregister_verbose = true ++ ++[mbstring] ++; language for internal character representation. ++;mbstring.language = Japanese ++ ++; internal/script encoding. ++; Some encoding cannot work as internal encoding. ++; (e.g. SJIS, BIG5, ISO-2022-*) ++;mbstring.internal_encoding = EUC-JP ++ ++; http input encoding. ++;mbstring.http_input = auto ++ ++; http output encoding. mb_output_handler must be ++; registered as output buffer to function ++;mbstring.http_output = SJIS ++ ++; enable automatic encoding translation according to ++; mbstring.internal_encoding setting. Input chars are ++; converted to internal encoding by setting this to On. ++; Note: Do _not_ use automatic encoding translation for ++; portable libs/applications. ++;mbstring.encoding_translation = Off ++ ++; automatic encoding detection order. ++; auto means ++;mbstring.detect_order = auto ++ ++; substitute_character used when character cannot be converted ++; one from another ++;mbstring.substitute_character = none; ++ ++; overload(replace) single byte functions by mbstring functions. ++; mail(), ereg(), etc are overloaded by mb_send_mail(), mb_ereg(), ++; etc. Possible values are 0,1,2,4 or combination of them. ++; For example, 7 for overload everything. ++; 0: No overload ++; 1: Overload mail() function ++; 2: Overload str*() functions ++; 4: Overload ereg*() functions ++;mbstring.func_overload = 0 ++ ++[FrontBase] ++;fbsql.allow_persistent = On ++;fbsql.autocommit = On ++;fbsql.show_timestamp_decimals = Off ++;fbsql.default_database = ++;fbsql.default_database_password = ++;fbsql.default_host = ++;fbsql.default_password = ++;fbsql.default_user = "_SYSTEM" ++;fbsql.generate_warnings = Off ++;fbsql.max_connections = 128 ++;fbsql.max_links = 128 ++;fbsql.max_persistent = -1 ++;fbsql.max_results = 128 ++ ++[gd] ++; Tell the jpeg decode to libjpeg warnings and try to create ++; a gd image. The warning will then be displayed as notices ++; disabled by default ++;gd.jpeg_ignore_warning = 0 ++ ++[exif] ++; Exif UNICODE user comments are handled as UCS-2BE/UCS-2LE and JIS as JIS. ++; With mbstring support this will automatically be converted into the encoding ++; given by corresponding encode setting. When empty mbstring.internal_encoding ++; is used. For the decode settings you can distinguish between motorola and ++; intel byte order. A decode setting cannot be empty. ++;exif.encode_unicode = ISO-8859-15 ++;exif.decode_unicode_motorola = UCS-2BE ++;exif.decode_unicode_intel = UCS-2LE ++;exif.encode_jis = ++;exif.decode_jis_motorola = JIS ++;exif.decode_jis_intel = JIS ++ ++[Tidy] ++; The path to a default tidy configuration file to use when using tidy ++;tidy.default_config = /usr/local/lib/php/default.tcfg ++ ++; Should tidy clean and repair output automatically? ++; WARNING: Do not use this option if you are generating non-html content ++; such as dynamic images ++tidy.clean_output = Off ++ ++[soap] ++; Enables or disables WSDL caching feature. ++soap.wsdl_cache_enabled=1 ++; Sets the directory name where SOAP extension will put cache files. ++soap.wsdl_cache_dir="/var/lib/php5/soap-cache" ++; (time to live) Sets the number of second while cached file will be used ++; instead of original one. ++soap.wsdl_cache_ttl=86400 ++ ++; Local Variables: ++; tab-width: 4 ++; End: --- php5-5.3.10.orig/debian/patches/CVE-2012-2688.patch +++ php5-5.3.10/debian/patches/CVE-2012-2688.patch @@ -0,0 +1,38 @@ +Description: fix denial of service and possible code execution via + _php_stream_scandir function +Origin: upstream, http://git.php.net/?p=php-src.git;a=commit;h=7d04e0fb2ec8be9b1c4b16a9f0b4958f853597f1 +Origin: upstream, http://git.php.net/?p=php-src.git;a=commit;h=fc74503792b1ee92e4b813690890f3ed38fa3ad5 +Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683274 +Bug-Ubuntu: https://launchpad.net/bugs/1028064 + +Index: php5-5.3.10/main/streams/streams.c +=================================================================== +--- php5-5.3.10.orig/main/streams/streams.c 2012-09-11 11:21:56.647060117 -0400 ++++ php5-5.3.10/main/streams/streams.c 2012-09-11 11:22:29.815060966 -0400 +@@ -2190,8 +2190,8 @@ + php_stream *stream; + php_stream_dirent sdp; + char **vector = NULL; +- int vector_size = 0; +- int nfiles = 0; ++ unsigned int vector_size = 0; ++ unsigned int nfiles = 0; + + if (!namelist) { + return FAILURE; +@@ -2207,9 +2207,14 @@ + if (vector_size == 0) { + vector_size = 10; + } else { ++ if(vector_size*2 < vector_size) { ++ /* overflow */ ++ efree(vector); ++ return FAILURE; ++ } + vector_size *= 2; + } +- vector = (char **) erealloc(vector, vector_size * sizeof(char *)); ++ vector = (char **) safe_erealloc(vector, vector_size, sizeof(char *), 0); + } + + vector[nfiles] = estrdup(sdp.d_name); --- php5-5.3.10.orig/debian/patches/CVE-2014-8142.patch +++ php5-5.3.10/debian/patches/CVE-2014-8142.patch @@ -0,0 +1,70 @@ +From 630f9c33c23639de85c3fd306b209b538b73b4c9 Mon Sep 17 00:00:00 2001 +From: Stanislav Malyshev +Date: Thu, 11 Dec 2014 19:28:32 -0800 +Subject: [PATCH] Fix bug #68594 - Use after free vulnerability in + unserialize() + +--- + NEWS | 2 + + ext/standard/tests/serialize/bug68594.phpt | 23 ++++++++++ + ext/standard/var_unserializer.c | 68 ++++++++++++++++-------------- + ext/standard/var_unserializer.re | 3 ++ + 4 files changed, 64 insertions(+), 32 deletions(-) + create mode 100644 ext/standard/tests/serialize/bug68594.phpt + +Index: php5-5.3.10/ext/standard/tests/serialize/bug68594.phpt +=================================================================== +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ php5-5.3.10/ext/standard/tests/serialize/bug68594.phpt 2015-02-13 11:27:34.753347966 -0500 +@@ -0,0 +1,23 @@ ++--TEST-- ++Bug #68545 Use after free vulnerability in unserialize() ++--FILE-- ++aaa = array(1,2,&$u,4,5); ++ $m->bbb = 1; ++ $m->ccc = &$u; ++ $m->ddd = str_repeat("A", $i); ++ ++ $z = serialize($m); ++ $z = str_replace("bbb", "aaa", $z); ++ $y = unserialize($z); ++ $z = serialize($y); ++} ++?> ++===DONE=== ++--EXPECTF-- ++===DONE=== +Index: php5-5.3.10/ext/standard/var_unserializer.c +=================================================================== +--- php5-5.3.10.orig/ext/standard/var_unserializer.c 2015-02-13 11:27:34.793348294 -0500 ++++ php5-5.3.10/ext/standard/var_unserializer.c 2015-02-13 11:27:34.753347966 -0500 +@@ -298,6 +298,9 @@ + } else { + /* object properties should include no integers */ + convert_to_string(key); ++ if (zend_symtable_find(ht, Z_STRVAL_P(key), Z_STRLEN_P(key) + 1, (void **)&old_data)==SUCCESS) { ++ var_push_dtor(var_hash, old_data); ++ } + zend_hash_update(ht, Z_STRVAL_P(key), Z_STRLEN_P(key) + 1, &data, + sizeof data, NULL); + } +Index: php5-5.3.10/ext/standard/var_unserializer.re +=================================================================== +--- php5-5.3.10.orig/ext/standard/var_unserializer.re 2015-02-13 11:27:34.793348294 -0500 ++++ php5-5.3.10/ext/standard/var_unserializer.re 2015-02-13 11:27:34.753347966 -0500 +@@ -304,6 +304,9 @@ + } else { + /* object properties should include no integers */ + convert_to_string(key); ++ if (zend_symtable_find(ht, Z_STRVAL_P(key), Z_STRLEN_P(key) + 1, (void **)&old_data)==SUCCESS) { ++ var_push_dtor(var_hash, old_data); ++ } + zend_hash_update(ht, Z_STRVAL_P(key), Z_STRLEN_P(key) + 1, &data, + sizeof data, NULL); + } --- php5-5.3.10.orig/debian/patches/CVE-2015-6837-6838.patch +++ php5-5.3.10/debian/patches/CVE-2015-6837-6838.patch @@ -0,0 +1,49 @@ +From 1744be2d17befc69bf00033993f4081852a747d6 Mon Sep 17 00:00:00 2001 +From: Stanislav Malyshev +Date: Sun, 16 Aug 2015 17:16:15 -0700 +Subject: [PATCH] Fix for bug #69782 + +--- + ext/xsl/xsltprocessor.c | 142 +++++++++++++++++++++++++----------------------- + 1 file changed, 73 insertions(+), 69 deletions(-) + +Index: php5-5.3.10/ext/xsl/xsltprocessor.c +=================================================================== +--- php5-5.3.10.orig/ext/xsl/xsltprocessor.c 2015-09-29 12:47:40.096026511 -0400 ++++ php5-5.3.10/ext/xsl/xsltprocessor.c 2015-09-29 12:48:24.011830722 -0400 +@@ -210,15 +210,17 @@ + } + } + } +- ++ + if (error == 1) { + for (i = nargs - 1; i >= 0; i--) { + obj = valuePop(ctxt); +- xmlXPathFreeObject(obj); ++ if (obj) { ++ xmlXPathFreeObject(obj); ++ } + } + return; + } +- ++ + fci.param_count = nargs - 1; + if (fci.param_count > 0) { + fci.params = safe_emalloc(fci.param_count, sizeof(zval**), 0); +@@ -290,9 +292,11 @@ + fci.function_table = EG(function_table); + + obj = valuePop(ctxt); +- if (obj->stringval == NULL) { +- php_error_docref(NULL TSRMLS_CC, E_WARNING, "Handler name must be a string"); +- xmlXPathFreeObject(obj); ++ if (obj == NULL || obj->stringval == NULL) { ++ if (obj) { ++ php_error_docref(NULL TSRMLS_CC, E_WARNING, "Handler name must be a string"); ++ xmlXPathFreeObject(obj); ++ } + if (fci.param_count > 0) { + for (i = 0; i < nargs - 1; i++) { + zval_ptr_dtor(&args[i]); --- php5-5.3.10.orig/debian/patches/curl_embedded_null.patch +++ php5-5.3.10/debian/patches/curl_embedded_null.patch @@ -0,0 +1,43 @@ +Description: fix local file disclosure via curl NULL byte injection +Origin: backport, http://git.php.net/?p=php-src.git;a=commit;h=ab0939e5e5449cba04b02fff3a5595f725bce0a0 +Bug: https://bugs.php.net/bug.php?id=68089 + +Index: php5-5.3.10/ext/curl/interface.c +=================================================================== +--- php5-5.3.10.orig/ext/curl/interface.c 2014-10-28 14:54:02.671549358 -0400 ++++ php5-5.3.10/ext/curl/interface.c 2014-10-28 14:54:49.427898135 -0400 +@@ -172,6 +172,11 @@ + #endif + TSRMLS_FETCH(); + ++ if (strlen(url) != len) { ++ php_error_docref(NULL TSRMLS_CC, E_WARNING, "Curl option contains invalid characters (\\0)"); ++ return 0; ++ } ++ + /* Disable file:// if open_basedir or safe_mode are used */ + if ((PG(open_basedir) && *PG(open_basedir)) || PG(safe_mode)) { + #if LIBCURL_VERSION_NUM >= 0x071304 +Index: php5-5.3.10/ext/curl/tests/bug68089.phpt +=================================================================== +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ php5-5.3.10/ext/curl/tests/bug68089.phpt 2014-10-28 14:54:02.667549328 -0400 +@@ -0,0 +1,18 @@ ++--TEST-- ++Bug #68089 (NULL byte injection - cURL lib) ++--SKIPIF-- ++ ++--FILE-- ++ ++Done ++--EXPECTF-- ++Warning: curl_setopt(): Curl option contains invalid characters (\0) in %s/bug68089.php on line 4 ++bool(false) ++Done --- php5-5.3.10.orig/debian/patches/bug71798.patch +++ php5-5.3.10/debian/patches/bug71798.patch @@ -0,0 +1,23 @@ +From 95433e8e339dbb6b5d5541473c1661db6ba2c451 Mon Sep 17 00:00:00 2001 +From: Stanislav Malyshev +Date: Sun, 27 Mar 2016 14:22:19 -0700 +Subject: [PATCH] Fix bug #71798 - Integer Overflow in php_raw_url_encode + +--- + ext/standard/url.c | 2 +- + main/php_version.h | 6 +++--- + 2 files changed, 4 insertions(+), 4 deletions(-) + +Index: php5-5.3.10/ext/standard/url.c +=================================================================== +--- php5-5.3.10.orig/ext/standard/url.c 2016-04-18 11:14:46.576350346 -0400 ++++ php5-5.3.10/ext/standard/url.c 2016-04-18 11:14:46.572350306 -0400 +@@ -596,7 +596,7 @@ + */ + PHPAPI char *php_raw_url_encode(char const *s, int len, int *new_length) + { +- register int x, y; ++ register size_t x, y; + unsigned char *str; + + str = (unsigned char *) safe_emalloc(3, len, 1); --- php5-5.3.10.orig/debian/patches/CVE-2015-6836.patch +++ php5-5.3.10/debian/patches/CVE-2015-6836.patch @@ -0,0 +1,82 @@ +From e201f01ac17243a1e5fb6a3911ed8e21b1619ac1 Mon Sep 17 00:00:00 2001 +From: Stanislav Malyshev +Date: Mon, 31 Aug 2015 21:06:03 -0700 +Subject: [PATCH] Fix bug #70388 - SOAP serialize_function_call() type + confusion + +--- + ext/soap/soap.c | 96 ++++++++++++++++++++++++-------------------- + ext/soap/tests/bug70388.phpt | 17 ++++++++ + 2 files changed, 69 insertions(+), 44 deletions(-) + create mode 100644 ext/soap/tests/bug70388.phpt + +Index: php5-5.3.10/ext/soap/soap.c +=================================================================== +--- php5-5.3.10.orig/ext/soap/soap.c 2015-09-29 12:47:27.916081140 -0400 ++++ php5-5.3.10/ext/soap/soap.c 2015-09-29 12:47:27.916081140 -0400 +@@ -3076,8 +3076,10 @@ + } + zend_hash_internal_pointer_reset(default_headers); + while (zend_hash_get_current_data(default_headers, (void**)&tmp) == SUCCESS) { +- Z_ADDREF_PP(tmp); +- zend_hash_next_index_insert(soap_headers, tmp, sizeof(zval *), NULL); ++ if(Z_TYPE_PP(tmp) == IS_OBJECT) { ++ Z_ADDREF_PP(tmp); ++ zend_hash_next_index_insert(soap_headers, tmp, sizeof(zval *), NULL); ++ } + zend_hash_move_forward(default_headers); + } + } else { +@@ -4473,11 +4475,18 @@ + if (head) { + zval** header; + +- zend_hash_internal_pointer_reset(soap_headers); +- while (zend_hash_get_current_data(soap_headers,(void**)&header) == SUCCESS) { +- HashTable *ht = Z_OBJPROP_PP(header); ++ for(zend_hash_internal_pointer_reset(soap_headers); ++ zend_hash_get_current_data(soap_headers,(void**)&header) == SUCCESS; ++ zend_hash_move_forward(soap_headers) ++ ) { ++ HashTable *ht; + zval **name, **ns, **tmp; + ++ if (Z_TYPE_PP(header) != IS_OBJECT) { ++ continue; ++ } ++ ++ ht = Z_OBJPROP_PP(header); + if (zend_hash_find(ht, "name", sizeof("name"), (void**)&name) == SUCCESS && + Z_TYPE_PP(name) == IS_STRING && + zend_hash_find(ht, "namespace", sizeof("namespace"), (void**)&ns) == SUCCESS && +@@ -4547,7 +4556,6 @@ + } + } + } +- zend_hash_move_forward(soap_headers); + } + } + +Index: php5-5.3.10/ext/soap/tests/bug70388.phpt +=================================================================== +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ php5-5.3.10/ext/soap/tests/bug70388.phpt 2015-09-29 12:47:27.916081140 -0400 +@@ -0,0 +1,17 @@ ++--TEST-- ++Bug #70388 (SOAP serialize_function_call() type confusion / RCE) ++--SKIPIF-- ++ ++--FILE-- ++notexisting()); ++} catch(Exception $e) { ++ var_dump($e->getMessage()); ++ var_dump(get_class($e)); ++} ++?> ++--EXPECTF-- ++string(%d) "%s" ++string(9) "SoapFault" +\ No newline at end of file --- php5-5.3.10.orig/debian/patches/fix_broken_sha2_test.patch +++ php5-5.3.10/debian/patches/fix_broken_sha2_test.patch @@ -0,0 +1,39 @@ +--- a/ext/standard/config.m4 ++++ b/ext/standard/config.m4 +@@ -184,12 +184,12 @@ AC_TRY_RUN([ + + main() { + #if HAVE_CRYPT +- char salt[30], answer[80]; +- +- salt[0]='$'; salt[1]='6'; salt[2]='$'; salt[3]='$'; salt[4]='b'; salt[5]='a'; salt[6]='r'; salt[7]='\0'; ++ char salt[21], answer[21+86]; ++ ++ strcpy(salt,"\$6\$rasmuslerdorf\$"); + strcpy(answer, salt); +- strcpy(&answer[29],"$6$$QMXjqd7rHQZPQ1yHsXkQqC1FBzDiVfTHXL.LaeDAeVV.IzMaV9VU4MQ8kPuZa2SOP1A0RPm772EaFYjpEJtdu."); +- exit (strcmp((char *)crypt("foo",salt),answer)); ++ strcat(answer, "EeHCRjm0bljalWuALHSTs1NB9ipEiLEXLhYeXdOpx22gmlmVejnVXFhd84cEKbYxCo.XuUTrW.RLraeEnsvWs/"); ++ exit (strcmp((char *)crypt("rasmuslerdorf",salt),answer)); + #else + exit(0); + #endif +@@ -213,12 +213,13 @@ AC_TRY_RUN([ + + main() { + #if HAVE_CRYPT +- char salt[30], answer[80]; +- salt[0]='$'; salt[1]='5'; salt[2]='$'; salt[3]='$'; salt[4]='s'; salt[5]='a'; salt[6]='l'; salt[7]='t'; salt[8]='s'; salt[9]='t'; salt[10]='r'; salt[11]='i'; salt[12]='n'; salt[13]='g'; salt[14]='\0'; +- strcat(salt,""); ++ char salt[21], answer[21+43]; ++ ++ strcpy(salt,"\$5\$rasmuslerdorf\$"); + strcpy(answer, salt); +- strcpy(&answer[29], "$5$saltstring$5B8vYYiY.CVt1RlTTf8KbXBH3hsxY/GNooZaBBGWEc5"); +- exit (strcmp((char *)crypt("foo",salt),answer)); ++ strcat(answer, "cFAm2puLCujQ9t.0CxiFIIvFi4JyQx5UncCt/xRIX23"); ++ exit (strcmp((char *)crypt("rasmuslerdorf",salt),answer)); ++ + #else + exit(0); + #endif --- php5-5.3.10.orig/debian/patches/libdb_is_-ldb +++ php5-5.3.10/debian/patches/libdb_is_-ldb @@ -0,0 +1,17 @@ +Description: Let configure check detect version-less libdbs to support + newer versions without patching the configure code. +Origin: vendor +Forwarded: no +Last-Update: 2010-01-18 + +--- a/ext/dba/config.m4 ++++ b/ext/dba/config.m4 +@@ -327,7 +327,7 @@ if test "$PHP_DB4" != "no"; then + break + fi + done +- PHP_DBA_DB_CHECK(4, db-5.1 db-5.0 db-4.8 db-4.7 db-4.6 db-4.5 db-4.4 db-4.3 db-4.2 db-4.1 db-4.0 db-4 db4 db, [(void)db_create((DB**)0, (DB_ENV*)0, 0)]) ++ PHP_DBA_DB_CHECK(4, db, [(void)db_create((DB**)0, (DB_ENV*)0, 0)]) + fi + PHP_DBA_STD_RESULT(db4,Berkeley DB4) + --- php5-5.3.10.orig/debian/patches/057-no_apache_installed.patch +++ php5-5.3.10/debian/patches/057-no_apache_installed.patch @@ -0,0 +1,89 @@ +Description: Disable installed-apache configure check +Origin: vendor +Forwarded: no +Last-Update: 2010-01-18 + +--- a/sapi/apache2handler/config.m4 ++++ b/sapi/apache2handler/config.m4 +@@ -59,13 +59,13 @@ if test "$PHP_APXS2" != "no"; then + + APACHE_CFLAGS="$APACHE_CPPFLAGS -I$APXS_INCLUDEDIR $APR_CFLAGS $APU_CFLAGS" + +- # Test that we're trying to configure with apache 2.x +- PHP_AP_EXTRACT_VERSION($APXS_HTTPD) +- if test "$APACHE_VERSION" -le 2000000; then +- AC_MSG_ERROR([You have enabled Apache 2 support while your server is Apache 1.3. Please use the appropiate switch --with-apxs (without the 2)]) +- elif test "$APACHE_VERSION" -lt 2000044; then +- AC_MSG_ERROR([Please note that Apache version >= 2.0.44 is required]) +- fi ++dnl # Test that we're trying to configure with apache 2.x ++dnl PHP_AP_EXTRACT_VERSION($APXS_HTTPD) ++dnl if test "$APACHE_VERSION" -le 2000000; then ++dnl AC_MSG_ERROR([You have enabled Apache 2 support while your server is Apache 1.3. Please use the appropiate switch --with-apxs (without the 2)]) ++dnl elif test "$APACHE_VERSION" -lt 2000044; then ++dnl AC_MSG_ERROR([Please note that Apache version >= 2.0.44 is required]) ++dnl fi + + APXS_LIBEXECDIR='$(INSTALL_ROOT)'`$APXS -q LIBEXECDIR` + if test -z `$APXS -q SYSCONFDIR`; then +--- a/sapi/apache/config.m4 ++++ b/sapi/apache/config.m4 +@@ -56,11 +56,11 @@ if test "$PHP_APXS" != "no"; then + APXS_HTTPD=`$APXS -q SBINDIR`/`$APXS -q TARGET` + APACHE_INCLUDE=-I$APXS_INCLUDEDIR + +- # Test that we're trying to configure with apache 1.x +- PHP_AP_EXTRACT_VERSION($APXS_HTTPD) +- if test "$APACHE_VERSION" -ge 2000000; then +- AC_MSG_ERROR([You have enabled Apache 1.3 support while your server is Apache 2. Please use the appropiate switch --with-apxs2]) +- fi ++dnl # Test that we're trying to configure with apache 1.x ++dnl PHP_AP_EXTRACT_VERSION($APXS_HTTPD) ++dnl if test "$APACHE_VERSION" -ge 2000000; then ++dnl AC_MSG_ERROR([You have enabled Apache 1.3 support while your server is Apache 2. Please use the appropiate switch --with-apxs2]) ++dnl fi + + for flag in $APXS_CFLAGS; do + case $flag in +--- a/sapi/apache2filter/config.m4 ++++ b/sapi/apache2filter/config.m4 +@@ -60,13 +60,13 @@ if test "$PHP_APXS2FILTER" != "no"; then + + APACHE_CFLAGS="$APACHE_CPPFLAGS -I$APXS_INCLUDEDIR $APR_CFLAGS $APU_CFLAGS" + +- # Test that we're trying to configure with apache 2.x +- PHP_AP_EXTRACT_VERSION($APXS_HTTPD) +- if test "$APACHE_VERSION" -le 2000000; then +- AC_MSG_ERROR([You have enabled Apache 2 support while your server is Apache 1.3. Please use the appropiate switch --with-apxs (without the 2)]) +- elif test "$APACHE_VERSION" -lt 2000040; then +- AC_MSG_ERROR([Please note that Apache version >= 2.0.40 is required]) +- fi ++dnl # Test that we're trying to configure with apache 2.x ++dnl PHP_AP_EXTRACT_VERSION($APXS_HTTPD) ++dnl if test "$APACHE_VERSION" -le 2000000; then ++dnl AC_MSG_ERROR([You have enabled Apache 2 support while your server is Apache 1.3. Please use the appropiate switch --with-apxs (without the 2)]) ++dnl elif test "$APACHE_VERSION" -lt 2000040; then ++dnl AC_MSG_ERROR([Please note that Apache version >= 2.0.40 is required]) ++dnl fi + + APXS_LIBEXECDIR='$(INSTALL_ROOT)'`$APXS -q LIBEXECDIR` + if test -z `$APXS -q SYSCONFDIR`; then +--- a/sapi/apache_hooks/config.m4 ++++ b/sapi/apache_hooks/config.m4 +@@ -57,11 +57,11 @@ if test "$PHP_APACHE_HOOKS" != "no"; the + APXS_HTTPD=`$APXS -q SBINDIR`/`$APXS -q TARGET` + APACHE_INCLUDE=-I$APXS_INCLUDEDIR + +- # Test that we're trying to configure with apache 1.x +- PHP_AP_EXTRACT_VERSION($APXS_HTTPD) +- if test "$APACHE_VERSION" -ge 2000000; then +- AC_MSG_ERROR([You have enabled Apache 1.3 support while your server is Apache 2. Please use the appropiate switch --with-apxs2]) +- fi ++dnl # Test that we're trying to configure with apache 1.x ++dnl PHP_AP_EXTRACT_VERSION($APXS_HTTPD) ++dnl if test "$APACHE_VERSION" -ge 2000000; then ++dnl AC_MSG_ERROR([You have enabled Apache 1.3 support while your server is Apache 2. Please use the appropiate switch --with-apxs2]) ++dnl fi + + for flag in $APXS_CFLAGS; do + case $flag in --- php5-5.3.10.orig/debian/patches/CVE-2016-5769.patch +++ php5-5.3.10/debian/patches/CVE-2016-5769.patch @@ -0,0 +1,35 @@ +From 6c5211a0cef0cc2854eaa387e0eb036e012904d0 Mon Sep 17 00:00:00 2001 +From: Stanislav Malyshev +Date: Mon, 20 Jun 2016 21:51:42 -0700 +Subject: [PATCH] Fix bug #72455: Heap Overflow due to integer overflows + +--- + ext/mcrypt/mcrypt.c | 92 +++++++++++++++++++++++++++++------------------------ + 1 file changed, 50 insertions(+), 42 deletions(-) + +Index: php5-5.5.9+dfsg/ext/mcrypt/mcrypt.c +=================================================================== +--- php5-5.5.9+dfsg.orig/ext/mcrypt/mcrypt.c 2016-07-28 08:45:01.419855566 -0400 ++++ php5-5.5.9+dfsg/ext/mcrypt/mcrypt.c 2016-07-28 08:45:01.419855566 -0400 +@@ -677,6 +677,10 @@ + if (mcrypt_enc_is_block_mode(pm->td) == 1) { /* It's a block algorithm */ + block_size = mcrypt_enc_get_block_size(pm->td); + data_size = (((data_len - 1) / block_size) + 1) * block_size; ++ if (data_size <= 0) { ++ php_error_docref(NULL TSRMLS_CC, E_WARNING, "Integer overflow in data size"); ++ RETURN_FALSE; ++ } + data_s = emalloc(data_size + 1); + memset(data_s, 0, data_size); + memcpy(data_s, data, data_len); +@@ -722,6 +726,10 @@ + if (mcrypt_enc_is_block_mode(pm->td) == 1) { /* It's a block algorithm */ + block_size = mcrypt_enc_get_block_size(pm->td); + data_size = (((data_len - 1) / block_size) + 1) * block_size; ++ if (data_size <= 0) { ++ php_error_docref(NULL TSRMLS_CC, E_WARNING, "Integer overflow in data size"); ++ RETURN_FALSE; ++ } + data_s = emalloc(data_size + 1); + memset(data_s, 0, data_size); + memcpy(data_s, data, data_len); --- php5-5.3.10.orig/debian/patches/CVE-2013-4248.patch +++ php5-5.3.10/debian/patches/CVE-2013-4248.patch @@ -0,0 +1,174 @@ +Description: fix SSL cert validation spoofing via NULL character in subjectAltName. +Origin: upstream, http://git.php.net/?p=php-src.git;a=commit;h=dcea4ec698dcae39b7bba6f6aa08933cbfee6755 +Origin: upstream, http://git.php.net/?p=php-src.git;a=commit;h=c1c49d6e3983c9ce0b43ffe7bf6e03b809ed048b +Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=719765 + +Index: php5-5.3.10/ext/openssl/openssl.c +=================================================================== +--- php5-5.3.10.orig/ext/openssl/openssl.c 2013-09-04 12:53:24.831115542 -0400 ++++ php5-5.3.10/ext/openssl/openssl.c 2013-09-04 12:53:59.103116420 -0400 +@@ -1326,6 +1326,74 @@ + } + /* }}} */ + ++/* Special handling of subjectAltName, see CVE-2013-4073 ++ * Christian Heimes ++ */ ++ ++static int openssl_x509v3_subjectAltName(BIO *bio, X509_EXTENSION *extension) ++{ ++ GENERAL_NAMES *names; ++ const X509V3_EXT_METHOD *method = NULL; ++ long i, length, num; ++ const unsigned char *p; ++ ++ method = X509V3_EXT_get(extension); ++ if (method == NULL) { ++ return -1; ++ } ++ ++ p = extension->value->data; ++ length = extension->value->length; ++ if (method->it) { ++ names = (GENERAL_NAMES*)(ASN1_item_d2i(NULL, &p, length, ++ ASN1_ITEM_ptr(method->it))); ++ } else { ++ names = (GENERAL_NAMES*)(method->d2i(NULL, &p, length)); ++ } ++ if (names == NULL) { ++ return -1; ++ } ++ ++ num = sk_GENERAL_NAME_num(names); ++ for (i = 0; i < num; i++) { ++ GENERAL_NAME *name; ++ ASN1_STRING *as; ++ name = sk_GENERAL_NAME_value(names, i); ++ switch (name->type) { ++ case GEN_EMAIL: ++ BIO_puts(bio, "email:"); ++ as = name->d.rfc822Name; ++ BIO_write(bio, ASN1_STRING_data(as), ++ ASN1_STRING_length(as)); ++ break; ++ case GEN_DNS: ++ BIO_puts(bio, "DNS:"); ++ as = name->d.dNSName; ++ BIO_write(bio, ASN1_STRING_data(as), ++ ASN1_STRING_length(as)); ++ break; ++ case GEN_URI: ++ BIO_puts(bio, "URI:"); ++ as = name->d.uniformResourceIdentifier; ++ BIO_write(bio, ASN1_STRING_data(as), ++ ASN1_STRING_length(as)); ++ break; ++ default: ++ /* use builtin print for GEN_OTHERNAME, GEN_X400, ++ * GEN_EDIPARTY, GEN_DIRNAME, GEN_IPADD and GEN_RID ++ */ ++ GENERAL_NAME_print(bio, name); ++ } ++ /* trailing ', ' except for last element */ ++ if (i < (num - 1)) { ++ BIO_puts(bio, ", "); ++ } ++ } ++ sk_GENERAL_NAME_pop_free(names, GENERAL_NAME_free); ++ ++ return 0; ++} ++ + /* {{{ proto array openssl_x509_parse(mixed x509 [, bool shortnames=true]) + Returns an array of the fields/values of the CERT */ + PHP_FUNCTION(openssl_x509_parse) +@@ -1422,15 +1490,30 @@ + + + for (i = 0; i < X509_get_ext_count(cert); i++) { ++ int nid; + extension = X509_get_ext(cert, i); +- if (OBJ_obj2nid(X509_EXTENSION_get_object(extension)) != NID_undef) { ++ nid = OBJ_obj2nid(X509_EXTENSION_get_object(extension)); ++ if (nid != NID_undef) { + extname = (char *)OBJ_nid2sn(OBJ_obj2nid(X509_EXTENSION_get_object(extension))); + } else { + OBJ_obj2txt(buf, sizeof(buf)-1, X509_EXTENSION_get_object(extension), 1); + extname = buf; + } + bio_out = BIO_new(BIO_s_mem()); +- if (X509V3_EXT_print(bio_out, extension, 0, 0)) { ++ if (nid == NID_subject_alt_name) { ++ if (openssl_x509v3_subjectAltName(bio_out, extension) == 0) { ++ BIO_get_mem_ptr(bio_out, &bio_buf); ++ add_assoc_stringl(subitem, extname, bio_buf->data, bio_buf->length, 1); ++ } else { ++ zval_dtor(return_value); ++ if (certresource == -1 && cert) { ++ X509_free(cert); ++ } ++ BIO_free(bio_out); ++ RETURN_FALSE; ++ } ++ } ++ else if (X509V3_EXT_print(bio_out, extension, 0, 0)) { + BIO_get_mem_ptr(bio_out, &bio_buf); + add_assoc_stringl(subitem, extname, bio_buf->data, bio_buf->length, 1); + } else { +Index: php5-5.3.10/ext/openssl/tests/cve2013_4073.pem +=================================================================== +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ php5-5.3.10/ext/openssl/tests/cve2013_4073.pem 2013-09-04 12:53:56.639116356 -0400 +@@ -0,0 +1,28 @@ ++-----BEGIN CERTIFICATE----- ++MIIE2DCCA8CgAwIBAgIBADANBgkqhkiG9w0BAQUFADCBxTELMAkGA1UEBhMCVVMx ++DzANBgNVBAgMBk9yZWdvbjESMBAGA1UEBwwJQmVhdmVydG9uMSMwIQYDVQQKDBpQ ++eXRob24gU29mdHdhcmUgRm91bmRhdGlvbjEgMB4GA1UECwwXUHl0aG9uIENvcmUg ++RGV2ZWxvcG1lbnQxJDAiBgNVBAMMG251bGwucHl0aG9uLm9yZwBleGFtcGxlLm9y ++ZzEkMCIGCSqGSIb3DQEJARYVcHl0aG9uLWRldkBweXRob24ub3JnMB4XDTEzMDgw ++NzEzMTE1MloXDTEzMDgwNzEzMTI1MlowgcUxCzAJBgNVBAYTAlVTMQ8wDQYDVQQI ++DAZPcmVnb24xEjAQBgNVBAcMCUJlYXZlcnRvbjEjMCEGA1UECgwaUHl0aG9uIFNv ++ZnR3YXJlIEZvdW5kYXRpb24xIDAeBgNVBAsMF1B5dGhvbiBDb3JlIERldmVsb3Bt ++ZW50MSQwIgYDVQQDDBtudWxsLnB5dGhvbi5vcmcAZXhhbXBsZS5vcmcxJDAiBgkq ++hkiG9w0BCQEWFXB5dGhvbi1kZXZAcHl0aG9uLm9yZzCCASIwDQYJKoZIhvcNAQEB ++BQADggEPADCCAQoCggEBALXq7cn7Rn1vO3aA3TrzA5QLp6bb7B3f/yN0CJ2XFj+j ++pHs+Gw6WWSUDpybiiKnPec33BFawq3kyblnBMjBU61ioy5HwQqVkJ8vUVjGIUq3P ++vX/wBmQfzCe4o4uM89gpHyUL9UYGG8oCRa17dgqcv7u5rg0Wq2B1rgY+nHwx3JIv ++KRrgSwyRkGzpN8WQ1yrXlxWjgI9de0mPVDDUlywcWze1q2kwaEPTM3hLAmD1PESA ++oY/n8A/RXoeeRs9i/Pm/DGUS8ZPINXk/yOzsR/XvvkTVroIeLZqfmFpnZeF0cHzL ++08LODkVJJ9zjLdT7SA4vnne4FEbAxDbKAq5qkYzaL4UCAwEAAaOB0DCBzTAMBgNV ++HRMBAf8EAjAAMB0GA1UdDgQWBBSIWlXAUv9hzVKjNQ/qWpwkOCL3XDALBgNVHQ8E ++BAMCBeAwgZAGA1UdEQSBiDCBhYIeYWx0bnVsbC5weXRob24ub3JnAGV4YW1wbGUu ++Y29tgSBudWxsQHB5dGhvbi5vcmcAdXNlckBleGFtcGxlLm9yZ4YpaHR0cDovL251 ++bGwucHl0aG9uLm9yZwBodHRwOi8vZXhhbXBsZS5vcmeHBMAAAgGHECABDbgAAAAA ++AAAAAAAAAAEwDQYJKoZIhvcNAQEFBQADggEBAKxPRe99SaghcI6IWT7UNkJw9aO9 ++i9eo0Fj2MUqxpKbdb9noRDy2CnHWf7EIYZ1gznXPdwzSN4YCjV5d+Q9xtBaowT0j ++HPERs1ZuytCNNJTmhyqZ8q6uzMLoht4IqH/FBfpvgaeC5tBTnTT0rD5A/olXeimk ++kX4LxlEx5RAvpGB2zZVRGr6LobD9rVK91xuHYNIxxxfEGE8tCCWjp0+3ksri9SXx ++VHWBnbM9YaL32u3hxm8sYB/Yb8WSBavJCWJJqRStVRHM1koZlJmXNx2BX4vPo6iW ++RFEIPQsFZRLrtnCAiEhyT8bC2s/Njlu6ly9gtJZWSV46Q3ZjBL4q9sHKqZQ= ++-----END CERTIFICATE----- +Index: php5-5.3.10/ext/openssl/tests/cve2013_4073.phpt +=================================================================== +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ php5-5.3.10/ext/openssl/tests/cve2013_4073.phpt 2013-09-04 12:53:56.639116356 -0400 +@@ -0,0 +1,19 @@ ++--TEST-- ++CVE 2013-4073: Null-byte certificate handling ++--SKIPIF-- ++ 'CA:FALSE', ++ 'subjectKeyIdentifier' => '88:5A:55:C0:52:FF:61:CD:52:A3:35:0F:EA:5A:9C:24:38:22:F7:5C', ++ 'keyUsage' => 'Digital Signature, Non Repudiation, Key Encipherment', ++ 'subjectAltName' => 'DNS:altnull.python.org' . "\0" . 'example.com, email:null@python.org' . "\0" . 'user@example.org, URI:http://null.python.org' . "\0" . 'http://example.org, IP Address:192.0.2.1, IP Address:2001:DB8:0:0:0:0:0:1 ++', ++) --- php5-5.3.10.orig/debian/patches/bug53070.patch +++ php5-5.3.10/debian/patches/bug53070.patch @@ -0,0 +1,20 @@ +--- a/ext/enchant/enchant.c ++++ b/ext/enchant/enchant.c +@@ -429,6 +429,8 @@ PHP_FUNCTION(enchant_broker_set_dict_pat + if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "rls", &broker, &dict_type, &value, &value_len) == FAILURE) { + RETURN_FALSE; + } ++ ++ PHP_ENCHANT_GET_BROKER; + + if (!value_len) { + RETURN_FALSE; +@@ -485,6 +487,8 @@ PHP_FUNCTION(enchant_broker_get_dict_pat + default: + RETURN_FALSE; + } ++ ++ PHP_ENCHANT_GET_BROKER; + + RETURN_STRING(value, 1); + } --- php5-5.3.10.orig/debian/patches/100-recode_is_shared.patch +++ php5-5.3.10/debian/patches/100-recode_is_shared.patch @@ -0,0 +1,16 @@ +Description: Turn recode conflicts error message into a warning. The + recode extension is packaged as a shared library in Debian. +Origin: vendor +Forwarded: no +Last-Update: 2010-01-18 + +--- a/ext/recode/config9.m4 ++++ b/ext/recode/config9.m4 +@@ -13,6 +13,6 @@ if test "$PHP_RECODE" != "no"; then + fi + + if test -n "$recode_conflict"; then +- AC_MSG_ERROR([recode extension can not be configured together with:$recode_conflict]) ++ AC_MSG_WARN([recode extension can not be used together with:$recode_conflict]) + fi + fi --- php5-5.3.10.orig/debian/patches/CVE-2014-0207.patch +++ php5-5.3.10/debian/patches/CVE-2014-0207.patch @@ -0,0 +1,38 @@ +Backport of: + +From 4fcb9a9d1b1063a65fbeb27395de4979c75bd962 Mon Sep 17 00:00:00 2001 +From: Remi Collet +Date: Tue, 3 Jun 2014 11:05:00 +0200 +Subject: [PATCH] Fix bug #67326 fileinfo: cdf_read_short_sector insufficient + boundary check + +Upstream fix https://github.com/file/file/commit/6d209c1c489457397a5763bca4b28e43aac90391.patch +Only revelant part applied +--- + ext/fileinfo/libmagic/cdf.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +Index: php5-5.3.10/ext/fileinfo/libmagic/cdf.c +=================================================================== +--- php5-5.3.10.orig/ext/fileinfo/libmagic/cdf.c 2014-07-07 07:51:24.630671871 -0400 ++++ php5-5.3.10/ext/fileinfo/libmagic/cdf.c 2014-07-07 08:00:44.578663195 -0400 +@@ -322,9 +322,17 @@ + cdf_read_short_sector(const cdf_stream_t *sst, void *buf, size_t offs, + size_t len, const cdf_header_t *h, cdf_secid_t id) + { +- assert((size_t)CDF_SHORT_SEC_SIZE(h) == len); ++ size_t ss = CDF_SHORT_SEC_SIZE(h); ++ size_t pos = CDF_SHORT_SEC_POS(h, id); ++ assert(ss == len); ++ if (pos + len > CDF_SEC_SIZE(h) * sst->sst_len) { ++ DPRINTF(("Out of bounds read %" SIZE_T_FORMAT "u > %" ++ SIZE_T_FORMAT "u\n", ++ pos + len, CDF_SEC_SIZE(h) * sst->sst_len)); ++ return -1; ++ } + (void)memcpy(((char *)buf) + offs, +- ((const char *)sst->sst_tab) + CDF_SHORT_SEC_POS(h, id), len); ++ ((const char *)sst->sst_tab) + pos, len); + return len; + } + --- php5-5.3.10.orig/debian/patches/CVE-2011-1398.patch +++ php5-5.3.10/debian/patches/CVE-2011-1398.patch @@ -0,0 +1,160 @@ +Description: fix HTTP response-splitting issue with %0D sequences +Origin: upstream, http://git.php.net/?p=php-src.git;a=commit;h=61088ce7296f2a3b4b53e60bdf413455b870664d +Origin: upstream, http://git.php.net/?p=php-src.git;a=commit;h=8e82bda330264d290a5e55580eea2eb875d4cb69 +Origin: upstream, http://git.php.net/?p=php-src.git;a=commit;h=ca58cd01fc329f907a13b82370427715d9c5bf70 +Origin: upstream, http://git.php.net/?p=php-src.git;a=commit;h=daa190f8fd5441b077bfd5ae8e999596a8c34dd3 +Bug: https://bugs.php.net/bug.php?id=60227 + +Index: php5-5.3.10/ext/standard/tests/general_functions/bug60227_1.phpt +=================================================================== +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ php5-5.3.10/ext/standard/tests/general_functions/bug60227_1.phpt 2012-09-12 08:06:30.936972152 -0400 +@@ -0,0 +1,20 @@ ++--TEST-- ++Bug #60227 (header() cannot detect the multi-line header with CR) ++--FILE-- ++ ++--EXPECTF-- ++Warning: Header may not contain more than a single header, new line detected in %s on line %d ++foo ++--EXPECTHEADERS-- ++X-Foo1: a ++X-Foo2: b ++X-Foo3: c ++X-Foo4: d ++ +Index: php5-5.3.10/ext/standard/tests/general_functions/bug60227_2.phpt +=================================================================== +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ php5-5.3.10/ext/standard/tests/general_functions/bug60227_2.phpt 2012-09-12 08:06:30.936972152 -0400 +@@ -0,0 +1,14 @@ ++--TEST-- ++Bug #60227 (header() cannot detect the multi-line header with CR), \r before \n ++--FILE-- ++ ++--EXPECTF-- ++Warning: Header may not contain more than a single header, new line detected in %s on line %d ++foo ++--EXPECTHEADERS-- ++X-foo: e ++foo +Index: php5-5.3.10/ext/standard/tests/general_functions/bug60227_3.phpt +=================================================================== +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ php5-5.3.10/ext/standard/tests/general_functions/bug60227_3.phpt 2012-09-12 08:06:30.936972152 -0400 +@@ -0,0 +1,14 @@ ++--TEST-- ++Bug #60227 (header() cannot detect the multi-line header with CR), \0 before \n ++--FILE-- ++ ++--EXPECTF-- ++Warning: Header may not contain NUL bytes in %s on line %d ++foo ++--EXPECTHEADERS-- ++X-foo: e ++foo +Index: php5-5.3.10/ext/standard/tests/general_functions/bug60227_4.phpt +=================================================================== +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ php5-5.3.10/ext/standard/tests/general_functions/bug60227_4.phpt 2012-09-12 08:06:30.936972152 -0400 +@@ -0,0 +1,14 @@ ++--TEST-- ++Bug #60227 (header() cannot detect the multi-line header with CR), CRLF ++--FILE-- ++ ++--EXPECTF-- ++Warning: Header may not contain more than a single header, new line detected in %s on line %d ++foo ++--EXPECTHEADERS-- ++X-foo: e ++ foo +Index: php5-5.3.10/main/SAPI.c +=================================================================== +--- php5-5.3.10.orig/main/SAPI.c 2012-09-11 11:37:31.155084045 -0400 ++++ php5-5.3.10/main/SAPI.c 2012-09-12 08:06:30.936972152 -0400 +@@ -590,16 +590,26 @@ + return FAILURE; + } + } else { +- /* new line safety check */ +- char *s = header_line, *e = header_line + header_line_len, *p; +- while (s < e && (p = memchr(s, '\n', (e - s)))) { +- if (*(p + 1) == ' ' || *(p + 1) == '\t') { +- s = p + 1; +- continue; ++ /* new line/NUL character safety check */ ++ int i; ++ for (i = 0; i < header_line_len; i++) { ++ /* RFC 2616 allows new lines if followed by SP or HT */ ++ int illegal_break = ++ (header_line[i+1] != ' ' && header_line[i+1] != '\t') ++ && ( ++ header_line[i] == '\n' ++ || (header_line[i] == '\r' && header_line[i+1] != '\n')); ++ if (illegal_break) { ++ efree(header_line); ++ sapi_module.sapi_error(E_WARNING, "Header may not contain " ++ "more than a single header, new line detected"); ++ return FAILURE; ++ } ++ if (header_line[i] == '\0') { ++ efree(header_line); ++ sapi_module.sapi_error(E_WARNING, "Header may not contain NUL bytes"); ++ return FAILURE; + } +- efree(header_line); +- sapi_module.sapi_error(E_WARNING, "Header may not contain more than a single header, new line detected."); +- return FAILURE; + } + } + +Index: php5-5.3.10/ext/phar/phar_object.c +=================================================================== +--- php5-5.3.10.orig/ext/phar/phar_object.c 2012-01-01 08:15:04.000000000 -0500 ++++ php5-5.3.10/ext/phar/phar_object.c 2012-09-12 08:06:56.272972802 -0400 +@@ -427,7 +427,7 @@ + sapi_header_line ctr = {0}; + + ctr.response_code = 403; +- ctr.line_len = sizeof("HTTP/1.0 403 Access Denied"); ++ ctr.line_len = sizeof("HTTP/1.0 403 Access Denied")-1; + ctr.line = "HTTP/1.0 403 Access Denied"; + sapi_header_op(SAPI_HEADER_REPLACE, &ctr TSRMLS_CC); + sapi_send_headers(TSRMLS_C); +@@ -452,7 +452,7 @@ + } + + ctr.response_code = 404; +- ctr.line_len = sizeof("HTTP/1.0 404 Not Found")+1; ++ ctr.line_len = sizeof("HTTP/1.0 404 Not Found")-1; + ctr.line = "HTTP/1.0 404 Not Found"; + sapi_header_op(SAPI_HEADER_REPLACE, &ctr TSRMLS_CC); + sapi_send_headers(TSRMLS_C); +@@ -891,7 +891,7 @@ + char *tmp = NULL, sa = '\0'; + sapi_header_line ctr = {0}; + ctr.response_code = 301; +- ctr.line_len = sizeof("HTTP/1.1 301 Moved Permanently")+1; ++ ctr.line_len = sizeof("HTTP/1.1 301 Moved Permanently")-1; + ctr.line = "HTTP/1.1 301 Moved Permanently"; + sapi_header_op(SAPI_HEADER_REPLACE, &ctr TSRMLS_CC); + --- php5-5.3.10.orig/debian/patches/mssql-null-exception.patch +++ php5-5.3.10/debian/patches/mssql-null-exception.patch @@ -0,0 +1,13 @@ +--- a/ext/pdo_dblib/dblib_driver.c ++++ b/ext/pdo_dblib/dblib_driver.c +@@ -230,8 +230,10 @@ static int pdo_dblib_handle_factory(pdo_ + goto cleanup; + } + ++#if PHP_DBLIB_IS_MSSQL + /* dblib do not return more than this length from text/image */ + DBSETOPT(H->link, DBTEXTLIMIT, "2147483647"); ++#endif + + /* limit text/image from network */ + DBSETOPT(H->link, DBTEXTSIZE, "2147483647"); --- php5-5.3.10.orig/debian/patches/CVE-2015-2783.patch +++ php5-5.3.10/debian/patches/CVE-2015-2783.patch @@ -0,0 +1,180 @@ +Description: fix buffer overflow in unserialize when parsing Phar +Origin: upstream, http://git.php.net/?p=php-src.git;a=commit;h=9faaee66fa493372c7340b1ab05f8fd115131a42 +Origin: upstream, http://git.php.net/?p=php-src.git;a=commit;h=12d3bdee3dfa6605024a72080d8a17c165c5ed24 +Bug: https://bugs.php.net/bug.php?id=69324 + +Index: php5-5.3.10/ext/phar/phar.c +=================================================================== +--- php5-5.3.10.orig/ext/phar/phar.c 2015-04-17 06:24:19.250127940 -0400 ++++ php5-5.3.10/ext/phar/phar.c 2015-04-17 06:24:19.246127904 -0400 +@@ -600,52 +600,41 @@ + * + * Meta-data is in this format: + * [len32][data...] +- * ++ * + * data is the serialized zval + */ +-int phar_parse_metadata(char **buffer, zval **metadata, int zip_metadata_len TSRMLS_DC) /* {{{ */ ++int phar_parse_metadata(char **buffer, zval **metadata, php_uint32 zip_metadata_len TSRMLS_DC) /* {{{ */ + { +- const unsigned char *p; +- php_uint32 buf_len; + php_unserialize_data_t var_hash; + +- if (!zip_metadata_len) { +- PHAR_GET_32(*buffer, buf_len); +- } else { +- buf_len = zip_metadata_len; +- } +- +- if (buf_len) { ++ if (zip_metadata_len) { ++ const unsigned char *p, *p_buff = estrndup(*buffer, zip_metadata_len); ++ p = p_buff; + ALLOC_ZVAL(*metadata); + INIT_ZVAL(**metadata); +- p = (const unsigned char*) *buffer; + PHP_VAR_UNSERIALIZE_INIT(var_hash); + +- if (!php_var_unserialize(metadata, &p, p + buf_len, &var_hash TSRMLS_CC)) { ++ if (!php_var_unserialize(metadata, &p, p + zip_metadata_len, &var_hash TSRMLS_CC)) { ++ efree(p_buff); + PHP_VAR_UNSERIALIZE_DESTROY(var_hash); + zval_ptr_dtor(metadata); + *metadata = NULL; + return FAILURE; + } +- ++ efree(p_buff); + PHP_VAR_UNSERIALIZE_DESTROY(var_hash); + + if (PHAR_G(persist)) { + /* lazy init metadata */ + zval_ptr_dtor(metadata); +- *metadata = (zval *) pemalloc(buf_len, 1); +- memcpy(*metadata, *buffer, buf_len); +- *buffer += buf_len; ++ *metadata = (zval *) pemalloc(zip_metadata_len, 1); ++ memcpy(*metadata, *buffer, zip_metadata_len); + return SUCCESS; + } + } else { + *metadata = NULL; + } + +- if (!zip_metadata_len) { +- *buffer += buf_len; +- } +- + return SUCCESS; + } + /* }}}*/ +@@ -655,7 +644,7 @@ + * + * Parse a new one and add it to the cache, returning either SUCCESS or + * FAILURE, and setting pphar to the pointer to the manifest entry +- * ++ * + * This is used by phar_open_from_filename to process the manifest, but can be called + * directly. + */ +@@ -666,6 +655,7 @@ + phar_entry_info entry; + php_uint32 manifest_len, manifest_count, manifest_flags, manifest_index, tmp_len, sig_flags; + php_uint16 manifest_ver; ++ php_uint32 len; + long offset; + int sig_len, register_alias = 0, temp_alias = 0; + char *signature = NULL; +@@ -1031,16 +1021,21 @@ + mydata->is_persistent = PHAR_G(persist); + + /* check whether we have meta data, zero check works regardless of byte order */ ++ PHAR_GET_32(buffer, len); + if (mydata->is_persistent) { +- PHAR_GET_32(buffer, mydata->metadata_len); +- if (phar_parse_metadata(&buffer, &mydata->metadata, mydata->metadata_len TSRMLS_CC) == FAILURE) { +- MAPPHAR_FAIL("unable to read phar metadata in .phar file \"%s\""); +- } +- } else { +- if (phar_parse_metadata(&buffer, &mydata->metadata, 0 TSRMLS_CC) == FAILURE) { +- MAPPHAR_FAIL("unable to read phar metadata in .phar file \"%s\""); ++ mydata->metadata_len = len; ++ if(!len) { ++ /* FIXME: not sure why this is needed but removing it breaks tests */ ++ PHAR_GET_32(buffer, len); + } + } ++ if(len > endbuffer - buffer) { ++ MAPPHAR_FAIL("internal corruption of phar \"%s\" (trying to read past buffer end)"); ++ } ++ if (phar_parse_metadata(&buffer, &mydata->metadata, len TSRMLS_CC) == FAILURE) { ++ MAPPHAR_FAIL("unable to read phar metadata in .phar file \"%s\""); ++ } ++ buffer += len; + + /* set up our manifest */ + zend_hash_init(&mydata->manifest, manifest_count, +@@ -1075,7 +1070,7 @@ + entry.manifest_pos = manifest_index; + } + +- if (buffer + entry.filename_len + 20 > endbuffer) { ++ if (entry.filename_len + 20 > endbuffer - buffer) { + MAPPHAR_FAIL("internal corruption of phar \"%s\" (truncated manifest entry)"); + } + +@@ -1111,19 +1106,20 @@ + entry.flags |= PHAR_ENT_PERM_DEF_DIR; + } + ++ PHAR_GET_32(buffer, len); + if (entry.is_persistent) { +- PHAR_GET_32(buffer, entry.metadata_len); +- if (!entry.metadata_len) buffer -= 4; +- if (phar_parse_metadata(&buffer, &entry.metadata, entry.metadata_len TSRMLS_CC) == FAILURE) { +- pefree(entry.filename, entry.is_persistent); +- MAPPHAR_FAIL("unable to read file metadata in .phar file \"%s\""); +- } ++ entry.metadata_len = len; + } else { +- if (phar_parse_metadata(&buffer, &entry.metadata, 0 TSRMLS_CC) == FAILURE) { +- pefree(entry.filename, entry.is_persistent); +- MAPPHAR_FAIL("unable to read file metadata in .phar file \"%s\""); +- } ++ entry.metadata_len = 0; + } ++ if (len > endbuffer - buffer) { ++ MAPPHAR_FAIL("internal corruption of phar \"%s\" (truncated manifest entry)"); ++ } ++ if (phar_parse_metadata(&buffer, &entry.metadata, len TSRMLS_CC) == FAILURE) { ++ pefree(entry.filename, entry.is_persistent); ++ MAPPHAR_FAIL("unable to read file metadata in .phar file \"%s\""); ++ } ++ buffer += len; + + entry.offset = entry.offset_abs = offset; + offset += entry.compressed_filesize; +@@ -2243,7 +2239,7 @@ + + /** + * Process a phar stream name, ensuring we can handle any of: +- * ++ * + * - whatever.phar + * - whatever.phar.gz + * - whatever.phar.bz2 +Index: php5-5.3.10/ext/phar/phar_internal.h +=================================================================== +--- php5-5.3.10.orig/ext/phar/phar_internal.h 2015-04-17 06:24:19.250127940 -0400 ++++ php5-5.3.10/ext/phar/phar_internal.h 2015-04-17 06:24:19.250127940 -0400 +@@ -654,7 +654,7 @@ + char *phar_find_in_include_path(char *file, int file_len, phar_archive_data **pphar TSRMLS_DC); + char *phar_fix_filepath(char *path, int *new_len, int use_cwd TSRMLS_DC); + phar_entry_info * phar_open_jit(phar_archive_data *phar, phar_entry_info *entry, char **error TSRMLS_DC); +-int phar_parse_metadata(char **buffer, zval **metadata, int zip_metadata_len TSRMLS_DC); ++int phar_parse_metadata(char **buffer, zval **metadata, php_uint32 zip_metadata_len TSRMLS_DC); + void destroy_phar_manifest_entry(void *pDest); + int phar_seek_efp(phar_entry_info *entry, off_t offset, int whence, off_t position, int follow_links TSRMLS_DC); + php_stream *phar_get_efp(phar_entry_info *entry, int follow_links TSRMLS_DC); --- php5-5.3.10.orig/debian/patches/004-ldap_fix.patch +++ php5-5.3.10/debian/patches/004-ldap_fix.patch @@ -0,0 +1,27 @@ +Description: Prevent null dereferencing in ldap_explode_dn() +Origin: vendor +Bug-Debian: http://bugs.debian.org/205405 +Forwarded: no +Last-Update: 2010-01-18 + +--- a/ext/ldap/ldap.c ++++ b/ext/ldap/ldap.c +@@ -1212,7 +1212,7 @@ PHP_FUNCTION(ldap_explode_dn) + } + + i=0; +- while (ldap_value[i] != NULL) i++; ++ while (ldap_value && ldap_value[i] != NULL) i++; + count = i; + + array_init(return_value); +@@ -1222,7 +1222,8 @@ PHP_FUNCTION(ldap_explode_dn) + add_index_string(return_value, i, ldap_value[i], 1); + } + +- ldap_value_free(ldap_value); ++ if (ldap_value) ++ ldap_value_free(ldap_value); + } + /* }}} */ + --- php5-5.3.10.orig/debian/patches/CVE-2016-5094.patch +++ php5-5.3.10/debian/patches/CVE-2016-5094.patch @@ -0,0 +1,27 @@ +Backport of: + +From 0da8b8b801f9276359262f1ef8274c7812d3dfda Mon Sep 17 00:00:00 2001 +From: Stanislav Malyshev +Date: Sun, 15 May 2016 23:26:51 -0700 +Subject: [PATCH] Fix bug #72135 - don't create strings with lengths outside + int range + +--- + ext/standard/html.c | 50 +++++++++++++++++++++++++++----------------------- + 1 file changed, 27 insertions(+), 23 deletions(-) + +Index: php5-5.3.10/ext/standard/html.c +=================================================================== +--- php5-5.3.10.orig/ext/standard/html.c 2016-07-28 15:02:59.954471510 -0400 ++++ php5-5.3.10/ext/standard/html.c 2016-07-28 15:03:46.531074489 -0400 +@@ -1283,6 +1283,10 @@ + } + + replaced = php_escape_html_entities_ex(str, str_len, &len, all, quote_style, hint_charset, double_encode TSRMLS_CC); ++ if (len > INT_MAX) { ++ efree(replaced); ++ RETURN_FALSE; ++ } + RETVAL_STRINGL(replaced, len, 0); + } + /* }}} */ --- php5-5.3.10.orig/debian/patches/017-pread_pwrite_disable.patch +++ php5-5.3.10/debian/patches/017-pread_pwrite_disable.patch @@ -0,0 +1,28 @@ +Description: Completely disable the usage of pread/pwrite + . + This is an old patch and should be re-checked. +Origin: vendor +Bug-Debian: http://bugs.debian.org/261311 +Forwarded: no +Last-Update: 2010-01-18 + +--- a/acinclude.m4 ++++ b/acinclude.m4 +@@ -1224,7 +1224,7 @@ $1 + } + + ],[ +- ac_cv_pwrite=yes ++ ac_cv_pwrite=no + ],[ + ac_cv_pwrite=no + ],[ +@@ -1253,7 +1253,7 @@ $1 + exit(0); + } + ],[ +- ac_cv_pread=yes ++ ac_cv_pread=no + ],[ + ac_cv_pread=no + ],[ --- php5-5.3.10.orig/debian/patches/CVE-2014-4670.patch +++ php5-5.3.10/debian/patches/CVE-2014-4670.patch @@ -0,0 +1,63 @@ +From df78c48354f376cf419d7a97f88ca07d572f00fb Mon Sep 17 00:00:00 2001 +From: Xinchen Hui +Date: Wed, 2 Jul 2014 17:45:09 +0800 +Subject: [PATCH] Fixed Bug #67538 (SPL Iterators use-after-free) + +--- + NEWS | 3 +++ + ext/spl/spl_dllist.c | 7 +++++-- + ext/spl/tests/bug67538.phpt | 17 +++++++++++++++++ + 3 files changed, 25 insertions(+), 2 deletions(-) + create mode 100644 ext/spl/tests/bug67538.phpt + +Index: php5-5.3.10/ext/spl/spl_dllist.c +=================================================================== +--- php5-5.3.10.orig/ext/spl/spl_dllist.c 2014-07-07 08:36:07.950630297 -0400 ++++ php5-5.3.10/ext/spl/spl_dllist.c 2014-07-07 08:36:07.946630297 -0400 +@@ -40,12 +40,10 @@ + + #define SPL_LLIST_DELREF(elem) if(!--(elem)->rc) { \ + efree(elem); \ +- elem = NULL; \ + } + + #define SPL_LLIST_CHECK_DELREF(elem) if((elem) && !--(elem)->rc) { \ + efree(elem); \ +- elem = NULL; \ + } + + #define SPL_LLIST_ADDREF(elem) (elem)->rc++ +@@ -911,6 +909,11 @@ + llist->dtor(element TSRMLS_CC); + } + ++ if (intern->traverse_pointer == element) { ++ SPL_LLIST_DELREF(element); ++ intern->traverse_pointer = NULL; ++ } ++ + zval_ptr_dtor((zval **)&element->data); + element->data = NULL; + +Index: php5-5.3.10/ext/spl/tests/bug67538.phpt +=================================================================== +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ php5-5.3.10/ext/spl/tests/bug67538.phpt 2014-07-07 08:36:07.946630297 -0400 +@@ -0,0 +1,17 @@ ++--TEST-- ++Bug #67538 (SPL Iterators use-after-free) ++--FILE-- ++push('a'); ++$list->push('b'); ++ ++$list->rewind(); ++$list->offsetUnset(0); ++$list->push('b'); ++$list->offsetUnset(0); ++$list->next(); ++echo "okey"; ++?> ++--EXPECTF-- ++okey --- php5-5.3.10.orig/debian/patches/045-exif_nesting_level.patch +++ php5-5.3.10/debian/patches/045-exif_nesting_level.patch @@ -0,0 +1,16 @@ +Description: Increase maximum exif nesting level. +Origin: vendor +Forwarded: no +Last-Update: 2010-01-18 + +--- a/ext/exif/exif.c ++++ b/ext/exif/exif.c +@@ -109,7 +109,7 @@ typedef unsigned char uchar; + + #define EFREE_IF(ptr) if (ptr) efree(ptr) + +-#define MAX_IFD_NESTING_LEVEL 100 ++#define MAX_IFD_NESTING_LEVEL 250 + + /* {{{ arginfo */ + ZEND_BEGIN_ARG_INFO(arginfo_exif_tagname, 0) --- php5-5.3.10.orig/debian/patches/CVE-2016-5114.patch +++ php5-5.3.10/debian/patches/CVE-2016-5114.patch @@ -0,0 +1,26 @@ +From be19dbcb84fea0001e53cea2732c00de7ae6c371 Mon Sep 17 00:00:00 2001 +From: Stanislav Malyshev +Date: Tue, 8 Dec 2015 00:10:07 -0800 +Subject: [PATCH] Fixed bug #70755: fpm_log.c memory leak and buffer overflow + +--- + NEWS | 3 +++ + sapi/fpm/fpm/fpm_log.c | 5 +++++ + 2 files changed, 8 insertions(+) + +Index: php5-5.3.10/sapi/fpm/fpm/fpm_log.c +=================================================================== +--- php5-5.3.10.orig/sapi/fpm/fpm/fpm_log.c 2016-07-28 15:15:30.932277408 -0400 ++++ php5-5.3.10/sapi/fpm/fpm/fpm_log.c 2016-07-28 15:15:30.928277355 -0400 +@@ -443,6 +443,11 @@ + b += len2; + len += len2; + } ++ if (len >= FPM_LOG_BUFFER) { ++ zlog(ZLOG_NOTICE, "the log buffer is full (%d). The access log request has been truncated.", FPM_LOG_BUFFER); ++ len = FPM_LOG_BUFFER; ++ break; ++ } + continue; + } + --- php5-5.3.10.orig/debian/patches/php-5.3.9-mysqlnd.patch +++ php5-5.3.10/debian/patches/php-5.3.9-mysqlnd.patch @@ -0,0 +1,25 @@ +diff -up php-5.3.9/ext/mysqlnd/config9.m4.mysqlnd php-5.3.9/ext/mysqlnd/config9.m4 +diff -up php-5.3.9/ext/mysqlnd/mysqlnd.c.mysqlnd php-5.3.9/ext/mysqlnd/mysqlnd.c +--- php-5.3.9/ext/mysqlnd/mysqlnd.c.mysqlnd 2012-01-01 14:15:04.000000000 +0100 ++++ php-5.3.9/ext/mysqlnd/mysqlnd.c 2012-01-10 19:12:06.813933986 +0100 +@@ -620,7 +620,7 @@ MYSQLND_METHOD(mysqlnd_conn, connect)(MY + if (host_len == sizeof("localhost") - 1 && !strncasecmp(host, "localhost", host_len)) { + DBG_INF_FMT("socket=%s", socket_or_pipe? socket_or_pipe:"n/a"); + if (!socket_or_pipe) { +- socket_or_pipe = "/tmp/mysql.sock"; ++ socket_or_pipe = "/var/run/mysqld/mysqld.sock"; + } + transport_len = spprintf(&transport, 0, "unix://%s", socket_or_pipe); + unix_socket = TRUE; +diff -up php-5.3.9/ext/pdo_mysql/pdo_mysql.c.mysqlnd php-5.3.9/ext/pdo_mysql/pdo_mysql.c +--- php-5.3.9/ext/pdo_mysql/pdo_mysql.c.mysqlnd 2012-01-01 14:15:04.000000000 +0100 ++++ php-5.3.9/ext/pdo_mysql/pdo_mysql.c 2012-01-10 19:17:51.608942238 +0100 +@@ -50,7 +50,7 @@ ZEND_DECLARE_MODULE_GLOBALS(pdo_mysql); + # define PDO_MYSQL_UNIX_ADDR PHP_MYSQL_UNIX_SOCK_ADDR + # else + # if !PHP_WIN32 +-# define PDO_MYSQL_UNIX_ADDR "/tmp/mysql.sock" ++# define PDO_MYSQL_UNIX_ADDR "/var/run/mysqld/mysqld.sock" + # else + # define PDO_MYSQL_UNIX_ADDR NULL + # endif --- php5-5.3.10.orig/debian/patches/CVE-2015-5590.patch +++ php5-5.3.10/debian/patches/CVE-2015-5590.patch @@ -0,0 +1,64 @@ +From 6dedeb40db13971af45276f80b5375030aa7e76f Mon Sep 17 00:00:00 2001 +From: Stanislav Malyshev +Date: Sat, 4 Jul 2015 23:47:48 -0700 +Subject: [PATCH] Fix bug #69923 - Buffer overflow and stack smashing error in + phar_fix_filepath + +--- + ext/phar/phar.c | 10 ++++++++-- + 1 file changed, 8 insertions(+), 2 deletions(-) + +Index: php5-5.3.10/ext/phar/phar.c +=================================================================== +--- php5-5.3.10.orig/ext/phar/phar.c 2015-09-29 12:30:09.729507105 -0400 ++++ php5-5.3.10/ext/phar/phar.c 2015-09-29 12:30:09.729507105 -0400 +@@ -2144,7 +2144,7 @@ + */ + char *phar_fix_filepath(char *path, int *new_len, int use_cwd TSRMLS_DC) /* {{{ */ + { +- char newpath[MAXPATHLEN]; ++ char *newpath; + int newpath_len; + char *ptr; + char *tok; +@@ -2152,8 +2152,10 @@ + + if (PHAR_G(cwd_len) && use_cwd && path_length > 2 && path[0] == '.' && path[1] == '/') { + newpath_len = PHAR_G(cwd_len); ++ newpath = emalloc(strlen(path) + newpath_len + 1); + memcpy(newpath, PHAR_G(cwd), newpath_len); + } else { ++ newpath = emalloc(strlen(path) + 2); + newpath[0] = '/'; + newpath_len = 1; + } +@@ -2176,6 +2178,7 @@ + if (*tok == '.') { + efree(path); + *new_len = 1; ++ efree(newpath); + return estrndup("/", 1); + } + break; +@@ -2183,9 +2186,11 @@ + if (tok[0] == '.' && tok[1] == '.') { + efree(path); + *new_len = 1; ++ efree(newpath); + return estrndup("/", 1); + } + } ++ efree(newpath); + return path; + } + +@@ -2234,7 +2239,8 @@ + + efree(path); + *new_len = newpath_len; +- return estrndup(newpath, newpath_len); ++ newpath[newpath_len] = '\0'; ++ return erealloc(newpath, newpath_len + 1); + } + /* }}} */ + --- php5-5.3.10.orig/debian/patches/002-static_openssl.patch +++ php5-5.3.10/debian/patches/002-static_openssl.patch @@ -0,0 +1,13 @@ +--- a/acinclude.m4 ++++ b/acinclude.m4 +@@ -2379,9 +2379,7 @@ AC_DEFUN([PHP_SETUP_OPENSSL],[ + + PHP_ADD_INCLUDE($OPENSSL_INCDIR) + +- PHP_CHECK_LIBRARY(crypto, CRYPTO_free, [ +- PHP_ADD_LIBRARY(crypto,,$1) +- ],[ ++ PHP_CHECK_LIBRARY(crypto, CRYPTO_free, [:],[ + AC_MSG_ERROR([libcrypto not found!]) + ],[ + -L$OPENSSL_LIBDIR --- php5-5.3.10.orig/debian/patches/CVE-2015-0231.patch +++ php5-5.3.10/debian/patches/CVE-2015-0231.patch @@ -0,0 +1,70 @@ +From b585a3aed7880a5fa5c18e2b838fc96f40e075bd Mon Sep 17 00:00:00 2001 +From: Stanislav Malyshev +Date: Thu, 1 Jan 2015 16:19:05 -0800 +Subject: [PATCH] Fix for bug #68710 (Use After Free Vulnerability in PHP's + unserialize()) + +--- + NEWS | 4 ++++ + ext/standard/tests/strings/bug68710.phpt | 25 +++++++++++++++++++++++++ + ext/standard/var_unserializer.c | 4 ++-- + ext/standard/var_unserializer.re | 2 +- + 4 files changed, 32 insertions(+), 3 deletions(-) + create mode 100644 ext/standard/tests/strings/bug68710.phpt + +Index: php5-5.3.10/ext/standard/tests/strings/bug68710.phpt +=================================================================== +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ php5-5.3.10/ext/standard/tests/strings/bug68710.phpt 2015-02-13 11:36:32.969760122 -0500 +@@ -0,0 +1,25 @@ ++--TEST-- ++Bug #68710 Use after free vulnerability in unserialize() (bypassing the ++CVE-2014-8142 fix) ++--FILE-- ++aaa = array(1,2,&$u,4,5); ++ $m->bbb = 1; ++ $m->ccc = &$u; ++ $m->ddd = str_repeat("A", $i); ++ ++ $z = serialize($m); ++ $z = str_replace("aaa", "123", $z); ++ $z = str_replace("bbb", "123", $z); ++ $y = unserialize($z); ++ $z = serialize($y); ++} ++?> ++===DONE=== ++--EXPECTF-- ++===DONE=== +Index: php5-5.3.10/ext/standard/var_unserializer.c +=================================================================== +--- php5-5.3.10.orig/ext/standard/var_unserializer.c 2015-02-13 11:36:33.009760449 -0500 ++++ php5-5.3.10/ext/standard/var_unserializer.c 2015-02-13 11:36:32.969760122 -0500 +@@ -298,7 +298,7 @@ + } else { + /* object properties should include no integers */ + convert_to_string(key); +- if (zend_symtable_find(ht, Z_STRVAL_P(key), Z_STRLEN_P(key) + 1, (void **)&old_data)==SUCCESS) { ++ if (zend_hash_find(ht, Z_STRVAL_P(key), Z_STRLEN_P(key) + 1, (void **)&old_data)==SUCCESS) { + var_push_dtor(var_hash, old_data); + } + zend_hash_update(ht, Z_STRVAL_P(key), Z_STRLEN_P(key) + 1, &data, +Index: php5-5.3.10/ext/standard/var_unserializer.re +=================================================================== +--- php5-5.3.10.orig/ext/standard/var_unserializer.re 2015-02-13 11:36:33.009760449 -0500 ++++ php5-5.3.10/ext/standard/var_unserializer.re 2015-02-13 11:36:32.969760122 -0500 +@@ -304,7 +304,7 @@ + } else { + /* object properties should include no integers */ + convert_to_string(key); +- if (zend_symtable_find(ht, Z_STRVAL_P(key), Z_STRLEN_P(key) + 1, (void **)&old_data)==SUCCESS) { ++ if (zend_hash_find(ht, Z_STRVAL_P(key), Z_STRLEN_P(key) + 1, (void **)&old_data)==SUCCESS) { + var_push_dtor(var_hash, old_data); + } + zend_hash_update(ht, Z_STRVAL_P(key), Z_STRLEN_P(key) + 1, &data, --- php5-5.3.10.orig/debian/patches/deprecate_short_open_tag +++ php5-5.3.10/debian/patches/deprecate_short_open_tag @@ -0,0 +1,36 @@ +--- a/Zend/zend_language_scanner.l ++++ b/Zend/zend_language_scanner.l +@@ -1513,6 +1513,7 @@ NEWLINE ("\r"|"\n"|"\r\n") + + "value.str.val = yytext; /* no copying - intentional */ + zendlval->value.str.len = yyleng; + zendlval->type = IS_STRING; +@@ -1549,6 +1550,7 @@ NEWLINE ("\r"|"\n"|"\r\n") + + "value.str.val = yytext; /* no copying - intentional */ + zendlval->value.str.len = yyleng; + zendlval->type = IS_STRING; +--- a/Zend/zend_language_scanner.c ++++ b/Zend/zend_language_scanner.c +@@ -1019,6 +1019,7 @@ yy6: + #line 1550 "Zend/zend_language_scanner.l" + { + if (CG(short_tags)) { ++ zend_error(E_DEPRECATED, "Usage of short open tag value.str.val = yytext; /* no copying - intentional */ + zendlval->value.str.len = yyleng; + zendlval->type = IS_STRING; +@@ -1298,6 +1299,7 @@ yy45: + #line 1514 "Zend/zend_language_scanner.l" + { + if (CG(short_tags)) { ++ zend_error(E_DEPRECATED, "Usage of short open tag value.str.val = yytext; /* no copying - intentional */ + zendlval->value.str.len = yyleng; + zendlval->type = IS_STRING; --- php5-5.3.10.orig/debian/patches/CVE-2016-5095.patch +++ php5-5.3.10/debian/patches/CVE-2016-5095.patch @@ -0,0 +1,41 @@ +Backport of: + +From 41fc3c76e97a36ff3b505da7d704ca17bb171fdf Mon Sep 17 00:00:00 2001 +From: Stanislav Malyshev +Date: Mon, 9 May 2016 22:17:20 -0700 +Subject: [PATCH] Add check for string overflow to all string add operations + +--- + Zend/zend_operators.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +Index: php5-5.3.10/Zend/zend_operators.c +=================================================================== +--- php5-5.3.10.orig/Zend/zend_operators.c 2016-07-28 15:04:40.015766864 -0400 ++++ php5-5.3.10/Zend/zend_operators.c 2016-07-28 15:14:34.235536580 -0400 +@@ -1199,7 +1199,13 @@ + /* must support result==op1 */ + ZEND_API int add_char_to_string(zval *result, const zval *op1, const zval *op2) /* {{{ */ + { +- Z_STRLEN_P(result) = Z_STRLEN_P(op1) + 1; ++ int length = Z_STRLEN_P(op1) + 1; ++ ++ if (UNEXPECTED(length < 0)) { ++ zend_error(E_ERROR, "String size overflow"); ++ } ++ ++ Z_STRLEN_P(result) = length; + Z_STRVAL_P(result) = (char *) erealloc(Z_STRVAL_P(op1), Z_STRLEN_P(result)+1); + Z_STRVAL_P(result)[Z_STRLEN_P(result) - 1] = (char) Z_LVAL_P(op2); + Z_STRVAL_P(result)[Z_STRLEN_P(result)] = 0; +@@ -1213,6 +1219,10 @@ + { + int length = Z_STRLEN_P(op1) + Z_STRLEN_P(op2); + ++ if (UNEXPECTED(length < 0)) { ++ zend_error(E_ERROR, "String size overflow"); ++ } ++ + Z_STRVAL_P(result) = (char *) erealloc(Z_STRVAL_P(op1), length+1); + memcpy(Z_STRVAL_P(result)+Z_STRLEN_P(op1), Z_STRVAL_P(op2), Z_STRLEN_P(op2)); + Z_STRVAL_P(result)[length] = 0; --- php5-5.3.10.orig/debian/patches/broken_5.3_test-posix_uname.patch +++ php5-5.3.10/debian/patches/broken_5.3_test-posix_uname.patch @@ -0,0 +1,53 @@ +Author: Sean Finney +Description: Fix two failing tests + * ext/posix/tests/posix_uname.phpt: removed + * ext/posix/tests/posix_uname_basic.phpt: backported fix from upstream. +Bug: http://bugs.php.net/bug.php?id=50982 +Bug-Debian: http://bugs.debian.org/570286 +--- a/ext/posix/tests/posix_uname.phpt ++++ /dev/null +@@ -1,35 +0,0 @@ +---TEST-- +-Test posix_uname() +---DESCRIPTION-- +-Gets information about the system. +-Source code: ext/posix/posix.c +---CREDITS-- +-Falko Menge, mail at falko-menge dot de +-PHP Testfest Berlin 2009-05-10 +---SKIPIF-- +- +---FILE-- +- +-===DONE=== +---EXPECTF-- +-array(5) { +- ["sysname"]=> +- string(%d) "%s" +- ["nodename"]=> +- string(%d) "%s" +- ["release"]=> +- string(%d) "%s" +- ["version"]=> +- string(%d) "%s" +- ["machine"]=> +- string(%d) "%s" +-} +-===DONE=== +--- a/ext/posix/tests/posix_uname_basic.phpt ++++ b/ext/posix/tests/posix_uname_basic.phpt +@@ -25,4 +25,4 @@ Array + [machine] => %s + ) + ===DONE==== +- +\ No newline at end of file ++ --- php5-5.3.10.orig/debian/patches/053-extension_api.patch +++ php5-5.3.10/debian/patches/053-extension_api.patch @@ -0,0 +1,59 @@ +Description: Adds --phpapi argument to php-config(1) + . + TODO: make it more generic and add it to the man page. +Origin: vendor +Forwarded: no +Last-Update: 2010-01-18 + +--- a/configure.in ++++ b/configure.in +@@ -1122,8 +1122,13 @@ dnl Build extension directory path + + ZEND_MODULE_API_NO=`$EGREP '#define ZEND_MODULE_API_NO ' $srcdir/Zend/zend_modules.h|$SED 's/#define ZEND_MODULE_API_NO //'` + ++DEBIAN_PHP_API=`egrep -h '^#define ZEND_EXTENSION_API_NO|^#define ZEND_MODULE_API_NO|#define PHP_API_VERSION' $srcdir/Zend/zend_extensions.h $srcdir/Zend/zend_modules.h $srcdir/main/php.h | awk '{print $3}' | sed -e 's/^2200/200/' | sort -n | tail -n 1` ++if echo "$CPPFLAGS $CFLAGS" | grep -q -- -D_FILE_OFFSET_BITS=64; then ++ DEBIAN_PHP_API="${DEBIAN_PHP_API}+lfs" ++fi ++ + if test -z "$EXTENSION_DIR"; then +- extbasedir=$ZEND_MODULE_API_NO ++ extbasedir=$DEBIAN_PHP_API + if test "$oldstyleextdir" = "yes"; then + if test "$PHP_DEBUG" = "1"; then + part1=debug +@@ -1275,6 +1280,7 @@ PHP_SUBST(CXX) + PHP_SUBST(CXXFLAGS) + PHP_SUBST(CXXFLAGS_CLEAN) + PHP_SUBST_OLD(DEBUG_CFLAGS) ++PHP_SUBST_OLD(DEBIAN_PHP_API) + PHP_SUBST_OLD(EXTENSION_DIR) + PHP_SUBST_OLD(EXTRA_LDFLAGS) + PHP_SUBST_OLD(EXTRA_LDFLAGS_PROGRAM) +--- a/scripts/php-config.in ++++ b/scripts/php-config.in +@@ -18,6 +18,7 @@ php_cli_binary=NONE + php_cgi_binary=NONE + configure_options="@CONFIGURE_OPTIONS@" + php_sapis="@PHP_INSTALLED_SAPIS@" ++phpapi="@DEBIAN_PHP_API@" + + # Set php_cli_binary and php_cgi_binary if available + for sapi in $php_sapis; do +@@ -56,6 +57,8 @@ case "$1" in + echo $include_dir;; + --php-binary) + echo $php_binary;; ++--phpapi) ++ echo $phpapi;; + --php-sapis) + echo $php_sapis;; + --configure-options) +@@ -79,6 +82,7 @@ Options: + --man-dir [$man_dir] + --php-binary [$php_binary] + --php-sapis [$php_sapis] ++ --phpapi [$phpapi] + --configure-options [$configure_options] + --version [$version] + --vernum [$vernum] --- php5-5.3.10.orig/debian/patches/php-5.2.4-norpath.patch +++ php5-5.3.10/debian/patches/php-5.2.4-norpath.patch @@ -0,0 +1,18 @@ +--- php-5.2.4/acinclude.m4.norpath ++++ php-5.2.4/acinclude.m4 +@@ -432,6 +432,7 @@ AC_DEFUN([PHP_EVAL_INCLINE],[ + dnl internal, don't use + AC_DEFUN([_PHP_ADD_LIBPATH_GLOBAL],[ + PHP_RUN_ONCE(LIBPATH, $1, [ ++ test "x$PHP_RPATH" != "xno" && + test -n "$ld_runpath_switch" && LDFLAGS="$LDFLAGS $ld_runpath_switch$1" + LDFLAGS="$LDFLAGS -L$1" + PHP_RPATHS="$PHP_RPATHS $1" +@@ -451,6 +452,7 @@ AC_DEFUN([PHP_ADD_LIBPATH],[ + ],[ + if test "$ext_shared" = "yes"; then + $2="-L$ai_p [$]$2" ++ test "x$PHP_RPATH" != "xno" && \ + test -n "$ld_runpath_switch" && $2="$ld_runpath_switch$ai_p [$]$2" + else + _PHP_ADD_LIBPATH_GLOBAL([$ai_p]) --- php5-5.3.10.orig/debian/patches/CVE-2012-6113.patch +++ php5-5.3.10/debian/patches/CVE-2012-6113.patch @@ -0,0 +1,17 @@ +Description: fix arbitrary memory disclosure +Origin: upstream, http://git.php.net/?p=php-src.git;a=commitdiff;h=270a406ac94b5fc5cc9ef59fc61e3b4b95648a3e +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/precise/+source/php5/+bug/1099793 + +Index: php5-5.3.10/ext/openssl/openssl.c +=================================================================== +--- php5-5.3.10.orig/ext/openssl/openssl.c 2012-01-01 08:15:04.000000000 -0500 ++++ php5-5.3.10/ext/openssl/openssl.c 2013-01-18 09:49:03.747112694 -0500 +@@ -4677,7 +4677,7 @@ + int data_len, method_len, password_len, iv_len = 0, max_iv_len; + const EVP_CIPHER *cipher_type; + EVP_CIPHER_CTX cipher_ctx; +- int i, outlen, keylen; ++ int i = 0, outlen, keylen; + unsigned char *outbuf, *key; + zend_bool free_iv; + --- php5-5.3.10.orig/debian/patches/CVE-2013-6420.patch +++ php5-5.3.10/debian/patches/CVE-2013-6420.patch @@ -0,0 +1,100 @@ +Description: fix denial of service and possible code execution via + malicious certificate +Origin: upstream, http://git.php.net/?p=php-src.git;a=commit;h=c1224573c773b6845e83505f717fbf820fc18415 +Origin: upstream, http://git.php.net/?p=php-src.git;a=commit;h=6f739318fd3dc04a01aec762d449949db481bf5d +Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=731895 + +Index: php5-5.3.10/ext/openssl/openssl.c +=================================================================== +--- php5-5.3.10.orig/ext/openssl/openssl.c 2013-12-11 19:21:36.851898794 -0500 ++++ php5-5.3.10/ext/openssl/openssl.c 2013-12-11 19:21:36.843898794 -0500 +@@ -644,18 +644,28 @@ + char * thestr; + long gmadjust = 0; + +- if (timestr->length < 13) { +- php_error_docref(NULL TSRMLS_CC, E_WARNING, "extension author too lazy to parse %s correctly", timestr->data); ++ if (ASN1_STRING_type(timestr) != V_ASN1_UTCTIME) { ++ php_error_docref(NULL TSRMLS_CC, E_WARNING, "illegal ASN1 data type for timestamp"); + return (time_t)-1; + } + +- strbuf = estrdup((char *)timestr->data); ++ if (ASN1_STRING_length(timestr) != strlen(ASN1_STRING_data(timestr))) { ++ php_error_docref(NULL TSRMLS_CC, E_WARNING, "illegal length in timestamp"); ++ return (time_t)-1; ++ } ++ ++ if (ASN1_STRING_length(timestr) < 13) { ++ php_error_docref(NULL TSRMLS_CC, E_WARNING, "unable to parse time string %s correctly", timestr->data); ++ return (time_t)-1; ++ } ++ ++ strbuf = estrdup((char *)ASN1_STRING_data(timestr)); + + memset(&thetime, 0, sizeof(thetime)); + + /* we work backwards so that we can use atoi more easily */ + +- thestr = strbuf + timestr->length - 3; ++ thestr = strbuf + ASN1_STRING_length(timestr) - 3; + + thetime.tm_sec = atoi(thestr); + *thestr = '\0'; +Index: php5-5.3.10/ext/openssl/tests/cve-2013-6420.crt +=================================================================== +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ php5-5.3.10/ext/openssl/tests/cve-2013-6420.crt 2013-12-11 19:21:36.843898794 -0500 +@@ -0,0 +1,29 @@ ++-----BEGIN CERTIFICATE----- ++MIIEpDCCA4ygAwIBAgIJAJzu8r6u6eBcMA0GCSqGSIb3DQEBBQUAMIHDMQswCQYD ++VQQGEwJERTEcMBoGA1UECAwTTm9yZHJoZWluLVdlc3RmYWxlbjEQMA4GA1UEBwwH ++S8ODwrZsbjEUMBIGA1UECgwLU2VrdGlvbkVpbnMxHzAdBgNVBAsMFk1hbGljaW91 ++cyBDZXJ0IFNlY3Rpb24xITAfBgNVBAMMGG1hbGljaW91cy5zZWt0aW9uZWlucy5k ++ZTEqMCgGCSqGSIb3DQEJARYbc3RlZmFuLmVzc2VyQHNla3Rpb25laW5zLmRlMHUY ++ZDE5NzAwMTAxMDAwMDAwWgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA ++AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA ++AAAAAAAXDTE0MTEyODExMzkzNVowgcMxCzAJBgNVBAYTAkRFMRwwGgYDVQQIDBNO ++b3JkcmhlaW4tV2VzdGZhbGVuMRAwDgYDVQQHDAdLw4PCtmxuMRQwEgYDVQQKDAtT ++ZWt0aW9uRWluczEfMB0GA1UECwwWTWFsaWNpb3VzIENlcnQgU2VjdGlvbjEhMB8G ++A1UEAwwYbWFsaWNpb3VzLnNla3Rpb25laW5zLmRlMSowKAYJKoZIhvcNAQkBFhtz ++dGVmYW4uZXNzZXJAc2VrdGlvbmVpbnMuZGUwggEiMA0GCSqGSIb3DQEBAQUAA4IB ++DwAwggEKAoIBAQDDAf3hl7JY0XcFniyEJpSSDqn0OqBr6QP65usJPRt/8PaDoqBu ++wEYT/Na+6fsgPjC0uK9DZgWg2tHWWoanSblAMoz5PH6Z+S4SHRZ7e2dDIjPjdhjh ++0mLg2UMO5yp0V797Ggs9lNt6JRfH81MN2obXWs4NtztLMuD6egqpr8dDbr34aOs8 ++pkdui5UawTZksy5pLPHq5cMhFGm06v65CLo0V2Pd9+KAokPrPcN5KLKebz7mLpk6 ++SMeEXOKP4idEqxyQ7O7fBuHMedsQhu+prY3si3BUyKfQtP5CZnX2bp0wKHxX12DX ++1nfFIt9DbGvHTcyOuN+nZLPBm3vWxntyIIvVAgMBAAGjQjBAMAkGA1UdEwQCMAAw ++EQYJYIZIAYb4QgEBBAQDAgeAMAsGA1UdDwQEAwIFoDATBgNVHSUEDDAKBggrBgEF ++BQcDAjANBgkqhkiG9w0BAQUFAAOCAQEAG0fZYYCTbdj1XYc+1SnoaPR+vI8C8CaD ++8+0UYhdnyU4gga0BAcDrY9e94eEAu6ZqycF6FjLqXXdAboppWocr6T6GD1x33Ckl ++VArzG/KxQohGD2JeqkhIMlDomxHO7ka39+Oa8i2vWLVyjU8AZvWMAruHa4EENyG7 ++lW2AagaFKFCr9TnXTfrdxGVEbv7KVQ6bdhg5p5SjpWH1+Mq03uR3ZXPBYdyV8319 ++o0lVj1KFI2DCL/liWisJRoof+1cR35Ctd0wYBcpB6TZslMcOPl76dwKwJgeJo2Qg ++Zsfmc2vC1/qOlNuNq/0TzzkVGv8ETT3CgaU+UXe4XOVvkccebJn2dg== ++-----END CERTIFICATE----- ++ ++ +Index: php5-5.3.10/ext/openssl/tests/cve-2013-6420.phpt +=================================================================== +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ php5-5.3.10/ext/openssl/tests/cve-2013-6420.phpt 2013-12-11 19:21:36.843898794 -0500 +@@ -0,0 +1,18 @@ ++--TEST-- ++CVE-2013-6420 ++--SKIPIF-- ++ ++--FILE-- ++ ++Done ++--EXPECTF-- ++%s openssl_x509_parse(): illegal ASN1 data type for timestamp in %s%ecve-2013-6420.php on line 3 ++string(27) "stefan.esser@sektioneins.de" ++int(-1) ++Done --- php5-5.3.10.orig/debian/patches/CVE-2014-3668.patch +++ php5-5.3.10/debian/patches/CVE-2014-3668.patch @@ -0,0 +1,117 @@ +From 44035de79f5b9646064d9bdd0329a946b0c5372a Mon Sep 17 00:00:00 2001 +From: Stanislav Malyshev +Date: Sun, 28 Sep 2014 17:33:44 -0700 +Subject: [PATCH] Fix bug #68027 - fix date parsing in XMLRPC lib + +--- + ext/xmlrpc/libxmlrpc/xmlrpc.c | 13 ++++++++----- + ext/xmlrpc/tests/bug68027.phpt | 44 ++++++++++++++++++++++++++++++++++++++++++ + 2 files changed, 52 insertions(+), 5 deletions(-) + create mode 100644 ext/xmlrpc/tests/bug68027.phpt + +diff --git a/ext/xmlrpc/libxmlrpc/xmlrpc.c b/ext/xmlrpc/libxmlrpc/xmlrpc.c +index ce70c2a..b766a54 100644 +--- a/ext/xmlrpc/libxmlrpc/xmlrpc.c ++++ b/ext/xmlrpc/libxmlrpc/xmlrpc.c +@@ -219,16 +219,19 @@ static int date_from_ISO8601 (const char *text, time_t * value) { + n = 10; + tm.tm_mon = 0; + for(i = 0; i < 2; i++) { +- XMLRPC_IS_NUMBER(text[i]) ++ XMLRPC_IS_NUMBER(text[i+4]) + tm.tm_mon += (text[i+4]-'0')*n; + n /= 10; + } + tm.tm_mon --; ++ if(tm.tm_mon < 0 || tm.tm_mon > 11) { ++ return -1; ++ } + + n = 10; + tm.tm_mday = 0; + for(i = 0; i < 2; i++) { +- XMLRPC_IS_NUMBER(text[i]) ++ XMLRPC_IS_NUMBER(text[i+6]) + tm.tm_mday += (text[i+6]-'0')*n; + n /= 10; + } +@@ -236,7 +239,7 @@ static int date_from_ISO8601 (const char *text, time_t * value) { + n = 10; + tm.tm_hour = 0; + for(i = 0; i < 2; i++) { +- XMLRPC_IS_NUMBER(text[i]) ++ XMLRPC_IS_NUMBER(text[i+9]) + tm.tm_hour += (text[i+9]-'0')*n; + n /= 10; + } +@@ -244,7 +247,7 @@ static int date_from_ISO8601 (const char *text, time_t * value) { + n = 10; + tm.tm_min = 0; + for(i = 0; i < 2; i++) { +- XMLRPC_IS_NUMBER(text[i]) ++ XMLRPC_IS_NUMBER(text[i+12]) + tm.tm_min += (text[i+12]-'0')*n; + n /= 10; + } +@@ -252,7 +255,7 @@ static int date_from_ISO8601 (const char *text, time_t * value) { + n = 10; + tm.tm_sec = 0; + for(i = 0; i < 2; i++) { +- XMLRPC_IS_NUMBER(text[i]) ++ XMLRPC_IS_NUMBER(text[i+15]) + tm.tm_sec += (text[i+15]-'0')*n; + n /= 10; + } +diff --git a/ext/xmlrpc/tests/bug68027.phpt b/ext/xmlrpc/tests/bug68027.phpt +new file mode 100644 +index 0000000..a5c96f1 +--- /dev/null ++++ b/ext/xmlrpc/tests/bug68027.phpt +@@ -0,0 +1,44 @@ ++--TEST-- ++Bug #68027 (buffer overflow in mkgmtime() function) ++--SKIPIF-- ++ ++--FILE-- ++$datetime"); ++print_r($obj); ++ ++$datetime = "34770-0-08T21:46:40-0400"; ++$obj = xmlrpc_decode("$datetime"); ++print_r($obj); ++ ++echo "Done\n"; ++?> ++--EXPECTF-- ++object(stdClass)#1 (3) { ++ ["scalar"]=> ++ string(16) "6-01-01 20:00:00" ++ ["xmlrpc_type"]=> ++ string(8) "datetime" ++ ["timestamp"]=> ++ int(%d) ++} ++stdClass Object ++( ++ [scalar] => 2001-0-08T21:46:40-0400 ++ [xmlrpc_type] => datetime ++ [timestamp] => %s ++) ++stdClass Object ++( ++ [scalar] => 34770-0-08T21:46:40-0400 ++ [xmlrpc_type] => datetime ++ [timestamp] => %d ++) ++Done +-- +2.1.0 + --- php5-5.3.10.orig/debian/patches/CVE-2015-4603.patch +++ php5-5.3.10/debian/patches/CVE-2015-4603.patch @@ -0,0 +1,46 @@ +From a894a8155fab068d68a04bf181dbaddfa01ccbb0 Mon Sep 17 00:00:00 2001 +From: Stanislav Malyshev +Date: Sun, 5 Apr 2015 17:30:59 -0700 +Subject: [PATCH] More fixes for bug #69152 + +--- + Zend/zend_exceptions.c | 3 +++ + ext/standard/tests/serialize/bug69152.phpt | 16 ++++++++++++++++ + 2 files changed, 19 insertions(+) + create mode 100644 ext/standard/tests/serialize/bug69152.phpt + +Index: php5-5.3.10/Zend/zend_exceptions.c +=================================================================== +--- php5-5.3.10.orig/Zend/zend_exceptions.c 2015-06-26 13:49:07.685378367 -0400 ++++ php5-5.3.10/Zend/zend_exceptions.c 2015-06-26 13:49:07.681378324 -0400 +@@ -499,6 +499,9 @@ + str = &res; + + trace = zend_read_property(default_exception_ce, getThis(), "trace", sizeof("trace")-1, 1 TSRMLS_CC); ++ if(Z_TYPE_P(trace) != IS_ARRAY) { ++ RETURN_FALSE; ++ } + zend_hash_apply_with_arguments(Z_ARRVAL_P(trace) TSRMLS_CC, (apply_func_args_t)_build_trace_string, 3, str, len, &num); + + s_tmp = emalloc(1 + MAX_LENGTH_OF_LONG + 7 + 1); +Index: php5-5.3.10/ext/standard/tests/serialize/bug69152.phpt +=================================================================== +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ php5-5.3.10/ext/standard/tests/serialize/bug69152.phpt 2015-06-26 13:49:07.681378324 -0400 +@@ -0,0 +1,16 @@ ++--TEST-- ++Bug #69152: Type Confusion Infoleak Vulnerability in unserialize() ++--FILE-- ++test(); ++ ++?> ++--EXPECTF-- ++exception 'Exception' in %s:%d ++Stack trace: ++#0 {main} ++ ++Fatal error: main(): The script tried to execute a method or access a property of an incomplete object. Please ensure that the class definition "unknown" of the object you are trying to operate on was loaded _before_ unserialize() gets called or provide a __autoload() function to load the class definition in %s on line %d --- php5-5.3.10.orig/debian/patches/series +++ php5-5.3.10/debian/patches/series @@ -0,0 +1,176 @@ +001-libtool_fixes.patch +002-static_openssl.patch +004-ldap_fix.patch +006-debian_quirks.patch +libtool2.2.patch +013-force_getaddrinfo.patch +017-pread_pwrite_disable.patch +019-z_off_t_as_long.patch +029-php.ini_paranoid.patch +033-we_WANT_libtool.patch +034-apache2_umask_fix.patch +036-fd_setsize_fix.patch +043-recode_size_t.patch +044-strtod_arm_fix.patch +045-exif_nesting_level.patch +047-zts_with_dl.patch +052-phpinfo_no_configure.patch +053-extension_api.patch +057-no_apache_installed.patch +100-recode_is_shared.patch +101-sqlite_is_shared.patch +108-64_bit_datetime.patch +112-proc_open.patch +113-php.ini_securitynotes.patch +115-autoconf_ftbfs.patch +116-posixness_fix.patch +libdb_is_-ldb +fix_broken_upstream_tests.patch +use_embedded_timezonedb.patch +force_libmysqlclient_r.patch +gentoo/009_ob-memory-leaks.patch +mssql-null-exception.patch +sybase-alias.patch +strcmp_null-OnUpdateErrorLog.patch +#deprecate_short_open_tag +fix_broken_5.3_tests.patch +dont-gitclean-in-build.patch +#broken_5.3_test-posix_uname.patch +shtool_mkdir_-p_-race-condition.patch +qdbm-is-usr_include_qdbm.patch +zend_int_overflow.patch +use_embedded_timezonedb_fixes.patch +fix_broken_sha2_test.patch +php_crypt_revamped.patch +use_system_crypt_fixes.patch +session_save_path.patch +#install-programs_parallel_FTBFS.patch +php-fpm-man-section-and-cleanup.patch +fpm-config.patch +fix_crash_in__php_mssql_get_column_content_without_type.patch +php-fpm-sysconfdir.patch +lp564920-fix-big-files.patch +backport-upstream-lp592442.patch +temporary-path-fixes-for-multiarch.patch +dont_require_autoconf2.59_or_lower.patch +hurd-noptrace.diff +php-5.3.9-mysqlnd.patch +php-5.3.9-gnusrc.patch +php-5.3.3-macropen.patch +php-5.2.4-norpath.patch +gd-multiarch-fix.patch +php5-CVE-2012-1823.patch +CVE-2012-0781.patch +CVE-2012-1172.patch +CVE-2012-2143.patch +CVE-2012-233x.patch +CVE-2012-2386.patch +php5-fpm_5.3_error-reporting-fix.patch +php-fpm_libc-2.15.so_segfault-fix.patch +CVE-2011-1398.patch +CVE-2012-2688.patch +CVE-2012-3450.patch +CVE-2012-6113.patch +CVE-2013-1643.patch +CVE-2013-4113.patch +CVE-2013-4635.patch +CVE-2013-4248.patch +CVE-2013-6420.patch +CVE-2013-6712.patch +CVE-2014-1943.patch +CVE-2014-2270.patch +CVE-2014-0185.patch +CVE-2014-0237.patch +CVE-2014-0238.patch +CVE-2014-4049.patch +CVE-2014-0207.patch +CVE-2014-3480.patch +CVE-2014-3515.patch +CVE-2014-4670.patch +CVE-2014-4698.patch +CVE-2014-4721.patch +CVE-2014-3587.patch +CVE-2014-3597.patch +CVE-2014-3668.patch +CVE-2014-3669.patch +CVE-2014-3670.patch +curl_embedded_null.patch +remove_readelf.patch +CVE-2014-8142.patch +CVE-2015-0231.patch +CVE-2014-8117.patch +CVE-2014-9705.patch +CVE-2015-0273.patch +CVE-2015-2301.patch +CVE-2015-2305.patch +CVE-2015-2783.patch +CVE-2015-2787.patch +bug69218.patch +bug69441.patch +CVE-2015-2783-memleak.patch +CVE-2015-3411.patch +CVE-2015-4021.patch +CVE-2015-4022.patch +CVE-2015-4024.patch +CVE-2015-4025.patch +CVE-2015-4147.patch +CVE-2015-4598.patch +CVE-2015-4599.patch +CVE-2015-4602.patch +CVE-2015-4603.patch +CVE-2015-4643.patch +CVE-2015-4644.patch +bug65481.patch +CVE-2015-5589-1.patch +CVE-2015-5589-2.patch +CVE-2015-5590.patch +CVE-2015-6831-1.patch +CVE-2015-6831-2.patch +CVE-2015-6832.patch +CVE-2015-6833-1.patch +CVE-2015-6834-1.patch +CVE-2015-6834-2.patch +CVE-2015-6835-1.patch +CVE-2015-6836.patch +CVE-2015-6837-6838.patch +CVE-2015-7803.patch +CVE-2015-7804.patch +CVE-2014-9767.patch +CVE-2015-8835.patch +CVE-2015-8838.patch +CVE-2016-2554.patch +CVE-2016-3141.patch +CVE-2016-3142.patch +bug64938.patch +bug70014.patch +bug71527.patch +bug71798.patch +bug71860.patch +bug71906.patch +CVE-2016-4342.patch +CVE-2016-4343.patch +CVE-2016-4537.patch +CVE-2016-4539.patch +CVE-2016-4540.patch +CVE-2016-4542.patch +CVE-2015-4116.patch +CVE-2015-8873.patch +CVE-2015-8876.patch +CVE-2015-8935.patch +CVE-2016-5093.patch +CVE-2016-5094.patch +CVE-2016-5095.patch +CVE-2016-5096.patch +CVE-2016-5114.patch +CVE-2016-5385.patch +CVE-2016-5399.patch +CVE-2016-5769.patch +CVE-2016-5772.patch +CVE-2016-6288.patch +CVE-2016-6289.patch +CVE-2016-6290.patch +CVE-2016-6291.patch +CVE-2016-6294.patch +CVE-2016-6296.patch +CVE-2016-6297.patch +fix_exif_tests.patch --- php5-5.3.10.orig/debian/patches/bug69441.patch +++ php5-5.3.10/debian/patches/bug69441.patch @@ -0,0 +1,35 @@ +From f59b67ae50064560d7bfcdb0d6a8ab284179053c Mon Sep 17 00:00:00 2001 +From: Stanislav Malyshev +Date: Tue, 14 Apr 2015 00:03:50 -0700 +Subject: [PATCH] Fix bug #69441 (Buffer Overflow when parsing tar/zip/phar in + phar_set_inode) + +--- + ext/phar/phar_internal.h | 9 ++++++--- + ext/phar/tests/bug69441.phar | Bin 0 -> 5780 bytes + ext/phar/tests/bug69441.phpt | 21 +++++++++++++++++++++ + 3 files changed, 27 insertions(+), 3 deletions(-) + create mode 100644 ext/phar/tests/bug69441.phar + create mode 100644 ext/phar/tests/bug69441.phpt + +Index: php5-5.3.10/ext/phar/phar_internal.h +=================================================================== +--- php5-5.3.10.orig/ext/phar/phar_internal.h 2015-04-17 06:25:17.074639244 -0400 ++++ php5-5.3.10/ext/phar/phar_internal.h 2015-04-17 06:25:17.070639210 -0400 +@@ -618,10 +618,13 @@ + { + char tmp[MAXPATHLEN]; + int tmp_len; ++ size_t len; + +- tmp_len = entry->filename_len + entry->phar->fname_len; +- memcpy(tmp, entry->phar->fname, entry->phar->fname_len); +- memcpy(tmp + entry->phar->fname_len, entry->filename, entry->filename_len); ++ tmp_len = MIN(MAXPATHLEN, entry->filename_len + entry->phar->fname_len); ++ len = MIN(entry->phar->fname_len, tmp_len); ++ memcpy(tmp, entry->phar->fname, len); ++ len = MIN(tmp_len - len, entry->filename_len); ++ memcpy(tmp + entry->phar->fname_len, entry->filename, len); + entry->inode = (unsigned short)zend_get_hash_value(tmp, tmp_len); + } + /* }}} */ --- php5-5.3.10.orig/debian/patches/bug64938.patch +++ php5-5.3.10/debian/patches/bug64938.patch @@ -0,0 +1,39 @@ +Backport of: + +From de31324c221c1791b26350ba106cc26bad23ace9 Mon Sep 17 00:00:00 2001 +From: Martin Jansen +Date: Thu, 22 Jan 2015 20:58:15 +0100 +Subject: [PATCH] Fix bug #64938: libxml_disable_entity_loader setting is + shared between threads + +The availability of entity loading is stored in a module global which +previously was only initialized in the GINIT constructor. This had the +effect that disabling the entity loader in one request caused +subsequent requests hitting the same Apache child process to also have +the loader disabled. + +With this change the loader is explicitely enabled in the request init +phase. +--- + NEWS | 4 ++++ + ext/libxml/libxml.c | 6 ++++++ + 2 files changed, 10 insertions(+) + +Index: php5-5.3.10/ext/libxml/libxml.c +=================================================================== +--- php5-5.3.10.orig/ext/libxml/libxml.c 2016-04-18 11:00:19.183403242 -0400 ++++ php5-5.3.10/ext/libxml/libxml.c 2016-04-18 11:01:02.863945057 -0400 +@@ -644,6 +644,13 @@ + xmlSetGenericErrorFunc(NULL, php_libxml_error_handler); + xmlParserInputBufferCreateFilenameDefault(php_libxml_input_buffer_create_filename); + xmlOutputBufferCreateFilenameDefault(php_libxml_output_buffer_create_filename); ++ ++ /* Enable the entity loader by default. This ensure that ++ * other threads/requests that might have disable the loader ++ * do not affect the current request. ++ */ ++ LIBXML(entity_loader_disabled) = 0; ++ + return SUCCESS; + } + --- php5-5.3.10.orig/debian/patches/bug65481.patch +++ php5-5.3.10/debian/patches/bug65481.patch @@ -0,0 +1,159 @@ +Backport of: + +From 1ac4d8f2c632f5be5a02d49c1e0d3b1fb515e4a8 Mon Sep 17 00:00:00 2001 +From: Michael Wallner +Date: Mon, 29 Jul 2013 17:59:35 +0200 +Subject: [PATCH] fix bug #65481 (shutdown segfault due to serialize) + +--- + NEWS | 1 + + ext/standard/php_var.h | 1 + + ext/standard/tests/serialize/bug65481.phpt | 40 ++++++++++ + ext/standard/var_unserializer.c | 117 ++++++++++++++++++----------- + ext/standard/var_unserializer.re | 53 +++++++++---- + 5 files changed, 154 insertions(+), 58 deletions(-) + create mode 100644 ext/standard/tests/serialize/bug65481.phpt + +Index: php5-5.3.10/ext/standard/php_var.h +=================================================================== +--- php5-5.3.10.orig/ext/standard/php_var.h 2015-09-30 07:59:15.357572656 -0400 ++++ php5-5.3.10/ext/standard/php_var.h 2015-09-30 07:59:15.357572656 -0400 +@@ -63,6 +63,7 @@ + + PHPAPI void var_replace(php_unserialize_data_t *var_hash, zval *ozval, zval **nzval); + PHPAPI void var_push_dtor(php_unserialize_data_t *var_hash, zval **val); ++PHPAPI void var_push_dtor_no_addref(php_unserialize_data_t *var_hashx, zval **rval); + PHPAPI void var_destroy(php_unserialize_data_t *var_hash); + + #define PHP_VAR_UNSERIALIZE_ZVAL_CHANGED(var_hash, ozval, nzval) \ +Index: php5-5.3.10/ext/standard/tests/serialize/bug65481.phpt +=================================================================== +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ php5-5.3.10/ext/standard/tests/serialize/bug65481.phpt 2015-09-30 07:59:15.357572656 -0400 +@@ -0,0 +1,40 @@ ++--TEST-- ++Bug #65481 (shutdown segfault due to serialize) ++--FILE-- ++e[] = $e; ++ $e->e = $c->e; ++ } ++ ++ return serialize(array(serialize($c))); ++ } ++ ++ public function unserialize($str) ++ { ++ $r = unserialize($str); ++ $r = unserialize($r[0]); ++ } ++} ++ ++$token = new Token; ++$token = serialize($token); ++ ++?> ++Done ++--EXPECT-- ++Test ++Done +Index: php5-5.3.10/ext/standard/var_unserializer.c +=================================================================== +--- php5-5.3.10.orig/ext/standard/var_unserializer.c 2015-09-30 07:59:15.357572656 -0400 ++++ php5-5.3.10/ext/standard/var_unserializer.c 2015-09-30 08:01:46.400399520 -0400 +@@ -79,6 +80,29 @@ + var_hash->data[var_hash->used_slots++] = *rval; + } + ++PHPAPI void var_push_dtor_no_addref(php_unserialize_data_t *var_hashx, zval **rval) ++{ ++ var_entries *var_hash = var_hashx->first_dtor, *prev = NULL; ++ ++ while (var_hash && var_hash->used_slots == VAR_ENTRIES_MAX) { ++ prev = var_hash; ++ var_hash = var_hash->next; ++ } ++ ++ if (!var_hash) { ++ var_hash = emalloc(sizeof(var_entries)); ++ var_hash->used_slots = 0; ++ var_hash->next = 0; ++ ++ if (!var_hashx->first_dtor) ++ var_hashx->first_dtor = var_hash; ++ else ++ prev->next = var_hash; ++ } ++ ++ var_hash->data[var_hash->used_slots++] = *rval; ++} ++ + PHPAPI void var_replace(php_unserialize_data_t *var_hashx, zval *ozval, zval **nzval) + { + long i; +@@ -1099,7 +1125,7 @@ + if (*rval == *rval_ref) return 0; + + if (*rval != NULL) { +- zval_ptr_dtor(rval); ++ var_push_dtor_no_addref(var_hash, rval); + } + *rval = *rval_ref; + Z_ADDREF_PP(rval); +Index: php5-5.3.10/ext/standard/var_unserializer.re +=================================================================== +--- php5-5.3.10.orig/ext/standard/var_unserializer.re 2015-09-30 07:59:15.357572656 -0400 ++++ php5-5.3.10/ext/standard/var_unserializer.re 2015-09-30 08:02:19.484142568 -0400 +@@ -78,6 +79,29 @@ + var_hash->data[var_hash->used_slots++] = *rval; + } + ++PHPAPI void var_push_dtor_no_addref(php_unserialize_data_t *var_hashx, zval **rval) ++{ ++ var_entries *var_hash = var_hashx->first_dtor, *prev = NULL; ++ ++ while (var_hash && var_hash->used_slots == VAR_ENTRIES_MAX) { ++ prev = var_hash; ++ var_hash = var_hash->next; ++ } ++ ++ if (!var_hash) { ++ var_hash = emalloc(sizeof(var_entries)); ++ var_hash->used_slots = 0; ++ var_hash->next = 0; ++ ++ if (!var_hashx->first_dtor) ++ var_hashx->first_dtor = var_hash; ++ else ++ prev->next = var_hash; ++ } ++ ++ var_hash->data[var_hash->used_slots++] = *rval; ++} ++ + PHPAPI void var_replace(php_unserialize_data_t *var_hashx, zval *ozval, zval **nzval) + { + long i; +@@ -447,7 +471,7 @@ + if (*rval == *rval_ref) return 0; + + if (*rval != NULL) { +- zval_ptr_dtor(rval); ++ var_push_dtor_no_addref(var_hash, rval); + } + *rval = *rval_ref; + Z_ADDREF_PP(rval); --- php5-5.3.10.orig/debian/patches/CVE-2014-3515.patch +++ php5-5.3.10/debian/patches/CVE-2014-3515.patch @@ -0,0 +1,68 @@ +Backport of: + +From 88223c5245e9b470e1e6362bfd96829562ffe6ab Mon Sep 17 00:00:00 2001 +From: Stanislav Malyshev +Date: Sat, 21 Jun 2014 19:46:16 -0700 +Subject: [PATCH] Fix bug #67492: unserialize() SPL ArrayObject / + SPLObjectStorage Type Confusion + +--- + NEWS | 2 ++ + ext/spl/spl_array.c | 2 +- + ext/spl/spl_observer.c | 2 +- + ext/spl/tests/SplObjectStorage_unserialize_bad.phpt | 5 ++++- + 4 files changed, 8 insertions(+), 3 deletions(-) + +Index: php5-5.3.10/ext/spl/spl_array.c +=================================================================== +--- php5-5.3.10.orig/ext/spl/spl_array.c 2014-07-07 08:32:10.970633968 -0400 ++++ php5-5.3.10/ext/spl/spl_array.c 2014-07-07 08:34:54.198631439 -0400 +@@ -1785,7 +1785,7 @@ + ++p; + + ALLOC_INIT_ZVAL(pmembers); +- if (!php_var_unserialize(&pmembers, &p, s + buf_len, var_hash_p TSRMLS_CC)) { ++ if (!php_var_unserialize(&pmembers, &p, s + buf_len, var_hash_p TSRMLS_CC) || Z_TYPE_P(pmembers) != IS_ARRAY) { + zval_ptr_dtor(&pmembers); + goto outexcept; + } +Index: php5-5.3.10/ext/spl/spl_observer.c +=================================================================== +--- php5-5.3.10.orig/ext/spl/spl_observer.c 2014-07-07 08:32:10.970633968 -0400 ++++ php5-5.3.10/ext/spl/spl_observer.c 2014-07-07 08:32:10.966633968 -0400 +@@ -801,7 +801,7 @@ + ++p; + + ALLOC_INIT_ZVAL(pmembers); +- if (!php_var_unserialize(&pmembers, &p, s + buf_len, &var_hash TSRMLS_CC)) { ++ if (!php_var_unserialize(&pmembers, &p, s + buf_len, &var_hash TSRMLS_CC) || Z_TYPE_P(pmembers) != IS_ARRAY) { + zval_ptr_dtor(&pmembers); + goto outexcept; + } +Index: php5-5.3.10/ext/spl/tests/SplObjectStorage_unserialize_bad.phpt +=================================================================== +--- php5-5.3.10.orig/ext/spl/tests/SplObjectStorage_unserialize_bad.phpt 2014-07-07 08:32:10.970633968 -0400 ++++ php5-5.3.10/ext/spl/tests/SplObjectStorage_unserialize_bad.phpt 2014-07-07 08:35:13.670631138 -0400 +@@ -7,6 +7,7 @@ + 'x:i:2;i:0;,i:1;;i:0;,i:2;;m:a:0:{}', + 'x:i:3;O:8:"stdClass":0:{},O:8:"stdClass":0:{};R:1;,i:1;;O:8:"stdClass":0:{},r:2;;m:a:0:{}', + 'x:i:3;O:8:"stdClass":0:{},O:8:"stdClass":0:{};r:1;,i:1;;O:8:"stdClass":0:{},r:2;;m:a:0:{}', ++'x:i:1;O:8:"stdClass":0:{},N;;m:s:40:"1234567890123456789012345678901234567890"', + ); + foreach($badblobs as $blob) { + try { +@@ -17,6 +18,7 @@ + echo $e->getMessage()."\n"; + } + } ++echo "DONE\n"; + --EXPECTF-- + Error at offset 6 of 34 bytes + Error at offset 46 of 89 bytes +@@ -42,4 +44,5 @@ + } + } + } +- ++Error at offset 79 of 78 bytes ++DONE --- php5-5.3.10.orig/debian/patches/CVE-2016-6289.patch +++ php5-5.3.10/debian/patches/CVE-2016-6289.patch @@ -0,0 +1,22 @@ +From 0218acb7e756a469099c4ccfb22bce6c2bd1ef87 Mon Sep 17 00:00:00 2001 +From: Stanislav Malyshev +Date: Tue, 12 Jul 2016 21:48:00 -0700 +Subject: [PATCH] Fix for bug #72513 + +--- + TSRM/tsrm_virtual_cwd.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +Index: php5-5.3.10/TSRM/tsrm_virtual_cwd.c +=================================================================== +--- php5-5.3.10.orig/TSRM/tsrm_virtual_cwd.c 2016-07-28 15:26:34.928953727 -0400 ++++ php5-5.3.10/TSRM/tsrm_virtual_cwd.c 2016-07-28 15:26:34.928953727 -0400 +@@ -1157,7 +1157,7 @@ + void *tmp; + TSRMLS_FETCH(); + +- if (path_length == 0 || path_length >= MAXPATHLEN-1) { ++ if (path_length <= 0 || path_length >= MAXPATHLEN-1) { + #ifdef TSRM_WIN32 + # if _MSC_VER < 1300 + errno = EINVAL; --- php5-5.3.10.orig/debian/patches/CVE-2015-5589-1.patch +++ php5-5.3.10/debian/patches/CVE-2015-5589-1.patch @@ -0,0 +1,31 @@ +Backport of: + +From bf58162ddf970f63502837f366930e44d6a992cf Mon Sep 17 00:00:00 2001 +From: Stanislav Malyshev +Date: Sat, 4 Jul 2015 21:01:50 -0700 +Subject: [PATCH] Fix bug #69958 - Segfault in Phar::convertToData on invalid + file + +--- + ext/phar/phar_object.c | 70 ++++++++++++++++++++++--------------------- + ext/phar/tests/bug69958.phpt | 14 +++++++++ + ext/phar/tests/bug69958.tar | Bin 0 -> 513 bytes + 3 files changed, 50 insertions(+), 34 deletions(-) + create mode 100644 ext/phar/tests/bug69958.phpt + create mode 100644 ext/phar/tests/bug69958.tar + +Index: php5-5.3.10/ext/phar/phar_object.c +=================================================================== +--- php5-5.3.10.orig/ext/phar/phar_object.c 2015-09-29 12:28:32.486128544 -0400 ++++ php5-5.3.10/ext/phar/phar_object.c 2015-09-29 12:28:32.482128571 -0400 +@@ -2524,7 +2524,9 @@ + zend_hash_destroy(&(phar->manifest)); + zend_hash_destroy(&(phar->mounted_dirs)); + zend_hash_destroy(&(phar->virtual_dirs)); +- php_stream_close(phar->fp); ++ if (phar->fp) { ++ php_stream_close(phar->fp); ++ } + efree(phar->fname); + efree(phar); + return NULL; --- php5-5.3.10.orig/debian/patches/fix_broken_upstream_tests.patch +++ php5-5.3.10/debian/patches/fix_broken_upstream_tests.patch @@ -0,0 +1,25 @@ +Description: Add missing settings to fix upstream tests +Origin: vendor +Forwarded: http://bugs.php.net/50796 +Last-Update: 2010-01-18 + +--- a/ext/soap/tests/server009.phpt ++++ b/ext/soap/tests/server009.phpt +@@ -10,6 +10,7 @@ SOAP Server 9: setclass and setpersisten + --INI-- + session.auto_start=1 + session.save_handler=files ++session.save_path=temp_session_store + --FILE-- + + --FILE-- + +Date: Tue, 1 Sep 2015 00:14:15 -0700 +Subject: [PATCH] Fix bug #70365 - use-after-free vulnerability in + unserialize() with SplObjectStorage + +--- + ext/spl/spl_observer.c | 2 ++ + ext/spl/tests/bug70365.phpt | 50 +++++++++++++++++++++++++++++++++++++++++++++ + 2 files changed, 52 insertions(+) + create mode 100644 ext/spl/tests/bug70365.phpt + +Index: php5-5.3.10/ext/spl/spl_observer.c +=================================================================== +--- php5-5.3.10.orig/ext/spl/spl_observer.c 2015-09-29 12:41:38.165719335 -0400 ++++ php5-5.3.10/ext/spl/spl_observer.c 2015-09-29 12:41:38.161719354 -0400 +@@ -763,6 +763,7 @@ + zval_ptr_dtor(&pentry); + goto outexcept; + } ++ var_push_dtor(&var_hash, &pentry); + if(Z_TYPE_P(pentry) != IS_OBJECT) { + zval_ptr_dtor(&pentry); + goto outexcept; +@@ -774,6 +775,7 @@ + zval_ptr_dtor(&pinf); + goto outexcept; + } ++ var_push_dtor(&var_hash, &pinf); + } + + pelement = spl_object_storage_get(intern, pentry TSRMLS_CC); --- php5-5.3.10.orig/debian/patches/CVE-2012-0781.patch +++ php5-5.3.10/debian/patches/CVE-2012-0781.patch @@ -0,0 +1,94 @@ +Description: fix denial of service via invalid tidy objects +Origin: upstream, http://svn.php.net/viewvc?view=revision&revision=323118 +Origin: upstream, http://svn.php.net/viewvc?view=revision&revision=322536 +Bug: https://bugs.php.net/bug.php?id=54682 + +Index: php5-5.3.10/ext/tidy/tests/004.phpt +=================================================================== +--- php5-5.3.10.orig/ext/tidy/tests/004.phpt 2004-05-19 04:45:46.000000000 -0400 ++++ php5-5.3.10/ext/tidy/tests/004.phpt 2012-06-12 13:30:15.593079695 -0400 +@@ -4,14 +4,28 @@ + + --FILE-- + "); +- tidy_diagnose($a); +- echo tidy_get_error_buffer($a); ++$a = tidy_parse_string(''); ++var_dump(tidy_diagnose($a)); ++echo tidy_get_error_buffer($a); ++ ++$html = <<< HTML ++ ++ ++foo ++

hello

++ ++HTML; ++$a = tidy_parse_string($html); ++var_dump(tidy_diagnose($a)); ++echo tidy_get_error_buffer($a); + ?> + --EXPECT-- +- ++bool(true) + line 1 column 1 - Warning: missing declaration + line 1 column 7 - Warning: discarding unexpected + line 1 column 14 - Warning: inserting missing 'title' element + Info: Document content looks like HTML 3.2 +-3 warnings, 0 errors were found! +\ No newline at end of file ++3 warnings, 0 errors were found! ++bool(true) ++Info: Document content looks like HTML 3.2 ++No warnings or errors were found. +Index: php5-5.3.10/ext/tidy/tests/bug54682.phpt +=================================================================== +--- php5-5.3.10.orig/ext/tidy/tests/bug54682.phpt 2011-11-15 10:16:20.000000000 -0500 ++++ php5-5.3.10/ext/tidy/tests/bug54682.phpt 2012-06-12 13:22:07.933084348 -0400 +@@ -10,4 +10,4 @@ + + ?> + --EXPECTF-- +-Warning: tidy::__construct(): Cannot Load '*' into memory in %s on line %d ++Warning: tidy::__construct(): Cannot Load '*' into memory in %s on line %d +Index: php5-5.3.10/ext/tidy/tidy.c +=================================================================== +--- php5-5.3.10.orig/ext/tidy/tidy.c 2012-01-01 08:15:04.000000000 -0500 ++++ php5-5.3.10/ext/tidy/tidy.c 2012-06-12 13:27:04.765081515 -0400 +@@ -190,6 +190,7 @@ + TidyDoc doc; + TidyBuffer *errbuf; + unsigned int ref_count; ++ unsigned int initialized:1; + }; + + struct _PHPTidyObj { +@@ -701,6 +702,7 @@ + intern->ptdoc = emalloc(sizeof(PHPTidyDoc)); + intern->ptdoc->doc = tidyCreate(); + intern->ptdoc->ref_count = 1; ++ intern->ptdoc->initialized = 0; + intern->ptdoc->errbuf = emalloc(sizeof(TidyBuffer)); + tidyBufInit(intern->ptdoc->errbuf); + +@@ -1040,7 +1042,9 @@ + return FAILURE; + } + } +- ++ ++ obj->ptdoc->initialized = 1; ++ + tidyBufInit(&buf); + tidyBufAppend(&buf, string, len); + if (tidyParseBuffer(obj->ptdoc->doc, &buf) < 0) { +@@ -1288,7 +1292,7 @@ + { + TIDY_FETCH_OBJECT; + +- if (tidyStatus(obj->ptdoc->doc) != 0 && tidyRunDiagnostics(obj->ptdoc->doc) >= 0) { ++ if (obj->ptdoc->initialized && tidyRunDiagnostics(obj->ptdoc->doc) >= 0) { + tidy_doc_update_properties(obj TSRMLS_CC); + RETURN_TRUE; + } --- php5-5.3.10.orig/debian/patches/CVE-2015-4602.patch +++ php5-5.3.10/debian/patches/CVE-2015-4602.patch @@ -0,0 +1,25 @@ +From fb83c76deec58f1fab17c350f04c9f042e5977d1 Mon Sep 17 00:00:00 2001 +From: Stanislav Malyshev +Date: Sun, 22 Mar 2015 18:17:47 -0700 +Subject: [PATCH] Check that the type is correct + +--- + ext/standard/incomplete_class.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/ext/standard/incomplete_class.c b/ext/standard/incomplete_class.c +index 1816ac4..30c82e6 100644 +--- a/ext/standard/incomplete_class.c ++++ b/ext/standard/incomplete_class.c +@@ -144,7 +144,7 @@ PHPAPI char *php_lookup_class_name(zval *object, zend_uint *nlen) + + object_properties = Z_OBJPROP_P(object); + +- if (zend_hash_find(object_properties, MAGIC_MEMBER, sizeof(MAGIC_MEMBER), (void **) &val) == SUCCESS) { ++ if (zend_hash_find(object_properties, MAGIC_MEMBER, sizeof(MAGIC_MEMBER), (void **) &val) == SUCCESS && Z_TYPE_PP(val) == IS_STRING) { + retval = estrndup(Z_STRVAL_PP(val), Z_STRLEN_PP(val)); + + if (nlen) { +-- +2.1.4 + --- php5-5.3.10.orig/debian/patches/CVE-2016-5093.patch +++ php5-5.3.10/debian/patches/CVE-2016-5093.patch @@ -0,0 +1,45 @@ +Backport of: + +From 97eff7eb57fc2320c267a949cffd622c38712484 Mon Sep 17 00:00:00 2001 +From: Stanislav Malyshev +Date: Sun, 22 May 2016 17:49:02 -0700 +Subject: [PATCH] Fix bug #72241: get_icu_value_internal out-of-bounds read + +--- + ext/intl/locale/locale_methods.c | 235 ++++++++++++++++++++------------------- + ext/intl/tests/bug72241.phpt | 14 +++ + 2 files changed, 132 insertions(+), 117 deletions(-) + create mode 100644 ext/intl/tests/bug72241.phpt + +Index: php5-5.3.10/ext/intl/locale/locale_methods.c +=================================================================== +--- php5-5.3.10.orig/ext/intl/locale/locale_methods.c 2016-08-01 10:56:25.747768741 -0400 ++++ php5-5.3.10/ext/intl/locale/locale_methods.c 2016-08-01 10:56:25.743768701 -0400 +@@ -327,6 +327,7 @@ + if( U_FAILURE( status ) ) { + if( status == U_BUFFER_OVERFLOW_ERROR ) { + status = U_ZERO_ERROR; ++ buflen++; /* add space for \0 */ + continue; + } + +Index: php5-5.3.10/ext/intl/tests/bug72241.phpt +=================================================================== +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ php5-5.3.10/ext/intl/tests/bug72241.phpt 2016-08-01 10:56:57.948082573 -0400 +@@ -0,0 +1,15 @@ ++--TEST-- ++Bug #72241: get_icu_value_internal out-of-bounds read ++--SKIPIF-- ++ ++--FILE-- ++&2 + fi +- mkdir $pathcomp || errstatus=$? ++ mkdir $pathcomp || { ++ _errstatus=$? ++ [ -d "$pathcomp" ] || errstatus=${_errstatus} ++ unset _errstatus ++ } + if [ ".$opt_o" != . ]; then + if [ ".$opt_t" = .yes ]; then + echo "chown $opt_o $pathcomp" 1>&2 --- php5-5.3.10.orig/debian/patches/CVE-2016-5772.patch +++ php5-5.3.10/debian/patches/CVE-2016-5772.patch @@ -0,0 +1,62 @@ +From a44c89e8af7c2410f4bfc5e097be2a5d0639a60c Mon Sep 17 00:00:00 2001 +From: Stanislav Malyshev +Date: Sun, 12 Jun 2016 23:18:23 -0700 +Subject: [PATCH] Fix bug #72340: Double Free Courruption in wddx_deserialize + +--- + ext/wddx/tests/bug72340.phpt | 24 ++++++++++++++++++++++++ + ext/wddx/wddx.c | 4 ++++ + 2 files changed, 28 insertions(+) + create mode 100644 ext/wddx/tests/bug72340.phpt + +Index: php5-5.5.9+dfsg/ext/wddx/tests/bug72340.phpt +=================================================================== +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ php5-5.5.9+dfsg/ext/wddx/tests/bug72340.phpt 2016-07-28 08:50:27.715732417 -0400 +@@ -0,0 +1,24 @@ ++--TEST-- ++Bug #72340: Double Free Courruption in wddx_deserialize ++--SKIPIF-- ++ ++--FILE-- ++ ++ ++ ++ TEST ++ ++ ++ ++ ++EOF; ++$array = wddx_deserialize($xml); ++var_dump($array); ++?> ++--EXPECT-- ++array(0) { ++} +Index: php5-5.5.9+dfsg/ext/wddx/wddx.c +=================================================================== +--- php5-5.5.9+dfsg.orig/ext/wddx/wddx.c 2016-07-28 08:50:27.723732512 -0400 ++++ php5-5.5.9+dfsg/ext/wddx/wddx.c 2016-07-28 08:50:27.719732465 -0400 +@@ -1092,6 +1092,9 @@ + break; + + case ST_BOOLEAN: ++ if(!ent->data) { ++ break; ++ } + if (!strcmp(s, "true")) { + Z_LVAL_P(ent->data) = 1; + } else if (!strcmp(s, "false")) { +@@ -1100,6 +1103,7 @@ + zval_ptr_dtor(&ent->data); + if (ent->varname) { + efree(ent->varname); ++ ent->varname = NULL; + } + ent->data = NULL; + } --- php5-5.3.10.orig/debian/patches/CVE-2015-3411.patch +++ php5-5.3.10/debian/patches/CVE-2015-3411.patch @@ -0,0 +1,286 @@ +Backport of: + +From 4435b9142ff9813845d5c97ab29a5d637bedb257 Mon Sep 17 00:00:00 2001 +From: Stanislav Malyshev +Date: Sun, 5 Apr 2015 16:01:24 -0700 +Subject: [PATCH] Fixed bug #69353 (Missing null byte checks for paths in + various PHP extensions) + +--- + ext/dom/document.c | 5 ++++- + ext/dom/tests/DOMDocument_loadHTMLfile_error2.phpt | 5 +++++ + ext/fileinfo/fileinfo.c | 5 +++++ + ext/fileinfo/tests/finfo_file_basic.phpt | 4 ++++ + ext/gd/gd.c | 8 ++++---- + ext/hash/hash.c | 7 ++++++- + ext/hash/tests/hash_hmac_file_error.phpt | 7 +++++++ + ext/pgsql/pgsql.c | 2 +- + ext/standard/link.c | 2 +- + ext/standard/streamsfuncs.c | 2 +- + ext/xmlwriter/php_xmlwriter.c | 4 ++-- + ext/zlib/zlib.c | 4 ++-- + 12 files changed, 42 insertions(+), 13 deletions(-) + +Index: php5-5.3.10/ext/dom/document.c +=================================================================== +--- php5-5.3.10.orig/ext/dom/document.c 2015-07-02 09:08:04.755330669 -0400 ++++ php5-5.3.10/ext/dom/document.c 2015-07-02 09:08:47.575782022 -0400 +@@ -1573,6 +1573,9 @@ + xmlInitParser(); + + if (mode == DOM_LOAD_FILE) { ++ if (CHECK_NULL_PATH(source, source_len)) { ++ return NULL; ++ } + char *file_dest = _dom_get_valid_file_path(source, resolved_path, MAXPATHLEN TSRMLS_CC); + if (file_dest) { + ctxt = xmlCreateFileParserCtxt(file_dest); +Index: php5-5.3.10/ext/fileinfo/fileinfo.c +=================================================================== +--- php5-5.3.10.orig/ext/fileinfo/fileinfo.c 2015-07-02 09:08:04.755330669 -0400 ++++ php5-5.3.10/ext/fileinfo/fileinfo.c 2015-07-02 09:08:04.747330584 -0400 +@@ -495,6 +495,11 @@ + RETVAL_FALSE; + goto clean; + } ++ if (CHECK_NULL_PATH(buffer, buffer_len)) { ++ php_error_docref(NULL TSRMLS_CC, E_WARNING, "Invalid path"); ++ RETVAL_FALSE; ++ goto clean; ++ } + + wrap = php_stream_locate_url_wrapper(buffer, &tmp2, 0 TSRMLS_CC); + +Index: php5-5.3.10/ext/fileinfo/tests/finfo_file_basic.phpt +=================================================================== +--- php5-5.3.10.orig/ext/fileinfo/tests/finfo_file_basic.phpt 2015-07-02 09:08:04.755330669 -0400 ++++ php5-5.3.10/ext/fileinfo/tests/finfo_file_basic.phpt 2015-07-02 09:08:04.747330584 -0400 +@@ -19,6 +19,7 @@ + var_dump( finfo_file( $finfo, __FILE__) ); + var_dump( finfo_file( $finfo, __FILE__, FILEINFO_CONTINUE ) ); + var_dump( finfo_file( $finfo, $magicFile ) ); ++var_dump( finfo_file( $finfo, $magicFile.chr(0).$magicFile) ); + + ?> + ===DONE=== +@@ -27,4 +28,7 @@ + string(28) "text/x-php; charset=us-ascii" + string(15) "PHP script text" + string(32) "text/plain; charset=unknown-8bit" ++ ++Warning: finfo_file(): Invalid path in %s/finfo_file_basic.php on line %d ++bool(false) + ===DONE=== +Index: php5-5.3.10/ext/gd/gd.c +=================================================================== +--- php5-5.3.10.orig/ext/gd/gd.c 2015-07-02 09:08:04.755330669 -0400 ++++ php5-5.3.10/ext/gd/gd.c 2015-07-02 09:08:04.751330627 -0400 +@@ -1470,6 +1470,11 @@ + return; + } + ++ /* No nulls allowed in paths */ ++ if (strlen(file) != file_name) { ++ RETURN_FALSE; ++ } ++ + stream = php_stream_open_wrapper(file, "rb", ENFORCE_SAFE_MODE | IGNORE_PATH | IGNORE_URL_WIN | REPORT_ERRORS, NULL); + if (stream == NULL) { + RETURN_FALSE; +@@ -2412,6 +2417,12 @@ + if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "sllll", &file, &file_len, &srcx, &srcy, &width, &height) == FAILURE) { + return; + } ++ ++ /* No nulls allowed in paths */ ++ if (strlen(file) != file_len) { ++ RETURN_FALSE; ++ } ++ + if (width < 1 || height < 1) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Zero width or height not allowed"); + RETURN_FALSE; +@@ -2420,6 +2431,11 @@ + if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s", &file, &file_len) == FAILURE) { + return; + } ++ ++ /* No nulls allowed in paths */ ++ if (strlen(file) != file_len) { ++ RETURN_FALSE; ++ } + } + + stream = php_stream_open_wrapper(file, "rb", ENFORCE_SAFE_MODE|REPORT_ERRORS|IGNORE_PATH|IGNORE_URL_WIN, NULL); +@@ -4131,6 +4147,11 @@ + return; + } + ++ /* No nulls allowed in paths */ ++ if (strlen(enc) != enc_len) { ++ RETURN_FALSE; ++ } ++ + ZEND_FETCH_RESOURCE(f_ind, int *, &fnt, -1, "Type 1 font", le_ps_font); + + if ((enc_vector = T1_LoadEncoding(enc)) == NULL) { +Index: php5-5.3.10/ext/hash/hash.c +=================================================================== +--- php5-5.3.10.orig/ext/hash/hash.c 2015-07-02 09:08:04.755330669 -0400 ++++ php5-5.3.10/ext/hash/hash.c 2015-07-02 09:08:04.751330627 -0400 +@@ -136,6 +136,10 @@ + RETURN_FALSE; + } + if (isfilename) { ++ if (CHECK_NULL_PATH(data, data_len)) { ++ php_error_docref(NULL TSRMLS_CC, E_WARNING, "Invalid path"); ++ RETURN_FALSE; ++ } + stream = php_stream_open_wrapper_ex(data, "rb", REPORT_ERRORS | ENFORCE_SAFE_MODE, NULL, DEFAULT_CONTEXT); + if (!stream) { + /* Stream will report errors opening file */ +@@ -214,6 +218,10 @@ + RETURN_FALSE; + } + if (isfilename) { ++ if (CHECK_NULL_PATH(data, data_len)) { ++ php_error_docref(NULL TSRMLS_CC, E_WARNING, "Invalid path"); ++ RETURN_FALSE; ++ } + stream = php_stream_open_wrapper_ex(data, "rb", REPORT_ERRORS | ENFORCE_SAFE_MODE, NULL, DEFAULT_CONTEXT); + if (!stream) { + /* Stream will report errors opening file */ +@@ -445,6 +453,11 @@ + return; + } + ++ /* No nulls allowed in paths */ ++ if (strlen(filename) != filename_len) { ++ RETURN_FALSE; ++ } ++ + ZEND_FETCH_RESOURCE(hash, php_hash_data*, &zhash, -1, PHP_HASH_RESNAME, php_hash_le_hash); + context = php_stream_context_from_zval(zcontext, 0); + +Index: php5-5.3.10/ext/hash/tests/hash_hmac_file_error.phpt +=================================================================== +--- php5-5.3.10.orig/ext/hash/tests/hash_hmac_file_error.phpt 2015-07-02 09:08:04.755330669 -0400 ++++ php5-5.3.10/ext/hash/tests/hash_hmac_file_error.phpt 2015-07-02 09:08:04.751330627 -0400 +@@ -28,6 +28,9 @@ + echo "\n-- Testing hash_hmac_file() function with invalid hash algorithm --\n"; + hash_hmac_file('foo', $file, $key, TRUE); + ++echo "\n-- Testing hash_hmac_file() function with bad path --\n"; ++hash_hmac_file('crc32', $file.chr(0).$file, $key, TRUE); ++ + ?> + ===Done=== + --EXPECTF-- +@@ -51,4 +54,8 @@ + -- Testing hash_hmac_file() function with invalid hash algorithm -- + + Warning: hash_hmac_file(): Unknown hashing algorithm: foo in %s on line %d ++ ++-- Testing hash_hmac_file() function with bad path -- ++ ++Warning: hash_hmac_file(): Invalid path in %s on line %d + ===Done=== +\ No newline at end of file +Index: php5-5.3.10/ext/pgsql/pgsql.c +=================================================================== +--- php5-5.3.10.orig/ext/pgsql/pgsql.c 2015-07-02 09:08:04.755330669 -0400 ++++ php5-5.3.10/ext/pgsql/pgsql.c 2015-07-02 09:08:04.751330627 -0400 +@@ -2873,6 +2873,11 @@ + return; + } + ++ /* No nulls allowed in paths */ ++ if (strlen(z_filename) != z_filename_len) { ++ RETURN_FALSE; ++ } ++ + if (argc < 3) { + CHECK_DEFAULT_LINK(id); + } +Index: php5-5.3.10/ext/standard/streamsfuncs.c +=================================================================== +--- php5-5.3.10.orig/ext/standard/streamsfuncs.c 2015-07-02 09:08:04.755330669 -0400 ++++ php5-5.3.10/ext/standard/streamsfuncs.c 2015-07-02 09:08:04.751330627 -0400 +@@ -1501,6 +1501,11 @@ + return; + } + ++ /* No nulls allowed in paths */ ++ if (strlen(filename) != filename_len) { ++ RETURN_FALSE; ++ } ++ + resolved_path = zend_resolve_path(filename, filename_len TSRMLS_CC); + + if (resolved_path) { +Index: php5-5.3.10/ext/xmlwriter/php_xmlwriter.c +=================================================================== +--- php5-5.3.10.orig/ext/xmlwriter/php_xmlwriter.c 2015-07-02 09:08:04.755330669 -0400 ++++ php5-5.3.10/ext/xmlwriter/php_xmlwriter.c 2015-07-02 09:08:04.751330627 -0400 +@@ -1738,7 +1738,7 @@ + /* }}} */ + #endif + +-/* {{{ proto resource xmlwriter_open_uri(resource xmlwriter, string source) ++/* {{{ proto resource xmlwriter_open_uri(string source) + Create new xmlwriter using source uri for output */ + static PHP_FUNCTION(xmlwriter_open_uri) + { +@@ -1775,6 +1775,11 @@ + RETURN_FALSE; + } + ++ /* No nulls allowed in paths */ ++ if (strlen(source) != source_len) { ++ RETURN_FALSE; ++ } ++ + valid_file = _xmlwriter_get_valid_file_path(source, resolved_path, MAXPATHLEN TSRMLS_CC); + if (!valid_file) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to resolve file path"); +Index: php5-5.3.10/ext/zlib/zlib.c +=================================================================== +--- php5-5.3.10.orig/ext/zlib/zlib.c 2015-07-02 09:08:04.755330669 -0400 ++++ php5-5.3.10/ext/zlib/zlib.c 2015-07-02 09:08:04.755330669 -0400 +@@ -445,6 +445,11 @@ + return; + } + ++ /* No nulls allowed in paths */ ++ if (strlen(filename) != filename_len) { ++ RETURN_FALSE; ++ } ++ + use_include_path = flags ? USE_PATH : 0; + + stream = php_stream_gzopen(NULL, filename, mode, use_include_path | ENFORCE_SAFE_MODE | REPORT_ERRORS, NULL, NULL STREAMS_CC TSRMLS_CC); +@@ -474,6 +479,11 @@ + return; + } + ++ /* No nulls allowed in paths */ ++ if (strlen(filename) != filename_len) { ++ RETURN_FALSE; ++ } ++ + use_include_path = flags ? USE_PATH : 0; + + stream = php_stream_gzopen(NULL, filename, "rb", use_include_path | ENFORCE_SAFE_MODE, NULL, NULL STREAMS_CC TSRMLS_CC); +Index: php5-5.3.10/Zend/zend_API.h +=================================================================== +--- php5-5.3.10.orig/Zend/zend_API.h 2015-07-02 09:08:04.755330669 -0400 ++++ php5-5.3.10/Zend/zend_API.h 2015-07-02 09:08:04.755330669 -0400 +@@ -512,6 +512,8 @@ + #define CHECK_ZVAL_STRING_REL(z) + #endif + ++#define CHECK_NULL_PATH(p, l) (strlen(p) != l) ++ + #define ZVAL_RESOURCE(z, l) { \ + Z_TYPE_P(z) = IS_RESOURCE; \ + Z_LVAL_P(z) = l; \ --- php5-5.3.10.orig/debian/patches/019-z_off_t_as_long.patch +++ php5-5.3.10/debian/patches/019-z_off_t_as_long.patch @@ -0,0 +1,1541 @@ +Description: Include some zlib headers to make sure z_off_t is a long on + the gzip file functions. Issue caused by LFS support. + . + Needs to be re-checked. +Origin: vendor +Bug-Debian: http://bugs.debian.org/208608 +Forwarded: no +Last-Update: 2010-01-18 + +--- /dev/null ++++ b/ext/zlib/zconf.h +@@ -0,0 +1,326 @@ ++/* zconf.h -- configuration of the zlib compression library ++ * Copyright (C) 1995-2003 Jean-loup Gailly. ++ * For conditions of distribution and use, see copyright notice in zlib.h ++ */ ++ ++/* @(#) $Id: 019-z_off_t_as_long.patch.disabled,v 1.3 2004/08/23 07:48:56 adconrad Exp $ */ ++ ++#ifndef ZCONF_H ++#define ZCONF_H ++ ++#warning Including local zconf.h instead of system zconf.h ++ ++/* ++ * If you *really* need a unique prefix for all types and library functions, ++ * compile with -DZ_PREFIX. The "standard" zlib should be compiled without it. ++ */ ++#ifdef Z_PREFIX ++# define deflateInit_ z_deflateInit_ ++# define deflate z_deflate ++# define deflateEnd z_deflateEnd ++# define inflateInit_ z_inflateInit_ ++# define inflate z_inflate ++# define inflateEnd z_inflateEnd ++# define deflateInit2_ z_deflateInit2_ ++# define deflateSetDictionary z_deflateSetDictionary ++# define deflateCopy z_deflateCopy ++# define deflateReset z_deflateReset ++# define deflatePrime z_deflatePrime ++# define deflateParams z_deflateParams ++# define deflateBound z_deflateBound ++# define inflateInit2_ z_inflateInit2_ ++# define inflateSetDictionary z_inflateSetDictionary ++# define inflateSync z_inflateSync ++# define inflateSyncPoint z_inflateSyncPoint ++# define inflateCopy z_inflateCopy ++# define inflateReset z_inflateReset ++# define compress z_compress ++# define compress2 z_compress2 ++# define compressBound z_compressBound ++# define uncompress z_uncompress ++# define adler32 z_adler32 ++# define crc32 z_crc32 ++# define get_crc_table z_get_crc_table ++ ++# define Byte z_Byte ++# define uInt z_uInt ++# define uLong z_uLong ++# define Bytef z_Bytef ++# define charf z_charf ++# define intf z_intf ++# define uIntf z_uIntf ++# define uLongf z_uLongf ++# define voidpf z_voidpf ++# define voidp z_voidp ++#endif ++ ++#if defined(__MSDOS__) && !defined(MSDOS) ++# define MSDOS ++#endif ++#if (defined(OS_2) || defined(__OS2__)) && !defined(OS2) ++# define OS2 ++#endif ++#if defined(_WINDOWS) && !defined(WINDOWS) ++# define WINDOWS ++#endif ++#if (defined(_WIN32) || defined(__WIN32__)) && !defined(WIN32) ++# define WIN32 ++#endif ++#if (defined(MSDOS) || defined(OS2) || defined(WINDOWS)) && !defined(WIN32) ++# if !defined(__GNUC__) && !defined(__FLAT__) && !defined(__386__) ++# ifndef SYS16BIT ++# define SYS16BIT ++# endif ++# endif ++#endif ++ ++/* ++ * Compile with -DMAXSEG_64K if the alloc function cannot allocate more ++ * than 64k bytes at a time (needed on systems with 16-bit int). ++ */ ++#ifdef SYS16BIT ++# define MAXSEG_64K ++#endif ++#ifdef MSDOS ++# define UNALIGNED_OK ++#endif ++ ++#ifdef __STDC_VERSION__ ++# ifndef STDC ++# define STDC ++# endif ++# if __STDC_VERSION__ >= 199901L ++# ifndef STDC99 ++# define STDC99 ++# endif ++# endif ++#endif ++#if !defined(STDC) && (defined(__STDC__) || defined(__cplusplus)) ++# define STDC ++#endif ++#if !defined(STDC) && (defined(__GNUC__) || defined(__BORLANDC__)) ++# define STDC ++#endif ++#if !defined(STDC) && (defined(MSDOS) || defined(WINDOWS) || defined(WIN32)) ++# define STDC ++#endif ++#if !defined(STDC) && (defined(OS2) || defined(__HOS_AIX__)) ++# define STDC ++#endif ++ ++#if defined(__OS400__) && !defined(STDC) /* iSeries (formerly AS/400). */ ++# define STDC ++#endif ++ ++#ifndef STDC ++# ifndef const /* cannot use !defined(STDC) && !defined(const) on Mac */ ++# define const /* note: need a more gentle solution here */ ++# endif ++#endif ++ ++/* Some Mac compilers merge all .h files incorrectly: */ ++#if defined(__MWERKS__)||defined(applec)||defined(THINK_C)||defined(__SC__) ++# define NO_DUMMY_DECL ++#endif ++ ++/* Maximum value for memLevel in deflateInit2 */ ++#ifndef MAX_MEM_LEVEL ++# ifdef MAXSEG_64K ++# define MAX_MEM_LEVEL 8 ++# else ++# define MAX_MEM_LEVEL 9 ++# endif ++#endif ++ ++/* Maximum value for windowBits in deflateInit2 and inflateInit2. ++ * WARNING: reducing MAX_WBITS makes minigzip unable to extract .gz files ++ * created by gzip. (Files created by minigzip can still be extracted by ++ * gzip.) ++ */ ++#ifndef MAX_WBITS ++# define MAX_WBITS 15 /* 32K LZ77 window */ ++#endif ++ ++/* The memory requirements for deflate are (in bytes): ++ (1 << (windowBits+2)) + (1 << (memLevel+9)) ++ that is: 128K for windowBits=15 + 128K for memLevel = 8 (default values) ++ plus a few kilobytes for small objects. For example, if you want to reduce ++ the default memory requirements from 256K to 128K, compile with ++ make CFLAGS="-O -DMAX_WBITS=14 -DMAX_MEM_LEVEL=7" ++ Of course this will generally degrade compression (there's no free lunch). ++ ++ The memory requirements for inflate are (in bytes) 1 << windowBits ++ that is, 32K for windowBits=15 (default value) plus a few kilobytes ++ for small objects. ++*/ ++ ++ /* Type declarations */ ++ ++#ifndef OF /* function prototypes */ ++# ifdef STDC ++# define OF(args) args ++# else ++# define OF(args) () ++# endif ++#endif ++ ++/* The following definitions for FAR are needed only for MSDOS mixed ++ * model programming (small or medium model with some far allocations). ++ * This was tested only with MSC; for other MSDOS compilers you may have ++ * to define NO_MEMCPY in zutil.h. If you don't need the mixed model, ++ * just define FAR to be empty. ++ */ ++#ifdef SYS16BIT ++# if defined(M_I86SM) || defined(M_I86MM) ++ /* MSC small or medium model */ ++# define SMALL_MEDIUM ++# ifdef _MSC_VER ++# define FAR _far ++# else ++# define FAR far ++# endif ++# endif ++# if (defined(__SMALL__) || defined(__MEDIUM__)) ++ /* Turbo C small or medium model */ ++# define SMALL_MEDIUM ++# ifdef __BORLANDC__ ++# define FAR _far ++# else ++# define FAR far ++# endif ++# endif ++#endif ++ ++#if defined(WINDOWS) || defined(WIN32) ++ /* If building or using zlib as a DLL, define ZLIB_DLL. ++ * This is not mandatory, but it offers a little performance increase. ++ */ ++# ifdef ZLIB_DLL ++# if defined(WIN32) && (!defined(__BORLANDC__) || (__BORLANDC__ >= 0x500)) ++# ifdef ZLIB_INTERNAL ++# define ZEXTERN extern __declspec(dllexport) ++# else ++# define ZEXTERN extern __declspec(dllimport) ++# endif ++# endif ++# endif /* ZLIB_DLL */ ++ /* If building or using zlib with the WINAPI/WINAPIV calling convention, ++ * define ZLIB_WINAPI. ++ * Caution: the standard ZLIB1.DLL is NOT compiled using ZLIB_WINAPI. ++ */ ++# ifdef ZLIB_WINAPI ++# ifdef FAR ++# undef FAR ++# endif ++# include ++ /* No need for _export, use ZLIB.DEF instead. */ ++ /* For complete Windows compatibility, use WINAPI, not __stdcall. */ ++# define ZEXPORT WINAPI ++# ifdef WIN32 ++# define ZEXPORTVA WINAPIV ++# else ++# define ZEXPORTVA FAR CDECL ++# endif ++# endif ++#endif ++ ++#if defined (__BEOS__) ++# ifdef ZLIB_DLL ++# ifdef ZLIB_INTERNAL ++# define ZEXPORT __declspec(dllexport) ++# define ZEXPORTVA __declspec(dllexport) ++# else ++# define ZEXPORT __declspec(dllimport) ++# define ZEXPORTVA __declspec(dllimport) ++# endif ++# endif ++#endif ++ ++#ifndef ZEXTERN ++# define ZEXTERN extern ++#endif ++#ifndef ZEXPORT ++# define ZEXPORT ++#endif ++#ifndef ZEXPORTVA ++# define ZEXPORTVA ++#endif ++ ++#ifndef FAR ++# define FAR ++#endif ++ ++#if !defined(__MACTYPES__) ++typedef unsigned char Byte; /* 8 bits */ ++#endif ++typedef unsigned int uInt; /* 16 bits or more */ ++typedef unsigned long uLong; /* 32 bits or more */ ++ ++#ifdef SMALL_MEDIUM ++ /* Borland C/C++ and some old MSC versions ignore FAR inside typedef */ ++# define Bytef Byte FAR ++#else ++ typedef Byte FAR Bytef; ++#endif ++typedef char FAR charf; ++typedef int FAR intf; ++typedef uInt FAR uIntf; ++typedef uLong FAR uLongf; ++ ++#ifdef STDC ++ typedef void const *voidpc; ++ typedef void FAR *voidpf; ++ typedef void *voidp; ++#else ++ typedef Byte const *voidpc; ++ typedef Byte FAR *voidpf; ++ typedef Byte *voidp; ++#endif ++ ++#if 1 /* HAVE_UNISTD_H -- this line is updated by ./configure */ ++# include /* for off_t */ ++# include /* for SEEK_* and off_t */ ++# ifdef VMS ++# include /* for off_t */ ++# endif ++/* # define z_off_t off_t */ ++#endif ++#ifndef SEEK_SET ++# define SEEK_SET 0 /* Seek from beginning of file. */ ++# define SEEK_CUR 1 /* Seek from current position. */ ++# define SEEK_END 2 /* Set file pointer to EOF plus "offset" */ ++#endif ++#ifndef z_off_t ++# warning Defining z_off_t as 'long' rather than 'off_t' ++# define z_off_t long ++#endif ++ ++#if defined(__OS400__) ++#define NO_vsnprintf ++#endif ++ ++#if defined(__MVS__) ++# define NO_vsnprintf ++# ifdef FAR ++# undef FAR ++# endif ++#endif ++ ++/* MVS linker does not support external names larger than 8 bytes */ ++#if defined(__MVS__) ++# pragma map(deflateInit_,"DEIN") ++# pragma map(deflateInit2_,"DEIN2") ++# pragma map(deflateEnd,"DEEND") ++# pragma map(deflateBound,"DEBND") ++# pragma map(inflateInit_,"ININ") ++# pragma map(inflateInit2_,"ININ2") ++# pragma map(inflateEnd,"INEND") ++# pragma map(inflateSync,"INSY") ++# pragma map(inflateSetDictionary,"INSEDI") ++# pragma map(compressBound,"CMBND") ++# pragma map(inflate_table,"INTABL") ++# pragma map(inflate_fast,"INFA") ++# pragma map(inflate_copyright,"INCOPY") ++#endif ++ ++#endif /* ZCONF_H */ +--- /dev/null ++++ b/ext/zlib/zlib.h +@@ -0,0 +1,1200 @@ ++/* zlib.h -- interface of the 'zlib' general purpose compression library ++ version 1.2.1.1, January 9th, 2004 ++ ++ Copyright (C) 1995-2004 Jean-loup Gailly and Mark Adler ++ ++ This software is provided 'as-is', without any express or implied ++ warranty. In no event will the authors be held liable for any damages ++ arising from the use of this software. ++ ++ Permission is granted to anyone to use this software for any purpose, ++ including commercial applications, and to alter it and redistribute it ++ freely, subject to the following restrictions: ++ ++ 1. The origin of this software must not be misrepresented; you must not ++ claim that you wrote the original software. If you use this software ++ in a product, an acknowledgment in the product documentation would be ++ appreciated but is not required. ++ 2. Altered source versions must be plainly marked as such, and must not be ++ misrepresented as being the original software. ++ 3. This notice may not be removed or altered from any source distribution. ++ ++ Jean-loup Gailly Mark Adler ++ jloup@gzip.org madler@alumni.caltech.edu ++ ++ ++ The data format used by the zlib library is described by RFCs (Request for ++ Comments) 1950 to 1952 in the files http://www.ietf.org/rfc/rfc1950.txt ++ (zlib format), rfc1951.txt (deflate format) and rfc1952.txt (gzip format). ++*/ ++ ++#ifndef ZLIB_H ++#define ZLIB_H ++ ++#include "zconf.h" ++ ++#ifdef __cplusplus ++extern "C" { ++#endif ++ ++#define ZLIB_VERSION "1.2.1.1" ++#define ZLIB_VERNUM 0x1211 ++ ++/* ++ The 'zlib' compression library provides in-memory compression and ++ decompression functions, including integrity checks of the uncompressed ++ data. This version of the library supports only one compression method ++ (deflation) but other algorithms will be added later and will have the same ++ stream interface. ++ ++ Compression can be done in a single step if the buffers are large ++ enough (for example if an input file is mmap'ed), or can be done by ++ repeated calls of the compression function. In the latter case, the ++ application must provide more input and/or consume the output ++ (providing more output space) before each call. ++ ++ The compressed data format used by the in-memory functions is the zlib ++ format, which is a zlib wrapper documented in RFC 1950, wrapped around a ++ deflate stream, which is itself documented in RFC 1951. ++ ++ The library also supports reading and writing files in gzip (.gz) format ++ with an interface similar to that of stdio using the functions that start ++ with "gz". The gzip format is different from the zlib format. gzip is a ++ gzip wrapper, documented in RFC 1952, wrapped around a deflate stream. ++ ++ The zlib format was designed to be compact and fast for use in memory ++ and on communications channels. The gzip format was designed for single- ++ file compression on file systems, has a larger header than zlib to maintain ++ directory information, and uses a different, slower check method than zlib. ++ ++ This library does not provide any functions to write gzip files in memory. ++ However such functions could be easily written using zlib's deflate function, ++ the documentation in the gzip RFC, and the examples in gzio.c. ++ ++ The library does not install any signal handler. The decoder checks ++ the consistency of the compressed data, so the library should never ++ crash even in case of corrupted input. ++*/ ++ ++typedef voidpf (*alloc_func) OF((voidpf opaque, uInt items, uInt size)); ++typedef void (*free_func) OF((voidpf opaque, voidpf address)); ++ ++struct internal_state; ++ ++typedef struct z_stream_s { ++ Bytef *next_in; /* next input byte */ ++ uInt avail_in; /* number of bytes available at next_in */ ++ uLong total_in; /* total nb of input bytes read so far */ ++ ++ Bytef *next_out; /* next output byte should be put there */ ++ uInt avail_out; /* remaining free space at next_out */ ++ uLong total_out; /* total nb of bytes output so far */ ++ ++ char *msg; /* last error message, NULL if no error */ ++ struct internal_state FAR *state; /* not visible by applications */ ++ ++ alloc_func zalloc; /* used to allocate the internal state */ ++ free_func zfree; /* used to free the internal state */ ++ voidpf opaque; /* private data object passed to zalloc and zfree */ ++ ++ int data_type; /* best guess about the data type: ascii or binary */ ++ uLong adler; /* adler32 value of the uncompressed data */ ++ uLong reserved; /* reserved for future use */ ++} z_stream; ++ ++typedef z_stream FAR *z_streamp; ++ ++/* ++ The application must update next_in and avail_in when avail_in has ++ dropped to zero. It must update next_out and avail_out when avail_out ++ has dropped to zero. The application must initialize zalloc, zfree and ++ opaque before calling the init function. All other fields are set by the ++ compression library and must not be updated by the application. ++ ++ The opaque value provided by the application will be passed as the first ++ parameter for calls of zalloc and zfree. This can be useful for custom ++ memory management. The compression library attaches no meaning to the ++ opaque value. ++ ++ zalloc must return Z_NULL if there is not enough memory for the object. ++ If zlib is used in a multi-threaded application, zalloc and zfree must be ++ thread safe. ++ ++ On 16-bit systems, the functions zalloc and zfree must be able to allocate ++ exactly 65536 bytes, but will not be required to allocate more than this ++ if the symbol MAXSEG_64K is defined (see zconf.h). WARNING: On MSDOS, ++ pointers returned by zalloc for objects of exactly 65536 bytes *must* ++ have their offset normalized to zero. The default allocation function ++ provided by this library ensures this (see zutil.c). To reduce memory ++ requirements and avoid any allocation of 64K objects, at the expense of ++ compression ratio, compile the library with -DMAX_WBITS=14 (see zconf.h). ++ ++ The fields total_in and total_out can be used for statistics or ++ progress reports. After compression, total_in holds the total size of ++ the uncompressed data and may be saved for use in the decompressor ++ (particularly if the decompressor wants to decompress everything in ++ a single step). ++*/ ++ ++ /* constants */ ++ ++#define Z_NO_FLUSH 0 ++#define Z_PARTIAL_FLUSH 1 /* will be removed, use Z_SYNC_FLUSH instead */ ++#define Z_SYNC_FLUSH 2 ++#define Z_FULL_FLUSH 3 ++#define Z_FINISH 4 ++#define Z_BLOCK 5 ++/* Allowed flush values; see deflate() and inflate() below for details */ ++ ++#define Z_OK 0 ++#define Z_STREAM_END 1 ++#define Z_NEED_DICT 2 ++#define Z_ERRNO (-1) ++#define Z_STREAM_ERROR (-2) ++#define Z_DATA_ERROR (-3) ++#define Z_MEM_ERROR (-4) ++#define Z_BUF_ERROR (-5) ++#define Z_VERSION_ERROR (-6) ++/* Return codes for the compression/decompression functions. Negative ++ * values are errors, positive values are used for special but normal events. ++ */ ++ ++#define Z_NO_COMPRESSION 0 ++#define Z_BEST_SPEED 1 ++#define Z_BEST_COMPRESSION 9 ++#define Z_DEFAULT_COMPRESSION (-1) ++/* compression levels */ ++ ++#define Z_FILTERED 1 ++#define Z_HUFFMAN_ONLY 2 ++#define Z_RLE 3 ++#define Z_DEFAULT_STRATEGY 0 ++/* compression strategy; see deflateInit2() below for details */ ++ ++#define Z_BINARY 0 ++#define Z_ASCII 1 ++#define Z_UNKNOWN 2 ++/* Possible values of the data_type field (though see inflate()) */ ++ ++#define Z_DEFLATED 8 ++/* The deflate compression method (the only one supported in this version) */ ++ ++#define Z_NULL 0 /* for initializing zalloc, zfree, opaque */ ++ ++#define zlib_version zlibVersion() ++/* for compatibility with versions < 1.0.2 */ ++ ++ /* basic functions */ ++ ++ZEXTERN const char * ZEXPORT zlibVersion OF((void)); ++/* The application can compare zlibVersion and ZLIB_VERSION for consistency. ++ If the first character differs, the library code actually used is ++ not compatible with the zlib.h header file used by the application. ++ This check is automatically made by deflateInit and inflateInit. ++ */ ++ ++/* ++ZEXTERN int ZEXPORT deflateInit OF((z_streamp strm, int level)); ++ ++ Initializes the internal stream state for compression. The fields ++ zalloc, zfree and opaque must be initialized before by the caller. ++ If zalloc and zfree are set to Z_NULL, deflateInit updates them to ++ use default allocation functions. ++ ++ The compression level must be Z_DEFAULT_COMPRESSION, or between 0 and 9: ++ 1 gives best speed, 9 gives best compression, 0 gives no compression at ++ all (the input data is simply copied a block at a time). ++ Z_DEFAULT_COMPRESSION requests a default compromise between speed and ++ compression (currently equivalent to level 6). ++ ++ deflateInit returns Z_OK if success, Z_MEM_ERROR if there was not ++ enough memory, Z_STREAM_ERROR if level is not a valid compression level, ++ Z_VERSION_ERROR if the zlib library version (zlib_version) is incompatible ++ with the version assumed by the caller (ZLIB_VERSION). ++ msg is set to null if there is no error message. deflateInit does not ++ perform any compression: this will be done by deflate(). ++*/ ++ ++ ++ZEXTERN int ZEXPORT deflate OF((z_streamp strm, int flush)); ++/* ++ deflate compresses as much data as possible, and stops when the input ++ buffer becomes empty or the output buffer becomes full. It may introduce some ++ output latency (reading input without producing any output) except when ++ forced to flush. ++ ++ The detailed semantics are as follows. deflate performs one or both of the ++ following actions: ++ ++ - Compress more input starting at next_in and update next_in and avail_in ++ accordingly. If not all input can be processed (because there is not ++ enough room in the output buffer), next_in and avail_in are updated and ++ processing will resume at this point for the next call of deflate(). ++ ++ - Provide more output starting at next_out and update next_out and avail_out ++ accordingly. This action is forced if the parameter flush is non zero. ++ Forcing flush frequently degrades the compression ratio, so this parameter ++ should be set only when necessary (in interactive applications). ++ Some output may be provided even if flush is not set. ++ ++ Before the call of deflate(), the application should ensure that at least ++ one of the actions is possible, by providing more input and/or consuming ++ more output, and updating avail_in or avail_out accordingly; avail_out ++ should never be zero before the call. The application can consume the ++ compressed output when it wants, for example when the output buffer is full ++ (avail_out == 0), or after each call of deflate(). If deflate returns Z_OK ++ and with zero avail_out, it must be called again after making room in the ++ output buffer because there might be more output pending. ++ ++ If the parameter flush is set to Z_SYNC_FLUSH, all pending output is ++ flushed to the output buffer and the output is aligned on a byte boundary, so ++ that the decompressor can get all input data available so far. (In particular ++ avail_in is zero after the call if enough output space has been provided ++ before the call.) Flushing may degrade compression for some compression ++ algorithms and so it should be used only when necessary. ++ ++ If flush is set to Z_FULL_FLUSH, all output is flushed as with ++ Z_SYNC_FLUSH, and the compression state is reset so that decompression can ++ restart from this point if previous compressed data has been damaged or if ++ random access is desired. Using Z_FULL_FLUSH too often can seriously degrade ++ the compression. ++ ++ If deflate returns with avail_out == 0, this function must be called again ++ with the same value of the flush parameter and more output space (updated ++ avail_out), until the flush is complete (deflate returns with non-zero ++ avail_out). In the case of a Z_FULL_FLUSH or Z_SYNC_FLUSH, make sure that ++ avail_out is greater than six to avoid repeated flush markers due to ++ avail_out == 0 on return. ++ ++ If the parameter flush is set to Z_FINISH, pending input is processed, ++ pending output is flushed and deflate returns with Z_STREAM_END if there ++ was enough output space; if deflate returns with Z_OK, this function must be ++ called again with Z_FINISH and more output space (updated avail_out) but no ++ more input data, until it returns with Z_STREAM_END or an error. After ++ deflate has returned Z_STREAM_END, the only possible operations on the ++ stream are deflateReset or deflateEnd. ++ ++ Z_FINISH can be used immediately after deflateInit if all the compression ++ is to be done in a single step. In this case, avail_out must be at least ++ the value returned by deflateBound (see below). If deflate does not return ++ Z_STREAM_END, then it must be called again as described above. ++ ++ deflate() sets strm->adler to the adler32 checksum of all input read ++ so far (that is, total_in bytes). ++ ++ deflate() may update data_type if it can make a good guess about ++ the input data type (Z_ASCII or Z_BINARY). In doubt, the data is considered ++ binary. This field is only for information purposes and does not affect ++ the compression algorithm in any manner. ++ ++ deflate() returns Z_OK if some progress has been made (more input ++ processed or more output produced), Z_STREAM_END if all input has been ++ consumed and all output has been produced (only when flush is set to ++ Z_FINISH), Z_STREAM_ERROR if the stream state was inconsistent (for example ++ if next_in or next_out was NULL), Z_BUF_ERROR if no progress is possible ++ (for example avail_in or avail_out was zero). Note that Z_BUF_ERROR is not ++ fatal, and deflate() can be called again with more input and more output ++ space to continue compressing. ++*/ ++ ++ ++ZEXTERN int ZEXPORT deflateEnd OF((z_streamp strm)); ++/* ++ All dynamically allocated data structures for this stream are freed. ++ This function discards any unprocessed input and does not flush any ++ pending output. ++ ++ deflateEnd returns Z_OK if success, Z_STREAM_ERROR if the ++ stream state was inconsistent, Z_DATA_ERROR if the stream was freed ++ prematurely (some input or output was discarded). In the error case, ++ msg may be set but then points to a static string (which must not be ++ deallocated). ++*/ ++ ++ ++/* ++ZEXTERN int ZEXPORT inflateInit OF((z_streamp strm)); ++ ++ Initializes the internal stream state for decompression. The fields ++ next_in, avail_in, zalloc, zfree and opaque must be initialized before by ++ the caller. If next_in is not Z_NULL and avail_in is large enough (the exact ++ value depends on the compression method), inflateInit determines the ++ compression method from the zlib header and allocates all data structures ++ accordingly; otherwise the allocation will be deferred to the first call of ++ inflate. If zalloc and zfree are set to Z_NULL, inflateInit updates them to ++ use default allocation functions. ++ ++ inflateInit returns Z_OK if success, Z_MEM_ERROR if there was not enough ++ memory, Z_VERSION_ERROR if the zlib library version is incompatible with the ++ version assumed by the caller. msg is set to null if there is no error ++ message. inflateInit does not perform any decompression apart from reading ++ the zlib header if present: this will be done by inflate(). (So next_in and ++ avail_in may be modified, but next_out and avail_out are unchanged.) ++*/ ++ ++ ++ZEXTERN int ZEXPORT inflate OF((z_streamp strm, int flush)); ++/* ++ inflate decompresses as much data as possible, and stops when the input ++ buffer becomes empty or the output buffer becomes full. It may introduce ++ some output latency (reading input without producing any output) except when ++ forced to flush. ++ ++ The detailed semantics are as follows. inflate performs one or both of the ++ following actions: ++ ++ - Decompress more input starting at next_in and update next_in and avail_in ++ accordingly. If not all input can be processed (because there is not ++ enough room in the output buffer), next_in is updated and processing ++ will resume at this point for the next call of inflate(). ++ ++ - Provide more output starting at next_out and update next_out and avail_out ++ accordingly. inflate() provides as much output as possible, until there ++ is no more input data or no more space in the output buffer (see below ++ about the flush parameter). ++ ++ Before the call of inflate(), the application should ensure that at least ++ one of the actions is possible, by providing more input and/or consuming ++ more output, and updating the next_* and avail_* values accordingly. ++ The application can consume the uncompressed output when it wants, for ++ example when the output buffer is full (avail_out == 0), or after each ++ call of inflate(). If inflate returns Z_OK and with zero avail_out, it ++ must be called again after making room in the output buffer because there ++ might be more output pending. ++ ++ The flush parameter of inflate() can be Z_NO_FLUSH, Z_SYNC_FLUSH, ++ Z_FINISH, or Z_BLOCK. Z_SYNC_FLUSH requests that inflate() flush as much ++ output as possible to the output buffer. Z_BLOCK requests that inflate() stop ++ if and when it get to the next deflate block boundary. When decoding the zlib ++ or gzip format, this will cause inflate() to return immediately after the ++ header and before the first block. When doing a raw inflate, inflate() will ++ go ahead and process the first block, and will return when it gets to the end ++ of that block, or when it runs out of data. ++ ++ The Z_BLOCK option assists in appending to or combining deflate streams. ++ Also to assist in this, on return inflate() will set strm->data_type to the ++ number of unused bits in the last byte taken from strm->next_in, plus 64 ++ if inflate() is currently decoding the last block in the deflate stream, ++ plus 128 if inflate() returned immediately after decoding an end-of-block ++ code or decoding the complete header up to just before the first byte of the ++ deflate stream. The end-of-block will not be indicated until all of the ++ uncompressed data from that block has been written to strm->next_out. The ++ number of unused bits may in general be greater than seven, except when ++ bit 7 of data_type is set, in which case the number of unused bits will be ++ less than eight. ++ ++ inflate() should normally be called until it returns Z_STREAM_END or an ++ error. However if all decompression is to be performed in a single step ++ (a single call of inflate), the parameter flush should be set to ++ Z_FINISH. In this case all pending input is processed and all pending ++ output is flushed; avail_out must be large enough to hold all the ++ uncompressed data. (The size of the uncompressed data may have been saved ++ by the compressor for this purpose.) The next operation on this stream must ++ be inflateEnd to deallocate the decompression state. The use of Z_FINISH ++ is never required, but can be used to inform inflate that a faster approach ++ may be used for the single inflate() call. ++ ++ In this implementation, inflate() always flushes as much output as ++ possible to the output buffer, and always uses the faster approach on the ++ first call. So the only effect of the flush parameter in this implementation ++ is on the return value of inflate(), as noted below, or when it returns early ++ because Z_BLOCK is used. ++ ++ If a preset dictionary is needed after this call (see inflateSetDictionary ++ below), inflate sets strm-adler to the adler32 checksum of the dictionary ++ chosen by the compressor and returns Z_NEED_DICT; otherwise it sets ++ strm->adler to the adler32 checksum of all output produced so far (that is, ++ total_out bytes) and returns Z_OK, Z_STREAM_END or an error code as described ++ below. At the end of the stream, inflate() checks that its computed adler32 ++ checksum is equal to that saved by the compressor and returns Z_STREAM_END ++ only if the checksum is correct. ++ ++ inflate() will decompress and check either zlib-wrapped or gzip-wrapped ++ deflate data. The header type is detected automatically. Any information ++ contained in the gzip header is not retained, so applications that need that ++ information should instead use raw inflate, see inflateInit2() below, or ++ inflateBack() and perform their own processing of the gzip header and ++ trailer. ++ ++ inflate() returns Z_OK if some progress has been made (more input processed ++ or more output produced), Z_STREAM_END if the end of the compressed data has ++ been reached and all uncompressed output has been produced, Z_NEED_DICT if a ++ preset dictionary is needed at this point, Z_DATA_ERROR if the input data was ++ corrupted (input stream not conforming to the zlib format or incorrect check ++ value), Z_STREAM_ERROR if the stream structure was inconsistent (for example ++ if next_in or next_out was NULL), Z_MEM_ERROR if there was not enough memory, ++ Z_BUF_ERROR if no progress is possible or if there was not enough room in the ++ output buffer when Z_FINISH is used. Note that Z_BUF_ERROR is not fatal, and ++ inflate() can be called again with more input and more output space to ++ continue decompressing. If Z_DATA_ERROR is returned, the application may then ++ call inflateSync() to look for a good compression block if a partial recovery ++ of the data is desired. ++*/ ++ ++ ++ZEXTERN int ZEXPORT inflateEnd OF((z_streamp strm)); ++/* ++ All dynamically allocated data structures for this stream are freed. ++ This function discards any unprocessed input and does not flush any ++ pending output. ++ ++ inflateEnd returns Z_OK if success, Z_STREAM_ERROR if the stream state ++ was inconsistent. In the error case, msg may be set but then points to a ++ static string (which must not be deallocated). ++*/ ++ ++ /* Advanced functions */ ++ ++/* ++ The following functions are needed only in some special applications. ++*/ ++ ++/* ++ZEXTERN int ZEXPORT deflateInit2 OF((z_streamp strm, ++ int level, ++ int method, ++ int windowBits, ++ int memLevel, ++ int strategy)); ++ ++ This is another version of deflateInit with more compression options. The ++ fields next_in, zalloc, zfree and opaque must be initialized before by ++ the caller. ++ ++ The method parameter is the compression method. It must be Z_DEFLATED in ++ this version of the library. ++ ++ The windowBits parameter is the base two logarithm of the window size ++ (the size of the history buffer). It should be in the range 8..15 for this ++ version of the library. Larger values of this parameter result in better ++ compression at the expense of memory usage. The default value is 15 if ++ deflateInit is used instead. ++ ++ windowBits can also be -8..-15 for raw deflate. In this case, -windowBits ++ determines the window size. deflate() will then generate raw deflate data ++ with no zlib header or trailer, and will not compute an adler32 check value. ++ ++ windowBits can also be greater than 15 for optional gzip encoding. Add ++ 16 to windowBits to write a simple gzip header and trailer around the ++ compressed data instead of a zlib wrapper. The gzip header will have no ++ file name, no extra data, no comment, no modification time (set to zero), ++ no header crc, and the operating system will be set to 255 (unknown). ++ ++ The memLevel parameter specifies how much memory should be allocated ++ for the internal compression state. memLevel=1 uses minimum memory but ++ is slow and reduces compression ratio; memLevel=9 uses maximum memory ++ for optimal speed. The default value is 8. See zconf.h for total memory ++ usage as a function of windowBits and memLevel. ++ ++ The strategy parameter is used to tune the compression algorithm. Use the ++ value Z_DEFAULT_STRATEGY for normal data, Z_FILTERED for data produced by a ++ filter (or predictor), Z_HUFFMAN_ONLY to force Huffman encoding only (no ++ string match), or Z_RLE to limit match distances to one (run-length ++ encoding). Filtered data consists mostly of small values with a somewhat ++ random distribution. In this case, the compression algorithm is tuned to ++ compress them better. The effect of Z_FILTERED is to force more Huffman ++ coding and less string matching; it is somewhat intermediate between ++ Z_DEFAULT and Z_HUFFMAN_ONLY. Z_RLE is designed to be almost as fast as ++ Z_HUFFMAN_ONLY, but give better compression for PNG image data. The strategy ++ parameter only affects the compression ratio but not the correctness of the ++ compressed output even if it is not set appropriately. ++ ++ deflateInit2 returns Z_OK if success, Z_MEM_ERROR if there was not enough ++ memory, Z_STREAM_ERROR if a parameter is invalid (such as an invalid ++ method). msg is set to null if there is no error message. deflateInit2 does ++ not perform any compression: this will be done by deflate(). ++*/ ++ ++ZEXTERN int ZEXPORT deflateSetDictionary OF((z_streamp strm, ++ const Bytef *dictionary, ++ uInt dictLength)); ++/* ++ Initializes the compression dictionary from the given byte sequence ++ without producing any compressed output. This function must be called ++ immediately after deflateInit, deflateInit2 or deflateReset, before any ++ call of deflate. The compressor and decompressor must use exactly the same ++ dictionary (see inflateSetDictionary). ++ ++ The dictionary should consist of strings (byte sequences) that are likely ++ to be encountered later in the data to be compressed, with the most commonly ++ used strings preferably put towards the end of the dictionary. Using a ++ dictionary is most useful when the data to be compressed is short and can be ++ predicted with good accuracy; the data can then be compressed better than ++ with the default empty dictionary. ++ ++ Depending on the size of the compression data structures selected by ++ deflateInit or deflateInit2, a part of the dictionary may in effect be ++ discarded, for example if the dictionary is larger than the window size in ++ deflate or deflate2. Thus the strings most likely to be useful should be ++ put at the end of the dictionary, not at the front. ++ ++ Upon return of this function, strm->adler is set to the adler32 value ++ of the dictionary; the decompressor may later use this value to determine ++ which dictionary has been used by the compressor. (The adler32 value ++ applies to the whole dictionary even if only a subset of the dictionary is ++ actually used by the compressor.) If a raw deflate was requested, then the ++ adler32 value is not computed and strm->adler is not set. ++ ++ deflateSetDictionary returns Z_OK if success, or Z_STREAM_ERROR if a ++ parameter is invalid (such as NULL dictionary) or the stream state is ++ inconsistent (for example if deflate has already been called for this stream ++ or if the compression method is bsort). deflateSetDictionary does not ++ perform any compression: this will be done by deflate(). ++*/ ++ ++ZEXTERN int ZEXPORT deflateCopy OF((z_streamp dest, ++ z_streamp source)); ++/* ++ Sets the destination stream as a complete copy of the source stream. ++ ++ This function can be useful when several compression strategies will be ++ tried, for example when there are several ways of pre-processing the input ++ data with a filter. The streams that will be discarded should then be freed ++ by calling deflateEnd. Note that deflateCopy duplicates the internal ++ compression state which can be quite large, so this strategy is slow and ++ can consume lots of memory. ++ ++ deflateCopy returns Z_OK if success, Z_MEM_ERROR if there was not ++ enough memory, Z_STREAM_ERROR if the source stream state was inconsistent ++ (such as zalloc being NULL). msg is left unchanged in both source and ++ destination. ++*/ ++ ++ZEXTERN int ZEXPORT deflateReset OF((z_streamp strm)); ++/* ++ This function is equivalent to deflateEnd followed by deflateInit, ++ but does not free and reallocate all the internal compression state. ++ The stream will keep the same compression level and any other attributes ++ that may have been set by deflateInit2. ++ ++ deflateReset returns Z_OK if success, or Z_STREAM_ERROR if the source ++ stream state was inconsistent (such as zalloc or state being NULL). ++*/ ++ ++ZEXTERN int ZEXPORT deflateParams OF((z_streamp strm, ++ int level, ++ int strategy)); ++/* ++ Dynamically update the compression level and compression strategy. The ++ interpretation of level and strategy is as in deflateInit2. This can be ++ used to switch between compression and straight copy of the input data, or ++ to switch to a different kind of input data requiring a different ++ strategy. If the compression level is changed, the input available so far ++ is compressed with the old level (and may be flushed); the new level will ++ take effect only at the next call of deflate(). ++ ++ Before the call of deflateParams, the stream state must be set as for ++ a call of deflate(), since the currently available input may have to ++ be compressed and flushed. In particular, strm->avail_out must be non-zero. ++ ++ deflateParams returns Z_OK if success, Z_STREAM_ERROR if the source ++ stream state was inconsistent or if a parameter was invalid, Z_BUF_ERROR ++ if strm->avail_out was zero. ++*/ ++ ++ZEXTERN uLong ZEXPORT deflateBound OF((z_streamp strm, ++ uLong sourceLen)); ++/* ++ deflateBound() returns an upper bound on the compressed size after ++ deflation of sourceLen bytes. It must be called after deflateInit() ++ or deflateInit2(). This would be used to allocate an output buffer ++ for deflation in a single pass, and so would be called before deflate(). ++*/ ++ ++ZEXTERN int ZEXPORT deflatePrime OF((z_streamp strm, ++ int bits, ++ int value)); ++/* ++ deflatePrime() inserts bits in the deflate output stream. The intent ++ is that this function is used to start off the deflate output with the ++ bits leftover from a previous deflate stream when appending to it. As such, ++ this function can only be used for raw deflate, and must be used before the ++ first deflate() call after a deflateInit2() or deflateReset(). bits must be ++ less than or equal to 16, and that many of the least significant bits of ++ value will be inserted in the output. ++ ++ deflatePrime returns Z_OK if success, or Z_STREAM_ERROR if the source ++ stream state was inconsistent. ++*/ ++ ++/* ++ZEXTERN int ZEXPORT inflateInit2 OF((z_streamp strm, ++ int windowBits)); ++ ++ This is another version of inflateInit with an extra parameter. The ++ fields next_in, avail_in, zalloc, zfree and opaque must be initialized ++ before by the caller. ++ ++ The windowBits parameter is the base two logarithm of the maximum window ++ size (the size of the history buffer). It should be in the range 8..15 for ++ this version of the library. The default value is 15 if inflateInit is used ++ instead. windowBits must be greater than or equal to the windowBits value ++ provided to deflateInit2() while compressing, or it must be equal to 15 if ++ deflateInit2() was not used. If a compressed stream with a larger window ++ size is given as input, inflate() will return with the error code ++ Z_DATA_ERROR instead of trying to allocate a larger window. ++ ++ windowBits can also be -8..-15 for raw inflate. In this case, -windowBits ++ determines the window size. inflate() will then process raw deflate data, ++ not looking for a zlib or gzip header, not generating a check value, and not ++ looking for any check values for comparison at the end of the stream. This ++ is for use with other formats that use the deflate compressed data format ++ such as zip. Those formats provide their own check values. If a custom ++ format is developed using the raw deflate format for compressed data, it is ++ recommended that a check value such as an adler32 or a crc32 be applied to ++ the uncompressed data as is done in the zlib, gzip, and zip formats. For ++ most applications, the zlib format should be used as is. Note that comments ++ above on the use in deflateInit2() applies to the magnitude of windowBits. ++ ++ windowBits can also be greater than 15 for optional gzip decoding. Add ++ 32 to windowBits to enable zlib and gzip decoding with automatic header ++ detection, or add 16 to decode only the gzip format (the zlib format will ++ return a Z_DATA_ERROR). ++ ++ inflateInit2 returns Z_OK if success, Z_MEM_ERROR if there was not enough ++ memory, Z_STREAM_ERROR if a parameter is invalid (such as a negative ++ memLevel). msg is set to null if there is no error message. inflateInit2 ++ does not perform any decompression apart from reading the zlib header if ++ present: this will be done by inflate(). (So next_in and avail_in may be ++ modified, but next_out and avail_out are unchanged.) ++*/ ++ ++ZEXTERN int ZEXPORT inflateSetDictionary OF((z_streamp strm, ++ const Bytef *dictionary, ++ uInt dictLength)); ++/* ++ Initializes the decompression dictionary from the given uncompressed byte ++ sequence. This function must be called immediately after a call of inflate ++ if this call returned Z_NEED_DICT. The dictionary chosen by the compressor ++ can be determined from the adler32 value returned by this call of ++ inflate. The compressor and decompressor must use exactly the same ++ dictionary (see deflateSetDictionary). ++ ++ inflateSetDictionary returns Z_OK if success, Z_STREAM_ERROR if a ++ parameter is invalid (such as NULL dictionary) or the stream state is ++ inconsistent, Z_DATA_ERROR if the given dictionary doesn't match the ++ expected one (incorrect adler32 value). inflateSetDictionary does not ++ perform any decompression: this will be done by subsequent calls of ++ inflate(). ++*/ ++ ++ZEXTERN int ZEXPORT inflateSync OF((z_streamp strm)); ++/* ++ Skips invalid compressed data until a full flush point (see above the ++ description of deflate with Z_FULL_FLUSH) can be found, or until all ++ available input is skipped. No output is provided. ++ ++ inflateSync returns Z_OK if a full flush point has been found, Z_BUF_ERROR ++ if no more input was provided, Z_DATA_ERROR if no flush point has been found, ++ or Z_STREAM_ERROR if the stream structure was inconsistent. In the success ++ case, the application may save the current current value of total_in which ++ indicates where valid compressed data was found. In the error case, the ++ application may repeatedly call inflateSync, providing more input each time, ++ until success or end of the input data. ++*/ ++ ++ZEXTERN int ZEXPORT inflateCopy OF((z_streamp dest, ++ z_streamp source)); ++/* ++ Sets the destination stream as a complete copy of the source stream. ++ ++ This function can be useful when randomly accessing a large stream. The ++ first pass through the stream can periodically record the inflate state, ++ allowing restarting inflate at those points when randomly accessing the ++ stream. ++ ++ inflateCopy returns Z_OK if success, Z_MEM_ERROR if there was not ++ enough memory, Z_STREAM_ERROR if the source stream state was inconsistent ++ (such as zalloc being NULL). msg is left unchanged in both source and ++ destination. ++*/ ++ ++ZEXTERN int ZEXPORT inflateReset OF((z_streamp strm)); ++/* ++ This function is equivalent to inflateEnd followed by inflateInit, ++ but does not free and reallocate all the internal decompression state. ++ The stream will keep attributes that may have been set by inflateInit2. ++ ++ inflateReset returns Z_OK if success, or Z_STREAM_ERROR if the source ++ stream state was inconsistent (such as zalloc or state being NULL). ++*/ ++ ++/* ++ZEXTERN int ZEXPORT inflateBackInit OF((z_stream FAR *strm, int windowBits, ++ unsigned char FAR *window)); ++ ++ Initialize the internal stream state for decompression using inflateBack() ++ calls. The fields zalloc, zfree and opaque in strm must be initialized ++ before the call. If zalloc and zfree are Z_NULL, then the default library- ++ derived memory allocation routines are used. windowBits is the base two ++ logarithm of the window size, in the range 8..15. window is a caller ++ supplied buffer of that size. Except for special applications where it is ++ assured that deflate was used with small window sizes, windowBits must be 15 ++ and a 32K byte window must be supplied to be able to decompress general ++ deflate streams. ++ ++ See inflateBack() for the usage of these routines. ++ ++ inflateBackInit will return Z_OK on success, Z_STREAM_ERROR if any of ++ the paramaters are invalid, Z_MEM_ERROR if the internal state could not ++ be allocated, or Z_VERSION_ERROR if the version of the library does not ++ match the version of the header file. ++*/ ++ ++typedef unsigned (*in_func) OF((void FAR *, unsigned char FAR * FAR *)); ++typedef int (*out_func) OF((void FAR *, unsigned char FAR *, unsigned)); ++ ++ZEXTERN int ZEXPORT inflateBack OF((z_stream FAR *strm, ++ in_func in, void FAR *in_desc, ++ out_func out, void FAR *out_desc)); ++/* ++ inflateBack() does a raw inflate with a single call using a call-back ++ interface for input and output. This is more efficient than inflate() for ++ file i/o applications in that it avoids copying between the output and the ++ sliding window by simply making the window itself the output buffer. This ++ function trusts the application to not change the output buffer passed by ++ the output function, at least until inflateBack() returns. ++ ++ inflateBackInit() must be called first to allocate the internal state ++ and to initialize the state with the user-provided window buffer. ++ inflateBack() may then be used multiple times to inflate a complete, raw ++ deflate stream with each call. inflateBackEnd() is then called to free ++ the allocated state. ++ ++ A raw deflate stream is one with no zlib or gzip header or trailer. ++ This routine would normally be used in a utility that reads zip or gzip ++ files and writes out uncompressed files. The utility would decode the ++ header and process the trailer on its own, hence this routine expects ++ only the raw deflate stream to decompress. This is different from the ++ normal behavior of inflate(), which expects either a zlib or gzip header and ++ trailer around the deflate stream. ++ ++ inflateBack() uses two subroutines supplied by the caller that are then ++ called by inflateBack() for input and output. inflateBack() calls those ++ routines until it reads a complete deflate stream and writes out all of the ++ uncompressed data, or until it encounters an error. The function's ++ parameters and return types are defined above in the in_func and out_func ++ typedefs. inflateBack() will call in(in_desc, &buf) which should return the ++ number of bytes of provided input, and a pointer to that input in buf. If ++ there is no input available, in() must return zero--buf is ignored in that ++ case--and inflateBack() will return a buffer error. inflateBack() will call ++ out(out_desc, buf, len) to write the uncompressed data buf[0..len-1]. out() ++ should return zero on success, or non-zero on failure. If out() returns ++ non-zero, inflateBack() will return with an error. Neither in() nor out() ++ are permitted to change the contents of the window provided to ++ inflateBackInit(), which is also the buffer that out() uses to write from. ++ The length written by out() will be at most the window size. Any non-zero ++ amount of input may be provided by in(). ++ ++ For convenience, inflateBack() can be provided input on the first call by ++ setting strm->next_in and strm->avail_in. If that input is exhausted, then ++ in() will be called. Therefore strm->next_in must be initialized before ++ calling inflateBack(). If strm->next_in is Z_NULL, then in() will be called ++ immediately for input. If strm->next_in is not Z_NULL, then strm->avail_in ++ must also be initialized, and then if strm->avail_in is not zero, input will ++ initially be taken from strm->next_in[0 .. strm->avail_in - 1]. ++ ++ The in_desc and out_desc parameters of inflateBack() is passed as the ++ first parameter of in() and out() respectively when they are called. These ++ descriptors can be optionally used to pass any information that the caller- ++ supplied in() and out() functions need to do their job. ++ ++ On return, inflateBack() will set strm->next_in and strm->avail_in to ++ pass back any unused input that was provided by the last in() call. The ++ return values of inflateBack() can be Z_STREAM_END on success, Z_BUF_ERROR ++ if in() or out() returned an error, Z_DATA_ERROR if there was a format ++ error in the deflate stream (in which case strm->msg is set to indicate the ++ nature of the error), or Z_STREAM_ERROR if the stream was not properly ++ initialized. In the case of Z_BUF_ERROR, an input or output error can be ++ distinguished using strm->next_in which will be Z_NULL only if in() returned ++ an error. If strm->next is not Z_NULL, then the Z_BUF_ERROR was due to ++ out() returning non-zero. (in() will always be called before out(), so ++ strm->next_in is assured to be defined if out() returns non-zero.) Note ++ that inflateBack() cannot return Z_OK. ++*/ ++ ++ZEXTERN int ZEXPORT inflateBackEnd OF((z_stream FAR *strm)); ++/* ++ All memory allocated by inflateBackInit() is freed. ++ ++ inflateBackEnd() returns Z_OK on success, or Z_STREAM_ERROR if the stream ++ state was inconsistent. ++*/ ++ ++ZEXTERN uLong ZEXPORT zlibCompileFlags OF((void)); ++/* Return flags indicating compile-time options. ++ ++ Type sizes, two bits each, 00 = 16 bits, 01 = 32, 10 = 64, 11 = other: ++ 1.0: size of uInt ++ 3.2: size of uLong ++ 5.4: size of voidpf (pointer) ++ 7.6: size of z_off_t ++ ++ Compiler, assembler, and debug options: ++ 8: DEBUG ++ 9: ASMV or ASMINF -- use ASM code ++ 10: ZLIB_WINAPI -- exported functions use the WINAPI calling convention ++ 11: 0 (reserved) ++ ++ One-time table building (smaller code, but not thread-safe if true): ++ 12: BUILDFIXED -- build static block decoding tables when needed ++ 13: DYNAMIC_CRC_TABLE -- build CRC calculation tables when needed ++ 14,15: 0 (reserved) ++ ++ Library content (indicates missing functionality): ++ 16: NO_GZCOMPRESS -- gz* functions cannot compress (to avoid linking ++ deflate code when not needed) ++ 17: NO_GZIP -- deflate can't write gzip streams, and inflate can't detect ++ and decode gzip streams (to avoid linking crc code) ++ 18-19: 0 (reserved) ++ ++ Operation variations (changes in library functionality): ++ 20: PKZIP_BUG_WORKAROUND -- slightly more permissive inflate ++ 21: FASTEST -- deflate algorithm with only one, lowest compression level ++ 22,23: 0 (reserved) ++ ++ The sprintf variant used by gzprintf (zero is best): ++ 24: 0 = vs*, 1 = s* -- 1 means limited to 20 arguments after the format ++ 25: 0 = *nprintf, 1 = *printf -- 1 means gzprintf() not secure! ++ 26: 0 = returns value, 1 = void -- 1 means inferred string length returned ++ ++ Remainder: ++ 27-31: 0 (reserved) ++ */ ++ ++ ++ /* utility functions */ ++ ++/* ++ The following utility functions are implemented on top of the ++ basic stream-oriented functions. To simplify the interface, some ++ default options are assumed (compression level and memory usage, ++ standard memory allocation functions). The source code of these ++ utility functions can easily be modified if you need special options. ++*/ ++ ++ZEXTERN int ZEXPORT compress OF((Bytef *dest, uLongf *destLen, ++ const Bytef *source, uLong sourceLen)); ++/* ++ Compresses the source buffer into the destination buffer. sourceLen is ++ the byte length of the source buffer. Upon entry, destLen is the total ++ size of the destination buffer, which must be at least the value returned ++ by compressBound(sourceLen). Upon exit, destLen is the actual size of the ++ compressed buffer. ++ This function can be used to compress a whole file at once if the ++ input file is mmap'ed. ++ compress returns Z_OK if success, Z_MEM_ERROR if there was not ++ enough memory, Z_BUF_ERROR if there was not enough room in the output ++ buffer. ++*/ ++ ++ZEXTERN int ZEXPORT compress2 OF((Bytef *dest, uLongf *destLen, ++ const Bytef *source, uLong sourceLen, ++ int level)); ++/* ++ Compresses the source buffer into the destination buffer. The level ++ parameter has the same meaning as in deflateInit. sourceLen is the byte ++ length of the source buffer. Upon entry, destLen is the total size of the ++ destination buffer, which must be at least the value returned by ++ compressBound(sourceLen). Upon exit, destLen is the actual size of the ++ compressed buffer. ++ ++ compress2 returns Z_OK if success, Z_MEM_ERROR if there was not enough ++ memory, Z_BUF_ERROR if there was not enough room in the output buffer, ++ Z_STREAM_ERROR if the level parameter is invalid. ++*/ ++ ++ZEXTERN uLong ZEXPORT compressBound OF((uLong sourceLen)); ++/* ++ compressBound() returns an upper bound on the compressed size after ++ compress() or compress2() on sourceLen bytes. It would be used before ++ a compress() or compress2() call to allocate the destination buffer. ++*/ ++ ++ZEXTERN int ZEXPORT uncompress OF((Bytef *dest, uLongf *destLen, ++ const Bytef *source, uLong sourceLen)); ++/* ++ Decompresses the source buffer into the destination buffer. sourceLen is ++ the byte length of the source buffer. Upon entry, destLen is the total ++ size of the destination buffer, which must be large enough to hold the ++ entire uncompressed data. (The size of the uncompressed data must have ++ been saved previously by the compressor and transmitted to the decompressor ++ by some mechanism outside the scope of this compression library.) ++ Upon exit, destLen is the actual size of the compressed buffer. ++ This function can be used to decompress a whole file at once if the ++ input file is mmap'ed. ++ ++ uncompress returns Z_OK if success, Z_MEM_ERROR if there was not ++ enough memory, Z_BUF_ERROR if there was not enough room in the output ++ buffer, or Z_DATA_ERROR if the input data was corrupted or incomplete. ++*/ ++ ++ ++typedef voidp gzFile; ++ ++ZEXTERN gzFile ZEXPORT gzopen OF((const char *path, const char *mode)); ++/* ++ Opens a gzip (.gz) file for reading or writing. The mode parameter ++ is as in fopen ("rb" or "wb") but can also include a compression level ++ ("wb9") or a strategy: 'f' for filtered data as in "wb6f", 'h' for ++ Huffman only compression as in "wb1h", or 'R' for run-length encoding ++ as in "wb1R". (See the description of deflateInit2 for more information ++ about the strategy parameter.) ++ ++ gzopen can be used to read a file which is not in gzip format; in this ++ case gzread will directly read from the file without decompression. ++ ++ gzopen returns NULL if the file could not be opened or if there was ++ insufficient memory to allocate the (de)compression state; errno ++ can be checked to distinguish the two cases (if errno is zero, the ++ zlib error is Z_MEM_ERROR). */ ++ ++ZEXTERN gzFile ZEXPORT gzdopen OF((int fd, const char *mode)); ++/* ++ gzdopen() associates a gzFile with the file descriptor fd. File ++ descriptors are obtained from calls like open, dup, creat, pipe or ++ fileno (in the file has been previously opened with fopen). ++ The mode parameter is as in gzopen. ++ The next call of gzclose on the returned gzFile will also close the ++ file descriptor fd, just like fclose(fdopen(fd), mode) closes the file ++ descriptor fd. If you want to keep fd open, use gzdopen(dup(fd), mode). ++ gzdopen returns NULL if there was insufficient memory to allocate ++ the (de)compression state. ++*/ ++ ++ZEXTERN int ZEXPORT gzsetparams OF((gzFile file, int level, int strategy)); ++/* ++ Dynamically update the compression level or strategy. See the description ++ of deflateInit2 for the meaning of these parameters. ++ gzsetparams returns Z_OK if success, or Z_STREAM_ERROR if the file was not ++ opened for writing. ++*/ ++ ++ZEXTERN int ZEXPORT gzread OF((gzFile file, voidp buf, unsigned len)); ++/* ++ Reads the given number of uncompressed bytes from the compressed file. ++ If the input file was not in gzip format, gzread copies the given number ++ of bytes into the buffer. ++ gzread returns the number of uncompressed bytes actually read (0 for ++ end of file, -1 for error). */ ++ ++ZEXTERN int ZEXPORT gzwrite OF((gzFile file, ++ voidpc buf, unsigned len)); ++/* ++ Writes the given number of uncompressed bytes into the compressed file. ++ gzwrite returns the number of uncompressed bytes actually written ++ (0 in case of error). ++*/ ++ ++ZEXTERN int ZEXPORTVA gzprintf OF((gzFile file, const char *format, ...)); ++/* ++ Converts, formats, and writes the args to the compressed file under ++ control of the format string, as in fprintf. gzprintf returns the number of ++ uncompressed bytes actually written (0 in case of error). The number of ++ uncompressed bytes written is limited to 4095. The caller should assure that ++ this limit is not exceeded. If it is exceeded, then gzprintf() will return ++ return an error (0) with nothing written. In this case, there may also be a ++ buffer overflow with unpredictable consequences, which is possible only if ++ zlib was compiled with the insecure functions sprintf() or vsprintf() ++ because the secure snprintf() or vsnprintf() functions were not available. ++*/ ++ ++ZEXTERN int ZEXPORT gzputs OF((gzFile file, const char *s)); ++/* ++ Writes the given null-terminated string to the compressed file, excluding ++ the terminating null character. ++ gzputs returns the number of characters written, or -1 in case of error. ++*/ ++ ++ZEXTERN char * ZEXPORT gzgets OF((gzFile file, char *buf, int len)); ++/* ++ Reads bytes from the compressed file until len-1 characters are read, or ++ a newline character is read and transferred to buf, or an end-of-file ++ condition is encountered. The string is then terminated with a null ++ character. ++ gzgets returns buf, or Z_NULL in case of error. ++*/ ++ ++ZEXTERN int ZEXPORT gzputc OF((gzFile file, int c)); ++/* ++ Writes c, converted to an unsigned char, into the compressed file. ++ gzputc returns the value that was written, or -1 in case of error. ++*/ ++ ++ZEXTERN int ZEXPORT gzgetc OF((gzFile file)); ++/* ++ Reads one byte from the compressed file. gzgetc returns this byte ++ or -1 in case of end of file or error. ++*/ ++ ++ZEXTERN int ZEXPORT gzungetc OF((int c, gzFile file)); ++/* ++ Push one character back onto the stream to be read again later. ++ Only one character of push-back is allowed. gzungetc() returns the ++ character pushed, or -1 on failure. gzungetc() will fail if a ++ character has been pushed but not read yet, or if c is -1. The pushed ++ character will be discarded if the stream is repositioned with gzseek() ++ or gzrewind(). ++*/ ++ ++ZEXTERN int ZEXPORT gzflush OF((gzFile file, int flush)); ++/* ++ Flushes all pending output into the compressed file. The parameter ++ flush is as in the deflate() function. The return value is the zlib ++ error number (see function gzerror below). gzflush returns Z_OK if ++ the flush parameter is Z_FINISH and all output could be flushed. ++ gzflush should be called only when strictly necessary because it can ++ degrade compression. ++*/ ++ ++ZEXTERN z_off_t ZEXPORT gzseek OF((gzFile file, ++ z_off_t offset, int whence)); ++/* ++ Sets the starting position for the next gzread or gzwrite on the ++ given compressed file. The offset represents a number of bytes in the ++ uncompressed data stream. The whence parameter is defined as in lseek(2); ++ the value SEEK_END is not supported. ++ If the file is opened for reading, this function is emulated but can be ++ extremely slow. If the file is opened for writing, only forward seeks are ++ supported; gzseek then compresses a sequence of zeroes up to the new ++ starting position. ++ ++ gzseek returns the resulting offset location as measured in bytes from ++ the beginning of the uncompressed stream, or -1 in case of error, in ++ particular if the file is opened for writing and the new starting position ++ would be before the current position. ++*/ ++ ++ZEXTERN int ZEXPORT gzrewind OF((gzFile file)); ++/* ++ Rewinds the given file. This function is supported only for reading. ++ ++ gzrewind(file) is equivalent to (int)gzseek(file, 0L, SEEK_SET) ++*/ ++ ++ZEXTERN z_off_t ZEXPORT gztell OF((gzFile file)); ++/* ++ Returns the starting position for the next gzread or gzwrite on the ++ given compressed file. This position represents a number of bytes in the ++ uncompressed data stream. ++ ++ gztell(file) is equivalent to gzseek(file, 0L, SEEK_CUR) ++*/ ++ ++ZEXTERN int ZEXPORT gzeof OF((gzFile file)); ++/* ++ Returns 1 when EOF has previously been detected reading the given ++ input stream, otherwise zero. ++*/ ++ ++ZEXTERN int ZEXPORT gzclose OF((gzFile file)); ++/* ++ Flushes all pending output if necessary, closes the compressed file ++ and deallocates all the (de)compression state. The return value is the zlib ++ error number (see function gzerror below). ++*/ ++ ++ZEXTERN const char * ZEXPORT gzerror OF((gzFile file, int *errnum)); ++/* ++ Returns the error message for the last error which occurred on the ++ given compressed file. errnum is set to zlib error number. If an ++ error occurred in the file system and not in the compression library, ++ errnum is set to Z_ERRNO and the application may consult errno ++ to get the exact error code. ++*/ ++ ++ZEXTERN void ZEXPORT gzclearerr OF((gzFile file)); ++/* ++ Clears the error and end-of-file flags for file. This is analogous to the ++ clearerr() function in stdio. This is useful for continuing to read a gzip ++ file that is being written concurrently. ++*/ ++ ++ /* checksum functions */ ++ ++/* ++ These functions are not related to compression but are exported ++ anyway because they might be useful in applications using the ++ compression library. ++*/ ++ ++ZEXTERN uLong ZEXPORT adler32 OF((uLong adler, const Bytef *buf, uInt len)); ++ ++/* ++ Update a running Adler-32 checksum with the bytes buf[0..len-1] and ++ return the updated checksum. If buf is NULL, this function returns ++ the required initial value for the checksum. ++ An Adler-32 checksum is almost as reliable as a CRC32 but can be computed ++ much faster. Usage example: ++ ++ uLong adler = adler32(0L, Z_NULL, 0); ++ ++ while (read_buffer(buffer, length) != EOF) { ++ adler = adler32(adler, buffer, length); ++ } ++ if (adler != original_adler) error(); ++*/ ++ ++ZEXTERN uLong ZEXPORT crc32 OF((uLong crc, const Bytef *buf, uInt len)); ++/* ++ Update a running crc with the bytes buf[0..len-1] and return the updated ++ crc. If buf is NULL, this function returns the required initial value ++ for the crc. Pre- and post-conditioning (one's complement) is performed ++ within this function so it shouldn't be done by the application. ++ Usage example: ++ ++ uLong crc = crc32(0L, Z_NULL, 0); ++ ++ while (read_buffer(buffer, length) != EOF) { ++ crc = crc32(crc, buffer, length); ++ } ++ if (crc != original_crc) error(); ++*/ ++ ++ ++ /* various hacks, don't look :) */ ++ ++/* deflateInit and inflateInit are macros to allow checking the zlib version ++ * and the compiler's view of z_stream: ++ */ ++ZEXTERN int ZEXPORT deflateInit_ OF((z_streamp strm, int level, ++ const char *version, int stream_size)); ++ZEXTERN int ZEXPORT inflateInit_ OF((z_streamp strm, ++ const char *version, int stream_size)); ++ZEXTERN int ZEXPORT deflateInit2_ OF((z_streamp strm, int level, int method, ++ int windowBits, int memLevel, ++ int strategy, const char *version, ++ int stream_size)); ++ZEXTERN int ZEXPORT inflateInit2_ OF((z_streamp strm, int windowBits, ++ const char *version, int stream_size)); ++ZEXTERN int ZEXPORT inflateBackInit_ OF((z_stream FAR *strm, int windowBits, ++ unsigned char FAR *window, ++ const char *version, ++ int stream_size)); ++#define deflateInit(strm, level) \ ++ deflateInit_((strm), (level), ZLIB_VERSION, sizeof(z_stream)) ++#define inflateInit(strm) \ ++ inflateInit_((strm), ZLIB_VERSION, sizeof(z_stream)) ++#define deflateInit2(strm, level, method, windowBits, memLevel, strategy) \ ++ deflateInit2_((strm),(level),(method),(windowBits),(memLevel),\ ++ (strategy), ZLIB_VERSION, sizeof(z_stream)) ++#define inflateInit2(strm, windowBits) \ ++ inflateInit2_((strm), (windowBits), ZLIB_VERSION, sizeof(z_stream)) ++#define inflateBackInit(strm, windowBits, window) \ ++ inflateBackInit_((strm), (windowBits), (window), \ ++ ZLIB_VERSION, sizeof(z_stream)) ++ ++ ++#if !defined(ZUTIL_H) && !defined(NO_DUMMY_DECL) ++ struct internal_state {int dummy;}; /* hack for buggy compilers */ ++#endif ++ ++ZEXTERN const char * ZEXPORT zError OF((int err)); ++ZEXTERN int ZEXPORT inflateSyncPoint OF((z_streamp z)); ++ZEXTERN const uLongf * ZEXPORT get_crc_table OF((void)); ++ ++#ifdef __cplusplus ++} ++#endif ++ ++#endif /* ZLIB_H */ --- php5-5.3.10.orig/debian/patches/CVE-2016-5096.patch +++ php5-5.3.10/debian/patches/CVE-2016-5096.patch @@ -0,0 +1,45 @@ +From abd159cce48f3e34f08e4751c568e09677d5ec9c Mon Sep 17 00:00:00 2001 +From: Stanislav Malyshev +Date: Mon, 9 May 2016 21:55:29 -0700 +Subject: [PATCH] Fix bug #72114 - int/size_t confusion in fread + +--- + ext/standard/file.c | 6 ++++++ + ext/standard/tests/file/bug72114.phpt | 12 ++++++++++++ + 2 files changed, 18 insertions(+) + create mode 100644 ext/standard/tests/file/bug72114.phpt + +Index: php5-5.3.10/ext/standard/file.c +=================================================================== +--- php5-5.3.10.orig/ext/standard/file.c 2016-07-28 15:15:20.808145127 -0400 ++++ php5-5.3.10/ext/standard/file.c 2016-07-28 15:15:20.804145074 -0400 +@@ -1889,6 +1889,12 @@ + RETURN_FALSE; + } + ++ if (len > INT_MAX) { ++ /* string length is int in 5.x so we can not read more than int */ ++ php_error_docref(NULL TSRMLS_CC, E_WARNING, "Length parameter must be no more than %d", INT_MAX); ++ RETURN_FALSE; ++ } ++ + Z_STRVAL_P(return_value) = emalloc(len + 1); + Z_STRLEN_P(return_value) = php_stream_read(stream, Z_STRVAL_P(return_value), len); + +Index: php5-5.3.10/ext/standard/tests/file/bug72114.phpt +=================================================================== +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ php5-5.3.10/ext/standard/tests/file/bug72114.phpt 2016-07-28 15:15:20.804145074 -0400 +@@ -0,0 +1,12 @@ ++--TEST-- ++Bug #72114 (Integer underflow / arbitrary null write in fread/gzread) ++--FILE-- ++ ++Done ++--EXPECTF-- ++Warning: fread(): Length parameter must be no more than 2147483647 in %s/bug72114.php on line %d ++Done --- php5-5.3.10.orig/debian/patches/CVE-2015-4644.patch +++ php5-5.3.10/debian/patches/CVE-2015-4644.patch @@ -0,0 +1,55 @@ +Description: fix denial of service via php_pgsql_meta_data +Origin: backport, http://git.php.net/?p=php-src.git;a=commit;h=2cc4e69cc6d8dbc4b3568ad3dd583324a7c11d64 +Origin: backport, http://git.php.net/?p=php-src.git;a=commit;h=3ee3066bd00b15b050c2f70ccf8d6a6373f51c09 +Bug: https://bugs.php.net/bug.php?id=69667 + +Index: php5-5.3.10/ext/pgsql/pg_insert_002.phpt +=================================================================== +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ php5-5.3.10/ext/pgsql/pg_insert_002.phpt 2015-06-30 15:52:51.501987202 -0400 +@@ -0,0 +1,27 @@ ++--TEST-- ++PostgreSQL pg_select() - basic test using schema ++--SKIPIF-- ++ ++--FILE-- ++ 1, 'id2' => 1))); ++} ++?> ++Done ++--EXPECTF-- ++ ++Warning: pg_insert(): The table name must be specified in %s on line %d ++bool(false) ++ ++Warning: pg_insert(): The table name must be specified in %s on line %d ++bool(false) ++ ++Warning: pg_insert(): The table name must be specified in %s on line %d ++bool(false) ++Done +\ No newline at end of file +Index: php5-5.3.10/ext/pgsql/pgsql.c +=================================================================== +--- php5-5.3.10.orig/ext/pgsql/pgsql.c 2015-06-30 15:52:51.505987252 -0400 ++++ php5-5.3.10/ext/pgsql/pgsql.c 2015-06-30 15:52:51.501987202 -0400 +@@ -4868,7 +4868,11 @@ + + src = estrdup(table_name); + tmp_name = php_strtok_r(src, ".", &tmp_name2); +- ++ if (!tmp_name) { ++ efree(src); ++ php_error_docref(NULL TSRMLS_CC, E_WARNING, "The table name must be specified"); ++ return FAILURE; ++ } + if (!tmp_name2 || !*tmp_name2) { + /* Default schema */ + tmp_name2 = tmp_name; --- php5-5.3.10.orig/debian/patches/CVE-2015-4599.patch +++ php5-5.3.10/debian/patches/CVE-2015-4599.patch @@ -0,0 +1,26 @@ +From 51856a76f87ecb24fe1385342be43610fb6c86e4 Mon Sep 17 00:00:00 2001 +From: Dmitry Stogov +Date: Thu, 19 Mar 2015 11:36:01 +0300 +Subject: [PATCH] Fixed bug #69152 + +--- + ext/soap/soap.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +Index: php5-5.3.10/ext/soap/soap.c +=================================================================== +--- php5-5.3.10.orig/ext/soap/soap.c 2015-06-26 13:48:54.165235346 -0400 ++++ php5-5.3.10/ext/soap/soap.c 2015-06-26 13:48:54.165235346 -0400 +@@ -1021,6 +1021,12 @@ + + zend_call_function(&fci, NULL TSRMLS_CC); + ++ convert_to_string(faultcode); ++ convert_to_string(faultstring); ++ convert_to_string(file); ++ convert_to_long(line); ++ convert_to_string(trace); ++ + len = spprintf(&str, 0, "SoapFault exception: [%s] %s in %s:%ld\nStack trace:\n%s", + Z_STRVAL_P(faultcode), Z_STRVAL_P(faultstring), Z_STRVAL_P(file), Z_LVAL_P(line), + Z_STRLEN_P(trace) ? Z_STRVAL_P(trace) : "#0 {main}\n"); --- php5-5.3.10.orig/debian/patches/CVE-2014-4698.patch +++ php5-5.3.10/debian/patches/CVE-2014-4698.patch @@ -0,0 +1,53 @@ +From 22882a9d89712ff2b6ebc20a689a89452bba4dcd Mon Sep 17 00:00:00 2001 +From: Xinchen Hui +Date: Wed, 2 Jul 2014 17:57:42 +0800 +Subject: [PATCH] Fixed bug #67539 (ArrayIterator use-after-free due to object + change during sorting) + +--- + NEWS | 2 ++ + ext/spl/spl_array.c | 7 +++++++ + ext/spl/tests/bug67539.phpt | 15 +++++++++++++++ + 3 files changed, 24 insertions(+) + create mode 100644 ext/spl/tests/bug67539.phpt + +Index: php5-5.3.10/ext/spl/spl_array.c +=================================================================== +--- php5-5.3.10.orig/ext/spl/spl_array.c 2014-07-07 08:37:07.030629381 -0400 ++++ php5-5.3.10/ext/spl/spl_array.c 2014-07-07 08:37:07.026629381 -0400 +@@ -1732,8 +1732,15 @@ + { + const unsigned char *p, *s; + zval *pmembers, *pflags = NULL; ++ HashTable *aht; + long flags; + ++ aht = spl_array_get_hash_table(intern, 0 TSRMLS_CC); ++ if (aht->nApplyCount > 0) { ++ zend_error(E_WARNING, "Modification of ArrayObject during sorting is prohibited"); ++ return; ++ } ++ + /* storage */ + s = p = buf; + +Index: php5-5.3.10/ext/spl/tests/bug67539.phpt +=================================================================== +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ php5-5.3.10/ext/spl/tests/bug67539.phpt 2014-07-07 08:37:07.026629381 -0400 +@@ -0,0 +1,15 @@ ++--TEST-- ++Bug #67539 (ArrayIterator use-after-free due to object change during sorting) ++--FILE-- ++unserialize($GLOBALS['it']->serialize()); ++ return TRUE; ++} ++ ++$it->uksort('badsort'); ++--EXPECTF-- ++Warning: Modification of ArrayObject during sorting is prohibited in %sbug67539.php on line %d --- php5-5.3.10.orig/debian/patches/sybase-alias.patch +++ php5-5.3.10/debian/patches/sybase-alias.patch @@ -0,0 +1,41 @@ +--- a/ext/mssql/php_mssql.c ++++ b/ext/mssql/php_mssql.c +@@ -178,6 +178,38 @@ const zend_function_entry mssql_function + PHP_FE(mssql_execute, arginfo_mssql_execute) + PHP_FE(mssql_free_statement, arginfo_mssql_free_statement) + PHP_FE(mssql_guid_string, arginfo_mssql_guid_string) ++#if !defined(PHP_WIN32) && !defined(HAVE_SYBASE_CT) ++ PHP_FALIAS(sybase_connect, mssql_connect, arginfo_mssql_connect) ++ PHP_FALIAS(sybase_pconnect, mssql_pconnect, arginfo_mssql_connect) ++ PHP_FALIAS(sybase_close, mssql_close, arginfo_mssql_close) ++ PHP_FALIAS(sybase_select_db, mssql_select_db, arginfo_mssql_select_db) ++ PHP_FALIAS(sybase_query, mssql_query, arginfo_mssql_query) ++ PHP_FALIAS(sybase_fetch_batch, mssql_fetch_batch, arginfo_mssql_fetch_batch) ++ PHP_FALIAS(sybase_affected_rows, mssql_rows_affected, arginfo_mssql_rows_affected) ++ PHP_FALIAS(sybase_free_result, mssql_free_result, arginfo_mssql_fetch_batch) ++ PHP_FALIAS(sybase_get_last_message, mssql_get_last_message, arginfo_mssql_get_last_message) ++ PHP_FALIAS(sybase_num_rows, mssql_num_rows, arginfo_mssql_fetch_batch) ++ PHP_FALIAS(sybase_num_fields, mssql_num_fields, arginfo_mssql_fetch_batch) ++ PHP_FALIAS(sybase_fetch_field, mssql_fetch_field, arginfo_mssql_fetch_field) ++ PHP_FALIAS(sybase_fetch_row, mssql_fetch_row, arginfo_mssql_fetch_batch) ++ PHP_FALIAS(sybase_fetch_array, mssql_fetch_array, arginfo_mssql_fetch_array) ++ PHP_FALIAS(sybase_fetch_assoc, mssql_fetch_assoc, arginfo_mssql_fetch_assoc) ++ PHP_FALIAS(sybase_fetch_object, mssql_fetch_object, arginfo_mssql_fetch_batch) ++ PHP_FALIAS(sybase_field_length, mssql_field_length, arginfo_mssql_field_length) ++ PHP_FALIAS(sybase_field_name, mssql_field_name, arginfo_mssql_field_length) ++ PHP_FALIAS(sybase_field_type, mssql_field_type, arginfo_mssql_field_length) ++ PHP_FALIAS(sybase_data_seek, mssql_data_seek, arginfo_mssql_data_seek) ++ PHP_FALIAS(sybase_field_seek, mssql_field_seek, arginfo_mssql_fetch_field) ++ PHP_FALIAS(sybase_result, mssql_result, arginfo_mssql_result) ++ PHP_FALIAS(sybase_next_result, mssql_next_result, arginfo_mssql_fetch_assoc) ++ PHP_FALIAS(sybase_min_error_severity, mssql_min_error_severity, arginfo_mssql_min_error_severity) ++ PHP_FALIAS(sybase_min_message_severity, mssql_min_message_severity, arginfo_mssql_min_error_severity) ++ PHP_FALIAS(sybase_init, mssql_init, arginfo_mssql_init) ++ PHP_FALIAS(sybase_bind, mssql_bind, arginfo_mssql_bind) ++ PHP_FALIAS(sybase_execute, mssql_execute, arginfo_mssql_execute) ++ PHP_FALIAS(sybase_free_statement, mssql_free_statement, arginfo_mssql_free_statement) ++ PHP_FALIAS(sybase_guid_string, mssql_guid_string, arginfo_mssql_guid_string) ++#endif + PHP_FE_END + }; + /* }}} */ --- php5-5.3.10.orig/debian/patches/php-5.3.3-macropen.patch +++ php5-5.3.10/debian/patches/php-5.3.3-macropen.patch @@ -0,0 +1,36 @@ +--- a/ext/dba/dba.c ++++ b/ext/dba/dba.c +@@ -912,7 +912,7 @@ static void php_dba_open(INTERNAL_FUNCTI + } + } + +- if (error || hptr->open(info, &error TSRMLS_CC) != SUCCESS) { ++ if (error || (hptr->open)(info, &error TSRMLS_CC) != SUCCESS) { + dba_close(info TSRMLS_CC); + php_error_docref2(NULL TSRMLS_CC, Z_STRVAL_PP(args[0]), Z_STRVAL_PP(args[1]), E_WARNING, "Driver initialization failed for handler: %s%s%s", hptr->name, error?": ":"", error?error:""); + FREENOW; +--- a/ext/dba/dba_db3.c ++++ b/ext/dba/dba_db3.c +@@ -91,7 +91,7 @@ DBA_OPEN_FUNC(db3) + + if ((err=db_create(&dbp, NULL, 0)) == 0) { + dbp->set_errcall(dbp, php_dba_db3_errcall_fcn); +- if ((err=dbp->open(dbp, info->path, NULL, type, gmode, filemode)) == 0) { ++ if ((err=(dbp->open)(dbp, info->path, NULL, type, gmode, filemode)) == 0) { + dba_db3_data *data; + + data = pemalloc(sizeof(*data), info->flags&DBA_PERSISTENT); +--- a/ext/dba/dba_db4.c ++++ b/ext/dba/dba_db4.c +@@ -126,9 +126,9 @@ DBA_OPEN_FUNC(db4) + dbp->set_errcall(dbp, php_dba_db4_errcall_fcn); + if ( + #if (DB_VERSION_MAJOR > 4 || (DB_VERSION_MAJOR == 4 && DB_VERSION_MINOR >= 1)) +- (err=dbp->open(dbp, 0, info->path, NULL, type, gmode, filemode)) == 0) { ++ (err=(dbp->open)(dbp, 0, info->path, NULL, type, gmode, filemode)) == 0) { + #else +- (err=dbp->open(dbp, info->path, NULL, type, gmode, filemode)) == 0) { ++ (err=(dbp->open)(dbp, info->path, NULL, type, gmode, filemode)) == 0) { + #endif + dba_db4_data *data; + --- php5-5.3.10.orig/debian/patches/lp564920-fix-big-files.patch +++ php5-5.3.10/debian/patches/lp564920-fix-big-files.patch @@ -0,0 +1,22 @@ +Description: don't mmap large files +Author: Marc Deslauriers +Bug: http://bugs.php.net/bug.php?id=52102 +Ubuntu-Bug: https://bugs.edge.launchpad.net/ubuntu/+source/php5/+bug/564920 + +--- a/main/streams/plain_wrapper.c ++++ b/main/streams/plain_wrapper.c +@@ -629,7 +629,13 @@ static int php_stdiop_set_option(php_str + + switch (value) { + case PHP_STREAM_MMAP_SUPPORTED: +- return fd == -1 ? PHP_STREAM_OPTION_RETURN_ERR : PHP_STREAM_OPTION_RETURN_OK; ++ if (fd == -1) ++ return PHP_STREAM_OPTION_RETURN_ERR; ++ /* Don't mmap large files */ ++ do_fstat(data, 1); ++ if (data->sb.st_size > 4 * 1024 * 1024) ++ return PHP_STREAM_OPTION_RETURN_ERR; ++ return PHP_STREAM_OPTION_RETURN_OK; + + case PHP_STREAM_MMAP_MAP_RANGE: + do_fstat(data, 1); --- php5-5.3.10.orig/debian/patches/CVE-2015-6834-1.patch +++ php5-5.3.10/debian/patches/CVE-2015-6834-1.patch @@ -0,0 +1,143 @@ +Backport of: + +From e8429400d40e3c3aa4b22ba701991d698a2f3b2f Mon Sep 17 00:00:00 2001 +From: Stanislav Malyshev +Date: Mon, 31 Aug 2015 21:28:11 -0700 +Subject: [PATCH] Fix bug #70172 - Use After Free Vulnerability in + unserialize() + +--- + ext/standard/tests/serialize/bug70172.phpt | 52 ++++++++++++++++++++ + ext/standard/var.c | 23 +++++++-- + ext/standard/var_unserializer.c | 76 ++++++++++++++++-------------- + ext/standard/var_unserializer.re | 12 +++-- + 4 files changed, 121 insertions(+), 42 deletions(-) + create mode 100644 ext/standard/tests/serialize/bug70172.phpt + +Index: php5-5.3.10/ext/standard/var.c +=================================================================== +--- php5-5.3.10.orig/ext/standard/var.c 2015-09-30 08:04:55.906927662 -0400 ++++ php5-5.3.10/ext/standard/var.c 2015-09-30 08:04:55.906927662 -0400 +@@ -923,6 +923,8 @@ + int buf_len; + const unsigned char *p; + php_unserialize_data_t var_hash; ++ int oldlevel; ++ zval *old_rval = return_value; + + if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s", &buf, &buf_len) == FAILURE) { + RETURN_FALSE; +@@ -940,6 +942,19 @@ + php_error_docref(NULL TSRMLS_CC, E_NOTICE, "Error at offset %ld of %d bytes", (long)((char*)p - buf), buf_len); + RETURN_FALSE; + } ++ if (return_value != old_rval) { ++ /* ++ * Terrible hack due to the fact that executor passes us zval *, ++ * but unserialize with r/R wants to replace it with another zval * ++ */ ++ zval_dtor(old_rval); ++ *old_rval = *return_value; ++ zval_copy_ctor(old_rval); ++ var_push_dtor_no_addref(&var_hash, &return_value); ++ var_push_dtor_no_addref(&var_hash, &old_rval); ++ } else { ++ var_push_dtor(&var_hash, &return_value); ++ } + PHP_VAR_UNSERIALIZE_DESTROY(var_hash); + } + /* }}} */ +Index: php5-5.3.10/ext/standard/var_unserializer.c +=================================================================== +--- php5-5.3.10.orig/ext/standard/var_unserializer.c 2015-09-30 08:04:55.906927662 -0400 ++++ php5-5.3.10/ext/standard/var_unserializer.c 2015-09-30 08:04:55.906927662 -0400 +@@ -152,6 +152,9 @@ + + while (var_hash) { + for (i = 0; i < var_hash->used_slots; i++) { ++#if VAR_ENTRIES_DBG ++ fprintf(stderr, "var_destroy dtor(%p, %ld)\n", var_hash->data[i], Z_REFCOUNT_P(var_hash->data[i])); ++#endif + zval_ptr_dtor(&var_hash->data[i]); + } + next = var_hash->next; +@@ -579,6 +582,7 @@ + zval **args[1]; + zval *arg_func_name; + ++ if (!var_hash) return 0; + if (*start == 'C') { + custom_object = 1; + } +@@ -705,6 +709,7 @@ + if (yych != '"') goto yy18; + ++YYCURSOR; + { ++ if (!var_hash) return 0; + + INIT_PZVAL(*rval); + +@@ -735,6 +740,7 @@ + long elements = parse_iv(start + 2); + /* use iv() not uiv() in order to check data range */ + *p = YYCURSOR; ++ if (!var_hash) return 0; + + if (elements < 0) { + return 0; +@@ -1164,7 +1170,7 @@ + } + + if (*rval != NULL) { +- zval_ptr_dtor(rval); ++ var_push_dtor_no_addref(var_hash, rval); + } + *rval = *rval_ref; + Z_ADDREF_PP(rval); +Index: php5-5.3.10/ext/standard/var_unserializer.re +=================================================================== +--- php5-5.3.10.orig/ext/standard/var_unserializer.re 2015-09-30 08:04:55.906927662 -0400 ++++ php5-5.3.10/ext/standard/var_unserializer.re 2015-09-30 08:04:55.906927662 -0400 +@@ -151,6 +151,9 @@ + + while (var_hash) { + for (i = 0; i < var_hash->used_slots; i++) { ++#if VAR_ENTRIES_DBG ++ fprintf(stderr, "var_destroy dtor(%p, %ld)\n", var_hash->data[i], Z_REFCOUNT_P(var_hash->data[i])); ++#endif + zval_ptr_dtor(&var_hash->data[i]); + } + next = var_hash->next; +@@ -447,7 +450,7 @@ + } + + if (*rval != NULL) { +- zval_ptr_dtor(rval); ++ var_push_dtor_no_addref(var_hash, rval); + } + *rval = *rval_ref; + Z_ADDREF_PP(rval); +@@ -606,6 +609,7 @@ + long elements = parse_iv(start + 2); + /* use iv() not uiv() in order to check data range */ + *p = YYCURSOR; ++ if (!var_hash) return 0; + + if (elements < 0) { + return 0; +@@ -623,6 +627,7 @@ + } + + "o:" iv ":" ["] { ++ if (!var_hash) return 0; + + INIT_PZVAL(*rval); + +@@ -645,6 +650,7 @@ + zval **args[1]; + zval *arg_func_name; + ++ if (!var_hash) return 0; + if (*start == 'C') { + custom_object = 1; + } --- php5-5.3.10.orig/debian/patches/CVE-2014-9705.patch +++ php5-5.3.10/debian/patches/CVE-2014-9705.patch @@ -0,0 +1,46 @@ +From bdfe457a2c1b47209e32783b3a6447e81baf179a Mon Sep 17 00:00:00 2001 +From: Stanislav Malyshev +Date: Mon, 16 Feb 2015 06:50:10 +0100 +Subject: [PATCH] Port for for bug #68552 + +--- + NEWS | 6 ++++++ + ext/enchant/enchant.c | 7 +++---- + 2 files changed, 9 insertions(+), 4 deletions(-) + +Index: php5-5.3.10/ext/enchant/enchant.c +=================================================================== +--- php5-5.3.10.orig/ext/enchant/enchant.c 2015-03-16 13:42:36.063819735 -0400 ++++ php5-5.3.10/ext/enchant/enchant.c 2015-03-16 13:42:36.059819705 -0400 +@@ -545,13 +545,12 @@ + + d = enchant_broker_request_dict(pbroker->pbroker, (const char *)tag); + if (d) { ++ pos = pbroker->dictcnt++; + if (pbroker->dictcnt) { + pbroker->dict = (enchant_dict **)erealloc(pbroker->dict, sizeof(enchant_dict *) * pbroker->dictcnt); +- pos = pbroker->dictcnt++; + } else { + pbroker->dict = (enchant_dict **)emalloc(sizeof(enchant_dict *)); + pos = 0; +- pbroker->dictcnt++; + } + + dict = pbroker->dict[pos] = (enchant_dict *)emalloc(sizeof(enchant_dict)); +@@ -606,14 +605,14 @@ + + d = enchant_broker_request_pwl_dict(pbroker->pbroker, (const char *)pwl); + if (d) { ++ pos = pbroker->dictcnt++; + if (pbroker->dictcnt) { +- pos = pbroker->dictcnt++; + pbroker->dict = (enchant_dict **)erealloc(pbroker->dict, sizeof(enchant_dict *) * pbroker->dictcnt); + } else { + pbroker->dict = (enchant_dict **)emalloc(sizeof(enchant_dict *)); + pos = 0; +- pbroker->dictcnt++; + } ++ + dict = pbroker->dict[pos] = (enchant_dict *)emalloc(sizeof(enchant_dict)); + dict->id = pos; + dict->pbroker = pbroker; --- php5-5.3.10.orig/debian/patches/CVE-2015-6835-1.patch +++ php5-5.3.10/debian/patches/CVE-2015-6835-1.patch @@ -0,0 +1,882 @@ +Backport of: + +From df4bf28f9f104ca3ef78ed94b497859f15b004e5 Mon Sep 17 00:00:00 2001 +From: Stanislav Malyshev +Date: Sun, 23 Aug 2015 13:27:59 -0700 +Subject: [PATCH] Fix bug #70219 (Use after free vulnerability in session + deserializer) + +--- + ext/session/session.c | 36 +- + ext/session/tests/session_decode_error2.phpt | 518 +++++------------------ + ext/session/tests/session_decode_variation3.phpt | 2 +- + ext/standard/tests/serialize/bug70219.phpt | 38 ++ + ext/standard/var_unserializer.c | 68 +-- + ext/standard/var_unserializer.re | 64 +-- + 6 files changed, 228 insertions(+), 498 deletions(-) + create mode 100644 ext/standard/tests/serialize/bug70219.phpt + +Index: php5-5.3.10/ext/session/session.c +=================================================================== +--- php5-5.3.10.orig/ext/session/session.c 2015-09-30 08:05:47.134529790 -0400 ++++ php5-5.3.10/ext/session/session.c 2015-09-30 08:05:47.130529820 -0400 +@@ -276,16 +276,18 @@ + } + /* }}} */ + +-static void php_session_decode(const char *val, int vallen TSRMLS_DC) /* {{{ */ ++static int php_session_decode(const char *val, int vallen TSRMLS_DC) /* {{{ */ + { + if (!PS(serializer)) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unknown session.serialize_handler. Failed to decode session object"); +- return; ++ return FAILURE; + } + if (PS(serializer)->decode(val, vallen TSRMLS_CC) == FAILURE) { + php_session_destroy(TSRMLS_C); + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Failed to decode session object. Session has been destroyed"); ++ return FAILURE; + } ++ return SUCCESS; + } + /* }}} */ + +@@ -892,8 +894,11 @@ + ALLOC_INIT_ZVAL(current); + if (php_var_unserialize(¤t, (const unsigned char **) &p, (const unsigned char *) endptr, &var_hash TSRMLS_CC)) { + php_set_session_var(name, namelen, current, &var_hash TSRMLS_CC); ++ } else { ++ PHP_VAR_UNSERIALIZE_DESTROY(var_hash); ++ return FAILURE; + } +- zval_ptr_dtor(¤t); ++ var_push_dtor_no_addref(&var_hash, ¤t); + } + PS_ADD_VARL(name, namelen); + efree(name); +@@ -984,8 +989,13 @@ + ALLOC_INIT_ZVAL(current); + if (php_var_unserialize(¤t, (const unsigned char **) &q, (const unsigned char *) endptr, &var_hash TSRMLS_CC)) { + php_set_session_var(name, namelen, current, &var_hash TSRMLS_CC); ++ } else { ++ var_push_dtor_no_addref(&var_hash, ¤t); ++ efree(name); ++ PHP_VAR_UNSERIALIZE_DESTROY(var_hash); ++ return FAILURE; + } +- zval_ptr_dtor(¤t); ++ var_push_dtor_no_addref(&var_hash, ¤t); + } + PS_ADD_VARL(name, namelen); + skip: +@@ -1873,9 +1883,7 @@ + return; + } + +- php_session_decode(str, str_len TSRMLS_CC); +- +- RETURN_TRUE; ++ RETVAL_BOOL(php_session_decode(str, str_len TSRMLS_CC) == SUCCESS); + } + /* }}} */ + +Index: php5-5.3.10/ext/session/tests/session_decode_error2.phpt +=================================================================== +--- php5-5.3.10.orig/ext/session/tests/session_decode_error2.phpt 2015-09-30 08:05:47.134529790 -0400 ++++ php5-5.3.10/ext/session/tests/session_decode_error2.phpt 2015-09-30 08:05:47.130529820 -0400 +@@ -53,563 +53,247 @@ + } + + -- Iteration 4 -- +-bool(true) +-array(1) { +- ["foo"]=> +- NULL ++ ++Warning: session_decode(): Failed to decode session object. Session has been destroyed in %s/session_decode_error2.php on line %d ++bool(false) ++array(0) { + } + + -- Iteration 5 -- +-bool(true) +-array(1) { +- ["foo"]=> +- NULL ++bool(false) ++array(0) { + } + + -- Iteration 6 -- +-bool(true) +-array(1) { +- ["foo"]=> +- NULL ++bool(false) ++array(0) { + } + + -- Iteration 7 -- +-bool(true) +-array(1) { +- ["foo"]=> +- NULL ++bool(false) ++array(0) { + } + + -- Iteration 8 -- +-bool(true) +-array(1) { +- ["foo"]=> +- NULL ++bool(false) ++array(0) { + } + + -- Iteration 9 -- +-bool(true) +-array(1) { +- ["foo"]=> +- NULL ++bool(false) ++array(0) { + } + + -- Iteration 10 -- +-bool(true) +-array(1) { +- ["foo"]=> +- NULL ++bool(false) ++array(0) { + } + + -- Iteration 11 -- +-bool(true) +-array(1) { +- ["foo"]=> +- NULL ++bool(false) ++array(0) { + } + + -- Iteration 12 -- +-bool(true) +-array(1) { +- ["foo"]=> +- NULL ++bool(false) ++array(0) { + } + + -- Iteration 13 -- +-bool(true) +-array(1) { +- ["foo"]=> +- NULL ++bool(false) ++array(0) { + } + + -- Iteration 14 -- +-bool(true) +-array(1) { +- ["foo"]=> +- NULL ++bool(false) ++array(0) { + } + + -- Iteration 15 -- +-bool(true) +-array(1) { +- ["foo"]=> +- NULL ++bool(false) ++array(0) { + } + + -- Iteration 16 -- +-bool(true) +-array(1) { +- ["foo"]=> +- NULL ++bool(false) ++array(0) { + } + + -- Iteration 17 -- +-bool(true) +-array(1) { +- ["foo"]=> +- NULL ++bool(false) ++array(0) { + } + + -- Iteration 18 -- +-bool(true) +-array(1) { +- ["foo"]=> +- NULL ++bool(false) ++array(0) { + } + + -- Iteration 19 -- +-bool(true) +-array(1) { +- ["foo"]=> +- NULL ++bool(false) ++array(0) { + } + + -- Iteration 20 -- +-bool(true) +-array(1) { +- ["foo"]=> +- NULL ++bool(false) ++array(0) { + } + + -- Iteration 21 -- +-bool(true) +-array(1) { +- ["foo"]=> +- NULL ++bool(false) ++array(0) { + } + + -- Iteration 22 -- +-bool(true) +-array(1) { +- ["foo"]=> +- NULL ++bool(false) ++array(0) { + } + + -- Iteration 23 -- +-bool(true) +-array(1) { +- ["foo"]=> +- NULL ++bool(false) ++array(0) { + } + + -- Iteration 24 -- +-bool(true) +-array(1) { +- ["foo"]=> +- NULL ++bool(false) ++array(0) { + } + + -- Iteration 25 -- +-bool(true) +-array(1) { +- ["foo"]=> +- NULL ++bool(false) ++array(0) { + } + + -- Iteration 26 -- +-bool(true) +-array(1) { +- ["foo"]=> +- NULL ++bool(false) ++array(0) { + } + + -- Iteration 27 -- +-bool(true) +-array(1) { +- ["foo"]=> +- NULL ++bool(false) ++array(0) { + } + + -- Iteration 28 -- +-bool(true) +-array(1) { +- ["foo"]=> +- NULL ++bool(false) ++array(0) { + } + + -- Iteration 29 -- +-bool(true) +-array(1) { +- ["foo"]=> +- NULL ++bool(false) ++array(0) { + } + + -- Iteration 30 -- +-bool(true) +-array(1) { +- ["foo"]=> +- NULL ++bool(false) ++array(0) { + } + + -- Iteration 31 -- +-bool(true) +-array(1) { +- ["foo"]=> +- NULL ++bool(false) ++array(0) { + } + + -- Iteration 32 -- +-bool(true) +-array(1) { +- ["foo"]=> +- NULL ++bool(false) ++array(0) { + } + + -- Iteration 33 -- +-bool(true) +-array(1) { +- ["foo"]=> +- NULL ++bool(false) ++array(0) { + } + + -- Iteration 34 -- +-bool(true) +-array(1) { +- ["foo"]=> +- array(3) { +- [0]=> +- int(1) +- [1]=> +- int(2) +- [2]=> +- int(3) +- } ++bool(false) ++array(0) { + } + + -- Iteration 35 -- +-bool(true) +-array(1) { +- ["foo"]=> +- array(3) { +- [0]=> +- int(1) +- [1]=> +- int(2) +- [2]=> +- int(3) +- } ++bool(false) ++array(0) { + } + + -- Iteration 36 -- +-bool(true) +-array(1) { +- ["foo"]=> +- array(3) { +- [0]=> +- int(1) +- [1]=> +- int(2) +- [2]=> +- int(3) +- } ++bool(false) ++array(0) { + } + + -- Iteration 37 -- +-bool(true) +-array(1) { +- ["foo"]=> +- array(3) { +- [0]=> +- int(1) +- [1]=> +- int(2) +- [2]=> +- int(3) +- } ++bool(false) ++array(0) { + } + + -- Iteration 38 -- +-bool(true) +-array(1) { +- ["foo"]=> +- array(3) { +- [0]=> +- int(1) +- [1]=> +- int(2) +- [2]=> +- int(3) +- } ++bool(false) ++array(0) { + } + + -- Iteration 39 -- +-bool(true) +-array(2) { +- ["foo"]=> +- array(3) { +- [0]=> +- int(1) +- [1]=> +- int(2) +- [2]=> +- int(3) +- } +- ["guff"]=> +- NULL ++bool(false) ++array(0) { + } + + -- Iteration 40 -- +-bool(true) +-array(2) { +- ["foo"]=> +- array(3) { +- [0]=> +- int(1) +- [1]=> +- int(2) +- [2]=> +- int(3) +- } +- ["guff"]=> +- NULL ++bool(false) ++array(0) { + } + + -- Iteration 41 -- +-bool(true) +-array(2) { +- ["foo"]=> +- array(3) { +- [0]=> +- int(1) +- [1]=> +- int(2) +- [2]=> +- int(3) +- } +- ["guff"]=> +- NULL ++bool(false) ++array(0) { + } + + -- Iteration 42 -- +-bool(true) +-array(2) { +- ["foo"]=> +- array(3) { +- [0]=> +- int(1) +- [1]=> +- int(2) +- [2]=> +- int(3) +- } +- ["guff"]=> +- NULL ++bool(false) ++array(0) { + } + + -- Iteration 43 -- +-bool(true) +-array(2) { +- ["foo"]=> +- &array(3) { +- [0]=> +- int(1) +- [1]=> +- int(2) +- [2]=> +- int(3) +- } +- ["guff"]=> +- &array(3) { +- [0]=> +- int(1) +- [1]=> +- int(2) +- [2]=> +- int(3) +- } ++bool(false) ++array(0) { + } + + -- Iteration 44 -- +-bool(true) +-array(2) { +- ["foo"]=> +- &array(3) { +- [0]=> +- int(1) +- [1]=> +- int(2) +- [2]=> +- int(3) +- } +- ["guff"]=> +- &array(3) { +- [0]=> +- int(1) +- [1]=> +- int(2) +- [2]=> +- int(3) +- } ++bool(false) ++array(0) { + } + + -- Iteration 45 -- +-bool(true) +-array(2) { +- ["foo"]=> +- &array(3) { +- [0]=> +- int(1) +- [1]=> +- int(2) +- [2]=> +- int(3) +- } +- ["guff"]=> +- &array(3) { +- [0]=> +- int(1) +- [1]=> +- int(2) +- [2]=> +- int(3) +- } ++bool(false) ++array(0) { + } + + -- Iteration 46 -- +-bool(true) +-array(2) { +- ["foo"]=> +- &array(3) { +- [0]=> +- int(1) +- [1]=> +- int(2) +- [2]=> +- int(3) +- } +- ["guff"]=> +- &array(3) { +- [0]=> +- int(1) +- [1]=> +- int(2) +- [2]=> +- int(3) +- } ++bool(false) ++array(0) { + } + + -- Iteration 47 -- +-bool(true) +-array(2) { +- ["foo"]=> +- &array(3) { +- [0]=> +- int(1) +- [1]=> +- int(2) +- [2]=> +- int(3) +- } +- ["guff"]=> +- &array(3) { +- [0]=> +- int(1) +- [1]=> +- int(2) +- [2]=> +- int(3) +- } ++bool(false) ++array(0) { + } + + -- Iteration 48 -- +-bool(true) +-array(3) { +- ["foo"]=> +- &array(3) { +- [0]=> +- int(1) +- [1]=> +- int(2) +- [2]=> +- int(3) +- } +- ["guff"]=> +- &array(3) { +- [0]=> +- int(1) +- [1]=> +- int(2) +- [2]=> +- int(3) +- } +- ["blah"]=> +- NULL ++bool(false) ++array(0) { + } + + -- Iteration 49 -- +-bool(true) +-array(3) { +- ["foo"]=> +- &array(3) { +- [0]=> +- int(1) +- [1]=> +- int(2) +- [2]=> +- int(3) +- } +- ["guff"]=> +- &array(3) { +- [0]=> +- int(1) +- [1]=> +- int(2) +- [2]=> +- int(3) +- } +- ["blah"]=> +- NULL ++bool(false) ++array(0) { + } + + -- Iteration 50 -- +-bool(true) +-array(3) { +- ["foo"]=> +- &array(3) { +- [0]=> +- int(1) +- [1]=> +- int(2) +- [2]=> +- int(3) +- } +- ["guff"]=> +- &array(3) { +- [0]=> +- int(1) +- [1]=> +- int(2) +- [2]=> +- int(3) +- } +- ["blah"]=> +- NULL ++bool(false) ++array(0) { + } + + -- Iteration 51 -- +-bool(true) +-array(3) { +- ["foo"]=> +- &array(3) { +- [0]=> +- int(1) +- [1]=> +- int(2) +- [2]=> +- int(3) +- } +- ["guff"]=> +- &array(3) { +- [0]=> +- int(1) +- [1]=> +- int(2) +- [2]=> +- int(3) +- } +- ["blah"]=> +- NULL ++bool(false) ++array(0) { + } +-bool(true) +-Done + ++Warning: session_destroy(): Trying to destroy uninitialized session in %s/session_decode_error2.php on line %d ++bool(false) ++Done +Index: php5-5.3.10/ext/session/tests/session_decode_variation3.phpt +=================================================================== +--- php5-5.3.10.orig/ext/session/tests/session_decode_variation3.phpt 2015-09-30 08:05:47.134529790 -0400 ++++ php5-5.3.10/ext/session/tests/session_decode_variation3.phpt 2015-09-30 08:05:47.130529820 -0400 +@@ -49,7 +49,7 @@ + } + + Warning: session_decode(): Unknown session.serialize_handler. Failed to decode session object in %s on line %d +-bool(true) ++bool(false) + array(3) { + ["foo"]=> + int(1234567890) +Index: php5-5.3.10/ext/standard/var_unserializer.c +=================================================================== +--- php5-5.3.10.orig/ext/standard/var_unserializer.c 2015-09-30 08:05:47.134529790 -0400 ++++ php5-5.3.10/ext/standard/var_unserializer.c 2015-09-30 08:08:08.297433418 -0400 +@@ -81,7 +81,13 @@ + + PHPAPI void var_push_dtor_no_addref(php_unserialize_data_t *var_hashx, zval **rval) + { +- var_entries *var_hash = var_hashx->first_dtor, *prev = NULL; ++ var_entries *var_hash, *prev = NULL; ++ ++ if (!var_hashx) { ++ return; ++ } ++ ++ var_hash = var_hashx->first_dtor; + + while (var_hash && var_hash->used_slots == VAR_ENTRIES_MAX) { + prev = var_hash; +@@ -285,24 +291,20 @@ + ALLOC_INIT_ZVAL(key); + + if (!php_var_unserialize(&key, p, max, NULL TSRMLS_CC)) { +- zval_dtor(key); +- FREE_ZVAL(key); ++ var_push_dtor_no_addref(var_hash, &key); + return 0; + } + + if (Z_TYPE_P(key) != IS_LONG && Z_TYPE_P(key) != IS_STRING) { +- zval_dtor(key); +- FREE_ZVAL(key); ++ var_push_dtor_no_addref(var_hash, &key); + return 0; + } + + ALLOC_INIT_ZVAL(data); + + if (!php_var_unserialize(&data, p, max, var_hash TSRMLS_CC)) { +- zval_dtor(key); +- FREE_ZVAL(key); +- zval_dtor(data); +- FREE_ZVAL(data); ++ var_push_dtor_no_addref(var_hash, &key); ++ var_push_dtor_no_addref(var_hash, &data); + return 0; + } + +@@ -331,9 +333,7 @@ + sizeof data, NULL); + } + var_push_dtor(var_hash, &data); +- +- zval_dtor(key); +- FREE_ZVAL(key); ++ var_push_dtor_no_addref(var_hash, &key); + + if (elements && *(*p-1) != ';' && *(*p-1) != '}') { + (*p)--; +Index: php5-5.3.10/ext/standard/var_unserializer.re +=================================================================== +--- php5-5.3.10.orig/ext/standard/var_unserializer.re 2015-09-30 08:05:47.134529790 -0400 ++++ php5-5.3.10/ext/standard/var_unserializer.re 2015-09-30 08:08:28.713274856 -0400 +@@ -80,7 +80,13 @@ + + PHPAPI void var_push_dtor_no_addref(php_unserialize_data_t *var_hashx, zval **rval) + { +- var_entries *var_hash = var_hashx->first_dtor, *prev = NULL; ++ var_entries *var_hash, *prev = NULL; ++ ++ if (!var_hashx) { ++ return; ++ } ++ ++ var_hash = var_hashx->first_dtor; + + while (var_hash && var_hash->used_slots == VAR_ENTRIES_MAX) { + prev = var_hash; +@@ -291,24 +297,20 @@ + ALLOC_INIT_ZVAL(key); + + if (!php_var_unserialize(&key, p, max, NULL TSRMLS_CC)) { +- zval_dtor(key); +- FREE_ZVAL(key); ++ var_push_dtor_no_addref(var_hash, &key); + return 0; + } + + if (Z_TYPE_P(key) != IS_LONG && Z_TYPE_P(key) != IS_STRING) { +- zval_dtor(key); +- FREE_ZVAL(key); ++ var_push_dtor_no_addref(var_hash, &key); + return 0; + } + + ALLOC_INIT_ZVAL(data); + + if (!php_var_unserialize(&data, p, max, var_hash TSRMLS_CC)) { +- zval_dtor(key); +- FREE_ZVAL(key); +- zval_dtor(data); +- FREE_ZVAL(data); ++ var_push_dtor_no_addref(var_hash, &key); ++ var_push_dtor_no_addref(var_hash, &data); + return 0; + } + +@@ -337,9 +339,7 @@ + sizeof data, NULL); + } + var_push_dtor(var_hash, &data); +- +- zval_dtor(key); +- FREE_ZVAL(key); ++ var_push_dtor_no_addref(var_hash, &key); + + if (elements && *(*p-1) != ';' && *(*p-1) != '}') { + (*p)--; --- php5-5.3.10.orig/debian/patches/033-we_WANT_libtool.patch +++ php5-5.3.10/debian/patches/033-we_WANT_libtool.patch @@ -0,0 +1,25 @@ +Description: + upstream ships an out of date version of libtool. this ensures that + we build against an up-to-date version of libtool by running libtoolize + as part of our build process (this is called indirectly via ./buildconf.sh + from debian/rules) + . + note that we don't touch the libtool.m4 that they ship here, and this file + gets included in the build process as part of the phpize stuff. however, + this is solved in ./debian/rules where it's overwritten with a symlink. +Origin: vendor +Forwarded: no +Last-Update: 2010-01-18 + +--- a/build/build2.mk ++++ b/build/build2.mk +@@ -52,7 +52,8 @@ $(TOUCH_FILES): + + aclocal.m4: configure.in acinclude.m4 + @echo rebuilding $@ +- cat acinclude.m4 ./build/libtool.m4 > $@ ++ libtoolize --copy --install --automake --force ++ aclocal + + configure: aclocal.m4 configure.in $(config_m4_files) + @echo rebuilding $@ --- php5-5.3.10.orig/debian/patches/CVE-2015-6833-1.patch +++ php5-5.3.10/debian/patches/CVE-2015-6833-1.patch @@ -0,0 +1,137 @@ +From dda81f0505217a95db065e6bf9cc2d81eb902417 Mon Sep 17 00:00:00 2001 +From: Stanislav Malyshev +Date: Tue, 4 Aug 2015 14:00:29 -0700 +Subject: [PATCH] Fix bug #70019 - limit extracted files to given directory + +--- + ext/phar/phar_object.c | 50 +++++++++++++++++++++++++++++++++++++++---- + ext/phar/tests/bug70019.phpt | 22 +++++++++++++++++++ + ext/phar/tests/bug70019.zip | Bin 0 -> 184 bytes + 3 files changed, 68 insertions(+), 4 deletions(-) + create mode 100644 ext/phar/tests/bug70019.phpt + create mode 100644 ext/phar/tests/bug70019.zip + +Index: php5-5.3.10/ext/phar/phar_object.c +=================================================================== +--- php5-5.3.10.orig/ext/phar/phar_object.c 2015-09-29 12:39:27.062374111 -0400 ++++ php5-5.3.10/ext/phar/phar_object.c 2015-09-29 12:39:27.062374111 -0400 +@@ -4304,6 +4304,9 @@ + php_stream *fp; + char *fullpath, *slash; + mode_t mode; ++ cwd_state new_state; ++ char *filename; ++ size_t filename_len; + + if (entry->is_mounted) { + /* silently ignore mounted entries */ +@@ -4313,8 +4316,39 @@ + if (entry->filename_len >= sizeof(".phar")-1 && !memcmp(entry->filename, ".phar", sizeof(".phar")-1)) { + return SUCCESS; + } ++ /* strip .. from path and restrict it to be under dest directory */ ++ new_state.cwd = (char*)malloc(2); ++ new_state.cwd[0] = DEFAULT_SLASH; ++ new_state.cwd[1] = '\0'; ++ new_state.cwd_length = 1; ++ if (virtual_file_ex(&new_state, entry->filename, NULL, CWD_EXPAND TSRMLS_CC) != 0 || ++ new_state.cwd_length <= 1) { ++ if (EINVAL == errno && entry->filename_len > 50) { ++ char *tmp = estrndup(entry->filename, 50); ++ spprintf(error, 4096, "Cannot extract \"%s...\" to \"%s...\", extracted filename is too long for filesystem", tmp, dest); ++ efree(tmp); ++ } else { ++ spprintf(error, 4096, "Cannot extract \"%s\", internal error", entry->filename); ++ } ++ free(new_state.cwd); ++ return FAILURE; ++ } ++ filename = new_state.cwd + 1; ++ filename_len = new_state.cwd_length - 1; ++#ifdef PHP_WIN32 ++ /* unixify the path back, otherwise non zip formats might be broken */ ++ { ++ int cnt = filename_len; ++ ++ do { ++ if ('\\' == filename[cnt]) { ++ filename[cnt] = '/'; ++ } ++ } while (cnt-- >= 0); ++ } ++#endif + +- len = spprintf(&fullpath, 0, "%s/%s", dest, entry->filename); ++ len = spprintf(&fullpath, 0, "%s/%s", dest, filename); + + if (len >= MAXPATHLEN) { + char *tmp; +@@ -4328,18 +4362,21 @@ + spprintf(error, 4096, "Cannot extract \"%s\" to \"%s...\", extracted filename is too long for filesystem", entry->filename, fullpath); + } + efree(fullpath); ++ free(new_state.cwd); + return FAILURE; + } + + if (!len) { + spprintf(error, 4096, "Cannot extract \"%s\", internal error", entry->filename); + efree(fullpath); ++ free(new_state.cwd); + return FAILURE; + } + + if (PHAR_OPENBASEDIR_CHECKPATH(fullpath)) { + spprintf(error, 4096, "Cannot extract \"%s\" to \"%s\", openbasedir/safe mode restrictions in effect", entry->filename, fullpath); + efree(fullpath); ++ free(new_state.cwd); + return FAILURE; + } + +@@ -4347,14 +4384,15 @@ + if (!overwrite && SUCCESS == php_stream_stat_path(fullpath, &ssb)) { + spprintf(error, 4096, "Cannot extract \"%s\" to \"%s\", path already exists", entry->filename, fullpath); + efree(fullpath); ++ free(new_state.cwd); + return FAILURE; + } + + /* perform dirname */ +- slash = zend_memrchr(entry->filename, '/', entry->filename_len); ++ slash = zend_memrchr(filename, '/', filename_len); + + if (slash) { +- fullpath[dest_len + (slash - entry->filename) + 1] = '\0'; ++ fullpath[dest_len + (slash - filename) + 1] = '\0'; + } else { + fullpath[dest_len] = '\0'; + } +@@ -4364,23 +4402,27 @@ + if (!php_stream_mkdir(fullpath, entry->flags & PHAR_ENT_PERM_MASK, PHP_STREAM_MKDIR_RECURSIVE, NULL)) { + spprintf(error, 4096, "Cannot extract \"%s\", could not create directory \"%s\"", entry->filename, fullpath); + efree(fullpath); ++ free(new_state.cwd); + return FAILURE; + } + } else { + if (!php_stream_mkdir(fullpath, 0777, PHP_STREAM_MKDIR_RECURSIVE, NULL)) { + spprintf(error, 4096, "Cannot extract \"%s\", could not create directory \"%s\"", entry->filename, fullpath); + efree(fullpath); ++ free(new_state.cwd); + return FAILURE; + } + } + } + + if (slash) { +- fullpath[dest_len + (slash - entry->filename) + 1] = '/'; ++ fullpath[dest_len + (slash - filename) + 1] = '/'; + } else { + fullpath[dest_len] = '/'; + } + ++ filename = NULL; ++ free(new_state.cwd); + /* it is a standalone directory, job done */ + if (entry->is_dir) { + efree(fullpath); --- php5-5.3.10.orig/debian/patches/CVE-2015-7804.patch +++ php5-5.3.10/debian/patches/CVE-2015-7804.patch @@ -0,0 +1,34 @@ +Description: fix uninitialized pointer in phar_make_dirstream() +Origin: upstream, http://git.php.net/?p=php-src.git;a=commit;h=e78ac461dbefb7c4a3e9fde78d50fbc56b7b0183 +Origin: upstream, http://git.php.net/?p=php-src.git;a=commit;h=1ddf72180a52d247db88ea42a3e35f824a8fbda1 +Origin: upstream, http://git.php.net/?p=php-src.git;a=commit;h=d7fb43e30d662c7fff999521ebf15ddbb192c7ca +Bug: https://bugs.php.net/bug.php?id=70433 + +Index: php5-5.3.10/ext/phar/util.c +=================================================================== +--- php5-5.3.10.orig/ext/phar/util.c 2015-10-27 16:56:47.050441132 -0400 ++++ php5-5.3.10/ext/phar/util.c 2015-10-27 16:56:47.018440796 -0400 +@@ -2227,7 +2227,7 @@ + + while ((s = zend_memrchr(filename, '/', filename_len))) { + filename_len = s - filename; +- if (FAILURE == zend_hash_add_empty_element(&phar->virtual_dirs, filename, filename_len)) { ++ if (!filename_len || FAILURE == zend_hash_add_empty_element(&phar->virtual_dirs, filename, filename_len)) { + break; + } + } +Index: php5-5.3.10/ext/phar/zip.c +=================================================================== +--- php5-5.3.10.orig/ext/phar/zip.c 2015-10-27 16:56:47.050441132 -0400 ++++ php5-5.3.10/ext/phar/zip.c 2015-10-27 16:56:47.022440838 -0400 +@@ -396,7 +396,9 @@ + + if (entry.filename[entry.filename_len - 1] == '/') { + entry.is_dir = 1; +- entry.filename_len--; ++ if(entry.filename_len > 1) { ++ entry.filename_len--; ++ } + entry.flags |= PHAR_ENT_PERM_DEF_DIR; + } else { + entry.is_dir = 0; --- php5-5.3.10.orig/debian/patches/CVE-2015-4021.patch +++ php5-5.3.10/debian/patches/CVE-2015-4021.patch @@ -0,0 +1,24 @@ +From c27f012b7a447e59d4a704688971cbfa7dddaa74 Mon Sep 17 00:00:00 2001 +From: Stanislav Malyshev +Date: Wed, 29 Apr 2015 22:04:20 -0700 +Subject: [PATCH] Fix bug #69453 - don't try to cut empty string + +--- + ext/phar/tar.c | 2 +- + ext/phar/tests/bug69453.phpt | 21 +++++++++++++++++++++ + 2 files changed, 22 insertions(+), 1 deletion(-) + create mode 100644 ext/phar/tests/bug69453.phpt + +diff --git a/ext/phar/tar.c b/ext/phar/tar.c +index ca8eafc..d6d63e6 100644 +--- a/ext/phar/tar.c ++++ b/ext/phar/tar.c +@@ -425,7 +425,7 @@ bail: + entry.filename_len = i; + entry.filename = pestrndup(hdr->name, i, myphar->is_persistent); + +- if (entry.filename[entry.filename_len - 1] == '/') { ++ if (i > 0 && entry.filename[entry.filename_len - 1] == '/') { + /* some tar programs store directories with trailing slash */ + entry.filename[entry.filename_len - 1] = '\0'; + entry.filename_len--; --- php5-5.3.10.orig/debian/patches/qdbm-is-usr_include_qdbm.patch +++ php5-5.3.10/debian/patches/qdbm-is-usr_include_qdbm.patch @@ -0,0 +1,20 @@ +Description: Look for qdbm under $prefix/include/qdbm too. + The Debian package ships the header files under that directory, for + unknown reasons. +Origin: vendor +Forwarded: not-needed +Last-Update: 2010-02-21 + +--- a/ext/dba/config.m4 ++++ b/ext/dba/config.m4 +@@ -109,6 +109,10 @@ if test "$PHP_QDBM" != "no"; then + THIS_PREFIX=$i + THIS_INCLUDE=$i/include/depot.h + break ++ elif test -f "$i/include/qdbm/depot.h"; then ++ THIS_PREFIX=$i ++ THIS_INCLUDE=$i/include/qdbm/depot.h ++ break + fi + done + --- php5-5.3.10.orig/debian/patches/php-5.3.9-gnusrc.patch +++ php5-5.3.10/debian/patches/php-5.3.9-gnusrc.patch @@ -0,0 +1,115 @@ +diff -up php-5.3.9/configure.in.gnusrc php-5.3.9/configure.in +--- php-5.3.9/configure.in.gnusrc 2012-01-10 12:21:57.000000000 +0100 ++++ php-5.3.9/configure.in 2012-01-10 18:53:24.020907113 +0100 +@@ -58,6 +58,8 @@ AC_DEFUN([PHP_EXT_DIR],[ext/$1])dnl + AC_DEFUN([PHP_EXT_SRCDIR],[$abs_srcdir/ext/$1])dnl + AC_DEFUN([PHP_ALWAYS_SHARED],[])dnl + ++AC_DEFINE([_GNU_SOURCE], 1, [Define to enable GNU C Library extensions]) ++ + dnl Setting up the PHP version based on the information above. + dnl ------------------------------------------------------------------------- + +diff -up php-5.3.9/ext/interbase/interbase.c.gnusrc php-5.3.9/ext/interbase/interbase.c +--- php-5.3.9/ext/interbase/interbase.c.gnusrc 2012-01-01 14:15:04.000000000 +0100 ++++ php-5.3.9/ext/interbase/interbase.c 2012-01-10 18:53:24.021907113 +0100 +@@ -24,7 +24,6 @@ + #include "config.h" + #endif + +-#define _GNU_SOURCE + + #include "php.h" + +diff -up php-5.3.9/ext/pdo_firebird/firebird_driver.c.gnusrc php-5.3.9/ext/pdo_firebird/firebird_driver.c +--- php-5.3.9/ext/pdo_firebird/firebird_driver.c.gnusrc 2012-01-01 14:15:04.000000000 +0100 ++++ php-5.3.9/ext/pdo_firebird/firebird_driver.c 2012-01-10 18:53:24.022907113 +0100 +@@ -22,7 +22,6 @@ + #include "config.h" + #endif + +-#define _GNU_SOURCE + + #include "php.h" + #ifdef ZEND_ENGINE_2 +diff -up php-5.3.9/ext/standard/file.c.gnusrc php-5.3.9/ext/standard/file.c +--- php-5.3.9/ext/standard/file.c.gnusrc 2012-01-01 14:15:04.000000000 +0100 ++++ php-5.3.9/ext/standard/file.c 2012-01-10 18:53:24.023907113 +0100 +@@ -113,9 +113,6 @@ php_file_globals file_globals; + #endif + + #if defined(HAVE_FNMATCH) && !defined(PHP_WIN32) +-# ifndef _GNU_SOURCE +-# define _GNU_SOURCE +-# endif + # include + #endif + +diff -up php-5.3.9/ext/zlib/zlib_fopen_wrapper.c.gnusrc php-5.3.9/ext/zlib/zlib_fopen_wrapper.c +--- php-5.3.9/ext/zlib/zlib_fopen_wrapper.c.gnusrc 2012-01-01 14:15:04.000000000 +0100 ++++ php-5.3.9/ext/zlib/zlib_fopen_wrapper.c 2012-01-10 18:53:52.308907791 +0100 +@@ -19,8 +19,6 @@ + + /* $Id: zlib_fopen_wrapper.c 321634 2012-01-01 13:15:04Z felipe $ */ + +-#define _GNU_SOURCE +- + #include "php.h" + #include "php_zlib.h" + #include "fopen_wrappers.h" +diff -up php-5.3.9/main/php.h.gnusrc php-5.3.9/main/php.h +--- php-5.3.9/main/php.h.gnusrc 2012-01-01 14:15:04.000000000 +0100 ++++ php-5.3.9/main/php.h 2012-01-10 18:53:24.025907114 +0100 +@@ -30,6 +30,7 @@ + #define PHP_HAVE_STREAMS + #define YYDEBUG 0 + ++#include "php_config.h" + #include "php_version.h" + #include "zend.h" + #include "zend_qsort.h" +diff -up php-5.3.9/main/streams/cast.c.gnusrc php-5.3.9/main/streams/cast.c +--- php-5.3.9/main/streams/cast.c.gnusrc 2012-01-01 14:15:04.000000000 +0100 ++++ php-5.3.9/main/streams/cast.c 2012-01-10 18:54:09.479908202 +0100 +@@ -18,7 +18,6 @@ + + /* $Id: cast.c 321634 2012-01-01 13:15:04Z felipe $ */ + +-#define _GNU_SOURCE + #include "php.h" + #include "php_globals.h" + #include "php_network.h" +diff -up php-5.3.9/main/streams/memory.c.gnusrc php-5.3.9/main/streams/memory.c +--- php-5.3.9/main/streams/memory.c.gnusrc 2012-01-01 14:15:04.000000000 +0100 ++++ php-5.3.9/main/streams/memory.c 2012-01-10 18:54:25.102908576 +0100 +@@ -18,7 +18,6 @@ + + /* $Id: memory.c 321634 2012-01-01 13:15:04Z felipe $ */ + +-#define _GNU_SOURCE + #include "php.h" + + PHPAPI int php_url_decode(char *str, int len); +diff -up php-5.3.9/main/streams/streams.c.gnusrc php-5.3.9/main/streams/streams.c +--- php-5.3.9/main/streams/streams.c.gnusrc 2012-01-01 14:15:04.000000000 +0100 ++++ php-5.3.9/main/streams/streams.c 2012-01-10 18:54:42.953909003 +0100 +@@ -21,7 +21,6 @@ + + /* $Id: streams.c 321634 2012-01-01 13:15:04Z felipe $ */ + +-#define _GNU_SOURCE + #include "php.h" + #include "php_globals.h" + #include "php_network.h" +diff -up php-5.3.9/Zend/zend_language_parser.c.gnusrc php-5.3.9/Zend/zend_language_parser.c +--- php-5.3.9/Zend/zend_language_parser.c.gnusrc 2012-01-10 14:37:07.000000000 +0100 ++++ php-5.3.9/Zend/zend_language_parser.c 2012-01-10 18:53:24.031907115 +0100 +@@ -112,6 +112,8 @@ + #include "zend_API.h" + #include "zend_constants.h" + ++#include ++ + + #define YYERROR_VERBOSE + #define YYSTYPE znode --- php5-5.3.10.orig/debian/patches/bug71527.patch +++ php5-5.3.10/debian/patches/bug71527.patch @@ -0,0 +1,62 @@ +Backport of: + +From fe13566c93f118a15a96320a546c7878fd0cfc5e Mon Sep 17 00:00:00 2001 +From: Anatol Belski +Date: Mon, 28 Mar 2016 00:45:19 +0200 +Subject: [PATCH] Fixed bug #71527 Buffer over-write in finfo_open with + malformed magic file + +The actual fix is applying the upstream patch from +https://github.com/file/file/commit/6713ca45e7757297381f4b4cdb9cf5e624a9ad36 +--- + ext/fileinfo/libmagic/funcs.c | 2 +- + ext/fileinfo/tests/bug71527.magic | 1 + + ext/fileinfo/tests/bug71527.phpt | 19 +++++++++++++++++++ + 3 files changed, 21 insertions(+), 1 deletion(-) + create mode 100644 ext/fileinfo/tests/bug71527.magic + create mode 100644 ext/fileinfo/tests/bug71527.phpt + +Index: php5-5.3.10/ext/fileinfo/tests/bug71527.magic +=================================================================== +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ php5-5.3.10/ext/fileinfo/tests/bug71527.magic 2016-04-18 11:11:45.438619639 -0400 +@@ -0,0 +1 @@ ++>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> +\ No newline at end of file +Index: php5-5.3.10/ext/fileinfo/tests/bug71527.phpt +=================================================================== +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ php5-5.3.10/ext/fileinfo/tests/bug71527.phpt 2016-04-18 11:11:45.438619639 -0400 +@@ -0,0 +1,19 @@ ++--TEST-- ++Bug #71527 Buffer over-write in finfo_open with malformed magic file ++--SKIPIF-- ++ ++--EXPECTF-- ++Warning: finfo_open(): Failed to load magic database at '%sbug71527.magic'. in %sbug71527.php on line %d ++ ++Warning: finfo_file() expects parameter 1 to be resource, boolean given in %sbug71527.php on line %d ++bool(false) +Index: php5-5.3.10/ext/fileinfo/libmagic/funcs.c +=================================================================== +--- php5-5.3.10.orig/ext/fileinfo/libmagic/funcs.c 2016-04-18 11:11:44.602612094 -0400 ++++ php5-5.3.10/ext/fileinfo/libmagic/funcs.c 2016-04-18 11:12:12.286864306 -0400 +@@ -407,7 +407,7 @@ + size_t len; + + if (level >= ms->c.len) { +- len = (ms->c.len += 20) * sizeof(*ms->c.li); ++ len = (ms->c.len += 20 + level) * sizeof(*ms->c.li); + ms->c.li = (ms->c.li == NULL) ? emalloc(len) : erealloc(ms->c.li, len); + } + ms->c.li[level].got_match = 0; --- php5-5.3.10.orig/debian/patches/CVE-2014-0185.patch +++ php5-5.3.10/debian/patches/CVE-2014-0185.patch @@ -0,0 +1,41 @@ +From 35ceea928b12373a3b1e3eecdc32ed323223a40d Mon Sep 17 00:00:00 2001 +From: Stanislav Malyshev +Date: Tue, 15 Apr 2014 10:43:24 -0700 +Subject: [PATCH] Fix bug #67060: use default mode of 660 + +--- + NEWS | 4 +++- + sapi/fpm/fpm/fpm_unix.c | 2 +- + sapi/fpm/php-fpm.conf.in | 4 ++-- + 3 files changed, 6 insertions(+), 4 deletions(-) + +Index: php5-5.3.10/sapi/fpm/fpm/fpm_unix.c +=================================================================== +--- php5-5.3.10.orig/sapi/fpm/fpm/fpm_unix.c 2014-06-19 13:34:22.501421037 -0400 ++++ php5-5.3.10/sapi/fpm/fpm/fpm_unix.c 2014-06-19 13:34:22.497421037 -0400 +@@ -34,7 +34,7 @@ + /* uninitialized */ + wp->socket_uid = -1; + wp->socket_gid = -1; +- wp->socket_mode = 0666; ++ wp->socket_mode = 0660; + + if (!c) { + return 0; +Index: php5-5.3.10/sapi/fpm/php-fpm.conf.in +=================================================================== +--- php5-5.3.10.orig/sapi/fpm/php-fpm.conf.in 2014-06-19 13:34:22.501421037 -0400 ++++ php5-5.3.10/sapi/fpm/php-fpm.conf.in 2014-06-19 13:34:22.497421037 -0400 +@@ -156,10 +156,10 @@ + ; permissions must be set in order to allow connections from a web server. Many + ; BSD-derived systems allow connections regardless of permissions. + ; Default Values: user and group are set as the running user +-; mode is set to 0666 ++; mode is set to 0660 + ;listen.owner = @php_fpm_user@ + ;listen.group = @php_fpm_group@ +-;listen.mode = 0666 ++;listen.mode = 0660 + + ; List of ipv4 addresses of FastCGI clients which are allowed to connect. + ; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original --- php5-5.3.10.orig/debian/patches/001-libtool_fixes.patch +++ php5-5.3.10/debian/patches/001-libtool_fixes.patch @@ -0,0 +1,24 @@ +--- a/TSRM/configure.in ++++ b/TSRM/configure.in +@@ -13,9 +13,6 @@ TSRM_BASIC_CHECKS + TSRM_THREADS_CHECKS + + AM_PROG_LIBTOOL +-if test "$enable_debug" != "yes"; then +- AM_SET_LIBTOOL_VARIABLE([--silent]) +-fi + + dnl TSRM_PTHREAD + +--- a/configure.in ++++ b/configure.in +@@ -1353,9 +1353,6 @@ AC_PROVIDE_IFELSE([PHP_REQUIRE_CXX], [], + ]) + AC_PROG_LIBTOOL + +-if test "$enable_debug" != "yes"; then +- PHP_SET_LIBTOOL_VARIABLE([--silent]) +-fi + + dnl libtool 1.4.3 needs this. + PHP_SET_LIBTOOL_VARIABLE([--preserve-dup-deps]) --- php5-5.3.10.orig/debian/patches/use_embedded_timezonedb_fixes.patch +++ php5-5.3.10/debian/patches/use_embedded_timezonedb_fixes.patch @@ -0,0 +1,64 @@ +Author: Sean Finney +Forwarded: no (upstream doesn't want it) +Description: Silence warnings about using the default system timezone info + In vanilla upstream php, this is considered an error (i.e. the user must + set the timezone explicitly), though with our use of the system timezonedb + patch, we actually feel quite comfortable using the default timezone info. +Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=571762 +--- a/ext/date/php_date.c ++++ b/ext/date/php_date.c +@@ -886,7 +886,7 @@ static char* guess_timezone(const timeli + tzid = "UTC"; + } + +- php_error_docref(NULL TSRMLS_CC, E_WARNING, DATE_TZ_ERRMSG "We selected '%s' for '%s/%.1f/%s' instead", tzid, ta ? ta->tm_zone : "Unknown", ta ? (float) (ta->tm_gmtoff / 3600) : 0, ta ? (ta->tm_isdst ? "DST" : "no DST") : "Unknown"); ++ // php_error_docref(NULL TSRMLS_CC, E_WARNING, DATE_TZ_ERRMSG "We selected '%s' for '%s/%.1f/%s' instead", tzid, ta ? ta->tm_zone : "Unknown", ta ? (float) (ta->tm_gmtoff / 3600) : 0, ta ? (ta->tm_isdst ? "DST" : "no DST") : "Unknown"); + return tzid; + } + #endif +--- a/ext/date/tests/date_default_timezone_get-1.phpt ++++ /dev/null +@@ -1,16 +0,0 @@ +---TEST-- +-date_default_timezone_get() function [1] +---INI-- +-date.timezone= +---FILE-- +- +---EXPECTF-- +-Warning: date_default_timezone_get(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected 'UTC' for 'UTC/0.0/no DST' instead in %sdate_default_timezone_get-1.php on line 3 +-UTC +- +-Warning: date(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected 'UTC' for 'UTC/0.0/no DST' instead in %sdate_default_timezone_get-1.php on line 4 +-UTC +--- a/ext/date/tests/date_default_timezone_get-2.phpt ++++ /dev/null +@@ -1,12 +0,0 @@ +---TEST-- +-date_default_timezone_get() function [2] +---INI-- +-date.timezone= +---FILE-- +- +---EXPECTF-- +-Warning: date_default_timezone_get(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected 'UTC' for 'UTC/0.0/no DST' instead in %sdate_default_timezone_get-2.php on line 3 +-UTC +--- a/ext/date/tests/date_default_timezone_set-1.phpt ++++ b/ext/date/tests/date_default_timezone_set-1.phpt +@@ -22,9 +22,6 @@ date.timezone= + echo date(DATE_ISO8601, $date4), "\n"; + ?> + --EXPECTF-- +-Warning: strtotime(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected 'UTC' for 'UTC/0.0/no DST' instead in %sdate_default_timezone_set-1.php on line 3 +- +-Warning: strtotime(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected 'UTC' for 'UTC/0.0/no DST' instead in %sdate_default_timezone_set-1.php on line 4 + America/Indiana/Knox + 2005-01-12T03:00:00-0500 + 2005-07-12T03:00:00-0500 --- php5-5.3.10.orig/debian/patches/CVE-2016-6294.patch +++ php5-5.3.10/debian/patches/CVE-2016-6294.patch @@ -0,0 +1,76 @@ +From aa82e99ed8003c01f1ef4f0940e56b85c5b032d4 Mon Sep 17 00:00:00 2001 +From: Stanislav Malyshev +Date: Tue, 12 Jul 2016 22:37:36 -0700 +Subject: [PATCH] Fix bug #72533 (locale_accept_from_http out-of-bounds access) + +--- + ext/intl/locale/locale_methods.c | 18 ++++++++++++++++++ + ext/intl/tests/bug72533.phpt | 30 ++++++++++++++++++++++++++++++ + 2 files changed, 48 insertions(+) + create mode 100644 ext/intl/tests/bug72533.phpt + +Index: php5-5.3.10/ext/intl/locale/locale_methods.c +=================================================================== +--- php5-5.3.10.orig/ext/intl/locale/locale_methods.c 2016-07-28 15:35:29.031933345 -0400 ++++ php5-5.3.10/ext/intl/locale/locale_methods.c 2016-07-28 15:35:29.031933345 -0400 +@@ -1585,6 +1585,24 @@ + "locale_accept_from_http: unable to parse input parameters", 0 TSRMLS_CC ); + RETURN_FALSE; + } ++ if(http_accept_len > ULOC_FULLNAME_CAPACITY) { ++ /* check each fragment, if any bigger than capacity, can't do it due to bug #72533 */ ++ char *start = http_accept; ++ char *end; ++ size_t len; ++ do { ++ end = strchr(start, ','); ++ len = end ? end-start : http_accept_len-(start-http_accept); ++ if(len > ULOC_FULLNAME_CAPACITY) { ++ intl_error_set( NULL, U_ILLEGAL_ARGUMENT_ERROR, ++ "locale_accept_from_http: locale string too long", 0 TSRMLS_CC ); ++ RETURN_FALSE; ++ } ++ if(end) { ++ start = end+1; ++ } ++ } while(end != NULL); ++ } + + available = ures_openAvailableLocales(NULL, &status); + INTL_CHECK_STATUS(status, "locale_accept_from_http: failed to retrieve locale list"); +Index: php5-5.3.10/ext/intl/tests/bug72533.phpt +=================================================================== +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ php5-5.3.10/ext/intl/tests/bug72533.phpt 2016-07-28 15:35:29.031933345 -0400 +@@ -0,0 +1,30 @@ ++--TEST-- ++Bug #72533 (locale_accept_from_http out-of-bounds access) ++--SKIPIF-- ++ ++--FILE-- ++ ++--EXPECTF-- ++false ++'locale_accept_from_http: locale string too long: U_ILLEGAL_ARGUMENT_ERROR' ++'en' +\ No newline at end of file --- php5-5.3.10.orig/debian/patches/034-apache2_umask_fix.patch +++ php5-5.3.10/debian/patches/034-apache2_umask_fix.patch @@ -0,0 +1,50 @@ +Description: Save and restore umask across requests correctly. + . + Check if this is still an issue not addressed by upstream in some + other way already. +Origin: other +Bug-Debian: http://bugs.debian.org/286225 +Forwarded: no +Last-Update: 2010-01-18 + +--- a/sapi/apache2handler/sapi_apache2.c ++++ b/sapi/apache2handler/sapi_apache2.c +@@ -469,6 +469,19 @@ static apr_status_t php_server_context_c + return APR_SUCCESS; + } + ++static int saved_umask; ++ ++static void php_save_umask(void) ++{ ++ saved_umask = umask(077); ++ umask(saved_umask); ++} ++ ++static void php_restore_umask(void) ++{ ++ umask(saved_umask); ++} ++ + static int php_apache_request_ctor(request_rec *r, php_struct *ctx TSRMLS_DC) + { + char *content_length; +@@ -660,6 +673,8 @@ zend_first_try { + } else { + zend_file_handle zfd; + ++ php_save_umask(); ++ + zfd.type = ZEND_HANDLE_FILENAME; + zfd.filename = (char *) r->filename; + zfd.free_filename = 0; +@@ -671,6 +686,9 @@ zend_first_try { + zend_execute_scripts(ZEND_INCLUDE TSRMLS_CC, NULL, 1, &zfd); + } + ++ php_restore_umask(); ++ ++ + apr_table_set(r->notes, "mod_php_memory_usage", + apr_psprintf(ctx->r->pool, "%u", zend_memory_peak_usage(1 TSRMLS_CC))); + } --- php5-5.3.10.orig/debian/patches/036-fd_setsize_fix.patch +++ php5-5.3.10/debian/patches/036-fd_setsize_fix.patch @@ -0,0 +1,26 @@ +Description: Fixes misuse of FD_SET() +Origin: vendor +Forwarded: no +Last-Update: 2010-01-18 + +--- a/ext/sockets/sockets.c ++++ b/ext/sockets/sockets.c +@@ -721,6 +721,7 @@ static int php_sock_array_to_fd_set(zval + + php_sock = (php_socket*) zend_fetch_resource(element TSRMLS_CC, -1, le_socket_name, NULL, 1, le_socket); + if (!php_sock) continue; /* If element is not a resource, skip it */ ++ if (php_sock->bsd_socket > FD_SETSIZE) continue; /* must ignore it */ + + PHP_SAFE_FD_SET(php_sock->bsd_socket, fds); + if (php_sock->bsd_socket > *max_fd) { +--- a/ext/standard/streamsfuncs.c ++++ b/ext/standard/streamsfuncs.c +@@ -635,6 +635,8 @@ static int stream_array_to_fd_set(zval * + * is not displayed. + * */ + if (SUCCESS == php_stream_cast(stream, PHP_STREAM_AS_FD_FOR_SELECT | PHP_STREAM_CAST_INTERNAL, (void*)&this_fd, 1) && this_fd != -1) { ++ if (this_fd > FD_SETSIZE) ++ continue; + + PHP_SAFE_FD_SET(this_fd, fds); + --- php5-5.3.10.orig/debian/patches/CVE-2014-3669.patch +++ php5-5.3.10/debian/patches/CVE-2014-3669.patch @@ -0,0 +1,56 @@ +From 9aa90145239bae82d2af0a99fdae4ab27eb5f4f2 Mon Sep 17 00:00:00 2001 +From: Stanislav Malyshev +Date: Sun, 28 Sep 2014 14:19:31 -0700 +Subject: [PATCH] Fixed bug #68044: Integer overflow in unserialize() (32-bits + only) + +--- + ext/standard/tests/serialize/bug68044.phpt | 12 ++++++++++++ + ext/standard/var_unserializer.c | 4 ++-- + ext/standard/var_unserializer.re | 2 +- + 3 files changed, 15 insertions(+), 3 deletions(-) + create mode 100644 ext/standard/tests/serialize/bug68044.phpt + +Index: php5-5.3.10/ext/standard/tests/serialize/bug68044.phpt +=================================================================== +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ php5-5.3.10/ext/standard/tests/serialize/bug68044.phpt 2014-10-28 10:47:49.392858855 -0400 +@@ -0,0 +1,12 @@ ++--TEST-- ++Bug #68044 Integer overflow in unserialize() (32-bits only) ++--FILE-- ++ ++===DONE== ++--EXPECTF-- ++Warning: Insufficient data for unserializing - %d required, 1 present in %s/bug68044.php on line 2 ++ ++Notice: unserialize(): Error at offset 32 of 33 bytes in %s/bug68044.php on line 2 ++===DONE== +Index: php5-5.3.10/ext/standard/var_unserializer.c +=================================================================== +--- php5-5.3.10.orig/ext/standard/var_unserializer.c 2014-10-28 10:47:49.392858855 -0400 ++++ php5-5.3.10/ext/standard/var_unserializer.c 2014-10-28 10:47:49.392858855 -0400 +@@ -333,7 +333,7 @@ + + (*p) += 2; + +- if (datalen < 0 || (*p) + datalen >= max) { ++ if (datalen < 0 || (max - (*p)) <= datalen) { + zend_error(E_WARNING, "Insufficient data for unserializing - %ld required, %ld present", datalen, (long)(max - (*p))); + return 0; + } +Index: php5-5.3.10/ext/standard/var_unserializer.re +=================================================================== +--- php5-5.3.10.orig/ext/standard/var_unserializer.re 2014-10-28 10:47:49.392858855 -0400 ++++ php5-5.3.10/ext/standard/var_unserializer.re 2014-10-28 10:47:49.392858855 -0400 +@@ -339,7 +339,7 @@ + + (*p) += 2; + +- if (datalen < 0 || (*p) + datalen >= max) { ++ if (datalen < 0 || (max - (*p)) <= datalen) { + zend_error(E_WARNING, "Insufficient data for unserializing - %ld required, %ld present", datalen, (long)(max - (*p))); + return 0; + } --- php5-5.3.10.orig/debian/patches/CVE-2016-5385.patch +++ php5-5.3.10/debian/patches/CVE-2016-5385.patch @@ -0,0 +1,117 @@ +Description: fix proxy request header vulnerability (httpoxy) +Origin: backport, http://git.php.net/?p=php-src.git;a=commit;h=98b9dfaec95e6f910f125ed172cdbd25abd006ec +Origin: backport, http://git.php.net/?p=php-src.git;a=commit;h=9ebc96116b609cd3c969c2d5a460aaa904c2afec +Bug: https://bugs.php.net/bug.php?id=72573 + +Index: php5-5.3.10/ext/standard/basic_functions.c +=================================================================== +--- php5-5.3.10.orig/ext/standard/basic_functions.c 2016-07-28 15:15:44.980460955 -0400 ++++ php5-5.3.10/ext/standard/basic_functions.c 2016-07-28 15:15:44.972460850 -0400 +@@ -645,8 +645,9 @@ + ZEND_ARG_INFO(0, proper_address) + ZEND_END_ARG_INFO() + +-ZEND_BEGIN_ARG_INFO(arginfo_getenv, 0) ++ZEND_BEGIN_ARG_INFO_EX(arginfo_getenv, 0, 0, 1) + ZEND_ARG_INFO(0, varname) ++ ZEND_ARG_INFO(0, local_only) + ZEND_END_ARG_INFO() + + #ifdef HAVE_PUTENV +@@ -3984,21 +3985,24 @@ + * System Functions * + ********************/ + +-/* {{{ proto string getenv(string varname) ++/* {{{ proto string getenv(string varname[, bool local_only]) + Get the value of an environment variable */ + PHP_FUNCTION(getenv) + { + char *ptr, *str; + int str_len; ++ zend_bool local_only = 0; + +- if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s", &str, &str_len) == FAILURE) { ++ if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s|b", &str, &str_len, &local_only) == FAILURE) { + RETURN_FALSE; + } + +- /* SAPI method returns an emalloc()'d string */ +- ptr = sapi_getenv(str, str_len TSRMLS_CC); +- if (ptr) { +- RETURN_STRING(ptr, 0); ++ if (!local_only) { ++ /* SAPI method returns an emalloc()'d string */ ++ ptr = sapi_getenv(str, str_len TSRMLS_CC); ++ if (ptr) { ++ RETURN_STRING(ptr, 0); ++ } + } + #ifdef PHP_WIN32 + { +Index: php5-5.3.10/main/SAPI.c +=================================================================== +--- php5-5.3.10.orig/main/SAPI.c 2016-07-28 15:15:44.980460955 -0400 ++++ php5-5.3.10/main/SAPI.c 2016-07-28 15:15:44.972460850 -0400 +@@ -942,7 +942,11 @@ + + SAPI_API char *sapi_getenv(char *name, size_t name_len TSRMLS_DC) + { +- if (sapi_module.getenv) { ++ if (!strncasecmp(name, "HTTP_PROXY", name_len)) { ++ /* Ugly fix for HTTP_PROXY issue */ ++ return NULL; ++ } ++ if (sapi_module.getenv) { + char *value, *tmp = sapi_module.getenv(name, name_len TSRMLS_CC); + if (tmp) { + value = estrdup(tmp); +Index: php5-5.3.10/main/php_variables.c +=================================================================== +--- php5-5.3.10.orig/main/php_variables.c 2016-07-28 15:15:44.980460955 -0400 ++++ php5-5.3.10/main/php_variables.c 2016-07-28 15:16:51.809334040 -0400 +@@ -792,6 +792,22 @@ + } + /* }}} */ + ++/* Upgly hack to fix HTTP_PROXY issue */ ++static void check_http_proxy(HashTable *var_table) { ++ if (zend_hash_exists(var_table, "HTTP_PROXY", sizeof("HTTP_PROXY"))) { ++ char *local_proxy = getenv("HTTP_PROXY"); ++ ++ if (!local_proxy) { ++ zend_hash_del(var_table, "HTTP_PROXY", sizeof("HTTP_PROXY")); ++ } else { ++ zval *local_zval; ++ ALLOC_INIT_ZVAL(local_zval); ++ ZVAL_STRING(local_zval, local_proxy, 1); ++ zend_hash_update(var_table, "HTTP_PROXY", sizeof("HTTP_PROXY"), &local_zval, sizeof(zval **), NULL); ++ } ++ } ++} ++ + static zend_bool php_auto_globals_create_server(char *name, uint name_len TSRMLS_DC) + { + if (PG(variables_order) && (strchr(PG(variables_order),'S') || strchr(PG(variables_order),'s'))) { +@@ -824,6 +840,7 @@ + PG(http_globals)[TRACK_VARS_SERVER] = server_vars; + } + ++ check_http_proxy(Z_ARRVAL_P(PG(http_globals)[TRACK_VARS_SERVER])); + zend_hash_update(&EG(symbol_table), name, name_len + 1, &PG(http_globals)[TRACK_VARS_SERVER], sizeof(zval *), NULL); + Z_ADDREF_P(PG(http_globals)[TRACK_VARS_SERVER]); + +@@ -845,11 +862,12 @@ + zval_ptr_dtor(&PG(http_globals)[TRACK_VARS_ENV]); + } + PG(http_globals)[TRACK_VARS_ENV] = env_vars; +- ++ + if (PG(variables_order) && (strchr(PG(variables_order),'E') || strchr(PG(variables_order),'e'))) { + php_import_environment_variables(PG(http_globals)[TRACK_VARS_ENV] TSRMLS_CC); + } + ++ check_http_proxy(Z_ARRVAL_P(PG(http_globals)[TRACK_VARS_ENV])); + zend_hash_update(&EG(symbol_table), name, name_len + 1, &PG(http_globals)[TRACK_VARS_ENV], sizeof(zval *), NULL); + Z_ADDREF_P(PG(http_globals)[TRACK_VARS_ENV]); + --- php5-5.3.10.orig/debian/patches/php-fpm-man-section-and-cleanup.patch +++ php5-5.3.10/debian/patches/php-fpm-man-section-and-cleanup.patch @@ -0,0 +1,38 @@ +Description: Fix php-fpm's manpage section to match location of binary + (/usr/sbin,) additionally, remove some stuff that is useless or + doesn't apply to Debian. +Origin: vendor +Forwarded: http://bugs.php.net/52476 +Last-Update: 2010-07-29 + +--- a/sapi/fpm/php-fpm.8.in ++++ b/sapi/fpm/php-fpm.8.in +@@ -112,15 +112,8 @@ The configuration file for the php-fpm d + .TP + .B php.ini + The standard php configuration file. +-.SH EXAMPLES +-You should use the init script provided to start and stop the php-fpm daemon. This situation applies for any unix systems which use init.d for their main process manager. +-.P +-.PD 1 +-.RS +-sudo /etc/init.d/php-fpm start +-.RE +-.TP +-If your installation has no appropriate init script, launch php-fpm with no arguments. It will launch as a daemon (background process) by default. The file @php_fpm_localstatedir@/run/php-fpm.pid determines whether php-fpm is already up and running. Once started, php-fpm then responds to several POSIX signals: ++.SH SIGNAL ++Once started, php-fpm then responds to several POSIX signals: + .P + .PD 0 + .RS +@@ -134,10 +127,6 @@ If your installation has no appropriate + .RE + .PD 1 + .P +-.SH TIPS +-The PHP-FPM CGI daemon will work well with most popular webservers, including Apache2, lighttpd and nginx. +-.PD 1 +-.P + .SH SEE ALSO + The PHP-FPM website: + .PD 0 --- php5-5.3.10.orig/debian/patches/CVE-2014-2270.patch +++ php5-5.3.10/debian/patches/CVE-2014-2270.patch @@ -0,0 +1,160 @@ +Backport of: + +From: Remi Collet +Date: Tue, 4 Mar 2014 19:32:52 +0000 (+0100) +Subject: Fixed Bug #66820 out-of-bounds memory access in fileinfo +X-Git-Tag: php-5.4.27RC1~14 +X-Git-Url: http://72.52.91.13:8000/?p=php-src.git;a=commitdiff_plain;h=a33759fd275b32ed0bbe89796fe2953b3cb0b41f + +Fixed Bug #66820 out-of-bounds memory access in fileinfo + +Upstream fix: +https://github.com/glensc/file/commit/447558595a3650db2886cd2f416ad0beba965801 + +Notice, test changed, with upstream agreement: +-define OFFSET_OOB(n, o, i) ((n) < (o) || (i) >= ((n) - (o))) ++define OFFSET_OOB(n, o, i) ((n) < (o) || (i) > ((n) - (o))) +--- + +Index: php5-5.3.10/ext/fileinfo/libmagic/softmagic.c +=================================================================== +--- php5-5.3.10.orig/ext/fileinfo/libmagic/softmagic.c 2014-04-03 15:19:31.190299578 -0400 ++++ php5-5.3.10/ext/fileinfo/libmagic/softmagic.c 2014-04-03 15:19:31.154299577 -0400 +@@ -65,6 +65,8 @@ + private void cvt_32(union VALUETYPE *, const struct magic *); + private void cvt_64(union VALUETYPE *, const struct magic *); + ++#define OFFSET_OOB(n, o, i) ((n) < (o) || (i) > ((n) - (o))) ++ + /* + * softmagic - lookup one file in parsed, in-memory copy of database + * Passed the name and FILE * of one file to be typed. +@@ -1059,7 +1061,7 @@ + } + switch (m->in_type) { + case FILE_BYTE: +- if (nbytes < (offset + 1)) ++ if (OFFSET_OOB(nbytes, offset, 1)) + return 0; + if (off) { + switch (m->in_op & FILE_OPS_MASK) { +@@ -1094,7 +1096,7 @@ + offset = ~offset; + break; + case FILE_BESHORT: +- if (nbytes < (offset + 2)) ++ if (OFFSET_OOB(nbytes, offset, 2)) + return 0; + if (off) { + switch (m->in_op & FILE_OPS_MASK) { +@@ -1146,7 +1148,7 @@ + offset = ~offset; + break; + case FILE_LESHORT: +- if (nbytes < (offset + 2)) ++ if (OFFSET_OOB(nbytes, offset, 2)) + return 0; + if (off) { + switch (m->in_op & FILE_OPS_MASK) { +@@ -1198,7 +1200,7 @@ + offset = ~offset; + break; + case FILE_SHORT: +- if (nbytes < (offset + 2)) ++ if (OFFSET_OOB(nbytes, offset, 2)) + return 0; + if (off) { + switch (m->in_op & FILE_OPS_MASK) { +@@ -1235,7 +1237,7 @@ + break; + case FILE_BELONG: + case FILE_BEID3: +- if (nbytes < (offset + 4)) ++ if (OFFSET_OOB(nbytes, offset, 4)) + return 0; + if (off) { + switch (m->in_op & FILE_OPS_MASK) { +@@ -1306,7 +1308,7 @@ + break; + case FILE_LELONG: + case FILE_LEID3: +- if (nbytes < (offset + 4)) ++ if (OFFSET_OOB(nbytes, offset, 4)) + return 0; + if (off) { + switch (m->in_op & FILE_OPS_MASK) { +@@ -1376,7 +1378,7 @@ + offset = ~offset; + break; + case FILE_MELONG: +- if (nbytes < (offset + 4)) ++ if (OFFSET_OOB(nbytes, offset, 4)) + return 0; + if (off) { + switch (m->in_op & FILE_OPS_MASK) { +@@ -1446,7 +1448,7 @@ + offset = ~offset; + break; + case FILE_LONG: +- if (nbytes < (offset + 4)) ++ if (OFFSET_OOB(nbytes, offset, 4)) + return 0; + if (off) { + switch (m->in_op & FILE_OPS_MASK) { +@@ -1510,14 +1512,14 @@ + /* Verify we have enough data to match magic type */ + switch (m->type) { + case FILE_BYTE: +- if (nbytes < (offset + 1)) /* should alway be true */ ++ if (OFFSET_OOB(nbytes, offset, 1)) + return 0; + break; + + case FILE_SHORT: + case FILE_BESHORT: + case FILE_LESHORT: +- if (nbytes < (offset + 2)) ++ if (OFFSET_OOB(nbytes, offset, 2)) + return 0; + break; + +@@ -1536,26 +1538,26 @@ + case FILE_FLOAT: + case FILE_BEFLOAT: + case FILE_LEFLOAT: +- if (nbytes < (offset + 4)) ++ if (OFFSET_OOB(nbytes, offset, 4)) + return 0; + break; + + case FILE_DOUBLE: + case FILE_BEDOUBLE: + case FILE_LEDOUBLE: +- if (nbytes < (offset + 8)) ++ if (OFFSET_OOB(nbytes, offset, 8)) + return 0; + break; + + case FILE_STRING: + case FILE_PSTRING: + case FILE_SEARCH: +- if (nbytes < (offset + m->vallen)) ++ if (OFFSET_OOB(nbytes, offset, m->vallen)) + return 0; + break; + + case FILE_REGEX: +- if (nbytes < offset) ++ if (OFFSET_OOB(nbytes, offset, 0)) + return 0; + break; + +@@ -1565,7 +1567,7 @@ + if ((ms->flags & (MAGIC_MIME|MAGIC_APPLE)) == 0 && + file_printf(ms, m->desc) == -1) + return -1; +- if (nbytes < offset) ++ if (OFFSET_OOB(nbytes, offset, 0)) + return 0; + return file_softmagic(ms, s + offset, nbytes - offset, + recursion_level, BINTEST); --- php5-5.3.10.orig/debian/patches/CVE-2015-4643.patch +++ php5-5.3.10/debian/patches/CVE-2015-4643.patch @@ -0,0 +1,23 @@ +From 0765623d6991b62ffcd93ddb6be8a5203a2fa7e2 Mon Sep 17 00:00:00 2001 +From: Stanislav Malyshev +Date: Sun, 31 May 2015 17:23:06 -0700 +Subject: [PATCH] improve fix for Bug #69545 + +--- + NEWS | 4 ++++ + ext/ftp/ftp.c | 2 -- + 2 files changed, 4 insertions(+), 2 deletions(-) + +Index: php5-5.3.10/ext/ftp/ftp.c +=================================================================== +--- php5-5.3.10.orig/ext/ftp/ftp.c 2015-06-26 13:49:16.165468095 -0400 ++++ php5-5.3.10/ext/ftp/ftp.c 2015-06-26 13:49:16.161468052 -0400 +@@ -1648,8 +1648,6 @@ + for (ptr = data->buf; rcvd; rcvd--, ptr++) { + if (*ptr == '\n' && lastch == '\r') { + lines++; +- } else { +- size++; + } + lastch = *ptr; + } --- php5-5.3.10.orig/debian/patches/CVE-2013-6712.patch +++ php5-5.3.10/debian/patches/CVE-2013-6712.patch @@ -0,0 +1,31 @@ +Description: fix denial of service via crafted interval specification +Origin: upstream, http://git.php.net/?p=php-src.git;a=commit;h=12fe4e90be7bfa2a763197079f68f5568a14e071 +Bug: https://bugs.php.net/bug.php?id=66060 (private) +Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=731112 + +Index: php5-5.4.9/ext/date/lib/parse_iso_intervals.c +=================================================================== +--- php5-5.4.9.orig/ext/date/lib/parse_iso_intervals.c 2013-12-11 19:19:15.975895187 -0500 ++++ php5-5.4.9/ext/date/lib/parse_iso_intervals.c 2013-12-11 19:19:15.971895187 -0500 +@@ -415,7 +415,7 @@ + break; + } + ptr++; +- } while (*ptr); ++ } while (!s->errors->error_count && *ptr); + s->have_period = 1; + TIMELIB_DEINIT; + return TIMELIB_PERIOD; +Index: php5-5.4.9/ext/date/lib/parse_iso_intervals.re +=================================================================== +--- php5-5.4.9.orig/ext/date/lib/parse_iso_intervals.re 2013-12-11 19:19:15.975895187 -0500 ++++ php5-5.4.9/ext/date/lib/parse_iso_intervals.re 2013-12-11 19:19:15.971895187 -0500 +@@ -383,7 +383,7 @@ + break; + } + ptr++; +- } while (*ptr); ++ } while (!s->errors->error_count && *ptr); + s->have_period = 1; + TIMELIB_DEINIT; + return TIMELIB_PERIOD; --- php5-5.3.10.orig/debian/patches/CVE-2013-1643.patch +++ php5-5.3.10/debian/patches/CVE-2013-1643.patch @@ -0,0 +1,145 @@ +Description: fix arbitrary file disclosure via XML External Entity +Origin: backport, http://git.php.net/?p=php-src.git;a=commit;h=8e76d0404b7f664ee6719fd98f0483f0ac4669d6 +Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702221 + +Index: php5-5.3.10/ext/libxml/libxml.c +=================================================================== +--- php5-5.3.10.orig/ext/libxml/libxml.c 2013-03-08 16:20:00.229080367 -0500 ++++ php5-5.3.10/ext/libxml/libxml.c 2013-03-08 16:20:38.333080003 -0500 +@@ -261,6 +261,7 @@ + libxml_globals->stream_context = NULL; + libxml_globals->error_buffer.c = NULL; + libxml_globals->error_list = NULL; ++ libxml_globals->entity_loader_disabled = 0; + } + + /* Channel libxml file io layer through the PHP streams subsystem. +@@ -348,16 +349,15 @@ + } + + static xmlParserInputBufferPtr +-php_libxml_input_buffer_noload(const char *URI, xmlCharEncoding enc) +-{ +- return NULL; +-} +- +-static xmlParserInputBufferPtr + php_libxml_input_buffer_create_filename(const char *URI, xmlCharEncoding enc) + { + xmlParserInputBufferPtr ret; + void *context = NULL; ++ TSRMLS_FETCH(); ++ ++ if (LIBXML(entity_loader_disabled)) { ++ return NULL; ++ } + + if (URI == NULL) + return(NULL); +@@ -833,28 +833,25 @@ + } + /* }}} */ + ++PHP_LIBXML_API zend_bool php_libxml_disable_entity_loader(zend_bool disable TSRMLS_DC) ++{ ++ zend_bool old = LIBXML(entity_loader_disabled); ++ ++ LIBXML(entity_loader_disabled) = disable; ++ return old; ++} ++ + /* {{{ proto bool libxml_disable_entity_loader([boolean disable]) + Disable/Enable ability to load external entities */ + static PHP_FUNCTION(libxml_disable_entity_loader) + { + zend_bool disable = 1; +- xmlParserInputBufferCreateFilenameFunc old; + + if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "|b", &disable) == FAILURE) { + return; + } + +- if (disable == 0) { +- old = xmlParserInputBufferCreateFilenameDefault(php_libxml_input_buffer_create_filename); +- } else { +- old = xmlParserInputBufferCreateFilenameDefault(php_libxml_input_buffer_noload); +- } +- +- if (old == php_libxml_input_buffer_noload) { +- RETURN_TRUE; +- } +- +- RETURN_FALSE; ++ RETURN_BOOL(php_libxml_disable_entity_loader(disable TSRMLS_CC)); + } + /* }}} */ + +Index: php5-5.3.10/ext/libxml/php_libxml.h +=================================================================== +--- php5-5.3.10.orig/ext/libxml/php_libxml.h 2013-03-08 16:20:00.229080367 -0500 ++++ php5-5.3.10/ext/libxml/php_libxml.h 2013-03-08 16:21:01.757079780 -0500 +@@ -43,6 +43,7 @@ + zval *stream_context; + smart_str error_buffer; + zend_llist *error_list; ++ zend_bool entity_loader_disabled; + ZEND_END_MODULE_GLOBALS(libxml) + + typedef struct _libxml_doc_props { +@@ -93,6 +94,7 @@ + PHP_LIBXML_API int php_libxml_xmlCheckUTF8(const unsigned char *s); + PHP_LIBXML_API zval *php_libxml_switch_context(zval *context TSRMLS_DC); + PHP_LIBXML_API void php_libxml_issue_error(int level, const char *msg TSRMLS_DC); ++PHP_LIBXML_API zend_bool php_libxml_disable_entity_loader(zend_bool disable TSRMLS_DC); + + /* Init/shutdown functions*/ + PHP_LIBXML_API void php_libxml_initialize(void); +Index: php5-5.3.10/ext/soap/php_xml.c +=================================================================== +--- php5-5.3.10.orig/ext/soap/php_xml.c 2013-03-08 16:20:00.229080367 -0500 ++++ php5-5.3.10/ext/soap/php_xml.c 2013-03-08 16:20:00.225080367 -0500 +@@ -20,6 +20,7 @@ + /* $Id: php_xml.c 321634 2012-01-01 13:15:04Z felipe $ */ + + #include "php_soap.h" ++#include "ext/libxml/php_libxml.h" + #include "libxml/parser.h" + #include "libxml/parserInternals.h" + +@@ -91,13 +92,17 @@ + ctxt = xmlCreateFileParserCtxt(filename); + PG(allow_url_fopen) = old_allow_url_fopen; + if (ctxt) { ++ zend_bool old; ++ + ctxt->keepBlanks = 0; + ctxt->sax->ignorableWhitespace = soap_ignorableWhitespace; + ctxt->sax->comment = soap_Comment; + ctxt->sax->warning = NULL; + ctxt->sax->error = NULL; + /*ctxt->sax->fatalError = NULL;*/ ++ old = php_libxml_disable_entity_loader(1); + xmlParseDocument(ctxt); ++ php_libxml_disable_entity_loader(old); + if (ctxt->wellFormed) { + ret = ctxt->myDoc; + if (ret->URL == NULL && ctxt->directory != NULL) { +@@ -133,6 +138,8 @@ + */ + ctxt = xmlCreateMemoryParserCtxt(buf, buf_size); + if (ctxt) { ++ zend_bool old; ++ + ctxt->sax->ignorableWhitespace = soap_ignorableWhitespace; + ctxt->sax->comment = soap_Comment; + ctxt->sax->warning = NULL; +@@ -141,7 +148,9 @@ + #if LIBXML_VERSION >= 20703 + ctxt->options |= XML_PARSE_HUGE; + #endif ++ old = php_libxml_disable_entity_loader(1); + xmlParseDocument(ctxt); ++ php_libxml_disable_entity_loader(old); + if (ctxt->wellFormed) { + ret = ctxt->myDoc; + if (ret->URL == NULL && ctxt->directory != NULL) { --- php5-5.3.10.orig/debian/patches/CVE-2015-8838.patch +++ php5-5.3.10/debian/patches/CVE-2015-8838.patch @@ -0,0 +1,63 @@ +Backport of: + +From 97aa752fee61fccdec361279adbfb17a3c60f3f4 Mon Sep 17 00:00:00 2001 +From: Stanislav Malyshev +Date: Sun, 5 Jul 2015 00:00:53 -0700 +Subject: [PATCH] Fix bug #69669 (mysqlnd is vulnerable to BACKRONYM) + +--- + ext/mysqlnd/mysqlnd.c | 65 +++++++++++++++++++++++++++++++-------------------- + 1 file changed, 40 insertions(+), 25 deletions(-) + +Index: php5-5.3.10/ext/mysqlnd/mysqlnd.c +=================================================================== +--- php5-5.3.10.orig/ext/mysqlnd/mysqlnd.c 2016-04-18 10:58:09.257808341 -0400 ++++ php5-5.3.10/ext/mysqlnd/mysqlnd.c 2016-04-18 10:58:09.257808341 -0400 +@@ -453,7 +453,7 @@ + } + + #ifdef MYSQLND_SSL_SUPPORTED +- if ((greet_packet->server_capabilities & CLIENT_SSL) && (mysql_flags & CLIENT_SSL)) { ++ if (mysql_flags & CLIENT_SSL) { + auth_packet->send_half_packet = TRUE; + } + #endif +@@ -489,20 +489,27 @@ + + #ifdef MYSQLND_SSL_SUPPORTED + if (auth_packet->send_half_packet) { +- zend_bool verify = mysql_flags & CLIENT_SSL_VERIFY_SERVER_CERT? TRUE:FALSE; +- DBG_INF("Switching to SSL"); +- +- conn->net->m.set_client_option(conn->net, MYSQL_OPT_SSL_VERIFY_SERVER_CERT, (const char *) &verify TSRMLS_CC); +- +- if (FAIL == conn->net->m.enable_ssl(conn->net TSRMLS_CC)) { +- goto err; +- } +- +- auth_packet->send_half_packet = FALSE; +- if (!PACKET_WRITE(auth_packet, conn)) { ++ zend_bool server_has_ssl = (greet_packet->server_capabilities & CLIENT_SSL)? TRUE:FALSE; ++ if (server_has_ssl == FALSE) { + CONN_SET_STATE(conn, CONN_QUIT_SENT); + SET_CLIENT_ERROR(conn->error_info, CR_SERVER_GONE_ERROR, UNKNOWN_SQLSTATE, mysqlnd_server_gone); + goto err; ++ } else { ++ zend_bool verify = mysql_flags & CLIENT_SSL_VERIFY_SERVER_CERT? TRUE:FALSE; ++ DBG_INF("Switching to SSL"); ++ ++ conn->net->m.set_client_option(conn->net, MYSQL_OPT_SSL_VERIFY_SERVER_CERT, (const char *) &verify TSRMLS_CC); ++ ++ if (FAIL == conn->net->m.enable_ssl(conn->net TSRMLS_CC)) { ++ goto err; ++ } ++ ++ auth_packet->send_half_packet = FALSE; ++ if (!PACKET_WRITE(auth_packet, conn)) { ++ CONN_SET_STATE(conn, CONN_QUIT_SENT); ++ SET_CLIENT_ERROR(conn->error_info, CR_SERVER_GONE_ERROR, UNKNOWN_SQLSTATE, mysqlnd_server_gone); ++ goto err; ++ } + } + } + #endif --- php5-5.3.10.orig/debian/patches/CVE-2015-4024.patch +++ php5-5.3.10/debian/patches/CVE-2015-4024.patch @@ -0,0 +1,96 @@ +Backport of: + +From 4605d536d23b00813d11cc906bb48d39bdcf5f25 Mon Sep 17 00:00:00 2001 +From: Stanislav Malyshev +Date: Sat, 9 May 2015 23:04:25 -0700 +Subject: [PATCH] Fixed bug #69364 - use smart_str to assemble strings + +--- + main/rfc1867.c | 51 +++++++++++++++++++++++++++------------------------ + 1 file changed, 27 insertions(+), 24 deletions(-) + +Index: php5-5.3.10/main/rfc1867.c +=================================================================== +--- php5-5.3.10.orig/main/rfc1867.c 2015-06-26 13:31:42.661564912 -0400 ++++ php5-5.3.10/main/rfc1867.c 2015-06-26 13:33:34.626843221 -0400 +@@ -33,6 +33,7 @@ + #include "php_variables.h" + #include "rfc1867.h" + #include "ext/standard/php_string.h" ++#include "ext/standard/php_smart_str.h" + + #define DEBUG_FILE_UPLOAD ZEND_DEBUG + +@@ -462,8 +463,9 @@ + static int multipart_buffer_headers(multipart_buffer *self, zend_llist *header TSRMLS_DC) + { + char *line; +- mime_header_entry prev_entry, entry; +- int prev_len, cur_len; ++ mime_header_entry entry = {0}; ++ smart_str buf_value = {0}; ++ char *key = NULL; + + /* didn't find boundary, abort */ + if (!find_boundary(self, self->boundary TSRMLS_CC)) { +@@ -475,7 +477,6 @@ + while( (line = get_line(self TSRMLS_CC)) && strlen(line) > 0 ) + { + /* add header to table */ +- char *key = line; + char *value = NULL; + + /* space in the beginning means same header */ +@@ -484,31 +485,33 @@ + } + + if (value) { +- *value = 0; +- do { value++; } while(isspace(*value)); +- +- entry.value = estrdup(value); +- entry.key = estrdup(key); +- +- } else if (zend_llist_count(header)) { /* If no ':' on the line, add to previous line */ +- +- prev_len = strlen(prev_entry.value); +- cur_len = strlen(line); ++ if(buf_value.c && key) { ++ /* new entry, add the old one to the list */ ++ smart_str_0(&buf_value); ++ entry.key = key; ++ entry.value = buf_value.c; ++ zend_llist_add_element(header, &entry); ++ buf_value.c = NULL; ++ key = NULL; ++ } + +- entry.value = emalloc(prev_len + cur_len + 1); +- memcpy(entry.value, prev_entry.value, prev_len); +- memcpy(entry.value + prev_len, line, cur_len); +- entry.value[cur_len + prev_len] = '\0'; +- +- entry.key = estrdup(prev_entry.key); ++ *value = '\0'; ++ do { value++; } while(isspace(*value)); + +- zend_llist_remove_tail(header); ++ key = estrdup(line); ++ smart_str_appends(&buf_value, value); ++ } else if (buf_value.c) { /* If no ':' on the line, add to previous line */ ++ smart_str_appends(&buf_value, line); + } else { + continue; + } +- ++ } ++ if(buf_value.c && key) { ++ /* add the last one to the list */ ++ smart_str_0(&buf_value); ++ entry.key = key; ++ entry.value = buf_value.c; + zend_llist_add_element(header, &entry); +- prev_entry = entry; + } + + return 1; --- php5-5.3.10.orig/debian/patches/dont_require_autoconf2.59_or_lower.patch +++ php5-5.3.10/debian/patches/dont_require_autoconf2.59_or_lower.patch @@ -0,0 +1,30 @@ +--- a/build/buildcheck.sh ++++ b/build/buildcheck.sh +@@ -44,17 +44,17 @@ echo " to build PHP from SVN." + exit 1 + fi + +-if test "$1" = "2" -a "$2" -gt "59"; then +- echo "buildconf: You need autoconf 2.59 or lower to build this version of PHP." +- echo " You are currently trying to use $ac_version" +- echo " Most distros have separate autoconf 2.13 or 2.59 packages." +- echo " On Debian/Ubuntu both autoconf2.13 and autoconf2.59 packages exist." +- echo " Install autoconf2.13 and set the PHP_AUTOCONF env var to " +- echo " autoconf2.13 and try again." +- exit 1 +-else ++#if test "$1" = "2" -a "$2" -gt "59"; then ++# echo "buildconf: You need autoconf 2.59 or lower to build this version of PHP." ++# echo " You are currently trying to use $ac_version" ++# echo " Most distros have separate autoconf 2.13 or 2.59 packages." ++# echo " On Debian/Ubuntu both autoconf2.13 and autoconf2.59 packages exist." ++# echo " Install autoconf2.13 and set the PHP_AUTOCONF env var to " ++# echo " autoconf2.13 and try again." ++# exit 1 ++#else + echo "buildconf: autoconf version $ac_version (ok)" +-fi ++#fi + + if test "$1" = "2" -a "$2" -ge "50"; then + ./vcsclean --- php5-5.3.10.orig/debian/patches/101-sqlite_is_shared.patch +++ php5-5.3.10/debian/patches/101-sqlite_is_shared.patch @@ -0,0 +1,11 @@ +--- a/ext/sqlite/config.m4 ++++ b/ext/sqlite/config.m4 +@@ -84,7 +84,7 @@ if test "$PHP_SQLITE" != "no"; then + ]) + SQLITE_MODULE_TYPE=external + PHP_SQLITE_CFLAGS=$pdo_inc_path +- sqlite_extra_sources="libsqlite/src/encode.c" ++ sqlite_extra_sources="" + else + # use bundled library + PHP_PROG_LEMON --- php5-5.3.10.orig/debian/patches/CVE-2014-3597.patch +++ php5-5.3.10/debian/patches/CVE-2014-3597.patch @@ -0,0 +1,266 @@ +Origin: https://github.com/php/php-src/commit/2fefae47716d501aec41c1102f3fd4531f070b05 +From: Remi Collet +Subject: Fixed Sec Bug #67717 segfault in dns_get_record CVE-2014-3597 + +--- + ext/standard/dns.c | 84 +++++++++++++++++++++++++++++++++++++---------------- + 1 file changed, 60 insertions(+), 24 deletions(-) + +Index: b/ext/standard/dns.c +=================================================================== +--- a/ext/standard/dns.c ++++ b/ext/standard/dns.c +@@ -412,8 +412,14 @@ + + #if HAVE_FULL_DNS_FUNCS + ++#define CHECKCP(n) do { \ ++ if (cp + n > end) { \ ++ return NULL; \ ++ } \ ++} while (0) ++ + /* {{{ php_parserr */ +-static u_char *php_parserr(u_char *cp, querybuf *answer, int type_to_fetch, int store, zval **subarray) ++static u_char *php_parserr(u_char *cp, u_char *end, querybuf *answer, int type_to_fetch, int store, zval **subarray) + { + u_short type, class, dlen; + u_long ttl; +@@ -425,16 +431,18 @@ + + *subarray = NULL; + +- n = dn_expand(answer->qb2, answer->qb2+65536, cp, name, sizeof(name) - 2); ++ n = dn_expand(answer->qb2, end, cp, name, sizeof(name) - 2); + if (n < 0) { + return NULL; + } + cp += n; + ++ CHECKCP(10); + GETSHORT(type, cp); + GETSHORT(class, cp); + GETLONG(ttl, cp); + GETSHORT(dlen, cp); ++ CHECKCP(dlen); + if (type_to_fetch != T_ANY && type != type_to_fetch) { + cp += dlen; + return cp; +@@ -451,12 +459,14 @@ + add_assoc_string(*subarray, "host", name, 1); + switch (type) { + case DNS_T_A: ++ CHECKCP(4); + add_assoc_string(*subarray, "type", "A", 1); + snprintf(name, sizeof(name), "%d.%d.%d.%d", cp[0], cp[1], cp[2], cp[3]); + add_assoc_string(*subarray, "ip", name, 1); + cp += dlen; + break; + case DNS_T_MX: ++ CHECKCP(2); + add_assoc_string(*subarray, "type", "MX", 1); + GETSHORT(n, cp); + add_assoc_long(*subarray, "pri", n); +@@ -475,7 +485,7 @@ + if (type == DNS_T_PTR) { + add_assoc_string(*subarray, "type", "PTR", 1); + } +- n = dn_expand(answer->qb2, answer->qb2+65536, cp, name, (sizeof name) - 2); ++ n = dn_expand(answer->qb2, end, cp, name, (sizeof name) - 2); + if (n < 0) { + return NULL; + } +@@ -485,18 +495,22 @@ + case DNS_T_HINFO: + /* See RFC 1010 for values */ + add_assoc_string(*subarray, "type", "HINFO", 1); ++ CHECKCP(1); + n = *cp & 0xFF; + cp++; ++ CHECKCP(n); + add_assoc_stringl(*subarray, "cpu", (char*)cp, n, 1); + cp += n; ++ CHECKCP(1); + n = *cp & 0xFF; + cp++; ++ CHECKCP(n); + add_assoc_stringl(*subarray, "os", (char*)cp, n, 1); + cp += n; + break; + case DNS_T_TXT: + { +- int ll = 0; ++ int l1 = 0, l2 = 0; + zval *entries = NULL; + + add_assoc_string(*subarray, "type", "TXT", 1); +@@ -505,37 +519,41 @@ + MAKE_STD_ZVAL(entries); + array_init(entries); + +- while (ll < dlen) { +- n = cp[ll]; +- if ((ll + n) >= dlen) { ++ while (l1 < dlen) { ++ n = cp[l1]; ++ if ((l1 + n) >= dlen) { + // Invalid chunk length, truncate +- n = dlen - (ll + 1); ++ n = dlen - (l1 + 1); ++ } ++ if (n) { ++ memcpy(tp + l2 , cp + l1 + 1, n); ++ add_next_index_stringl(entries, cp + l1 + 1, n, 1); + } +- memcpy(tp + ll , cp + ll + 1, n); +- add_next_index_stringl(entries, cp + ll + 1, n, 1); +- ll = ll + n + 1; ++ l1 = l1 + n + 1; ++ l2 = l2 + n; + } +- tp[dlen] = '\0'; ++ tp[l2] = '\0'; + cp += dlen; + +- add_assoc_stringl(*subarray, "txt", tp, dlen - 1, 0); ++ add_assoc_stringl(*subarray, "txt", tp, l2, 0); + add_assoc_zval(*subarray, "entries", entries); + } + break; + case DNS_T_SOA: + add_assoc_string(*subarray, "type", "SOA", 1); +- n = dn_expand(answer->qb2, answer->qb2+65536, cp, name, (sizeof name) -2); ++ n = dn_expand(answer->qb2, end, cp, name, (sizeof name) -2); + if (n < 0) { + return NULL; + } + cp += n; + add_assoc_string(*subarray, "mname", name, 1); +- n = dn_expand(answer->qb2, answer->qb2+65536, cp, name, (sizeof name) -2); ++ n = dn_expand(answer->qb2, end, cp, name, (sizeof name) -2); + if (n < 0) { + return NULL; + } + cp += n; + add_assoc_string(*subarray, "rname", name, 1); ++ CHECKCP(5*4); + GETLONG(n, cp); + add_assoc_long(*subarray, "serial", n); + GETLONG(n, cp); +@@ -549,6 +567,7 @@ + break; + case DNS_T_AAAA: + tp = (u_char*)name; ++ CHECKCP(8*2); + for(i=0; i < 8; i++) { + GETSHORT(s, cp); + if (s != 0) { +@@ -583,6 +602,7 @@ + case DNS_T_A6: + p = cp; + add_assoc_string(*subarray, "type", "A6", 1); ++ CHECKCP(1); + n = ((int)cp[0]) & 0xFF; + cp++; + add_assoc_long(*subarray, "masklen", n); +@@ -618,6 +638,7 @@ + cp++; + } + for (i = (n + 8) / 16; i < 8; i++) { ++ CHECKCP(2); + GETSHORT(s, cp); + if (s != 0) { + if (tp > (u_char *)name) { +@@ -647,7 +668,7 @@ + tp[0] = '\0'; + add_assoc_string(*subarray, "ipv6", name, 1); + if (cp < p + dlen) { +- n = dn_expand(answer->qb2, answer->qb2+65536, cp, name, (sizeof name) - 2); ++ n = dn_expand(answer->qb2, end, cp, name, (sizeof name) - 2); + if (n < 0) { + return NULL; + } +@@ -656,6 +677,7 @@ + } + break; + case DNS_T_SRV: ++ CHECKCP(3*2); + add_assoc_string(*subarray, "type", "SRV", 1); + GETSHORT(n, cp); + add_assoc_long(*subarray, "pri", n); +@@ -663,7 +685,7 @@ + add_assoc_long(*subarray, "weight", n); + GETSHORT(n, cp); + add_assoc_long(*subarray, "port", n); +- n = dn_expand(answer->qb2, answer->qb2+65536, cp, name, (sizeof name) - 2); ++ n = dn_expand(answer->qb2, end, cp, name, (sizeof name) - 2); + if (n < 0) { + return NULL; + } +@@ -671,21 +693,35 @@ + add_assoc_string(*subarray, "target", name, 1); + break; + case DNS_T_NAPTR: ++ CHECKCP(2*2); + add_assoc_string(*subarray, "type", "NAPTR", 1); + GETSHORT(n, cp); + add_assoc_long(*subarray, "order", n); + GETSHORT(n, cp); + add_assoc_long(*subarray, "pref", n); ++ ++ CHECKCP(1); + n = (cp[0] & 0xFF); +- add_assoc_stringl(*subarray, "flags", (char*)++cp, n, 1); ++ cp++; ++ CHECKCP(n); ++ add_assoc_stringl(*subarray, "flags", (char*)cp, n, 1); + cp += n; ++ ++ CHECKCP(1); + n = (cp[0] & 0xFF); +- add_assoc_stringl(*subarray, "services", (char*)++cp, n, 1); ++ cp++; ++ CHECKCP(n); ++ add_assoc_stringl(*subarray, "services", (char*)cp, n, 1); + cp += n; ++ ++ CHECKCP(1); + n = (cp[0] & 0xFF); +- add_assoc_stringl(*subarray, "regex", (char*)++cp, n, 1); ++ cp++; ++ CHECKCP(n); ++ add_assoc_stringl(*subarray, "regex", (char*)cp, n, 1); + cp += n; +- n = dn_expand(answer->qb2, answer->qb2+65536, cp, name, (sizeof name) - 2); ++ ++ n = dn_expand(answer->qb2, end, cp, name, (sizeof name) - 2); + if (n < 0) { + return NULL; + } +@@ -852,7 +888,7 @@ + while (an-- && cp && cp < end) { + zval *retval; + +- cp = php_parserr(cp, &answer, type_to_fetch, store_results, &retval); ++ cp = php_parserr(cp, end, &answer, type_to_fetch, store_results, &retval); + if (retval != NULL && store_results) { + add_next_index_zval(return_value, retval); + } +@@ -865,7 +901,7 @@ + while (ns-- > 0 && cp && cp < end) { + zval *retval = NULL; + +- cp = php_parserr(cp, &answer, DNS_T_ANY, authns != NULL, &retval); ++ cp = php_parserr(cp, end, &answer, DNS_T_ANY, authns != NULL, &retval); + if (retval != NULL) { + add_next_index_zval(authns, retval); + } +@@ -877,7 +913,7 @@ + while (ar-- > 0 && cp && cp < end) { + zval *retval = NULL; + +- cp = php_parserr(cp, &answer, DNS_T_ANY, 1, &retval); ++ cp = php_parserr(cp, end, &answer, DNS_T_ANY, 1, &retval); + if (retval != NULL) { + add_next_index_zval(addtl, retval); + } --- php5-5.3.10.orig/debian/patches/CVE-2015-8876.patch +++ php5-5.3.10/debian/patches/CVE-2015-8876.patch @@ -0,0 +1,63 @@ +Backport of: + +From e488690d957fce0dbdabe619adbe314ada498215 Mon Sep 17 00:00:00 2001 +From: Stanislav Malyshev +Date: Sun, 26 Jul 2015 17:09:34 -0700 +Subject: [PATCH] Fix bug #70121 (unserialize() could lead to unexpected + methods execution / NULL pointer deref) + +--- + Zend/tests/bug70121.phpt | 9 +++++++++ + Zend/zend_exceptions.c | 17 +++++++++-------- + 2 files changed, 18 insertions(+), 8 deletions(-) + create mode 100644 Zend/tests/bug70121.phpt + +Index: php5-5.3.10/Zend/zend_exceptions.c +=================================================================== +--- php5-5.3.10.orig/Zend/zend_exceptions.c 2016-07-28 15:02:25.334023297 -0400 ++++ php5-5.3.10/Zend/zend_exceptions.c 2016-07-28 15:02:25.330023245 -0400 +@@ -40,7 +40,7 @@ + if (exception == add_previous || !add_previous || !exception) { + return; + } +- if (Z_TYPE_P(add_previous) != IS_OBJECT && !instanceof_function(Z_OBJCE_P(add_previous), default_exception_ce TSRMLS_CC)) { ++ if (Z_TYPE_P(add_previous) != IS_OBJECT || !instanceof_function(Z_OBJCE_P(add_previous), default_exception_ce TSRMLS_CC)) { + zend_error(E_ERROR, "Cannot set non exception as previous exception"); + return; + } +@@ -574,15 +574,15 @@ + int len = 0; + zend_fcall_info fci; + zval fname; +- ++ + DEFAULT_0_PARAMS; +- ++ + str = estrndup("", 0); + + exception = getThis(); + ZVAL_STRINGL(&fname, "gettraceasstring", sizeof("gettraceasstring")-1, 1); + +- while (exception && Z_TYPE_P(exception) == IS_OBJECT) { ++ while (exception && Z_TYPE_P(exception) == IS_OBJECT && instanceof_function(Z_OBJCE_P(exception), default_exception_ce TSRMLS_CC)) { + prev_str = str; + _default_exception_get_entry(exception, "message", sizeof("message")-1, &message TSRMLS_CC); + _default_exception_get_entry(exception, "file", sizeof("file")-1, &file TSRMLS_CC); +@@ -592,6 +592,7 @@ + convert_to_string(&file); + convert_to_long(&line); + ++ trace = NULL; + fci.size = sizeof(fci); + fci.function_table = &Z_OBJCE_P(exception)->function_table; + fci.function_name = &fname; +@@ -604,7 +605,7 @@ + + zend_call_function(&fci, NULL TSRMLS_CC); + +- if (Z_TYPE_P(trace) != IS_STRING) { ++ if (trace && Z_TYPE_P(trace) != IS_STRING) { + zval_ptr_dtor(&trace); + trace = NULL; + } --- php5-5.3.10.orig/debian/patches/bug71906.patch +++ php5-5.3.10/debian/patches/bug71906.patch @@ -0,0 +1,49 @@ +From 64f42c73efc58e88671ad76b6b6bc8e2b62713e1 Mon Sep 17 00:00:00 2001 +From: Stanislav Malyshev +Date: Mon, 28 Mar 2016 01:22:37 -0700 +Subject: [PATCH] Fixed bug #71906: AddressSanitizer: negative-size-param (-1) + in mbfl_strcut + +--- + ext/mbstring/libmbfl/mbfl/mbfilter.c | 34 +++++++++++++++++----------------- + 1 file changed, 17 insertions(+), 17 deletions(-) + +Index: php5-5.3.10/ext/mbstring/libmbfl/mbfl/mbfilter.c +=================================================================== +--- php5-5.3.10.orig/ext/mbstring/libmbfl/mbfl/mbfilter.c 2016-04-18 11:15:06.188547806 -0400 ++++ php5-5.3.10/ext/mbstring/libmbfl/mbfl/mbfilter.c 2016-04-18 11:15:06.184547766 -0400 +@@ -1381,7 +1381,7 @@ + if (encoding->flag & (MBFL_ENCTYPE_WCS2BE | MBFL_ENCTYPE_WCS2LE)) { + from &= -2; + +- if (from + length >= string->len) { ++ if (length >= string->len - from) { + length = string->len - from; + } + +@@ -1390,14 +1390,14 @@ + } else if (encoding->flag & (MBFL_ENCTYPE_WCS4BE | MBFL_ENCTYPE_WCS4LE)) { + from &= -4; + +- if (from + length >= string->len) { ++ if (length >= string->len - from) { + length = string->len - from; + } + + start = string->val + from; + end = start + (length & -4); + } else if ((encoding->flag & MBFL_ENCTYPE_SBCS)) { +- if (from + length >= string->len) { ++ if (length >= string->len - from) { + length = string->len - from; + } + +@@ -1419,7 +1419,7 @@ + start = p; + + /* search end position */ +- if ((start - string->val) + length >= (int)string->len) { ++ if (length >= (int)string->len - (start - string->val)) { + end = string->val + string->len; + } else { + for (q = p + length; p < q; p += (m = mbtab[*p])); --- php5-5.3.10.orig/debian/patches/108-64_bit_datetime.patch +++ php5-5.3.10/debian/patches/108-64_bit_datetime.patch @@ -0,0 +1,12 @@ +--- a/ext/standard/datetime.c ++++ b/ext/standard/datetime.c +@@ -20,6 +20,9 @@ + + /* $Id: datetime.c 321634 2012-01-01 13:15:04Z felipe $ */ + ++#define _XOPEN_SOURCE /* needed to get strptime() declared */ ++#define _BSD_SOURCE /* needed to get ulong declared */ ++ + #include "php.h" + #include "zend_operators.h" + #include "datetime.h" --- php5-5.3.10.orig/debian/patches/php-fpm-sysconfdir.patch +++ php5-5.3.10/debian/patches/php-fpm-sysconfdir.patch @@ -0,0 +1,11 @@ +--- a/sapi/fpm/fpm/fpm_conf.c ++++ b/sapi/fpm/fpm/fpm_conf.c +@@ -1560,7 +1560,7 @@ int fpm_conf_init_main(int test_conf) /* + char *tmp; + + if (fpm_globals.prefix == NULL) { +- spprintf(&tmp, 0, "%s/php-fpm.conf", PHP_SYSCONFDIR); ++ spprintf(&tmp, 0, "%s/php5/fpm/php-fpm.conf", PHP_SYSCONFDIR); + } else { + spprintf(&tmp, 0, "%s/etc/php-fpm.conf", fpm_globals.prefix); + } --- php5-5.3.10.orig/debian/patches/CVE-2016-2554.patch +++ php5-5.3.10/debian/patches/CVE-2016-2554.patch @@ -0,0 +1,79 @@ +Backport of: + +From 07c7df68bd68bbe706371fccc77c814ebb335d9e Mon Sep 17 00:00:00 2001 +From: Stanislav Malyshev +Date: Sun, 31 Jan 2016 19:37:56 -0800 +Subject: [PATCH] Fixed bug #71488: Stack overflow when decompressing tar + archives + +--- + ext/phar/tar.c | 22 ++++++++++++++++------ + ext/phar/tests/bug71488.phpt | 16 ++++++++++++++++ + ext/phar/tests/bug71488.tar | Bin 0 -> 10240 bytes + 3 files changed, 32 insertions(+), 6 deletions(-) + create mode 100644 ext/phar/tests/bug71488.phpt + create mode 100644 ext/phar/tests/bug71488.tar + +Index: php5-5.5.9+dfsg/ext/phar/tar.c +=================================================================== +--- php5-5.5.9+dfsg.orig/ext/phar/tar.c 2016-04-15 13:25:09.268858120 -0400 ++++ php5-5.5.9+dfsg/ext/phar/tar.c 2016-04-15 13:25:09.264858068 -0400 +@@ -192,6 +192,13 @@ + } + /* }}} */ + ++#if !HAVE_STRNLEN ++static size_t strnlen(const char *s, size_t maxlen) { ++ char *r = (char *)memchr(s, '\0', maxlen); ++ return r ? r-s : maxlen; ++} ++#endif ++ + int phar_parse_tarfile(php_stream* fp, char *fname, int fname_len, char *alias, int alias_len, phar_archive_data** pphar, int is_data, php_uint32 compression, char **error TSRMLS_DC) /* {{{ */ + { + char buf[512], *actual_alias = NULL, *p; +@@ -201,6 +208,7 @@ + php_uint32 sum1, sum2, size, old; + phar_archive_data *myphar, **actual; + int last_was_longlink = 0; ++ int linkname_len; + + if (error) { + *error = NULL; +@@ -255,7 +263,7 @@ + size = entry.uncompressed_filesize = entry.compressed_filesize = + phar_tar_number(hdr->size, sizeof(hdr->size)); + +- if (((!old && hdr->prefix[0] == 0) || old) && strlen(hdr->name) == sizeof(".phar/signature.bin")-1 && !strncmp(hdr->name, ".phar/signature.bin", sizeof(".phar/signature.bin")-1)) { ++ if (((!old && hdr->prefix[0] == 0) || old) && strnlen(hdr->name, 100) == sizeof(".phar/signature.bin")-1 && !strncmp(hdr->name, ".phar/signature.bin", sizeof(".phar/signature.bin")-1)) { + off_t curloc; + + if (size > 511) { +@@ -465,20 +473,22 @@ + } + + entry.link = NULL; +- ++ /* link field is null-terminated unless it has 100 non-null chars. ++ * Thus we can not use strlen. */ ++ linkname_len = strnlen(hdr->linkname, 100); + if (entry.tar_type == TAR_LINK) { +- if (!zend_hash_exists(&myphar->manifest, hdr->linkname, strlen(hdr->linkname))) { ++ if (!zend_hash_exists(&myphar->manifest, hdr->linkname, linkname_len)) { + if (error) { +- spprintf(error, 4096, "phar error: \"%s\" is a corrupted tar file - hard link to non-existent file \"%s\"", fname, hdr->linkname); ++ spprintf(error, 4096, "phar error: \"%s\" is a corrupted tar file - hard link to non-existent file \"%.*s\"", fname, linkname_len, hdr->linkname); + } + pefree(entry.filename, entry.is_persistent); + php_stream_close(fp); + phar_destroy_phar_data(myphar TSRMLS_CC); + return FAILURE; + } +- entry.link = estrdup(hdr->linkname); ++ entry.link = estrndup(hdr->linkname, linkname_len); + } else if (entry.tar_type == TAR_SYMLINK) { +- entry.link = estrdup(hdr->linkname); ++ entry.link = estrndup(hdr->linkname, linkname_len); + } + phar_set_inode(&entry TSRMLS_CC); + zend_hash_add(&myphar->manifest, entry.filename, entry.filename_len, (void*)&entry, sizeof(phar_entry_info), (void **) &newentry); --- php5-5.3.10.orig/debian/patches/CVE-2015-0273.patch +++ php5-5.3.10/debian/patches/CVE-2015-0273.patch @@ -0,0 +1,182 @@ +Backport of: + +From 7b1898183032eeabc64a086ff040af991cebcd93 Mon Sep 17 00:00:00 2001 +From: Stanislav Malyshev +Date: Sat, 31 Jan 2015 22:40:08 -0800 +Subject: [PATCH] Fix bug #68942 (Use after free vulnerability in unserialize() + with DateTimeZone) + +and: + +From 8d199c7c4f93ebe5b9293096143d7007a6ad13a4 Mon Sep 17 00:00:00 2001 +From: Anatol Belski +Date: Tue, 19 Mar 2013 21:19:55 +0100 +Subject: [PATCH] Backported fix for bug #62852 + +Index: php5-5.3.10/ext/date/php_date.c +=================================================================== +--- php5-5.3.10.orig/ext/date/php_date.c 2015-03-16 16:51:20.694390712 -0400 ++++ php5-5.3.10/ext/date/php_date.c 2015-03-16 16:53:43.635562605 -0400 +@@ -2539,26 +2539,23 @@ + timelib_tzinfo *tzi; + php_timezone_obj *tzobj; + +- if (zend_hash_find(myht, "date", 5, (void**) &z_date) == SUCCESS) { +- convert_to_string(*z_date); +- if (zend_hash_find(myht, "timezone_type", 14, (void**) &z_timezone_type) == SUCCESS) { +- convert_to_long(*z_timezone_type); +- if (zend_hash_find(myht, "timezone", 9, (void**) &z_timezone) == SUCCESS) { +- convert_to_string(*z_timezone); ++ if (zend_hash_find(myht, "date", 5, (void**) &z_date) == SUCCESS && Z_TYPE_PP(z_date) == IS_STRING) { ++ if (zend_hash_find(myht, "timezone_type", 14, (void**) &z_timezone_type) == SUCCESS && Z_TYPE_PP(z_timezone_type) == IS_LONG) { ++ if (zend_hash_find(myht, "timezone", 9, (void**) &z_timezone) == SUCCESS && Z_TYPE_PP(z_timezone) == IS_STRING) { + + switch (Z_LVAL_PP(z_timezone_type)) { + case TIMELIB_ZONETYPE_OFFSET: + case TIMELIB_ZONETYPE_ABBR: { + char *tmp = emalloc(Z_STRLEN_PP(z_date) + Z_STRLEN_PP(z_timezone) + 2); ++ int ret; + snprintf(tmp, Z_STRLEN_PP(z_date) + Z_STRLEN_PP(z_timezone) + 2, "%s %s", Z_STRVAL_PP(z_date), Z_STRVAL_PP(z_timezone)); +- php_date_initialize(*dateobj, tmp, Z_STRLEN_PP(z_date) + Z_STRLEN_PP(z_timezone) + 1, NULL, NULL, 0 TSRMLS_CC); ++ ret = php_date_initialize(*dateobj, tmp, Z_STRLEN_PP(z_date) + Z_STRLEN_PP(z_timezone) + 1, NULL, NULL, 0 TSRMLS_CC); + efree(tmp); +- return 1; ++ return 1 == ret; + } + +- case TIMELIB_ZONETYPE_ID: +- convert_to_string(*z_timezone); +- ++ case TIMELIB_ZONETYPE_ID: { ++ int ret; + tzi = php_date_parse_tzfile(Z_STRVAL_PP(z_timezone), DATE_TIMEZONEDB TSRMLS_CC); + + ALLOC_INIT_ZVAL(tmp_obj); +@@ -2567,9 +2564,10 @@ + tzobj->tzi.tz = tzi; + tzobj->initialized = 1; + +- php_date_initialize(*dateobj, Z_STRVAL_PP(z_date), Z_STRLEN_PP(z_date), NULL, tmp_obj, 0 TSRMLS_CC); ++ ret = php_date_initialize(*dateobj, Z_STRVAL_PP(z_date), Z_STRLEN_PP(z_date), NULL, tmp_obj, 0 TSRMLS_CC); + zval_ptr_dtor(&tmp_obj); +- return 1; ++ return 1 == ret; ++ } + } + } + } +@@ -2593,7 +2591,9 @@ + + php_date_instantiate(date_ce_date, return_value TSRMLS_CC); + dateobj = (php_date_obj *) zend_object_store_get_object(return_value TSRMLS_CC); +- php_date_initialize_from_hash(&return_value, &dateobj, myht TSRMLS_CC); ++ if (!php_date_initialize_from_hash(&return_value, &dateobj, myht TSRMLS_CC)) { ++ php_error(E_ERROR, "Invalid serialization data for DateTime object"); ++ } + } + /* }}} */ + +@@ -2609,7 +2609,9 @@ + + myht = Z_OBJPROP_P(object); + +- php_date_initialize_from_hash(&return_value, &dateobj, myht TSRMLS_CC); ++ if (!php_date_initialize_from_hash(&return_value, &dateobj, myht TSRMLS_CC)) { ++ php_error(E_ERROR, "Invalid serialization data for DateTime object"); ++ } + } + /* }}} */ + +Index: php5-5.3.10/ext/date/tests/bug68942_2.phpt +=================================================================== +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ php5-5.3.10/ext/date/tests/bug68942_2.phpt 2015-03-16 16:51:20.690390678 -0400 +@@ -0,0 +1,9 @@ ++--TEST-- ++Bug #68942 (Use after free vulnerability in unserialize() with DateTime). ++--FILE-- ++ ++--EXPECTF-- ++Fatal error: Invalid serialization data for DateTime object in %s/bug68942_2.php on line %d +Index: php5-5.3.10/ext/date/tests/bug62852.phpt +=================================================================== +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ php5-5.3.10/ext/date/tests/bug62852.phpt 2015-03-16 16:55:12.372289384 -0400 +@@ -0,0 +1,14 @@ ++--TEST-- ++Bug #62852 (Unserialize invalid DateTime causes crash), variation 1 ++--INI-- ++date.timezone=GMT ++--FILE-- ++ 1) { + /* Build argumnent list */ +Index: php5-5.3.10/ext/standard/dir.c +=================================================================== +--- php5-5.3.10.orig/ext/standard/dir.c 2015-06-30 13:45:39.840977383 -0400 ++++ php5-5.3.10/ext/standard/dir.c 2015-06-30 13:46:01.477222183 -0400 +@@ -219,6 +219,11 @@ + RETURN_NULL(); + } + ++ /* No nulls allowed in paths */ ++ if (strlen(dirname) != dir_len) { ++ RETURN_FALSE; ++ } ++ + context = php_stream_context_from_zval(zcontext, 0); + + dirp = php_stream_opendir(dirname, ENFORCE_SAFE_MODE|REPORT_ERRORS, context); +@@ -293,7 +298,12 @@ + if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s", &str, &str_len) == FAILURE) { + RETURN_FALSE; + } +- ++ ++ /* No nulls allowed in paths */ ++ if (strlen(str) != str_len) { ++ RETURN_FALSE; ++ } ++ + ret = chroot(str); + if (ret != 0) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "%s (errno %d)", strerror(errno), errno); --- php5-5.3.10.orig/debian/patches/CVE-2016-4539.patch +++ php5-5.3.10/debian/patches/CVE-2016-4539.patch @@ -0,0 +1,49 @@ +Backport of: + +From dccda88f27a084bcbbb30198ace12b4e7ae961cc Mon Sep 17 00:00:00 2001 +From: Stanislav Malyshev +Date: Sun, 24 Apr 2016 23:50:57 -0700 +Subject: [PATCH] Fix bug #72099: xml_parse_into_struct segmentation fault + +--- + ext/xml/tests/bug72099.phpt | 17 +++++++ + ext/xml/xml.c | 106 ++++++++++++++++++++++---------------------- + 2 files changed, 70 insertions(+), 53 deletions(-) + create mode 100644 ext/xml/tests/bug72099.phpt + +Index: php5-5.3.10/ext/xml/tests/bug72099.phpt +=================================================================== +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ php5-5.3.10/ext/xml/tests/bug72099.phpt 2016-05-19 12:48:54.775040151 -0400 +@@ -0,0 +1,17 @@ ++--TEST-- ++Bug #72099: xml_parse_into_struct segmentation fault ++--SKIPIF-- ++ ++--FILE-- ++level <= XML_MAXLEVEL) { ++ if (parser->level <= XML_MAXLEVEL && parser->level > 0) { + MAKE_STD_ZVAL(tag); + + array_init(tag); --- php5-5.3.10.orig/debian/patches/use_system_crypt_fixes.patch +++ php5-5.3.10/debian/patches/use_system_crypt_fixes.patch @@ -0,0 +1,11 @@ +--- a/ext/standard/tests/strings/bug51059.phpt ++++ b/ext/standard/tests/strings/bug51059.phpt +@@ -3,7 +3,7 @@ Bug #51059 crypt() segfaults on certain + --FILE-- + --- php5-5.3.10.orig/debian/patches/CVE-2013-4635.patch +++ php5-5.3.10/debian/patches/CVE-2013-4635.patch @@ -0,0 +1,50 @@ +Description: fix denial of service via overflow in SdnToJewish +Origin: upstream, http://git.php.net/?p=php-src.git;a=commit;h=4828f7343b3f31d914f4d4a5545865b8a19f7fb6 +Origin: upstream, http://git.php.net/?p=php-src.git;a=commit;h=fc2a9d6e47ae23adb28122539b56df0d6195bdce +Bug: https://bugs.php.net/bug.php?id=64895 + +Index: php5-5.4.15/ext/calendar/jewish.c +=================================================================== +--- php5-5.4.15.orig/ext/calendar/jewish.c 2013-05-08 01:41:20.000000000 -0400 ++++ php5-5.4.15/ext/calendar/jewish.c 2013-06-28 08:19:27.885381358 -0400 +@@ -272,6 +272,7 @@ + #define HALAKIM_PER_METONIC_CYCLE (HALAKIM_PER_LUNAR_CYCLE * (12 * 19 + 7)) + + #define JEWISH_SDN_OFFSET 347997 ++#define JEWISH_SDN_MAX 324542846L /* 12/13/887605, greater value raises interger overflow */ + #define NEW_MOON_OF_CREATION 31524 + + #define SUNDAY 0 +@@ -519,7 +520,7 @@ + int tishri1After; + int yearLength; + +- if (sdn <= JEWISH_SDN_OFFSET) { ++ if (sdn <= JEWISH_SDN_OFFSET || sdn > JEWISH_SDN_MAX) { + *pYear = 0; + *pMonth = 0; + *pDay = 0; +Index: php5-5.4.15/ext/calendar/tests/jdtojewish64.phpt +=================================================================== +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ php5-5.4.15/ext/calendar/tests/jdtojewish64.phpt 2013-06-28 08:19:27.885381358 -0400 +@@ -0,0 +1,19 @@ ++--TEST-- ++Bug #64895: Integer overflow in SndToJewish ++--SKIPIF-- ++ ++--FILE-- ++ +Date: Mon, 18 Jul 2016 23:30:51 -0700 +Subject: [PATCH] Fix tests + +--- + ext/exif/tests/bug54002.phpt | 6 +----- + ext/exif/tests/bug62523_2.phpt | 6 ++++-- + 2 files changed, 5 insertions(+), 7 deletions(-) + +Index: php5-5.3.10/ext/exif/tests/bug54002.phpt +=================================================================== +--- php5-5.3.10.orig/ext/exif/tests/bug54002.phpt 2016-07-28 15:50:12.095457900 -0400 ++++ php5-5.3.10/ext/exif/tests/bug54002.phpt 2016-07-28 15:50:12.095457900 -0400 +@@ -13,8 +13,4 @@ + --EXPECTF-- + Warning: exif_read_data(bug54002_1.jpeg): Process tag(x0205=UndefinedTa): Illegal byte_count in %sbug54002.php on line %d + +-Warning: exif_read_data(bug54002_1.jpeg): Process tag(xA000=FlashPixVer): Illegal pointer offset(%s) in %sbug54002.php on line %d +- +-Warning: exif_read_data(bug54002_2.jpeg): Process tag(x0205=UndefinedTa): Illegal byte_count in %sbug54002.php on line %d +- +-Warning: exif_read_data(bug54002_2.jpeg): Process tag(xA000=FlashPixVer): Illegal pointer offset(%s) in %sbug54002.php on line %d ++Warning: exif_read_data(bug54002_2.jpeg): Process tag(x0205=UndefinedTa): Illegal byte_count in %sbug54002.php on line %d +\ No newline at end of file --- php5-5.3.10.orig/debian/patches/CVE-2015-8873.patch +++ php5-5.3.10/debian/patches/CVE-2015-8873.patch @@ -0,0 +1,128 @@ +Description: fix denial of service via recursive method calls +Origin: backport, http://git.php.net/?p=php-src.git;a=commit;h=4d2278143a08b7522de9471d0f014d7357c28fea +Origin: backport, http://git.php.net/?p=php-src.git;a=commit;h=f1acac154ac7684bc908fc2ad8962372c9d4e312 +Origin: backport, http://git.php.net/?p=php-src.git;a=commit;h=0a21b5d97039945a9e5dc683f2f5e8b379f07ada +Origin: backport, http://git.php.net/?p=php-src.git;a=commit;h=da5321013c4dbac0faac12f78b28f662a91b4bc1 +Bug: https://bugs.php.net/bug.php?id=69793 + +Index: php5-5.3.10/Zend/zend_exceptions.c +=================================================================== +--- php5-5.3.10.orig/Zend/zend_exceptions.c 2016-08-01 09:15:26.978442095 -0400 ++++ php5-5.3.10/Zend/zend_exceptions.c 2016-08-01 09:18:04.783902374 -0400 +@@ -205,6 +205,33 @@ + } + /* }}} */ + ++/* {{{ proto Exception::__wakeup() ++ Exception unserialize checks */ ++#define CHECK_EXC_TYPE(name, type) \ ++ value = zend_read_property(default_exception_ce, object, name, sizeof(name)-1, 0 TSRMLS_CC); \ ++ if(value && Z_TYPE_P(value) != type) { \ ++ zval *tmp; \ ++ MAKE_STD_ZVAL(tmp); \ ++ ZVAL_STRINGL(tmp, name, sizeof(name)-1, 1); \ ++ Z_OBJ_HANDLER_P(object, unset_property)(object, tmp TSRMLS_CC); \ ++ zval_ptr_dtor(&tmp); \ ++ } ++ ++ZEND_METHOD(exception, __wakeup) ++{ ++ zval *value; ++ zval *object = getThis(); ++ HashTable *intern_ht = zend_std_get_properties(getThis() TSRMLS_CC); ++ CHECK_EXC_TYPE("message", IS_STRING); ++ CHECK_EXC_TYPE("string", IS_STRING); ++ CHECK_EXC_TYPE("code", IS_LONG); ++ CHECK_EXC_TYPE("file", IS_STRING); ++ CHECK_EXC_TYPE("line", IS_LONG); ++ CHECK_EXC_TYPE("trace", IS_ARRAY); ++ CHECK_EXC_TYPE("previous", IS_OBJECT); ++} ++/* }}} */ ++ + /* {{{ proto ErrorException::__construct(string message, int code, int severity [, string filename [, int lineno [, Exception previous]]]) + ErrorException constructor */ + ZEND_METHOD(error_exception, __construct) +@@ -633,6 +660,7 @@ + const static zend_function_entry default_exception_functions[] = { + ZEND_ME(exception, __clone, NULL, ZEND_ACC_PRIVATE|ZEND_ACC_FINAL) + ZEND_ME(exception, __construct, arginfo_exception___construct, ZEND_ACC_PUBLIC) ++ ZEND_ME(exception, __wakeup, NULL, ZEND_ACC_PUBLIC) + ZEND_ME(exception, getMessage, NULL, ZEND_ACC_PUBLIC|ZEND_ACC_FINAL) + ZEND_ME(exception, getCode, NULL, ZEND_ACC_PUBLIC|ZEND_ACC_FINAL) + ZEND_ME(exception, getFile, NULL, ZEND_ACC_PUBLIC|ZEND_ACC_FINAL) +Index: php5-5.3.10/ext/standard/tests/serialize/bug69152.phpt +=================================================================== +--- php5-5.3.10.orig/ext/standard/tests/serialize/bug69152.phpt 2016-08-01 09:15:26.978442095 -0400 ++++ php5-5.3.10/ext/standard/tests/serialize/bug69152.phpt 2016-08-01 09:15:26.978442095 -0400 +@@ -9,6 +9,7 @@ + + ?> + --EXPECTF-- ++Notice: Undefined property: Exception::$previous in %s on line %d + exception 'Exception' in %s:%d + Stack trace: + #0 {main} +Index: php5-5.3.10/ext/standard/tests/serialize/bug69793.phpt +=================================================================== +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ php5-5.3.10/ext/standard/tests/serialize/bug69793.phpt 2016-08-01 09:15:26.978442095 -0400 +@@ -0,0 +1,17 @@ ++--TEST-- ++Bug #69793: Remotely triggerable stack exhaustion via recursive method calls ++--FILE-- ++ ++--EXPECTF-- ++Notice: Undefined property: Exception::$message in %s/bug69793.php on line %d ++ ++Notice: Undefined property: Exception::$file in %s/bug69793.php on line %d ++ ++Notice: Undefined property: Exception::$previous in %s/bug69793.php on line %d ++string(53) "exception 'Exception' in :1337 ++Stack trace: ++#0 {main}" +Index: php5-5.3.10/sapi/cli/tests/005.phpt +=================================================================== +--- php5-5.3.10.orig/sapi/cli/tests/005.phpt 2016-08-01 09:15:26.978442095 -0400 ++++ php5-5.3.10/sapi/cli/tests/005.phpt 2016-08-01 09:15:26.978442095 -0400 +@@ -18,7 +18,7 @@ + + echo "Done\n"; + ?> +---EXPECTF-- ++--EXPECTF-- + string(40) "Exception: Class unknown does not exist + " + string(183) "Class [ class stdClass ] { +@@ -40,7 +40,7 @@ + } + + " +-string(1355) "Class [ class Exception ] { ++string(1418) "Class [ class Exception ] { + + - Constants [0] { + } +@@ -61,7 +61,7 @@ + Property [ private $previous ] + } + +- - Methods [10] { ++ - Methods [11] { + Method [ final private method __clone ] { + } + +@@ -74,6 +74,9 @@ + } + } + ++ Method [ public method __wakeup ] { ++ } ++ + Method [ final public method getMessage ] { + } + --- php5-5.3.10.orig/debian/patches/strcmp_null-OnUpdateErrorLog.patch +++ php5-5.3.10/debian/patches/strcmp_null-OnUpdateErrorLog.patch @@ -0,0 +1,13 @@ +--- /dev/null ++++ b/tests/func/null-new_val.phpt +@@ -0,0 +1,10 @@ ++--TEST-- ++ini_restore strcmp NULL new_val ++--FILE-- ++ ++--EXPECT-- --- php5-5.3.10.orig/debian/patches/CVE-2016-3142.patch +++ php5-5.3.10/debian/patches/CVE-2016-3142.patch @@ -0,0 +1,27 @@ +From a6fdc5bb27b20d889de0cd29318b3968aabb57bd Mon Sep 17 00:00:00 2001 +From: Stanislav Malyshev +Date: Sun, 21 Feb 2016 16:51:05 -0800 +Subject: [PATCH] Fix bug #71498: Out-of-Bound Read in phar_parse_zipfile() + +--- + ext/phar/tests/bug71488.phpt | 1 + + ext/phar/tests/bug71498.phpt | 17 +++++++++++++++++ + ext/phar/tests/bug71498.zip | Bin 0 -> 65677 bytes + ext/phar/zip.c | 6 +++--- + 4 files changed, 21 insertions(+), 3 deletions(-) + create mode 100644 ext/phar/tests/bug71498.phpt + create mode 100644 ext/phar/tests/bug71498.zip + +diff --git a/ext/phar/zip.c b/ext/phar/zip.c +index e4883d3..7f294c2 100644 +--- a/ext/phar/zip.c ++++ b/ext/phar/zip.c +@@ -199,7 +199,7 @@ int phar_parse_zipfile(php_stream *fp, char *fname, int fname_len, char *alias, + } + + while ((p=(char *) memchr(p + 1, 'P', (size_t) (size - (p + 1 - buf)))) != NULL) { +- if (!memcmp(p + 1, "K\5\6", 3)) { ++ if ((p - buf) + sizeof(locator) <= size && !memcmp(p + 1, "K\5\6", 3)) { + memcpy((void *)&locator, (void *) p, sizeof(locator)); + if (PHAR_GET_16(locator.centraldisk) != 0 || PHAR_GET_16(locator.disknumber) != 0) { + /* split archives not handled */ --- php5-5.3.10.orig/debian/patches/CVE-2016-4343.patch +++ php5-5.3.10/debian/patches/CVE-2016-4343.patch @@ -0,0 +1,51 @@ +Backport of: + +From 4c2424eb24b0178456acc404dbfff528cdc44197 Mon Sep 17 00:00:00 2001 +From: Stanislav Malyshev +Date: Thu, 14 Jan 2016 22:58:40 -0800 +Subject: [PATCH] Fixed bug #71331 - Uninitialized pointer in + phar_make_dirstream() + +--- + ext/phar/dirstream.c | 3 ++- + ext/phar/tar.c | 2 +- + ext/phar/tests/bug71331.phpt | 15 +++++++++++++++ + ext/phar/tests/bug71331.tar | Bin 0 -> 2560 bytes + 4 files changed, 18 insertions(+), 2 deletions(-) + create mode 100644 ext/phar/tests/bug71331.phpt + create mode 100644 ext/phar/tests/bug71331.tar + +Index: php5-5.3.10/ext/phar/dirstream.c +=================================================================== +--- php5-5.3.10.orig/ext/phar/dirstream.c 2016-05-19 12:47:41.614061459 -0400 ++++ php5-5.3.10/ext/phar/dirstream.c 2016-05-19 12:48:12.358472574 -0400 +@@ -211,6 +211,7 @@ + zend_hash_internal_pointer_reset(manifest); + + while (FAILURE != zend_hash_has_more_elements(manifest)) { ++ keylen = 0; + if (HASH_KEY_NON_EXISTANT == zend_hash_get_current_key_ex(manifest, &key, &keylen, &unused, 0, NULL)) { + break; + } +@@ -218,7 +219,7 @@ + PHAR_STR(key, str_key); + + if (keylen <= (uint)dirlen) { +- if (keylen < (uint)dirlen || !strncmp(str_key, dir, dirlen)) { ++ if (keylen == 0 || keylen < (uint)dirlen || !strncmp(str_key, dir, dirlen)) { + PHAR_STR_FREE(str_key); + if (SUCCESS != zend_hash_move_forward(manifest)) { + break; +Index: php5-5.3.10/ext/phar/tar.c +=================================================================== +--- php5-5.3.10.orig/ext/phar/tar.c 2016-05-19 12:47:41.614061459 -0400 ++++ php5-5.3.10/ext/phar/tar.c 2016-05-19 12:47:41.606061352 -0400 +@@ -347,7 +347,7 @@ + entry.filename_len = entry.uncompressed_filesize; + + /* Check for overflow - bug 61065 */ +- if (entry.filename_len == UINT_MAX) { ++ if (entry.filename_len == UINT_MAX || entry.filename_len == 0) { + if (error) { + spprintf(error, 4096, "phar error: \"%s\" is a corrupted tar file (invalid entry size)", fname); + } --- php5-5.3.10.orig/debian/patches/CVE-2014-8117.patch +++ php5-5.3.10/debian/patches/CVE-2014-8117.patch @@ -0,0 +1,18 @@ +Description: fix denial of service via recursion +Origin: other, https://github.com/file/file/commit/6f737ddfadb596d7d4a993f7ed2141ffd664a81c +Origin: other, https://github.com/file/file/commit/90018fe22ff8b74a22fcd142225b0a00f3f12677 +Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773148 + +Index: php5-5.3.10/ext/fileinfo/libmagic/softmagic.c +=================================================================== +--- php5-5.3.10.orig/ext/fileinfo/libmagic/softmagic.c 2015-03-16 13:42:23.735725527 -0400 ++++ php5-5.3.10/ext/fileinfo/libmagic/softmagic.c 2015-03-16 13:42:23.707725314 -0400 +@@ -1010,7 +1010,7 @@ + uint32_t count = m->str_range; + union VALUETYPE *p = &ms->ms_value; + +- if (recursion_level >= 20) { ++ if (recursion_level >= 15) { + file_error(ms, 0, "recursion nesting exceeded"); + return -1; + } --- php5-5.3.10.orig/debian/patches/CVE-2016-4537.patch +++ php5-5.3.10/debian/patches/CVE-2016-4537.patch @@ -0,0 +1,139 @@ +From d650063a0457aec56364e4005a636dc6c401f9cd Mon Sep 17 00:00:00 2001 +From: Stanislav Malyshev +Date: Sun, 24 Apr 2016 18:33:32 -0700 +Subject: [PATCH] Fix bug #72093: bcpowmod accepts negative scale and corrupts + _one_ definition + +We can not modify result since it can be copy of _zero_ or _one_, etc. and +"copy" in bcmath is just bumping the refcount. +--- + ext/bcmath/bcmath.c | 60 +++++++++++++++++++++++++++++------------- + ext/bcmath/tests/bug72093.phpt | 13 +++++++++ + main/php_version.h | 6 ++--- + 3 files changed, 57 insertions(+), 22 deletions(-) + create mode 100644 ext/bcmath/tests/bug72093.phpt + +diff --git a/ext/bcmath/bcmath.c b/ext/bcmath/bcmath.c +index 02177e4..dd69115 100644 +--- a/ext/bcmath/bcmath.c ++++ b/ext/bcmath/bcmath.c +@@ -201,6 +201,21 @@ static void php_str2num(bc_num *num, char *str TSRMLS_DC) + } + /* }}} */ + ++/* {{{ split_bc_num ++ Convert to bc_num detecting scale */ ++static bc_num split_bc_num(bc_num num) { ++ bc_num newnum; ++ if (num->n_refs >= 1) { ++ return num; ++ } ++ newnum = _bc_new_num_ex(0, 0, 0); ++ *newnum = *num; ++ newnum->n_refs = 1; ++ num->n_refs--; ++ return newnum; ++} ++/* }}} */ ++ + /* {{{ proto string bcadd(string left_operand, string right_operand [, int scale]) + Returns the sum of two arbitrary precision numbers */ + PHP_FUNCTION(bcadd) +@@ -225,11 +240,12 @@ PHP_FUNCTION(bcadd) + php_str2num(&first, left TSRMLS_CC); + php_str2num(&second, right TSRMLS_CC); + bc_add (first, second, &result, scale); +- ++ + if (result->n_scale > scale) { ++ result = split_bc_num(result); + result->n_scale = scale; + } +- ++ + Z_STRVAL_P(return_value) = bc_num2str(result); + Z_STRLEN_P(return_value) = strlen(Z_STRVAL_P(return_value)); + Z_TYPE_P(return_value) = IS_STRING; +@@ -266,6 +282,7 @@ PHP_FUNCTION(bcsub) + bc_sub (first, second, &result, scale); + + if (result->n_scale > scale) { ++ result = split_bc_num(result); + result->n_scale = scale; + } + +@@ -305,6 +322,7 @@ PHP_FUNCTION(bcmul) + bc_multiply (first, second, &result, scale TSRMLS_CC); + + if (result->n_scale > scale) { ++ result = split_bc_num(result); + result->n_scale = scale; + } + +@@ -345,6 +363,7 @@ PHP_FUNCTION(bcdiv) + switch (bc_divide(first, second, &result, scale TSRMLS_CC)) { + case 0: /* OK */ + if (result->n_scale > scale) { ++ result = split_bc_num(result); + result->n_scale = scale; + } + Z_STRVAL_P(return_value) = bc_num2str(result); +@@ -424,8 +443,9 @@ PHP_FUNCTION(bcpowmod) + scale_int = (int) ((int)scale < 0) ? 0 : scale; + + if (bc_raisemod(first, second, mod, &result, scale_int TSRMLS_CC) != -1) { +- if (result->n_scale > scale) { +- result->n_scale = scale; ++ if (result->n_scale > scale_int) { ++ result = split_bc_num(result); ++ result->n_scale = scale_int; + } + Z_STRVAL_P(return_value) = bc_num2str(result); + Z_STRLEN_P(return_value) = strlen(Z_STRVAL_P(return_value)); +@@ -468,6 +488,7 @@ PHP_FUNCTION(bcpow) + bc_raise (first, second, &result, scale TSRMLS_CC); + + if (result->n_scale > scale) { ++ result = split_bc_num(result); + result->n_scale = scale; + } + +@@ -494,16 +515,17 @@ PHP_FUNCTION(bcsqrt) + if (zend_parse_parameters(argc TSRMLS_CC, "s|l", &left, &left_len, &scale_param) == FAILURE) { + return; + } +- ++ + if (argc == 2) { + scale = (int) ((int)scale_param < 0) ? 0 : scale_param; + } + + bc_init_num(&result TSRMLS_CC); + php_str2num(&result, left TSRMLS_CC); +- ++ + if (bc_sqrt (&result, scale TSRMLS_CC) != 0) { + if (result->n_scale > scale) { ++ result = split_bc_num(result); + result->n_scale = scale; + } + Z_STRVAL_P(return_value) = bc_num2str(result); +diff --git a/ext/bcmath/tests/bug72093.phpt b/ext/bcmath/tests/bug72093.phpt +new file mode 100644 +index 0000000..be664b8 +--- /dev/null ++++ b/ext/bcmath/tests/bug72093.phpt +@@ -0,0 +1,13 @@ ++--TEST-- ++Bug 72093: bcpowmod accepts negative scale and corrupts _one_ definition ++--SKIPIF-- ++ ++--FILE-- ++ ++--EXPECTF-- ++string(1) "1" ++bc math warning: non-zero scale in exponent ++string(3) "0.0" --- php5-5.3.10.orig/debian/patches/remove_readelf.patch +++ php5-5.3.10/debian/patches/remove_readelf.patch @@ -0,0 +1,1552 @@ +Description: remove readelf.c from fileinfo as it isn't used, and is a + source of confusion when doing security updates. +Origin: backport, http://git.php.net/?p=php-src.git;a=commit;h=919abf0cb132cc06c3a0be311af3069bd4be09ce + +Index: php5-5.3.10/ext/fileinfo/config.m4 +=================================================================== +--- php5-5.3.10.orig/ext/fileinfo/config.m4 2015-02-13 11:20:34.637857624 -0500 ++++ php5-5.3.10/ext/fileinfo/config.m4 2015-02-13 11:20:34.625857522 -0500 +@@ -11,7 +11,7 @@ + libmagic/cdf.c libmagic/cdf_time.c libmagic/compress.c \ + libmagic/encoding.c libmagic/fsmagic.c libmagic/funcs.c \ + libmagic/is_tar.c libmagic/magic.c libmagic/print.c \ +- libmagic/readcdf.c libmagic/readelf.c libmagic/softmagic.c" ++ libmagic/readcdf.c libmagic/softmagic.c" + + PHP_NEW_EXTENSION(fileinfo, fileinfo.c $libmagic_sources, $ext_shared,,-I@ext_srcdir@/libmagic) + PHP_ADD_BUILD_DIR($ext_builddir/libmagic) +Index: php5-5.3.10/ext/fileinfo/config.w32 +=================================================================== +--- php5-5.3.10.orig/ext/fileinfo/config.w32 2015-02-13 11:20:34.637857624 -0500 ++++ php5-5.3.10/ext/fileinfo/config.w32 2015-02-13 11:21:07.838135926 -0500 +@@ -10,7 +10,7 @@ + cdf.c cdf_time.c compress.c \ + encoding.c fsmagic.c funcs.c \ + is_tar.c magic.c print.c \ +- readcdf.c readelf.c softmagic.c"; ++ readcdf.c softmagic.c"; + + if (VCVERS < 1500) { + ADD_FLAG('CFLAGS', '/Zm1000'); +Index: php5-5.3.10/ext/fileinfo/libmagic/file.h +=================================================================== +--- php5-5.3.10.orig/ext/fileinfo/libmagic/file.h 2015-02-13 11:20:34.637857624 -0500 ++++ php5-5.3.10/ext/fileinfo/libmagic/file.h 2015-02-13 11:20:34.629857556 -0500 +@@ -354,8 +354,6 @@ + protected int file_pipe2file(struct magic_set *, int, const void *, size_t); + protected int file_printf(struct magic_set *, const char *, ...); + protected int file_reset(struct magic_set *); +-protected int file_tryelf(struct magic_set *, int, const unsigned char *, +- size_t); + protected int file_trycdf(struct magic_set *, int, const unsigned char *, + size_t); + #ifdef PHP_FILEINFO_UNCOMPRESS +Index: php5-5.3.10/ext/fileinfo/libmagic/readelf.h +=================================================================== +--- php5-5.3.10.orig/ext/fileinfo/libmagic/readelf.h 2015-02-13 11:20:24.585773351 -0500 ++++ /dev/null 1970-01-01 00:00:00.000000000 +0000 +@@ -1,312 +0,0 @@ +-/* +- * Copyright (c) Christos Zoulas 2003. +- * All Rights Reserved. +- * +- * Redistribution and use in source and binary forms, with or without +- * modification, are permitted provided that the following conditions +- * are met: +- * 1. Redistributions of source code must retain the above copyright +- * notice immediately at the beginning of the file, without modification, +- * this list of conditions, and the following disclaimer. +- * 2. Redistributions in binary form must reproduce the above copyright +- * notice, this list of conditions and the following disclaimer in the +- * documentation and/or other materials provided with the distribution. +- * +- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR +- * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +- * SUCH DAMAGE. +- */ +-/* +- * @(#)Id: readelf.h,v 1.9 2002/05/16 18:45:56 christos Exp +- * +- * Provide elf data structures for non-elf machines, allowing file +- * non-elf hosts to determine if an elf binary is stripped. +- * Note: cobbled from the linux header file, with modifications +- */ +-#ifndef __fake_elf_h__ +-#define __fake_elf_h__ +- +-#if HAVE_STDINT_H +-#include +-#endif +- +-typedef uint32_t Elf32_Addr; +-typedef uint32_t Elf32_Off; +-typedef uint16_t Elf32_Half; +-typedef uint32_t Elf32_Word; +-typedef uint8_t Elf32_Char; +- +-#if SIZEOF_LONG_LONG != 8 +-#define USE_ARRAY_FOR_64BIT_TYPES +-typedef uint32_t Elf64_Addr[2]; +-typedef uint32_t Elf64_Off[2]; +-typedef uint32_t Elf64_Xword[2]; +-#else +-#undef USE_ARRAY_FOR_64BIT_TYPES +-typedef uint64_t Elf64_Addr; +-typedef uint64_t Elf64_Off; +-typedef uint64_t Elf64_Xword; +-#endif +-typedef uint16_t Elf64_Half; +-typedef uint32_t Elf64_Word; +-typedef uint8_t Elf64_Char; +- +-#define EI_NIDENT 16 +- +-typedef struct { +- Elf32_Char e_ident[EI_NIDENT]; +- Elf32_Half e_type; +- Elf32_Half e_machine; +- Elf32_Word e_version; +- Elf32_Addr e_entry; /* Entry point */ +- Elf32_Off e_phoff; +- Elf32_Off e_shoff; +- Elf32_Word e_flags; +- Elf32_Half e_ehsize; +- Elf32_Half e_phentsize; +- Elf32_Half e_phnum; +- Elf32_Half e_shentsize; +- Elf32_Half e_shnum; +- Elf32_Half e_shstrndx; +-} Elf32_Ehdr; +- +-typedef struct { +- Elf64_Char e_ident[EI_NIDENT]; +- Elf64_Half e_type; +- Elf64_Half e_machine; +- Elf64_Word e_version; +- Elf64_Addr e_entry; /* Entry point */ +- Elf64_Off e_phoff; +- Elf64_Off e_shoff; +- Elf64_Word e_flags; +- Elf64_Half e_ehsize; +- Elf64_Half e_phentsize; +- Elf64_Half e_phnum; +- Elf64_Half e_shentsize; +- Elf64_Half e_shnum; +- Elf64_Half e_shstrndx; +-} Elf64_Ehdr; +- +-/* e_type */ +-#define ET_REL 1 +-#define ET_EXEC 2 +-#define ET_DYN 3 +-#define ET_CORE 4 +- +-/* e_machine (used only for SunOS 5.x hardware capabilities) */ +-#define EM_SPARC 2 +-#define EM_386 3 +-#define EM_SPARC32PLUS 18 +-#define EM_SPARCV9 43 +-#define EM_IA_64 50 +-#define EM_AMD64 62 +- +-/* sh_type */ +-#define SHT_SYMTAB 2 +-#define SHT_NOTE 7 +-#define SHT_DYNSYM 11 +-#define SHT_SUNW_cap 0x6ffffff5 /* SunOS 5.x hw/sw capabilites */ +- +-/* elf type */ +-#define ELFDATANONE 0 /* e_ident[EI_DATA] */ +-#define ELFDATA2LSB 1 +-#define ELFDATA2MSB 2 +- +-/* elf class */ +-#define ELFCLASSNONE 0 +-#define ELFCLASS32 1 +-#define ELFCLASS64 2 +- +-/* magic number */ +-#define EI_MAG0 0 /* e_ident[] indexes */ +-#define EI_MAG1 1 +-#define EI_MAG2 2 +-#define EI_MAG3 3 +-#define EI_CLASS 4 +-#define EI_DATA 5 +-#define EI_VERSION 6 +-#define EI_PAD 7 +- +-#define ELFMAG0 0x7f /* EI_MAG */ +-#define ELFMAG1 'E' +-#define ELFMAG2 'L' +-#define ELFMAG3 'F' +-#define ELFMAG "\177ELF" +- +-#define OLFMAG1 'O' +-#define OLFMAG "\177OLF" +- +-typedef struct { +- Elf32_Word p_type; +- Elf32_Off p_offset; +- Elf32_Addr p_vaddr; +- Elf32_Addr p_paddr; +- Elf32_Word p_filesz; +- Elf32_Word p_memsz; +- Elf32_Word p_flags; +- Elf32_Word p_align; +-} Elf32_Phdr; +- +-typedef struct { +- Elf64_Word p_type; +- Elf64_Word p_flags; +- Elf64_Off p_offset; +- Elf64_Addr p_vaddr; +- Elf64_Addr p_paddr; +- Elf64_Xword p_filesz; +- Elf64_Xword p_memsz; +- Elf64_Xword p_align; +-} Elf64_Phdr; +- +-#define PT_NULL 0 /* p_type */ +-#define PT_LOAD 1 +-#define PT_DYNAMIC 2 +-#define PT_INTERP 3 +-#define PT_NOTE 4 +-#define PT_SHLIB 5 +-#define PT_PHDR 6 +-#define PT_NUM 7 +- +-typedef struct { +- Elf32_Word sh_name; +- Elf32_Word sh_type; +- Elf32_Word sh_flags; +- Elf32_Addr sh_addr; +- Elf32_Off sh_offset; +- Elf32_Word sh_size; +- Elf32_Word sh_link; +- Elf32_Word sh_info; +- Elf32_Word sh_addralign; +- Elf32_Word sh_entsize; +-} Elf32_Shdr; +- +-typedef struct { +- Elf64_Word sh_name; +- Elf64_Word sh_type; +- Elf64_Off sh_flags; +- Elf64_Addr sh_addr; +- Elf64_Off sh_offset; +- Elf64_Off sh_size; +- Elf64_Word sh_link; +- Elf64_Word sh_info; +- Elf64_Off sh_addralign; +- Elf64_Off sh_entsize; +-} Elf64_Shdr; +- +-#define NT_NETBSD_CORE_PROCINFO 1 +- +-/* Note header in a PT_NOTE section */ +-typedef struct elf_note { +- Elf32_Word n_namesz; /* Name size */ +- Elf32_Word n_descsz; /* Content size */ +- Elf32_Word n_type; /* Content type */ +-} Elf32_Nhdr; +- +-typedef struct { +- Elf64_Word n_namesz; +- Elf64_Word n_descsz; +- Elf64_Word n_type; +-} Elf64_Nhdr; +- +-/* Notes used in ET_CORE */ +-#define NT_PRSTATUS 1 +-#define NT_PRFPREG 2 +-#define NT_PRPSINFO 3 +-#define NT_PRXREG 4 +-#define NT_TASKSTRUCT 4 +-#define NT_PLATFORM 5 +-#define NT_AUXV 6 +- +-/* Note types used in executables */ +-/* NetBSD executables (name = "NetBSD") */ +-#define NT_NETBSD_VERSION 1 +-#define NT_NETBSD_EMULATION 2 +-#define NT_FREEBSD_VERSION 1 +-#define NT_OPENBSD_VERSION 1 +-#define NT_DRAGONFLY_VERSION 1 +-/* GNU executables (name = "GNU") */ +-#define NT_GNU_VERSION 1 +- +-/* GNU OS tags */ +-#define GNU_OS_LINUX 0 +-#define GNU_OS_HURD 1 +-#define GNU_OS_SOLARIS 2 +-#define GNU_OS_KFREEBSD 3 +-#define GNU_OS_KNETBSD 4 +- +-/* SunOS 5.x hardware/software capabilities */ +-typedef struct { +- Elf32_Word c_tag; +- union { +- Elf32_Word c_val; +- Elf32_Addr c_ptr; +- } c_un; +-} Elf32_Cap; +- +-typedef struct { +- Elf64_Xword c_tag; +- union { +- Elf64_Xword c_val; +- Elf64_Addr c_ptr; +- } c_un; +-} Elf64_Cap; +- +-/* SunOS 5.x hardware/software capability tags */ +-#define CA_SUNW_NULL 0 +-#define CA_SUNW_HW_1 1 +-#define CA_SUNW_SF_1 2 +- +-/* SunOS 5.x software capabilities */ +-#define SF1_SUNW_FPKNWN 0x01 +-#define SF1_SUNW_FPUSED 0x02 +-#define SF1_SUNW_MASK 0x03 +- +-/* SunOS 5.x hardware capabilities: sparc */ +-#define AV_SPARC_MUL32 0x0001 +-#define AV_SPARC_DIV32 0x0002 +-#define AV_SPARC_FSMULD 0x0004 +-#define AV_SPARC_V8PLUS 0x0008 +-#define AV_SPARC_POPC 0x0010 +-#define AV_SPARC_VIS 0x0020 +-#define AV_SPARC_VIS2 0x0040 +-#define AV_SPARC_ASI_BLK_INIT 0x0080 +-#define AV_SPARC_FMAF 0x0100 +-#define AV_SPARC_FJFMAU 0x4000 +-#define AV_SPARC_IMA 0x8000 +- +-/* SunOS 5.x hardware capabilities: 386 */ +-#define AV_386_FPU 0x00000001 +-#define AV_386_TSC 0x00000002 +-#define AV_386_CX8 0x00000004 +-#define AV_386_SEP 0x00000008 +-#define AV_386_AMD_SYSC 0x00000010 +-#define AV_386_CMOV 0x00000020 +-#define AV_386_MMX 0x00000040 +-#define AV_386_AMD_MMX 0x00000080 +-#define AV_386_AMD_3DNow 0x00000100 +-#define AV_386_AMD_3DNowx 0x00000200 +-#define AV_386_FXSR 0x00000400 +-#define AV_386_SSE 0x00000800 +-#define AV_386_SSE2 0x00001000 +-#define AV_386_PAUSE 0x00002000 +-#define AV_386_SSE3 0x00004000 +-#define AV_386_MON 0x00008000 +-#define AV_386_CX16 0x00010000 +-#define AV_386_AHF 0x00020000 +-#define AV_386_TSCP 0x00040000 +-#define AV_386_AMD_SSE4A 0x00080000 +-#define AV_386_POPCNT 0x00100000 +-#define AV_386_AMD_LZCNT 0x00200000 +-#define AV_386_SSSE3 0x00400000 +-#define AV_386_SSE4_1 0x00800000 +-#define AV_386_SSE4_2 0x01000000 +- +-#endif +Index: php5-5.3.10/ext/fileinfo/libmagic/readelf.c +=================================================================== +--- php5-5.3.10.orig/ext/fileinfo/libmagic/readelf.c 2015-02-13 11:20:24.585773351 -0500 ++++ /dev/null 1970-01-01 00:00:00.000000000 +0000 +@@ -1,1187 +0,0 @@ +-/* +- * Copyright (c) Christos Zoulas 2003. +- * All Rights Reserved. +- * +- * Redistribution and use in source and binary forms, with or without +- * modification, are permitted provided that the following conditions +- * are met: +- * 1. Redistributions of source code must retain the above copyright +- * notice immediately at the beginning of the file, without modification, +- * this list of conditions, and the following disclaimer. +- * 2. Redistributions in binary form must reproduce the above copyright +- * notice, this list of conditions and the following disclaimer in the +- * documentation and/or other materials provided with the distribution. +- * +- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR +- * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +- * SUCH DAMAGE. +- */ +-#include "file.h" +- +-#ifndef lint +-FILE_RCSID("@(#)$File: readelf.c,v 1.81 2008/11/04 16:38:28 christos Exp $") +-#endif +- +-#ifdef BUILTIN_ELF +-#include +-#include +-#include +-#ifdef HAVE_UNISTD_H +-#include +-#endif +- +-#include "readelf.h" +-#include "magic.h" +- +-#ifdef ELFCORE +-private int dophn_core(struct magic_set *, int, int, int, off_t, int, size_t, +- off_t, int *); +-#endif +-private int dophn_exec(struct magic_set *, int, int, int, off_t, int, size_t, +- off_t, int *, int); +-private int doshn(struct magic_set *, int, int, int, off_t, int, size_t, int *, +- int); +-private size_t donote(struct magic_set *, unsigned char *, size_t, size_t, int, +- int, size_t, int *); +- +-#define ELF_ALIGN(a) ((((a) + align - 1) / align) * align) +- +-#define isquote(c) (strchr("'\"`", (c)) != NULL) +- +-private uint16_t getu16(int, uint16_t); +-private uint32_t getu32(int, uint32_t); +-private uint64_t getu64(int, uint64_t); +- +-private uint16_t +-getu16(int swap, uint16_t value) +-{ +- union { +- uint16_t ui; +- char c[2]; +- } retval, tmpval; +- +- if (swap) { +- tmpval.ui = value; +- +- retval.c[0] = tmpval.c[1]; +- retval.c[1] = tmpval.c[0]; +- +- return retval.ui; +- } else +- return value; +-} +- +-private uint32_t +-getu32(int swap, uint32_t value) +-{ +- union { +- uint32_t ui; +- char c[4]; +- } retval, tmpval; +- +- if (swap) { +- tmpval.ui = value; +- +- retval.c[0] = tmpval.c[3]; +- retval.c[1] = tmpval.c[2]; +- retval.c[2] = tmpval.c[1]; +- retval.c[3] = tmpval.c[0]; +- +- return retval.ui; +- } else +- return value; +-} +- +-private uint64_t +-getu64(int swap, uint64_t value) +-{ +- union { +- uint64_t ui; +- char c[8]; +- } retval, tmpval; +- +- if (swap) { +- tmpval.ui = value; +- +- retval.c[0] = tmpval.c[7]; +- retval.c[1] = tmpval.c[6]; +- retval.c[2] = tmpval.c[5]; +- retval.c[3] = tmpval.c[4]; +- retval.c[4] = tmpval.c[3]; +- retval.c[5] = tmpval.c[2]; +- retval.c[6] = tmpval.c[1]; +- retval.c[7] = tmpval.c[0]; +- +- return retval.ui; +- } else +- return value; +-} +- +-#define elf_getu16(swap, value) getu16(swap, value) +-#define elf_getu32(swap, value) getu32(swap, value) +-#ifdef USE_ARRAY_FOR_64BIT_TYPES +-# define elf_getu64(swap, array) \ +- ((swap ? ((uint64_t)elf_getu32(swap, array[0])) << 32 : elf_getu32(swap, array[0])) + \ +- (swap ? elf_getu32(swap, array[1]) : ((uint64_t)elf_getu32(swap, array[1]) << 32))) +-#else +-# define elf_getu64(swap, value) getu64(swap, value) +-#endif +- +-#define xsh_addr (clazz == ELFCLASS32 \ +- ? (void *) &sh32 \ +- : (void *) &sh64) +-#define xsh_sizeof (clazz == ELFCLASS32 \ +- ? sizeof sh32 \ +- : sizeof sh64) +-#define xsh_size (clazz == ELFCLASS32 \ +- ? elf_getu32(swap, sh32.sh_size) \ +- : elf_getu64(swap, sh64.sh_size)) +-#define xsh_offset (clazz == ELFCLASS32 \ +- ? elf_getu32(swap, sh32.sh_offset) \ +- : elf_getu64(swap, sh64.sh_offset)) +-#define xsh_type (clazz == ELFCLASS32 \ +- ? elf_getu32(swap, sh32.sh_type) \ +- : elf_getu32(swap, sh64.sh_type)) +-#define xph_addr (clazz == ELFCLASS32 \ +- ? (void *) &ph32 \ +- : (void *) &ph64) +-#define xph_sizeof (clazz == ELFCLASS32 \ +- ? sizeof ph32 \ +- : sizeof ph64) +-#define xph_type (clazz == ELFCLASS32 \ +- ? elf_getu32(swap, ph32.p_type) \ +- : elf_getu32(swap, ph64.p_type)) +-#define xph_offset (off_t)(clazz == ELFCLASS32 \ +- ? elf_getu32(swap, ph32.p_offset) \ +- : elf_getu64(swap, ph64.p_offset)) +-#define xph_align (size_t)((clazz == ELFCLASS32 \ +- ? (off_t) (ph32.p_align ? \ +- elf_getu32(swap, ph32.p_align) : 4) \ +- : (off_t) (ph64.p_align ? \ +- elf_getu64(swap, ph64.p_align) : 4))) +-#define xph_filesz (size_t)((clazz == ELFCLASS32 \ +- ? elf_getu32(swap, ph32.p_filesz) \ +- : elf_getu64(swap, ph64.p_filesz))) +-#define xnh_addr (clazz == ELFCLASS32 \ +- ? (void *) &nh32 \ +- : (void *) &nh64) +-#define xph_memsz (size_t)((clazz == ELFCLASS32 \ +- ? elf_getu32(swap, ph32.p_memsz) \ +- : elf_getu64(swap, ph64.p_memsz))) +-#define xnh_sizeof (clazz == ELFCLASS32 \ +- ? sizeof nh32 \ +- : sizeof nh64) +-#define xnh_type (clazz == ELFCLASS32 \ +- ? elf_getu32(swap, nh32.n_type) \ +- : elf_getu32(swap, nh64.n_type)) +-#define xnh_namesz (clazz == ELFCLASS32 \ +- ? elf_getu32(swap, nh32.n_namesz) \ +- : elf_getu32(swap, nh64.n_namesz)) +-#define xnh_descsz (clazz == ELFCLASS32 \ +- ? elf_getu32(swap, nh32.n_descsz) \ +- : elf_getu32(swap, nh64.n_descsz)) +-#define prpsoffsets(i) (clazz == ELFCLASS32 \ +- ? prpsoffsets32[i] \ +- : prpsoffsets64[i]) +-#define xcap_addr (clazz == ELFCLASS32 \ +- ? (void *) &cap32 \ +- : (void *) &cap64) +-#define xcap_sizeof (clazz == ELFCLASS32 \ +- ? sizeof cap32 \ +- : sizeof cap64) +-#define xcap_tag (clazz == ELFCLASS32 \ +- ? elf_getu32(swap, cap32.c_tag) \ +- : elf_getu64(swap, cap64.c_tag)) +-#define xcap_val (clazz == ELFCLASS32 \ +- ? elf_getu32(swap, cap32.c_un.c_val) \ +- : elf_getu64(swap, cap64.c_un.c_val)) +- +-#ifdef ELFCORE +-/* +- * Try larger offsets first to avoid false matches +- * from earlier data that happen to look like strings. +- */ +-static const size_t prpsoffsets32[] = { +-#ifdef USE_NT_PSINFO +- 104, /* SunOS 5.x (command line) */ +- 88, /* SunOS 5.x (short name) */ +-#endif /* USE_NT_PSINFO */ +- +- 100, /* SunOS 5.x (command line) */ +- 84, /* SunOS 5.x (short name) */ +- +- 44, /* Linux (command line) */ +- 28, /* Linux 2.0.36 (short name) */ +- +- 8, /* FreeBSD */ +-}; +- +-static const size_t prpsoffsets64[] = { +-#ifdef USE_NT_PSINFO +- 152, /* SunOS 5.x (command line) */ +- 136, /* SunOS 5.x (short name) */ +-#endif /* USE_NT_PSINFO */ +- +- 136, /* SunOS 5.x, 64-bit (command line) */ +- 120, /* SunOS 5.x, 64-bit (short name) */ +- +- 56, /* Linux (command line) */ +- 40, /* Linux (tested on core from 2.4.x, short name) */ +- +- 16, /* FreeBSD, 64-bit */ +-}; +- +-#define NOFFSETS32 (sizeof prpsoffsets32 / sizeof prpsoffsets32[0]) +-#define NOFFSETS64 (sizeof prpsoffsets64 / sizeof prpsoffsets64[0]) +- +-#define NOFFSETS (clazz == ELFCLASS32 ? NOFFSETS32 : NOFFSETS64) +- +-/* +- * Look through the program headers of an executable image, searching +- * for a PT_NOTE section of type NT_PRPSINFO, with a name "CORE" or +- * "FreeBSD"; if one is found, try looking in various places in its +- * contents for a 16-character string containing only printable +- * characters - if found, that string should be the name of the program +- * that dropped core. Note: right after that 16-character string is, +- * at least in SunOS 5.x (and possibly other SVR4-flavored systems) and +- * Linux, a longer string (80 characters, in 5.x, probably other +- * SVR4-flavored systems, and Linux) containing the start of the +- * command line for that program. +- * +- * SunOS 5.x core files contain two PT_NOTE sections, with the types +- * NT_PRPSINFO (old) and NT_PSINFO (new). These structs contain the +- * same info about the command name and command line, so it probably +- * isn't worthwhile to look for NT_PSINFO, but the offsets are provided +- * above (see USE_NT_PSINFO), in case we ever decide to do so. The +- * NT_PRPSINFO and NT_PSINFO sections are always in order and adjacent; +- * the SunOS 5.x file command relies on this (and prefers the latter). +- * +- * The signal number probably appears in a section of type NT_PRSTATUS, +- * but that's also rather OS-dependent, in ways that are harder to +- * dissect with heuristics, so I'm not bothering with the signal number. +- * (I suppose the signal number could be of interest in situations where +- * you don't have the binary of the program that dropped core; if you +- * *do* have that binary, the debugger will probably tell you what +- * signal it was.) +- */ +- +-#define OS_STYLE_SVR4 0 +-#define OS_STYLE_FREEBSD 1 +-#define OS_STYLE_NETBSD 2 +- +-private const char os_style_names[][8] = { +- "SVR4", +- "FreeBSD", +- "NetBSD", +-}; +- +-#define FLAGS_DID_CORE 1 +-#define FLAGS_DID_NOTE 2 +-#define FLAGS_DID_CORE_STYLE 4 +- +-private int +-dophn_core(struct magic_set *ms, int clazz, int swap, int fd, off_t off, +- int num, size_t size, off_t fsize, int *flags) +-{ +- Elf32_Phdr ph32; +- Elf64_Phdr ph64; +- size_t offset; +- unsigned char nbuf[BUFSIZ]; +- ssize_t bufsize; +- off_t savedoffset; +- struct stat st; +- +- if (fstat(fd, &st) < 0) { +- file_badread(ms); +- return -1; +- } +- +- if (size != xph_sizeof) { +- if (file_printf(ms, ", corrupted program header size") == -1) +- return -1; +- return 0; +- } +- +- /* +- * Loop through all the program headers. +- */ +- for ( ; num; num--) { +- if ((savedoffset = lseek(fd, off, SEEK_SET)) == (off_t)-1) { +- file_badseek(ms); +- return -1; +- } +- if (read(fd, xph_addr, xph_sizeof) == -1) { +- file_badread(ms); +- return -1; +- } +- if (xph_offset > fsize) { +- if (lseek(fd, savedoffset, SEEK_SET) == (off_t)-1) { +- file_badseek(ms); +- return -1; +- } +- continue; +- } +- +- off += size; +- if (xph_type != PT_NOTE) +- continue; +- +- /* +- * This is a PT_NOTE section; loop through all the notes +- * in the section. +- */ +- if (lseek(fd, xph_offset, SEEK_SET) == (off_t)-1) { +- file_badseek(ms); +- return -1; +- } +- bufsize = read(fd, nbuf, +- ((xph_filesz < sizeof(nbuf)) ? xph_filesz : sizeof(nbuf))); +- if (bufsize == -1) { +- file_badread(ms); +- return -1; +- } +- offset = 0; +- for (;;) { +- if (offset >= (size_t)bufsize) +- break; +- offset = donote(ms, nbuf, offset, (size_t)bufsize, +- clazz, swap, 4, flags); +- if (offset == 0) +- break; +- +- } +- } +- return 0; +-} +-#endif +- +-private size_t +-donote(struct magic_set *ms, unsigned char *nbuf, size_t offset, size_t size, +- int clazz, int swap, size_t align, int *flags) +-{ +- Elf32_Nhdr nh32; +- Elf64_Nhdr nh64; +- size_t noff, doff; +-#ifdef ELFCORE +- int os_style = -1; +-#endif +- uint32_t namesz, descsz; +- +- (void)memcpy(xnh_addr, &nbuf[offset], xnh_sizeof); +- offset += xnh_sizeof; +- +- namesz = xnh_namesz; +- descsz = xnh_descsz; +- if ((namesz == 0) && (descsz == 0)) { +- /* +- * We're out of note headers. +- */ +- return (offset >= size) ? offset : size; +- } +- +- if (namesz & 0x80000000) { +- (void)file_printf(ms, ", bad note name size 0x%lx", +- (unsigned long)namesz); +- return offset; +- } +- +- if (descsz & 0x80000000) { +- (void)file_printf(ms, ", bad note description size 0x%lx", +- (unsigned long)descsz); +- return offset; +- } +- +- +- noff = offset; +- doff = ELF_ALIGN(offset + namesz); +- +- if (offset + namesz > size) { +- /* +- * We're past the end of the buffer. +- */ +- return doff; +- } +- +- offset = ELF_ALIGN(doff + descsz); +- if (doff + descsz > size) { +- /* +- * We're past the end of the buffer. +- */ +- return (offset >= size) ? offset : size; +- } +- +- if (*flags & FLAGS_DID_NOTE) +- goto core; +- +- if (namesz == 4 && strcmp((char *)&nbuf[noff], "GNU") == 0 && +- xnh_type == NT_GNU_VERSION && descsz == 16) { +- uint32_t desc[4]; +- (void)memcpy(desc, &nbuf[doff], sizeof(desc)); +- +- if (file_printf(ms, ", for GNU/") == -1) +- return size; +- switch (elf_getu32(swap, desc[0])) { +- case GNU_OS_LINUX: +- if (file_printf(ms, "Linux") == -1) +- return size; +- break; +- case GNU_OS_HURD: +- if (file_printf(ms, "Hurd") == -1) +- return size; +- break; +- case GNU_OS_SOLARIS: +- if (file_printf(ms, "Solaris") == -1) +- return size; +- break; +- case GNU_OS_KFREEBSD: +- if (file_printf(ms, "kFreeBSD") == -1) +- return size; +- break; +- case GNU_OS_KNETBSD: +- if (file_printf(ms, "kNetBSD") == -1) +- return size; +- break; +- default: +- if (file_printf(ms, "") == -1) +- return size; +- } +- if (file_printf(ms, " %d.%d.%d", elf_getu32(swap, desc[1]), +- elf_getu32(swap, desc[2]), elf_getu32(swap, desc[3])) == -1) +- return size; +- *flags |= FLAGS_DID_NOTE; +- return size; +- } +- +- if (namesz == 7 && strcmp((char *)&nbuf[noff], "NetBSD") == 0 && +- xnh_type == NT_NETBSD_VERSION && descsz == 4) { +- uint32_t desc; +- (void)memcpy(&desc, &nbuf[doff], sizeof(desc)); +- desc = elf_getu32(swap, desc); +- +- if (file_printf(ms, ", for NetBSD") == -1) +- return size; +- /* +- * The version number used to be stuck as 199905, and was thus +- * basically content-free. Newer versions of NetBSD have fixed +- * this and now use the encoding of __NetBSD_Version__: +- * +- * MMmmrrpp00 +- * +- * M = major version +- * m = minor version +- * r = release ["",A-Z,Z[A-Z] but numeric] +- * p = patchlevel +- */ +- if (desc > 100000000U) { +- uint32_t ver_patch = (desc / 100) % 100; +- uint32_t ver_rel = (desc / 10000) % 100; +- uint32_t ver_min = (desc / 1000000) % 100; +- uint32_t ver_maj = desc / 100000000; +- +- if (file_printf(ms, " %u.%u", ver_maj, ver_min) == -1) +- return size; +- if (ver_rel == 0 && ver_patch != 0) { +- if (file_printf(ms, ".%u", ver_patch) == -1) +- return size; +- } else if (ver_rel != 0) { +- while (ver_rel > 26) { +- if (file_printf(ms, "Z") == -1) +- return size; +- ver_rel -= 26; +- } +- if (file_printf(ms, "%c", 'A' + ver_rel - 1) +- == -1) +- return size; +- } +- } +- *flags |= FLAGS_DID_NOTE; +- return size; +- } +- +- if (namesz == 8 && strcmp((char *)&nbuf[noff], "FreeBSD") == 0 && +- xnh_type == NT_FREEBSD_VERSION && descsz == 4) { +- uint32_t desc; +- (void)memcpy(&desc, &nbuf[doff], sizeof(desc)); +- desc = elf_getu32(swap, desc); +- if (file_printf(ms, ", for FreeBSD") == -1) +- return size; +- +- /* +- * Contents is __FreeBSD_version, whose relation to OS +- * versions is defined by a huge table in the Porter's +- * Handbook. This is the general scheme: +- * +- * Releases: +- * Mmp000 (before 4.10) +- * Mmi0p0 (before 5.0) +- * Mmm0p0 +- * +- * Development branches: +- * Mmpxxx (before 4.6) +- * Mmp1xx (before 4.10) +- * Mmi1xx (before 5.0) +- * M000xx (pre-M.0) +- * Mmm1xx +- * +- * M = major version +- * m = minor version +- * i = minor version increment (491000 -> 4.10) +- * p = patchlevel +- * x = revision +- * +- * The first release of FreeBSD to use ELF by default +- * was version 3.0. +- */ +- if (desc == 460002) { +- if (file_printf(ms, " 4.6.2") == -1) +- return size; +- } else if (desc < 460100) { +- if (file_printf(ms, " %d.%d", desc / 100000, +- desc / 10000 % 10) == -1) +- return size; +- if (desc / 1000 % 10 > 0) +- if (file_printf(ms, ".%d", desc / 1000 % 10) +- == -1) +- return size; +- if ((desc % 1000 > 0) || (desc % 100000 == 0)) +- if (file_printf(ms, " (%d)", desc) == -1) +- return size; +- } else if (desc < 500000) { +- if (file_printf(ms, " %d.%d", desc / 100000, +- desc / 10000 % 10 + desc / 1000 % 10) == -1) +- return size; +- if (desc / 100 % 10 > 0) { +- if (file_printf(ms, " (%d)", desc) == -1) +- return size; +- } else if (desc / 10 % 10 > 0) { +- if (file_printf(ms, ".%d", desc / 10 % 10) +- == -1) +- return size; +- } +- } else { +- if (file_printf(ms, " %d.%d", desc / 100000, +- desc / 1000 % 100) == -1) +- return size; +- if ((desc / 100 % 10 > 0) || +- (desc % 100000 / 100 == 0)) { +- if (file_printf(ms, " (%d)", desc) == -1) +- return size; +- } else if (desc / 10 % 10 > 0) { +- if (file_printf(ms, ".%d", desc / 10 % 10) +- == -1) +- return size; +- } +- } +- *flags |= FLAGS_DID_NOTE; +- return size; +- } +- +- if (namesz == 8 && strcmp((char *)&nbuf[noff], "OpenBSD") == 0 && +- xnh_type == NT_OPENBSD_VERSION && descsz == 4) { +- if (file_printf(ms, ", for OpenBSD") == -1) +- return size; +- /* Content of note is always 0 */ +- *flags |= FLAGS_DID_NOTE; +- return size; +- } +- +- if (namesz == 10 && strcmp((char *)&nbuf[noff], "DragonFly") == 0 && +- xnh_type == NT_DRAGONFLY_VERSION && descsz == 4) { +- uint32_t desc; +- if (file_printf(ms, ", for DragonFly") == -1) +- return size; +- (void)memcpy(&desc, &nbuf[doff], sizeof(desc)); +- desc = elf_getu32(swap, desc); +- if (file_printf(ms, " %d.%d.%d", desc / 100000, +- desc / 10000 % 10, desc % 10000) == -1) +- return size; +- *flags |= FLAGS_DID_NOTE; +- return size; +- } +- +-core: +- /* +- * Sigh. The 2.0.36 kernel in Debian 2.1, at +- * least, doesn't correctly implement name +- * sections, in core dumps, as specified by +- * the "Program Linking" section of "UNIX(R) System +- * V Release 4 Programmer's Guide: ANSI C and +- * Programming Support Tools", because my copy +- * clearly says "The first 'namesz' bytes in 'name' +- * contain a *null-terminated* [emphasis mine] +- * character representation of the entry's owner +- * or originator", but the 2.0.36 kernel code +- * doesn't include the terminating null in the +- * name.... +- */ +- if ((namesz == 4 && strncmp((char *)&nbuf[noff], "CORE", 4) == 0) || +- (namesz == 5 && strcmp((char *)&nbuf[noff], "CORE") == 0)) { +- os_style = OS_STYLE_SVR4; +- } +- +- if ((namesz == 8 && strcmp((char *)&nbuf[noff], "FreeBSD") == 0)) { +- os_style = OS_STYLE_FREEBSD; +- } +- +- if ((namesz >= 11 && strncmp((char *)&nbuf[noff], "NetBSD-CORE", 11) +- == 0)) { +- os_style = OS_STYLE_NETBSD; +- } +- +-#ifdef ELFCORE +- if ((*flags & FLAGS_DID_CORE) != 0) +- return size; +- +- if (os_style != -1 && (*flags & FLAGS_DID_CORE_STYLE) == 0) { +- if (file_printf(ms, ", %s-style", os_style_names[os_style]) +- == -1) +- return size; +- *flags |= FLAGS_DID_CORE_STYLE; +- } +- +- switch (os_style) { +- case OS_STYLE_NETBSD: +- if (xnh_type == NT_NETBSD_CORE_PROCINFO) { +- uint32_t signo; +- /* +- * Extract the program name. It is at +- * offset 0x7c, and is up to 32-bytes, +- * including the terminating NUL. +- */ +- if (file_printf(ms, ", from '%.31s'", +- &nbuf[doff + 0x7c]) == -1) +- return size; +- +- /* +- * Extract the signal number. It is at +- * offset 0x08. +- */ +- (void)memcpy(&signo, &nbuf[doff + 0x08], +- sizeof(signo)); +- if (file_printf(ms, " (signal %u)", +- elf_getu32(swap, signo)) == -1) +- return size; +- *flags |= FLAGS_DID_CORE; +- return size; +- } +- break; +- +- default: +- if (xnh_type == NT_PRPSINFO) { +- size_t i, j; +- unsigned char c; +- /* +- * Extract the program name. We assume +- * it to be 16 characters (that's what it +- * is in SunOS 5.x and Linux). +- * +- * Unfortunately, it's at a different offset +- * in various OSes, so try multiple offsets. +- * If the characters aren't all printable, +- * reject it. +- */ +- for (i = 0; i < NOFFSETS; i++) { +- unsigned char *cname, *cp; +- size_t reloffset = prpsoffsets(i); +- size_t noffset = doff + reloffset; +- for (j = 0; j < 16; j++, noffset++, +- reloffset++) { +- /* +- * Make sure we're not past +- * the end of the buffer; if +- * we are, just give up. +- */ +- if (noffset >= size) +- goto tryanother; +- +- /* +- * Make sure we're not past +- * the end of the contents; +- * if we are, this obviously +- * isn't the right offset. +- */ +- if (reloffset >= descsz) +- goto tryanother; +- +- c = nbuf[noffset]; +- if (c == '\0') { +- /* +- * A '\0' at the +- * beginning is +- * obviously wrong. +- * Any other '\0' +- * means we're done. +- */ +- if (j == 0) +- goto tryanother; +- else +- break; +- } else { +- /* +- * A nonprintable +- * character is also +- * wrong. +- */ +- if (!isprint(c) || isquote(c)) +- goto tryanother; +- } +- } +- /* +- * Well, that worked. +- */ +- cname = (unsigned char *) +- &nbuf[doff + prpsoffsets(i)]; +- for (cp = cname; *cp && isprint(*cp); cp++) +- continue; +- /* +- * Linux apparently appends a space at the end +- * of the command line: remove it. +- */ +- while (cp > cname && isspace(cp[-1])) +- cp--; +- if (file_printf(ms, ", from '%.*s'", +- (int)(cp - cname), cname) == -1) +- return size; +- *flags |= FLAGS_DID_CORE; +- return size; +- +- tryanother: +- ; +- } +- } +- break; +- } +-#endif +- return offset; +-} +- +-/* SunOS 5.x hardware capability descriptions */ +-typedef struct cap_desc { +- uint64_t cd_mask; +- const char *cd_name; +-} cap_desc_t; +- +-static const cap_desc_t cap_desc_sparc[] = { +- { AV_SPARC_MUL32, "MUL32" }, +- { AV_SPARC_DIV32, "DIV32" }, +- { AV_SPARC_FSMULD, "FSMULD" }, +- { AV_SPARC_V8PLUS, "V8PLUS" }, +- { AV_SPARC_POPC, "POPC" }, +- { AV_SPARC_VIS, "VIS" }, +- { AV_SPARC_VIS2, "VIS2" }, +- { AV_SPARC_ASI_BLK_INIT, "ASI_BLK_INIT" }, +- { AV_SPARC_FMAF, "FMAF" }, +- { AV_SPARC_FJFMAU, "FJFMAU" }, +- { AV_SPARC_IMA, "IMA" }, +- { 0, NULL } +-}; +- +-static const cap_desc_t cap_desc_386[] = { +- { AV_386_FPU, "FPU" }, +- { AV_386_TSC, "TSC" }, +- { AV_386_CX8, "CX8" }, +- { AV_386_SEP, "SEP" }, +- { AV_386_AMD_SYSC, "AMD_SYSC" }, +- { AV_386_CMOV, "CMOV" }, +- { AV_386_MMX, "MMX" }, +- { AV_386_AMD_MMX, "AMD_MMX" }, +- { AV_386_AMD_3DNow, "AMD_3DNow" }, +- { AV_386_AMD_3DNowx, "AMD_3DNowx" }, +- { AV_386_FXSR, "FXSR" }, +- { AV_386_SSE, "SSE" }, +- { AV_386_SSE2, "SSE2" }, +- { AV_386_PAUSE, "PAUSE" }, +- { AV_386_SSE3, "SSE3" }, +- { AV_386_MON, "MON" }, +- { AV_386_CX16, "CX16" }, +- { AV_386_AHF, "AHF" }, +- { AV_386_TSCP, "TSCP" }, +- { AV_386_AMD_SSE4A, "AMD_SSE4A" }, +- { AV_386_POPCNT, "POPCNT" }, +- { AV_386_AMD_LZCNT, "AMD_LZCNT" }, +- { AV_386_SSSE3, "SSSE3" }, +- { AV_386_SSE4_1, "SSE4.1" }, +- { AV_386_SSE4_2, "SSE4.2" }, +- { 0, NULL } +-}; +- +-private int +-doshn(struct magic_set *ms, int clazz, int swap, int fd, off_t off, int num, +- size_t size, int *flags, int mach) +-{ +- Elf32_Shdr sh32; +- Elf64_Shdr sh64; +- int stripped = 1; +- void *nbuf; +- off_t noff; +- uint64_t cap_hw1 = 0; /* SunOS 5.x hardware capabilites */ +- uint64_t cap_sf1 = 0; /* SunOS 5.x software capabilites */ +- +- if (size != xsh_sizeof) { +- if (file_printf(ms, ", corrupted section header size") == -1) +- return -1; +- return 0; +- } +- +- if (lseek(fd, off, SEEK_SET) == (off_t)-1) { +- file_badseek(ms); +- return -1; +- } +- +- for ( ; num; num--) { +- if (read(fd, xsh_addr, xsh_sizeof) == -1) { +- file_badread(ms); +- return -1; +- } +- switch (xsh_type) { +- case SHT_SYMTAB: +-#if 0 +- case SHT_DYNSYM: +-#endif +- stripped = 0; +- break; +- case SHT_NOTE: +- if ((off = lseek(fd, (off_t)0, SEEK_CUR)) == +- (off_t)-1) { +- file_badread(ms); +- return -1; +- } +- nbuf = emalloc((size_t)xsh_size); +- if ((noff = lseek(fd, (off_t)xsh_offset, SEEK_SET)) == +- (off_t)-1) { +- file_badread(ms); +- efree(nbuf); +- return -1; +- } +- if (read(fd, nbuf, (size_t)xsh_size) != +- (ssize_t)xsh_size) { +- efree(nbuf); +- file_badread(ms); +- return -1; +- } +- +- noff = 0; +- for (;;) { +- if (noff >= (off_t)xsh_size) +- break; +- noff = donote(ms, nbuf, (size_t)noff, +- (size_t)xsh_size, clazz, swap, 4, +- flags); +- if (noff == 0) +- break; +- } +- if ((lseek(fd, off, SEEK_SET)) == (off_t)-1) { +- efree(nbuf); +- file_badread(ms); +- return -1; +- } +- efree(nbuf); +- break; +- case SHT_SUNW_cap: +- { +- off_t coff; +- if ((off = lseek(fd, (off_t)0, SEEK_CUR)) == +- (off_t)-1) { +- file_badread(ms); +- return -1; +- } +- if (lseek(fd, (off_t)xsh_offset, SEEK_SET) == +- (off_t)-1) { +- file_badread(ms); +- return -1; +- } +- coff = 0; +- for (;;) { +- Elf32_Cap cap32; +- Elf64_Cap cap64; +- char cbuf[/*CONSTCOND*/ +- MAX(sizeof cap32, sizeof cap64)]; +- if ((coff += xcap_sizeof) >= (off_t)xsh_size) +- break; +- if (read(fd, cbuf, (size_t)xcap_sizeof) != +- (ssize_t)xcap_sizeof) { +- file_badread(ms); +- return -1; +- } +- (void)memcpy(xcap_addr, cbuf, xcap_sizeof); +- switch (xcap_tag) { +- case CA_SUNW_NULL: +- break; +- case CA_SUNW_HW_1: +- cap_hw1 |= xcap_val; +- break; +- case CA_SUNW_SF_1: +- cap_sf1 |= xcap_val; +- break; +- default: +- if (file_printf(ms, +- ", with unknown capability " +- "0x%llx = 0x%llx", +- (unsigned long long)xcap_tag, +- (unsigned long long)xcap_val) == -1) +- return -1; +- break; +- } +- } +- if (lseek(fd, off, SEEK_SET) == (off_t)-1) { +- file_badread(ms); +- return -1; +- } +- break; +- } +- } +- } +- if (file_printf(ms, ", %sstripped", stripped ? "" : "not ") == -1) +- return -1; +- if (cap_hw1) { +- const cap_desc_t *cdp; +- switch (mach) { +- case EM_SPARC: +- case EM_SPARC32PLUS: +- case EM_SPARCV9: +- cdp = cap_desc_sparc; +- break; +- case EM_386: +- case EM_IA_64: +- case EM_AMD64: +- cdp = cap_desc_386; +- break; +- default: +- cdp = NULL; +- break; +- } +- if (file_printf(ms, ", uses") == -1) +- return -1; +- if (cdp) { +- while (cdp->cd_name) { +- if (cap_hw1 & cdp->cd_mask) { +- if (file_printf(ms, +- " %s", cdp->cd_name) == -1) +- return -1; +- cap_hw1 &= ~cdp->cd_mask; +- } +- ++cdp; +- } +- if (cap_hw1) +- if (file_printf(ms, +- " unknown hardware capability 0x%llx", +- (unsigned long long)cap_hw1) == -1) +- return -1; +- } else { +- if (file_printf(ms, +- " hardware capability 0x%llx", +- (unsigned long long)cap_hw1) == -1) +- return -1; +- } +- } +- if (cap_sf1) { +- if (cap_sf1 & SF1_SUNW_FPUSED) { +- if (file_printf(ms, +- (cap_sf1 & SF1_SUNW_FPKNWN) +- ? ", uses frame pointer" +- : ", not known to use frame pointer") == -1) +- return -1; +- } +- cap_sf1 &= ~SF1_SUNW_MASK; +- if (cap_sf1) +- if (file_printf(ms, +- ", with unknown software capability 0x%llx", +- (unsigned long long)cap_sf1) == -1) +- return -1; +- } +- return 0; +-} +- +-/* +- * Look through the program headers of an executable image, searching +- * for a PT_INTERP section; if one is found, it's dynamically linked, +- * otherwise it's statically linked. +- */ +-private int +-dophn_exec(struct magic_set *ms, int clazz, int swap, int fd, off_t off, +- int num, size_t size, off_t fsize, int *flags, int sh_num) +-{ +- Elf32_Phdr ph32; +- Elf64_Phdr ph64; +- const char *linking_style = "statically"; +- const char *shared_libraries = ""; +- unsigned char nbuf[BUFSIZ]; +- int bufsize; +- size_t offset, align; +- off_t savedoffset = (off_t)-1; +- struct stat st; +- +- if (fstat(fd, &st) < 0) { +- file_badread(ms); +- return -1; +- } +- +- if (size != xph_sizeof) { +- if (file_printf(ms, ", corrupted program header size") == -1) +- return -1; +- return 0; +- } +- +- if (lseek(fd, off, SEEK_SET) == (off_t)-1) { +- file_badseek(ms); +- return -1; +- } +- +- for ( ; num; num--) { +- if (read(fd, xph_addr, xph_sizeof) == -1) { +- file_badread(ms); +- return -1; +- } +- if (xph_offset > st.st_size && savedoffset != (off_t)-1) { +- if (lseek(fd, savedoffset, SEEK_SET) == (off_t)-1) { +- file_badseek(ms); +- return -1; +- } +- continue; +- } +- +- if ((savedoffset = lseek(fd, (off_t)0, SEEK_CUR)) == (off_t)-1) { +- file_badseek(ms); +- return -1; +- } +- +- if (xph_offset > fsize) { +- if (lseek(fd, savedoffset, SEEK_SET) == (off_t)-1) { +- file_badseek(ms); +- return -1; +- } +- continue; +- } +- +- switch (xph_type) { +- case PT_DYNAMIC: +- linking_style = "dynamically"; +- break; +- case PT_INTERP: +- shared_libraries = " (uses shared libs)"; +- break; +- case PT_NOTE: +- if ((align = xph_align) & 0x80000000) { +- if (file_printf(ms, +- ", invalid note alignment 0x%lx", +- (unsigned long)align) == -1) +- return -1; +- align = 4; +- } +- if (sh_num) +- break; +- /* +- * This is a PT_NOTE section; loop through all the notes +- * in the section. +- */ +- if (lseek(fd, xph_offset, SEEK_SET) +- == (off_t)-1) { +- file_badseek(ms); +- return -1; +- } +- bufsize = read(fd, nbuf, ((xph_filesz < sizeof(nbuf)) ? +- xph_filesz : sizeof(nbuf))); +- if (bufsize == -1) { +- file_badread(ms); +- return -1; +- } +- offset = 0; +- for (;;) { +- if (offset >= (size_t)bufsize) +- break; +- offset = donote(ms, nbuf, offset, +- (size_t)bufsize, clazz, swap, align, +- flags); +- if (offset == 0) +- break; +- } +- if (lseek(fd, savedoffset, SEEK_SET) == (off_t)-1) { +- file_badseek(ms); +- return -1; +- } +- break; +- default: +- break; +- } +- } +- if (file_printf(ms, ", %s linked%s", linking_style, shared_libraries) +- == -1) +- return -1; +- return 0; +-} +- +- +-protected int +-file_tryelf(struct magic_set *ms, int fd, const unsigned char *buf, +- size_t nbytes) +-{ +- union { +- int32_t l; +- char c[sizeof (int32_t)]; +- } u; +- int clazz; +- int swap; +- struct stat st; +- off_t fsize; +- int flags = 0; +- Elf32_Ehdr elf32hdr; +- Elf64_Ehdr elf64hdr; +- uint16_t type; +- +- if (ms->flags & (MAGIC_MIME|MAGIC_APPLE)) +- return 0; +- /* +- * ELF executables have multiple section headers in arbitrary +- * file locations and thus file(1) cannot determine it from easily. +- * Instead we traverse thru all section headers until a symbol table +- * one is found or else the binary is stripped. +- * Return immediately if it's not ELF (so we avoid pipe2file unless needed). +- */ +- if (buf[EI_MAG0] != ELFMAG0 +- || (buf[EI_MAG1] != ELFMAG1 && buf[EI_MAG1] != OLFMAG1) +- || buf[EI_MAG2] != ELFMAG2 || buf[EI_MAG3] != ELFMAG3) +- return 0; +- +- /* +- * If we cannot seek, it must be a pipe, socket or fifo. +- */ +- if((lseek(fd, (off_t)0, SEEK_SET) == (off_t)-1) && (errno == ESPIPE)) +- fd = file_pipe2file(ms, fd, buf, nbytes); +- +- if (fstat(fd, &st) == -1) { +- file_badread(ms); +- return -1; +- } +- fsize = st.st_size; +- +- clazz = buf[EI_CLASS]; +- +- switch (clazz) { +- case ELFCLASS32: +-#undef elf_getu +-#define elf_getu(a, b) elf_getu32(a, b) +-#undef elfhdr +-#define elfhdr elf32hdr +-#include "elfclass.h" +- case ELFCLASS64: +-#undef elf_getu +-#define elf_getu(a, b) elf_getu64(a, b) +-#undef elfhdr +-#define elfhdr elf64hdr +-#include "elfclass.h" +- default: +- if (file_printf(ms, ", unknown class %d", clazz) == -1) +- return -1; +- break; +- } +- return 0; +-} +-#endif --- php5-5.3.10.orig/debian/patches/CVE-2014-0237.patch +++ php5-5.3.10/debian/patches/CVE-2014-0237.patch @@ -0,0 +1,50 @@ +Backport of: + +From 68ce2d0ea6da79b12a365e375e1c2ce882c77480 Mon Sep 17 00:00:00 2001 +From: Stanislav Malyshev +Date: Mon, 26 May 2014 17:50:14 -0700 +Subject: [PATCH] Fix bug #67328 (fileinfo: numerous file_printf calls + resulting in performance degradation) + +Upstream patch: https://github.com/file/file/commit/b8acc83781d5a24cc5101e525d15efe0482c280d +--- + ext/fileinfo/libmagic/cdf.c | 16 ++++------------ + 1 file changed, 4 insertions(+), 12 deletions(-) + +Index: php5-5.3.10/ext/fileinfo/libmagic/cdf.c +=================================================================== +--- php5-5.3.10.orig/ext/fileinfo/libmagic/cdf.c 2014-06-19 13:35:13.041422390 -0400 ++++ php5-5.3.10/ext/fileinfo/libmagic/cdf.c 2014-06-19 13:36:29.065424426 -0400 +@@ -854,7 +854,7 @@ + cdf_unpack_summary_info(const cdf_stream_t *sst, cdf_summary_info_header_t *ssi, + cdf_property_info_t **info, size_t *count) + { +- size_t i, maxcount; ++ size_t maxcount; + const cdf_summary_info_header_t *si = sst->sst_tab; + const cdf_section_declaration_t *sd = (const void *) + ((const char *)sst->sst_tab + CDF_SECTION_DECLARATION_OFFSET); +@@ -867,20 +867,13 @@ + ssi->si_os = CDF_TOLE2(si->si_os); + ssi->si_class = si->si_class; + cdf_swap_class(&ssi->si_class); +- ssi->si_count = CDF_TOLE2(si->si_count); ++ ssi->si_count = CDF_TOLE4(si->si_count); + *count = 0; + maxcount = 0; + *info = NULL; +- for (i = 0; i < CDF_TOLE4(si->si_count); i++) { +- if (i >= CDF_LOOP_LIMIT) { +- DPRINTF(("Unpack summary info loop limit")); +- errno = EFTYPE; ++ if (cdf_read_property_info(sst, CDF_TOLE4(sd->sd_offset), info, ++ count, &maxcount) == -1) + return -1; +- } +- if (cdf_read_property_info(sst, CDF_TOLE4(sd->sd_offset), +- info, count, &maxcount) == -1) +- return -1; +- } + return 0; + } + --- php5-5.3.10.orig/debian/patches/115-autoconf_ftbfs.patch +++ php5-5.3.10/debian/patches/115-autoconf_ftbfs.patch @@ -0,0 +1,76 @@ +--- a/configure.in ++++ b/configure.in +@@ -1,7 +1,7 @@ + ## $Id: configure.in 322014 2012-01-10 11:21:57Z johannes $ -*- autoconf -*- + dnl ## Process this file with autoconf to produce a configure script. + +-divert(1) ++dnl divert(1) + + dnl ## Diversion 1 is the autoconf + automake setup phase. We also + dnl ## set the PHP version, deal with platform-specific compile +@@ -290,7 +290,7 @@ sinclude(TSRM/threads.m4) + sinclude(TSRM/tsrm.m4) + + +-divert(2) ++dnl divert(2) + + dnl ## Diversion 2 is where we set PHP-specific options and come up + dnl ## with reasonable default values for them. We check for pthreads here +@@ -329,7 +329,7 @@ if test "$enable_maintainer_zts" = "yes" + PTHREADS_FLAGS + fi + +-divert(3) ++dnl divert(3) + + dnl ## In diversion 3 we check for compile-time options to the PHP + dnl ## core and how to deal with different system dependencies. +@@ -683,7 +683,7 @@ if test "x$php_crypt_r" = "x1"; then + PHP_CRYPT_R_STYLE + fi + +-divert(4) ++dnl divert(4) + + dnl ## In diversion 4 we check user-configurable general settings. + +@@ -924,7 +924,7 @@ else + AC_MSG_RESULT([using system default]) + fi + +-divert(5) ++dnl divert(5) + + dnl ## In diversion 5 we check which extensions should be compiled. + dnl ## All of these are normally in the extension directories. +--- a/ext/standard/config.m4 ++++ b/ext/standard/config.m4 +@@ -1,6 +1,6 @@ + dnl $Id: config.m4 300511 2010-06-17 10:22:03Z pajoye $ -*- autoconf -*- + +-divert(3)dnl ++dnl divert(3)dnl + + dnl + dnl Check if flush should be called explicitly after buffered io +@@ -342,7 +342,7 @@ dnl + AC_CHECK_FUNCS(getcwd getwd asinh acosh atanh log1p hypot glob strfmon nice fpclass isinf isnan mempcpy strpncpy) + AC_FUNC_FNMATCH + +-divert(5)dnl ++dnl divert(5)dnl + + dnl + dnl Check if there is a support means of creating a new process +--- a/scripts/phpize.m4 ++++ b/scripts/phpize.m4 +@@ -1,6 +1,6 @@ + dnl This file becomes configure.in for self-contained extensions. + +-divert(1) ++dnl divert(1) + + AC_PREREQ(2.13) + AC_INIT(config.m4) --- php5-5.3.10.orig/debian/patches/CVE-2015-2783-memleak.patch +++ php5-5.3.10/debian/patches/CVE-2015-2783-memleak.patch @@ -0,0 +1,21 @@ +From cee97220285fd7b955a58617b3e0300ec104ed87 Mon Sep 17 00:00:00 2001 +From: Dmitry Stogov +Date: Tue, 14 Apr 2015 15:47:26 +0300 +Subject: [PATCH] Fixed recently introduced memory leak + +--- + ext/phar/phar.c | 1 + + 1 file changed, 1 insertion(+) + +Index: php5-5.3.10/ext/phar/phar.c +=================================================================== +--- php5-5.3.10.orig/ext/phar/phar.c 2015-06-26 13:24:33.544687742 -0400 ++++ php5-5.3.10/ext/phar/phar.c 2015-06-26 13:24:33.540687697 -0400 +@@ -1113,6 +1113,7 @@ + entry.metadata_len = 0; + } + if (len > endbuffer - buffer) { ++ pefree(entry.filename, entry.is_persistent); + MAPPHAR_FAIL("internal corruption of phar \"%s\" (truncated manifest entry)"); + } + if (phar_parse_metadata(&buffer, &entry.metadata, len TSRMLS_CC) == FAILURE) { --- php5-5.3.10.orig/debian/patches/006-debian_quirks.patch +++ php5-5.3.10/debian/patches/006-debian_quirks.patch @@ -0,0 +1,223 @@ +Description: Changes to make php use versioned paths and other minor + cleanup changes. +Origin: vendor +Forwarded: not-needed +Last-Update: 2010-01-18 + +--- a/configure.in ++++ b/configure.in +@@ -1013,7 +1013,7 @@ if test "$PHP_CLI" = "no"; then + fi + + PHP_ARG_WITH(pear, [whether to install PEAR], +-[ --with-pear=DIR Install PEAR in DIR [PREFIX/lib/php] ++[ --with-pear=DIR Install PEAR in DIR [PREFIX/lib/php5] + --without-pear Do not install PEAR], DEFAULT, yes) + + if test "$PHP_PEAR" != "no"; then +@@ -1043,7 +1043,7 @@ dnl + if test "$PHP_PEAR" = "DEFAULT" || test "$PHP_PEAR" = "yes"; then + case $PHP_LAYOUT in + GNU) PEAR_INSTALLDIR=$datadir/pear;; +- *) PEAR_INSTALLDIR=$libdir/php;; ++ *) PEAR_INSTALLDIR=$libdir/php5;; + esac + fi + +@@ -1098,12 +1098,12 @@ test "$program_suffix" = "NONE" && progr + + case $libdir in + '${exec_prefix}/lib') +- libdir=$libdir/php ++ libdir=$libdir/php5 + ;; + esac + case $datadir in + '${prefix}/share') +- datadir=$datadir/php ++ datadir=$datadir/php5 + ;; + esac + +@@ -1170,7 +1170,7 @@ EXPANDED_SYSCONFDIR=`eval echo $sysconfd + EXPANDED_DATADIR=$datadir + EXPANDED_PHP_CONFIG_FILE_PATH=`eval echo "$PHP_CONFIG_FILE_PATH"` + EXPANDED_PHP_CONFIG_FILE_SCAN_DIR=`eval echo "$PHP_CONFIG_FILE_SCAN_DIR"` +-INCLUDE_PATH=.:$EXPANDED_PEAR_INSTALLDIR ++INCLUDE_PATH=.:$EXPANDED_PEAR_INSTALLDIR:/usr/share/pear + + exec_prefix=$old_exec_prefix + libdir=$old_libdir +--- a/ext/ext_skel ++++ b/ext/ext_skel +@@ -70,7 +70,7 @@ if test -d "$extname" ; then + fi + + if test -z "$skel_dir"; then +- skel_dir="skeleton" ++ skel_dir="/usr/lib/php5/skeleton" + fi + + ## convert skel_dir to full path +--- a/php.ini-development ++++ b/php.ini-development +@@ -793,7 +793,7 @@ default_mimetype = "text/html" + ;;;;;;;;;;;;;;;;;;;;;;;;; + + ; UNIX: "/path1:/path2" +-;include_path = ".:/php/includes" ++;include_path = ".:/usr/share/php" + ; + ; Windows: "\path1;\path2" + ;include_path = ".;c:\php\includes" +--- a/php.ini-production ++++ b/php.ini-production +@@ -793,7 +793,7 @@ default_mimetype = "text/html" + ;;;;;;;;;;;;;;;;;;;;;;;;; + + ; UNIX: "/path1:/path2" +-;include_path = ".:/php/includes" ++;include_path = ".:/usr/share/php" + ; + ; Windows: "\path1;\path2" + ;include_path = ".;c:\php\includes" +@@ -949,54 +949,6 @@ default_socket_timeout = 60 + ; + ; If you only provide the name of the extension, PHP will look for it in its + ; default extension directory. +-; +-; Windows Extensions +-; Note that ODBC support is built in, so no dll is needed for it. +-; Note that many DLL files are located in the extensions/ (PHP 4) ext/ (PHP 5) +-; extension folders as well as the separate PECL DLL download (PHP 5). +-; Be sure to appropriately set the extension_dir directive. +-; +-;extension=php_bz2.dll +-;extension=php_curl.dll +-;extension=php_fileinfo.dll +-;extension=php_gd2.dll +-;extension=php_gettext.dll +-;extension=php_gmp.dll +-;extension=php_intl.dll +-;extension=php_imap.dll +-;extension=php_interbase.dll +-;extension=php_ldap.dll +-;extension=php_mbstring.dll +-;extension=php_exif.dll ; Must be after mbstring as it depends on it +-;extension=php_mysql.dll +-;extension=php_mysqli.dll +-;extension=php_oci8.dll ; Use with Oracle 10gR2 Instant Client +-;extension=php_oci8_11g.dll ; Use with Oracle 11gR2 Instant Client +-;extension=php_openssl.dll +-;extension=php_pdo_firebird.dll +-;extension=php_pdo_mssql.dll +-;extension=php_pdo_mysql.dll +-;extension=php_pdo_oci.dll +-;extension=php_pdo_odbc.dll +-;extension=php_pdo_pgsql.dll +-;extension=php_pdo_sqlite.dll +-;extension=php_pgsql.dll +-;extension=php_pspell.dll +-;extension=php_shmop.dll +- +-; The MIBS data available in the PHP distribution must be installed. +-; See http://www.php.net/manual/en/snmp.installation.php +-;extension=php_snmp.dll +- +-;extension=php_soap.dll +-;extension=php_sockets.dll +-;extension=php_sqlite.dll +-;extension=php_sqlite3.dll +-;extension=php_sybase_ct.dll +-;extension=php_tidy.dll +-;extension=php_xmlrpc.dll +-;extension=php_xsl.dll +-;extension=php_zip.dll + + ;;;;;;;;;;;;;;;;;;; + ; Module Settings ; +--- a/sapi/caudium/config.m4 ++++ b/sapi/caudium/config.m4 +@@ -26,8 +26,8 @@ if test "$PHP_CAUDIUM" != "no"; then + AC_MSG_ERROR([Could not find a pike in $PHP_CAUDIUM/bin/]) + fi + if $PIKE -e 'float v; int rel;sscanf(version(), "Pike v%f release %d", v, rel);v += rel/10000.0; if(v < 7.0268) exit(1); exit(0);'; then +- PIKE_MODULE_DIR=`$PIKE --show-paths 2>&1| grep '^Module' | sed -e 's/.*: //'` +- PIKE_INCLUDE_DIR=`echo $PIKE_MODULE_DIR | sed -e 's,lib/pike/modules,include/pike,' -e 's,lib/modules,include/pike,' ` ++ PIKE_MODULE_DIR=`$PIKE --show-paths 2>&1| grep '^Master file' | sed -e 's/.*: //' -e 's/master.pike/modules/'` ++ PIKE_INCLUDE_DIR=`echo $PIKE_MODULE_DIR | sed -e 's,lib/modules,,' -e 's,modules,include,' ` + if test -z "$PIKE_INCLUDE_DIR" || test -z "$PIKE_MODULE_DIR"; then + AC_MSG_ERROR(Failed to figure out Pike module and include directories) + fi +@@ -84,7 +84,9 @@ if test "$PHP_CAUDIUM" != "no"; then + PIKE_VERSION=`$PIKE -e 'string v; int rel;sscanf(version(), "Pike v%s release %d", v, rel); write(v+"."+rel);'` + AC_DEFINE(HAVE_CAUDIUM,1,[Whether to compile with Caudium support]) + PHP_SELECT_SAPI(caudium, shared, caudium.c) +- INSTALL_IT="\$(INSTALL) -m 0755 $SAPI_SHARED $PHP_CAUDIUM/lib/$PIKE_VERSION/PHP5.so" ++ dnl FIXME: This is the ugliest hack in the world! ++ dnl INSTALL_IT="\$(mkinstalldirs) \$(INSTALL_ROOT)$PHP_CAUDIUM/lib/$PIKE_VERSION/ && \$(INSTALL) -m 0755 $SAPI_SHARED \$(INSTALL_ROOT)$PHP_CAUDIUM/lib/$PIKE_VERSION/php5.so" ++ INSTALL_IT="\$(mkinstalldirs) \$(INSTALL_ROOT)$PHP_CAUDIUM/lib/$PIKE_VERSION/ && \$(INSTALL) -m 0755 .$SAPI_SHARED \$(INSTALL_ROOT)$PHP_CAUDIUM/lib/$PIKE_VERSION/PHP5.so" + RESULT=" *** Pike binary used: $PIKE + *** Pike include dir(s) used: $PIKE_INCLUDE_DIR + *** Pike version: $PIKE_VERSION" +--- a/sapi/cli/php.1.in ++++ b/sapi/cli/php.1.in +@@ -336,13 +336,14 @@ Shows configuration for extension + Show configuration file names + .SH FILES + .TP 15 +-.B php\-cli.ini ++.B /etc/php5/cli/php.ini + The configuration file for the CLI version of PHP. + .TP +-.B php.ini +-The standard configuration file will only be used when +-.B php\-cli.ini +-cannot be found. ++.B /etc/php5/cgi/php.ini ++The configuration file for the CGI version of PHP. ++.TP ++.B /etc/php5/apache2/php.ini ++The configuration file for the version of PHP that apache2 uses. + .SH EXAMPLES + .TP 5 + \fIphp \-r 'echo "Hello World\\n";'\fP +--- a/scripts/Makefile.frag ++++ b/scripts/Makefile.frag +@@ -3,8 +3,8 @@ + # Build environment install + # + +-phpincludedir = $(includedir)/php +-phpbuilddir = $(libdir)/build ++phpincludedir = $(includedir)/php5 ++phpbuilddir = $(prefix)/lib/php5/build + + BUILD_FILES = \ + scripts/phpize.m4 \ +--- a/scripts/php-config.in ++++ b/scripts/php-config.in +@@ -5,8 +5,8 @@ prefix="@prefix@" + exec_prefix="@exec_prefix@" + version="@PHP_VERSION@" + vernum="@PHP_VERSION_ID@" +-include_dir="@includedir@/php" +-includes="-I$include_dir -I$include_dir/main -I$include_dir/TSRM -I$include_dir/Zend -I$include_dir/ext -I$include_dir/ext/date/lib" ++include_dir="@includedir@/php5" ++includes="-I$include_dir -I$include_dir/main -I$include_dir/TSRM -I$include_dir/Zend -I$include_dir/ext -I$include_dir/ext/date/lib $(getconf LFS_CFLAGS)" + ldflags="@PHP_LDFLAGS@" + libs="@EXTRA_LIBS@" + extension_dir='@EXTENSION_DIR@' +--- a/scripts/phpize.in ++++ b/scripts/phpize.in +@@ -3,8 +3,8 @@ + # Variable declaration + prefix='@prefix@' + exec_prefix="`eval echo @exec_prefix@`" +-phpdir="`eval echo @libdir@`/build" +-includedir="`eval echo @includedir@`/php" ++phpdir="$prefix/lib/php5/build" ++includedir="$prefix/include/php5" + builddir="`pwd`" + SED="@SED@" + --- php5-5.3.10.orig/debian/patches/CVE-2014-4049.patch +++ php5-5.3.10/debian/patches/CVE-2014-4049.patch @@ -0,0 +1,27 @@ +From 4f73394fdd95d3165b4391e1b0dedd57fced8c3b Mon Sep 17 00:00:00 2001 +From: Sara Golemon +Date: Tue, 10 Jun 2014 11:18:02 -0700 +Subject: [PATCH] Fix potential segfault in dns_get_record() + +If the remote sends us a packet with a malformed TXT record, +we could end up trying to over-consume the packet and wander +off into overruns. +--- + ext/standard/dns.c | 4 ++++ + 1 file changed, 4 insertions(+) + +Index: php5-5.3.10/ext/standard/dns.c +=================================================================== +--- php5-5.3.10.orig/ext/standard/dns.c 2014-06-19 13:42:51.333434663 -0400 ++++ php5-5.3.10/ext/standard/dns.c 2014-06-19 13:42:51.289434662 -0400 +@@ -507,6 +507,10 @@ + + while (ll < dlen) { + n = cp[ll]; ++ if ((ll + n) >= dlen) { ++ // Invalid chunk length, truncate ++ n = dlen - (ll + 1); ++ } + memcpy(tp + ll , cp + ll + 1, n); + add_next_index_stringl(entries, cp + ll + 1, n, 1); + ll = ll + n + 1; --- php5-5.3.10.orig/debian/patches/CVE-2014-0238.patch +++ php5-5.3.10/debian/patches/CVE-2014-0238.patch @@ -0,0 +1,38 @@ +Backport of: + +From 22736b7c56d678f142d5dd21f4996e5819507a2b Mon Sep 17 00:00:00 2001 +From: Stanislav Malyshev +Date: Mon, 26 May 2014 17:42:18 -0700 +Subject: [PATCH] Fix bug #67327: fileinfo: CDF infinite loop in nelements DoS + +Upstream fix: https://github.com/file/file/commit/f97486ef5dc3e8735440edc4fc8808c63e1a3ef0 +--- + ext/fileinfo/libmagic/cdf.c | 8 +++++++- + 1 file changed, 7 insertions(+), 1 deletion(-) + +Index: php5-5.3.10/ext/fileinfo/libmagic/cdf.c +=================================================================== +--- php5-5.3.10.orig/ext/fileinfo/libmagic/cdf.c 2014-06-19 13:37:28.761426025 -0400 ++++ php5-5.3.10/ext/fileinfo/libmagic/cdf.c 2014-06-19 13:38:40.381427943 -0400 +@@ -760,6 +760,10 @@ + inp[i].pi_type, (const char *)q - (const char *)p)); + if (inp[i].pi_type & CDF_VECTOR) { + nelements = CDF_TOLE4(q[1]); ++ if (nelements == 0) { ++ DPRINTF(("CDF_VECTOR with nelements == 0\n")); ++ goto out; ++ } + o = 2; + } else { + nelements = 1; +@@ -815,7 +819,9 @@ + inp = *info + nelem; + } + DPRINTF(("nelements = %d\n", nelements)); +- for (j = 0; j < nelements; j++, i++) { ++ for (j = 0; j < nelements && i < sh.sh_properties; ++ j++, i++) ++ { + uint32_t l = CDF_TOLE4(q[o]); + inp[i].pi_str.s_len = l; + inp[i].pi_str.s_buf = (const char *)(&q[o+1]); --- php5-5.3.10.orig/debian/patches/CVE-2016-6288.patch +++ php5-5.3.10/debian/patches/CVE-2016-6288.patch @@ -0,0 +1,22 @@ +From 629e4da7cc8b174acdeab84969cbfc606a019b31 Mon Sep 17 00:00:00 2001 +From: Stanislav Malyshev +Date: Mon, 28 Sep 2015 11:31:14 -0700 +Subject: [PATCH] Fix bug #70480 (php_url_parse_ex() buffer overflow read) + +--- + ext/standard/url.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +Index: php5-5.3.10/ext/standard/url.c +=================================================================== +--- php5-5.3.10.orig/ext/standard/url.c 2016-07-28 15:26:25.404829196 -0400 ++++ php5-5.3.10/ext/standard/url.c 2016-07-28 15:26:25.400829143 -0400 +@@ -317,7 +317,7 @@ + nohost: + + if ((p = memchr(s, '?', (ue - s)))) { +- pp = strchr(s, '#'); ++ pp = memchr(s, '#', (ue - s)); + + if (pp && pp < p) { + if (pp - s) { --- php5-5.3.10.orig/debian/patches/CVE-2014-4721.patch +++ php5-5.3.10/debian/patches/CVE-2014-4721.patch @@ -0,0 +1,58 @@ +From fb0128af2a95ec0d1a0360be49776c5b056d1f33 Mon Sep 17 00:00:00 2001 +From: Stanislav Malyshev +Date: Mon, 23 Jun 2014 00:19:37 -0700 +Subject: [PATCH] Fix bug #67498 - phpinfo() Type Confusion Information Leak + Vulnerability + +--- + NEWS | 2 ++ + ext/standard/info.c | 8 ++++---- + ext/standard/tests/general_functions/bug67498.phpt | 15 +++++++++++++++ + 3 files changed, 21 insertions(+), 4 deletions(-) + create mode 100644 ext/standard/tests/general_functions/bug67498.phpt + +Index: php5-5.3.10/ext/standard/info.c +=================================================================== +--- php5-5.3.10.orig/ext/standard/info.c 2014-07-07 08:39:01.334627610 -0400 ++++ php5-5.3.10/ext/standard/info.c 2014-07-07 08:39:01.334627610 -0400 +@@ -972,16 +972,16 @@ + + php_info_print_table_start(); + php_info_print_table_header(2, "Variable", "Value"); +- if (zend_hash_find(&EG(symbol_table), "PHP_SELF", sizeof("PHP_SELF"), (void **) &data) != FAILURE) { ++ if (zend_hash_find(&EG(symbol_table), "PHP_SELF", sizeof("PHP_SELF"), (void **) &data) != FAILURE && Z_TYPE_PP(data) == IS_STRING) { + php_info_print_table_row(2, "PHP_SELF", Z_STRVAL_PP(data)); + } +- if (zend_hash_find(&EG(symbol_table), "PHP_AUTH_TYPE", sizeof("PHP_AUTH_TYPE"), (void **) &data) != FAILURE) { ++ if (zend_hash_find(&EG(symbol_table), "PHP_AUTH_TYPE", sizeof("PHP_AUTH_TYPE"), (void **) &data) != FAILURE && Z_TYPE_PP(data) == IS_STRING) { + php_info_print_table_row(2, "PHP_AUTH_TYPE", Z_STRVAL_PP(data)); + } +- if (zend_hash_find(&EG(symbol_table), "PHP_AUTH_USER", sizeof("PHP_AUTH_USER"), (void **) &data) != FAILURE) { ++ if (zend_hash_find(&EG(symbol_table), "PHP_AUTH_USER", sizeof("PHP_AUTH_USER"), (void **) &data) != FAILURE && Z_TYPE_PP(data) == IS_STRING) { + php_info_print_table_row(2, "PHP_AUTH_USER", Z_STRVAL_PP(data)); + } +- if (zend_hash_find(&EG(symbol_table), "PHP_AUTH_PW", sizeof("PHP_AUTH_PW"), (void **) &data) != FAILURE) { ++ if (zend_hash_find(&EG(symbol_table), "PHP_AUTH_PW", sizeof("PHP_AUTH_PW"), (void **) &data) != FAILURE && Z_TYPE_PP(data) == IS_STRING) { + php_info_print_table_row(2, "PHP_AUTH_PW", Z_STRVAL_PP(data)); + } + php_print_gpcse_array("_REQUEST", sizeof("_REQUEST")-1 TSRMLS_CC); +Index: php5-5.3.10/ext/standard/tests/general_functions/bug67498.phpt +=================================================================== +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ php5-5.3.10/ext/standard/tests/general_functions/bug67498.phpt 2014-07-07 08:39:01.334627610 -0400 +@@ -0,0 +1,15 @@ ++--TEST-- ++phpinfo() Type Confusion Information Leak Vulnerability ++--FILE-- ++ ++==DONE== ++--EXPECTF-- ++phpinfo() ++ ++PHP Variables ++%A ++==DONE== --- php5-5.3.10.orig/debian/patches/CVE-2011-4566.patch +++ php5-5.3.10/debian/patches/CVE-2011-4566.patch @@ -0,0 +1,23 @@ +Description: fix denial of service and possible information disclosure + via exif integer overflow +Origin: upstream, http://svn.php.net/viewvc?view=revision&revision=319535 +Bug: https://bugs.php.net/bug.php?id=60150 + +Index: php5-5.3.8.0/ext/exif/exif.c +=================================================================== +--- php5-5.3.8.0.orig/ext/exif/exif.c 2011-12-12 15:13:43.006064337 -0500 ++++ php5-5.3.8.0/ext/exif/exif.c 2011-12-12 15:13:58.910064186 -0500 +@@ -2874,11 +2874,11 @@ + offset_val = php_ifd_get32u(dir_entry+8, ImageInfo->motorola_intel); + /* If its bigger than 4 bytes, the dir entry contains an offset. */ + value_ptr = offset_base+offset_val; +- if (offset_val+byte_count > IFDlength || value_ptr < dir_entry) { ++ if (byte_count > IFDlength || offset_val > IFDlength-byte_count || value_ptr < dir_entry) { + /* It is important to check for IMAGE_FILETYPE_TIFF + * JPEG does not use absolute pointers instead its pointers are + * relative to the start of the TIFF header in APP1 section. */ +- if (offset_val+byte_count>ImageInfo->FileSize || (ImageInfo->FileType!=IMAGE_FILETYPE_TIFF_II && ImageInfo->FileType!=IMAGE_FILETYPE_TIFF_MM && ImageInfo->FileType!=IMAGE_FILETYPE_JPEG)) { ++ if (byte_count > ImageInfo->FileSize || offset_val>ImageInfo->FileSize-byte_count || (ImageInfo->FileType!=IMAGE_FILETYPE_TIFF_II && ImageInfo->FileType!=IMAGE_FILETYPE_TIFF_MM && ImageInfo->FileType!=IMAGE_FILETYPE_JPEG)) { + if (value_ptr < dir_entry) { + /* we can read this if offset_val > 0 */ + /* some files have their values in other parts of the file */ --- php5-5.3.10.orig/debian/patches/php-fpm_libc-2.15.so_segfault-fix.patch +++ php5-5.3.10/debian/patches/php-fpm_libc-2.15.so_segfault-fix.patch @@ -0,0 +1,103 @@ +Description: Fixes LaunchPad Bug 1006738, regarding segfault in libc-2.15.so +Origin: upstream, http://git.php.net/?p=php-src.git;a=patch;h=4fc989fbbd0405d200872219b409f685a495f3aa;hp=487e2fc0d50aca979864b59ff01450cf5e381874 +Bug: https://bugs.php.net/bug.php?id=62205 +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1006738 + +--- a/sapi/fpm/fpm/fpm_php.c ++++ b/sapi/fpm/fpm/fpm_php.c +@@ -257,3 +257,41 @@ + return 1; /* extension not found: not allowed */ + } + /* }}} */ ++ ++char* fpm_php_get_string_from_table(char *table, char *key TSRMLS_DC) /* {{{ */ ++{ ++ zval **data, **tmp; ++ char *string_key; ++ uint string_len; ++ ulong num_key; ++ if (!table || !key) { ++ return NULL; ++ } ++ ++ /* inspired from ext/standard/info.c */ ++ ++ zend_is_auto_global(table, strlen(table) TSRMLS_CC); ++ ++ /* find the table and ensure it's an array */ ++ if (zend_hash_find(&EG(symbol_table), table, strlen(table) + 1, (void **) &data) == SUCCESS && Z_TYPE_PP(data) == IS_ARRAY) { ++ ++ /* reset the internal pointer */ ++ zend_hash_internal_pointer_reset(Z_ARRVAL_PP(data)); ++ ++ /* parse the array to look for our key */ ++ while (zend_hash_get_current_data(Z_ARRVAL_PP(data), (void **) &tmp) == SUCCESS) { ++ /* ensure the key is a string */ ++ if (zend_hash_get_current_key_ex(Z_ARRVAL_PP(data), &string_key, &string_len, &num_key, 0, NULL) == HASH_KEY_IS_STRING) { ++ /* compare to our key */ ++ if (!strncmp(string_key, key, string_len)) { ++ return Z_STRVAL_PP(tmp); ++ } ++ } ++ zend_hash_move_forward(Z_ARRVAL_PP(data)); ++ } ++ } ++ ++ return NULL; ++} ++/* }}} */ ++ +--- a/sapi/fpm/fpm/fpm_php.h ++++ b/sapi/fpm/fpm/fpm_php.h +@@ -44,6 +44,7 @@ + int fpm_php_init_main(); + int fpm_php_apply_defines_ex(struct key_value_s *kv, int mode); + int fpm_php_limit_extensions(char *path); ++char* fpm_php_get_string_from_table(char *table, char *key TSRMLS_DC); + + #endif + +--- a/sapi/fpm/fpm/fpm_status.c ++++ b/sapi/fpm/fpm/fpm_status.c +@@ -14,6 +14,7 @@ + #include "zlog.h" + #include "fpm_atomic.h" + #include "fpm_conf.h" ++#include "fpm_php.h" + #include + + static char *fpm_status_uri = NULL; +@@ -125,13 +126,13 @@ + } + + /* full status ? */ +- full = SG(request_info).request_uri && strstr(SG(request_info).query_string, "full"); ++ full = (fpm_php_get_string_from_table("_GET", "full" TSRMLS_CC) != NULL); + short_syntax = short_post = NULL; + full_separator = full_pre = full_syntax = full_post = NULL; + encode = 0; + + /* HTML */ +- if (SG(request_info).query_string && strstr(SG(request_info).query_string, "html")) { ++ if (fpm_php_get_string_from_table("_GET", "html" TSRMLS_CC)) { + sapi_add_header_ex(ZEND_STRL("Content-Type: text/html"), 1, 1 TSRMLS_CC); + time_format = "%d/%b/%Y:%H:%M:%S %z"; + encode = 1; +@@ -205,7 +206,7 @@ + } + + /* XML */ +- } else if (SG(request_info).request_uri && strstr(SG(request_info).query_string, "xml")) { ++ } else if (fpm_php_get_string_from_table("_GET", "xml" TSRMLS_CC)) { + sapi_add_header_ex(ZEND_STRL("Content-Type: text/xml"), 1, 1 TSRMLS_CC); + time_format = "%s"; + encode = 1; +@@ -256,7 +257,7 @@ + } + + /* JSON */ +- } else if (SG(request_info).request_uri && strstr(SG(request_info).query_string, "json")) { ++ } else if (fpm_php_get_string_from_table("_GET", "json" TSRMLS_CC)) { + sapi_add_header_ex(ZEND_STRL("Content-Type: application/json"), 1, 1 TSRMLS_CC); + time_format = "%s"; + --- php5-5.3.10.orig/debian/patches/047-zts_with_dl.patch +++ php5-5.3.10/debian/patches/047-zts_with_dl.patch @@ -0,0 +1,15 @@ +--- a/ext/standard/dl.c ++++ b/ext/standard/dl.c +@@ -77,12 +77,7 @@ PHPAPI PHP_FUNCTION(dl) + (strcmp(sapi_module.name, "cli") != 0) && + (strncmp(sapi_module.name, "embed", 5) != 0) + ) { +-#ifdef ZTS +- php_error_docref(NULL TSRMLS_CC, E_WARNING, "Not supported in multithreaded Web servers - use extension=%s in your php.ini", filename); +- RETURN_FALSE; +-#else + php_error_docref(NULL TSRMLS_CC, E_DEPRECATED, "dl() is deprecated - use extension=%s in your php.ini", filename); +-#endif + } + + php_dl(filename, MODULE_TEMPORARY, return_value, 0 TSRMLS_CC); --- php5-5.3.10.orig/debian/patches/CVE-2015-4598.patch +++ php5-5.3.10/debian/patches/CVE-2015-4598.patch @@ -0,0 +1,81 @@ +Description: fix more missing file path null byte checks +Origin: backport, http://git.php.net/?p=php-src.git;a=commit;h=f7d7befae8bcc2db0093f8adaa9f72eeb7ad891e +Bug: https://bugs.php.net/bug.php?id=69719 + +Index: php5-5.3.10/ext/dom/document.c +=================================================================== +--- php5-5.3.10.orig/ext/dom/document.c 2015-07-02 09:10:00.448550930 -0400 ++++ php5-5.3.10/ext/dom/document.c 2015-07-02 09:10:00.444550887 -0400 +@@ -1762,6 +1762,11 @@ + RETURN_FALSE; + } + ++ /* No nulls allowed in paths */ ++ if (strlen(file) != file_len) { ++ RETURN_FALSE; ++ } ++ + DOM_GET_OBJ(docp, id, xmlDocPtr, intern); + + /* encoding handled by property on doc */ +@@ -1995,6 +2000,10 @@ + + switch (type) { + case DOM_LOAD_FILE: ++ if (CHECK_NULL_PATH(source, source_len)) { ++ php_error_docref(NULL TSRMLS_CC, E_WARNING, "Invalid Schema file source"); ++ RETURN_FALSE; ++ } + valid_file = _dom_get_valid_file_path(source, resolved_path, MAXPATHLEN TSRMLS_CC); + if (!valid_file) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Invalid Schema file source"); +@@ -2084,6 +2093,10 @@ + + switch (type) { + case DOM_LOAD_FILE: ++ if (CHECK_NULL_PATH(source, source_len)) { ++ php_error_docref(NULL TSRMLS_CC, E_WARNING, "Invalid RelaxNG file source"); ++ RETURN_FALSE; ++ } + valid_file = _dom_get_valid_file_path(source, resolved_path, MAXPATHLEN TSRMLS_CC); + if (!valid_file) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Invalid RelaxNG file source"); +@@ -2173,6 +2186,10 @@ + } + + if (mode == DOM_LOAD_FILE) { ++ if (CHECK_NULL_PATH(source, source_len)) { ++ php_error_docref(NULL TSRMLS_CC, E_WARNING, "Invalid file source"); ++ RETURN_FALSE; ++ } + ctxt = htmlCreateFileParserCtxt(source, NULL); + } else { + source_len = xmlStrlen(source); +@@ -2266,6 +2283,11 @@ + RETURN_FALSE; + } + ++ /* No nulls allowed in paths */ ++ if (strlen(file) != file_len) { ++ RETURN_FALSE; ++ } ++ + DOM_GET_OBJ(docp, id, xmlDocPtr, intern); + + +Index: php5-5.3.10/ext/gd/gd.c +=================================================================== +--- php5-5.3.10.orig/ext/gd/gd.c 2015-07-02 09:10:00.448550930 -0400 ++++ php5-5.3.10/ext/gd/gd.c 2015-07-02 09:10:00.448550930 -0400 +@@ -4040,6 +4040,11 @@ + return; + } + ++ /* No nulls allowed in paths */ ++ if (strlen(file) != file_len) { ++ RETURN_FALSE; ++ } ++ + #ifdef PHP_WIN32 + if (VCWD_STAT(file, &st) < 0) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Font file not found (%s)", file); --- php5-5.3.10.orig/debian/patches/043-recode_size_t.patch +++ php5-5.3.10/debian/patches/043-recode_size_t.patch @@ -0,0 +1,17 @@ +Description: Check for possible overflows in recode_string() +Origin: vendor +Bug-Debian: http://bugs.debian.org/294986, http://bugs.debian.org/459020 +Forwarded: no +Last-Update: 2010-01-18 + +--- a/ext/recode/recode.c ++++ b/ext/recode/recode.c +@@ -149,7 +149,7 @@ PHP_FUNCTION(recode_string) + int req_len, str_len; + char *req, *str; + +- if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "ss", &req, &req_len, &str, &str_len) == FAILURE) { ++ if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "ss", &req, &req_len, &str, &str_len) == FAILURE || str_len < 0) { + return; + } + --- php5-5.3.10.orig/debian/patches/gd-multiarch-fix.patch +++ php5-5.3.10/debian/patches/gd-multiarch-fix.patch @@ -0,0 +1,13 @@ +Index: php5-5.3.10-1ubuntu1/ext/gd/config.m4 +=================================================================== +--- php5-5.3.10-1ubuntu1.orig/ext/gd/config.m4 2012-02-16 03:01:13.887010481 -0800 ++++ php5-5.3.10-1ubuntu1/ext/gd/config.m4 2012-02-16 03:03:29.579064886 -0800 +@@ -357,7 +357,7 @@ + done + + dnl Library path +- for i in $PHP_LIBDIR/gd1.3 $PHP_LIBDIR/gd $PHP_LIBDIR gd1.3 gd ""; do ++ for i in $PHP_LIBDIR/$DEB_HOST_MULTIARCH $PHP_LIBDIR/gd1.3 $PHP_LIBDIR/gd $PHP_LIBDIR gd1.3 gd ""; do + test -f "$PHP_GD/$i/libgd.$SHLIB_SUFFIX_NAME" || test -f "$PHP_GD/$i/libgd.a" && GD_LIB="$PHP_GD/$i" + done + --- php5-5.3.10.orig/debian/patches/CVE-2012-3450.patch +++ php5-5.3.10/debian/patches/CVE-2012-3450.patch @@ -0,0 +1,498 @@ +Description: fix denial of service via PDO extension crafted parameter +Origin: upstream, http://git.php.net/?p=php-src.git;a=commit;h=1b78aef426a8f413ddd70854eb3fd5fbc95ef675 +Origin: upstream, http://git.php.net/?p=php-src.git;a=commit;h=e946eaca0bc747615fabd0fedb8a92ea800ed158 +Origin: upstream, http://git.php.net/?p=php-src.git;a=commit;h=c06ec6bde43a114af3bd84e986827839de1b1e4b +Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683694 +Bug: https://bugs.php.net/bug.php?id=61755 + +Index: php5-5.3.10/ext/pdo_mysql/tests/bug_61755.phpt +=================================================================== +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ php5-5.3.10/ext/pdo_mysql/tests/bug_61755.phpt 2012-09-11 11:27:25.135068527 -0400 +@@ -0,0 +1,41 @@ ++--TEST-- ++Bug #61755 (A parsing bug in the prepared statements can lead to access violations) ++--SKIPIF-- ++ ++--FILE-- ++setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); ++ ++echo "NULL-Byte before first placeholder:\n"; ++$s = $db->prepare("SELECT \"a\0b\", ?"); ++$s->bindValue(1,"c"); ++$s->execute(); ++$r = $s->fetch(); ++echo "Length of item 0: ".strlen($r[0]).", Value of item 1: ".$r[1]."\n"; ++ ++echo "\nOpen comment:\n"; ++try { ++ $s = $db->prepare("SELECT /*"); ++ $s->execute(); ++} catch (Exception $e) { ++ echo "Error code: ".$e->getCode()."\n"; ++} ++ ++echo "\ndone!\n"; ++?> ++--EXPECTF-- ++NULL-Byte before first placeholder: ++Length of item 0: 3, Value of item 1: c ++ ++Open comment: ++Error code: 42000 ++ ++done! +Index: php5-5.3.10/ext/pdo/pdo_sql_parser.c +=================================================================== +--- php5-5.3.10.orig/ext/pdo/pdo_sql_parser.c 2012-09-11 11:24:51.083064583 -0400 ++++ php5-5.3.10/ext/pdo/pdo_sql_parser.c 2012-09-11 11:27:40.555068923 -0400 +@@ -1,4 +1,4 @@ +-/* Generated by re2c 0.13.5 on Sat Jun 4 18:42:25 2011 */ ++/* Generated by re2c 0.13.5 on Tue Sep 11 11:27:40 2012 */ + /* + +----------------------------------------------------------------------+ + | PHP Version 5 | +@@ -33,12 +33,12 @@ + + #define YYCTYPE unsigned char + #define YYCURSOR cursor +-#define YYLIMIT cursor ++#define YYLIMIT s->end + #define YYMARKER s->ptr +-#define YYFILL(n) ++#define YYFILL(n) { RET(PDO_PARSER_EOI); } + + typedef struct Scanner { +- char *ptr, *cur, *tok; ++ char *ptr, *cur, *tok, *end; + } Scanner; + + static int scan(Scanner *s) +@@ -46,7 +46,7 @@ + char *cursor = s->cur; + + s->tok = cursor; +- ++ + + + { +@@ -56,27 +56,33 @@ + if ((YYLIMIT - YYCURSOR) < 2) YYFILL(2); + yych = *YYCURSOR; + switch (yych) { +- case 0x00: goto yy13; +- case '"': goto yy2; +- case '\'': goto yy4; +- case '-': goto yy10; +- case '/': goto yy8; +- case ':': goto yy5; +- case '?': goto yy6; +- default: goto yy11; ++ case 0x00: goto yy2; ++ case '"': goto yy3; ++ case '\'': goto yy5; ++ case '-': goto yy11; ++ case '/': goto yy9; ++ case ':': goto yy6; ++ case '?': goto yy7; ++ default: goto yy12; + } + yy2: ++ YYCURSOR = YYMARKER; ++ switch (yyaccept) { ++ case 0: goto yy4; ++ case 1: goto yy10; ++ } ++yy3: + yyaccept = 0; + yych = *(YYMARKER = ++YYCURSOR); +- if (yych >= 0x01) goto yy43; +-yy3: +- { SKIP_ONE(PDO_PARSER_TEXT); } ++ if (yych >= 0x01) goto yy41; + yy4: ++ { SKIP_ONE(PDO_PARSER_TEXT); } ++yy5: + yyaccept = 0; + yych = *(YYMARKER = ++YYCURSOR); +- if (yych <= 0x00) goto yy3; +- goto yy37; +-yy5: ++ if (yych <= 0x00) goto yy4; ++ goto yy36; ++yy6: + yych = *++YYCURSOR; + switch (yych) { + case '0': +@@ -141,51 +147,48 @@ + case 'w': + case 'x': + case 'y': +- case 'z': goto yy33; ++ case 'z': goto yy32; + case ':': +- case '?': goto yy30; +- default: goto yy3; ++ case '?': goto yy29; ++ default: goto yy4; + } +-yy6: ++yy7: + ++YYCURSOR; + switch ((yych = *YYCURSOR)) { + case ':': +- case '?': goto yy30; +- default: goto yy7; ++ case '?': goto yy29; ++ default: goto yy8; + } +-yy7: +- { RET(PDO_PARSER_BIND_POS); } + yy8: ++ { RET(PDO_PARSER_BIND_POS); } ++yy9: + ++YYCURSOR; + switch ((yych = *YYCURSOR)) { +- case '*': goto yy20; +- default: goto yy12; ++ case '*': goto yy19; ++ default: goto yy13; + } +-yy9: +- { RET(PDO_PARSER_TEXT); } + yy10: ++ { RET(PDO_PARSER_TEXT); } ++yy11: + yych = *++YYCURSOR; + switch (yych) { +- case '-': goto yy15; +- default: goto yy12; ++ case '-': goto yy14; ++ default: goto yy13; + } +-yy11: ++yy12: + ++YYCURSOR; + if (YYLIMIT <= YYCURSOR) YYFILL(1); + yych = *YYCURSOR; +-yy12: ++yy13: + switch (yych) { + case 0x00: + case '"': + case '\'': + case ':': +- case '?': goto yy9; +- default: goto yy11; ++ case '?': goto yy10; ++ default: goto yy12; + } +-yy13: +- ++YYCURSOR; +- { RET(PDO_PARSER_EOI); } +-yy15: ++yy14: + ++YYCURSOR; + if (YYLIMIT <= YYCURSOR) YYFILL(1); + yych = *YYCURSOR; +@@ -194,23 +197,23 @@ + case '"': + case '\'': + case ':': +- case '?': goto yy18; ++ case '?': goto yy17; + case '\n': +- case '\r': goto yy11; +- default: goto yy15; ++ case '\r': goto yy12; ++ default: goto yy14; + } +-yy17: ++yy16: + { RET(PDO_PARSER_TEXT); } +-yy18: ++yy17: + ++YYCURSOR; + if (YYLIMIT <= YYCURSOR) YYFILL(1); + yych = *YYCURSOR; + switch (yych) { + case '\n': +- case '\r': goto yy17; +- default: goto yy18; ++ case '\r': goto yy16; ++ default: goto yy17; + } +-yy20: ++yy19: + yyaccept = 1; + YYMARKER = ++YYCURSOR; + if (YYLIMIT <= YYCURSOR) YYFILL(1); +@@ -220,19 +223,19 @@ + case '"': + case '\'': + case ':': +- case '?': goto yy22; +- case '*': goto yy24; +- default: goto yy20; ++ case '?': goto yy21; ++ case '*': goto yy23; ++ default: goto yy19; + } +-yy22: ++yy21: + ++YYCURSOR; + if (YYLIMIT <= YYCURSOR) YYFILL(1); + yych = *YYCURSOR; + switch (yych) { +- case '*': goto yy27; +- default: goto yy22; ++ case '*': goto yy26; ++ default: goto yy21; + } +-yy24: ++yy23: + yyaccept = 1; + YYMARKER = ++YYCURSOR; + if ((YYLIMIT - YYCURSOR) < 2) YYFILL(2); +@@ -242,45 +245,45 @@ + case '"': + case '\'': + case ':': +- case '?': goto yy22; +- case '*': goto yy24; +- case '/': goto yy26; +- default: goto yy20; ++ case '?': goto yy21; ++ case '*': goto yy23; ++ case '/': goto yy25; ++ default: goto yy19; + } +-yy26: ++yy25: + yych = *++YYCURSOR; + switch (yych) { + case 0x00: + case '"': + case '\'': + case ':': +- case '?': goto yy17; +- default: goto yy11; ++ case '?': goto yy16; ++ default: goto yy12; + } +-yy27: ++yy26: + ++YYCURSOR; + if (YYLIMIT <= YYCURSOR) YYFILL(1); + yych = *YYCURSOR; + switch (yych) { +- case '*': goto yy27; +- case '/': goto yy29; +- default: goto yy22; ++ case '*': goto yy26; ++ case '/': goto yy28; ++ default: goto yy21; + } +-yy29: ++yy28: + yych = *++YYCURSOR; +- goto yy17; +-yy30: ++ goto yy16; ++yy29: + ++YYCURSOR; + if (YYLIMIT <= YYCURSOR) YYFILL(1); + yych = *YYCURSOR; + switch (yych) { + case ':': +- case '?': goto yy30; +- default: goto yy32; ++ case '?': goto yy29; ++ default: goto yy31; + } +-yy32: ++yy31: + { RET(PDO_PARSER_TEXT); } +-yy33: ++yy32: + ++YYCURSOR; + if (YYLIMIT <= YYCURSOR) YYFILL(1); + yych = *YYCURSOR; +@@ -347,55 +350,49 @@ + case 'w': + case 'x': + case 'y': +- case 'z': goto yy33; +- default: goto yy35; ++ case 'z': goto yy32; ++ default: goto yy34; + } +-yy35: ++yy34: + { RET(PDO_PARSER_BIND); } +-yy36: ++yy35: + ++YYCURSOR; + if (YYLIMIT <= YYCURSOR) YYFILL(1); + yych = *YYCURSOR; +-yy37: ++yy36: + switch (yych) { +- case 0x00: goto yy38; +- case '\'': goto yy40; +- case '\\': goto yy39; +- default: goto yy36; +- } +-yy38: +- YYCURSOR = YYMARKER; +- switch (yyaccept) { +- case 0: goto yy3; +- case 1: goto yy9; ++ case 0x00: goto yy2; ++ case '\'': goto yy38; ++ case '\\': goto yy37; ++ default: goto yy35; + } +-yy39: ++yy37: + ++YYCURSOR; + if (YYLIMIT <= YYCURSOR) YYFILL(1); + yych = *YYCURSOR; +- if (yych <= 0x00) goto yy38; +- goto yy36; +-yy40: ++ if (yych <= 0x00) goto yy2; ++ goto yy35; ++yy38: + ++YYCURSOR; + { RET(PDO_PARSER_TEXT); } +-yy42: ++yy40: + ++YYCURSOR; + if (YYLIMIT <= YYCURSOR) YYFILL(1); + yych = *YYCURSOR; +-yy43: ++yy41: + switch (yych) { +- case 0x00: goto yy38; +- case '"': goto yy45; +- case '\\': goto yy44; +- default: goto yy42; ++ case 0x00: goto yy2; ++ case '"': goto yy43; ++ case '\\': goto yy42; ++ default: goto yy40; + } +-yy44: ++yy42: + ++YYCURSOR; + if (YYLIMIT <= YYCURSOR) YYFILL(1); + yych = *YYCURSOR; +- if (yych <= 0x00) goto yy38; +- goto yy42; +-yy45: ++ if (yych <= 0x00) goto yy2; ++ goto yy40; ++yy43: + ++YYCURSOR; + { RET(PDO_PARSER_TEXT); } + } +@@ -428,6 +425,7 @@ + + ptr = *outquery; + s.cur = inquery; ++ s.end = inquery + inquery_len + 1; + + /* phase 1: look for args */ + while((t = scan(&s)) != PDO_PARSER_EOI) { +@@ -547,7 +545,7 @@ + param->param_type TSRMLS_CC)) { + /* bork */ + ret = -1; +- strcpy(stmt->error_code, stmt->dbh->error_code); ++ strncpy(stmt->error_code, stmt->dbh->error_code, 6); + if (buf) { + efree(buf); + } +@@ -570,6 +568,9 @@ + plc->freeq = 0; + break; + ++ case IS_BOOL: ++ convert_to_long(param->parameter); ++ + case IS_LONG: + case IS_DOUBLE: + convert_to_string(param->parameter); +@@ -578,8 +579,6 @@ + plc->freeq = 0; + break; + +- case IS_BOOL: +- convert_to_long(param->parameter); + default: + convert_to_string(param->parameter); + if (!stmt->dbh->methods->quoter(stmt->dbh, Z_STRVAL_P(param->parameter), +@@ -587,7 +586,7 @@ + param->param_type TSRMLS_CC)) { + /* bork */ + ret = -1; +- strcpy(stmt->error_code, stmt->dbh->error_code); ++ strncpy(stmt->error_code, stmt->dbh->error_code, 6); + goto clean_up; + } + plc->freeq = 1; +Index: php5-5.3.10/ext/pdo/pdo_sql_parser.re +=================================================================== +--- php5-5.3.10.orig/ext/pdo/pdo_sql_parser.re 2012-09-11 11:24:51.063064582 -0400 ++++ php5-5.3.10/ext/pdo/pdo_sql_parser.re 2012-09-11 11:27:25.135068527 -0400 +@@ -32,12 +32,12 @@ + + #define YYCTYPE unsigned char + #define YYCURSOR cursor +-#define YYLIMIT cursor ++#define YYLIMIT s->end + #define YYMARKER s->ptr +-#define YYFILL(n) ++#define YYFILL(n) { RET(PDO_PARSER_EOI); } + + typedef struct Scanner { +- char *ptr, *cur, *tok; ++ char *ptr, *cur, *tok, *end; + } Scanner; + + static int scan(Scanner *s) +@@ -51,7 +51,6 @@ + COMMENTS = ("/*"([^*]+|[*]+[^/*])*[*]*"*/"|"--"[^\r\n]*); + SPECIALS = [:?"']; + MULTICHAR = [:?]; +- EOF = [\000]; + ANYNOEOF = [\001-\377]; + */ + +@@ -64,7 +63,6 @@ + SPECIALS { SKIP_ONE(PDO_PARSER_TEXT); } + COMMENTS { RET(PDO_PARSER_TEXT); } + (ANYNOEOF\SPECIALS)+ { RET(PDO_PARSER_TEXT); } +- EOF { RET(PDO_PARSER_EOI); } + */ + } + +@@ -94,6 +92,7 @@ + + ptr = *outquery; + s.cur = inquery; ++ s.end = inquery + inquery_len + 1; + + /* phase 1: look for args */ + while((t = scan(&s)) != PDO_PARSER_EOI) { --- php5-5.3.10.orig/debian/patches/044-strtod_arm_fix.patch +++ php5-5.3.10/debian/patches/044-strtod_arm_fix.patch @@ -0,0 +1,54 @@ +--- a/Zend/zend_strtod.c ++++ b/Zend/zend_strtod.c +@@ -152,14 +152,25 @@ typedef unsigned long int uint32_t; + #define IEEE_LITTLE_ENDIAN + #endif + +-#if defined(__arm__) && !defined(__VFP_FP__) +-/* +- * * Although the CPU is little endian the FP has different +- * * byte and word endianness. The byte order is still little endian +- * * but the word order is big endian. +- * */ +-#define IEEE_BIG_ENDIAN ++#if defined(__arm__) || defined(__thumb__) ++/* ARM traditionally used big-endian words; and within those words the ++ byte ordering was big or little endian depending upon the target. ++ Modern floating-point formats are naturally ordered; in this case ++ __VFP_FP__ will be defined, even if soft-float. */ + #undef IEEE_LITTLE_ENDIAN ++#undef IEEE_BIG_ENDIAN ++#if defined(__VFP_FP__) || defined(__MAVERICK__) ++# ifdef __ARMEL__ ++# define IEEE_LITTLE_ENDIAN ++# else ++# define IEEE_BIG_ENDIAN ++# endif ++#else ++# define IEEE_BIG_ENDIAN ++# ifdef __ARMEL__ ++# define IEEE_BYTES_LITTLE_ENDIAN ++# endif ++#endif + #endif + + #ifdef __vax__ +@@ -267,8 +278,7 @@ BEGIN_EXTERN_C() + + #if defined(IEEE_LITTLE_ENDIAN) + defined(IEEE_BIG_ENDIAN) + defined(VAX) + \ + defined(IBM) != 1 +- Exactly one of IEEE_LITTLE_ENDIAN IEEE_BIG_ENDIAN, VAX, or +- IBM should be defined. ++#error "Exactly one of IEEE_LITTLE_ENDIAN IEEE_BIG_ENDIAN, VAX, or IBM should be defined." + #endif + + typedef union { +@@ -288,7 +298,7 @@ BEGIN_EXTERN_C() + * An alternative that might be better on some machines is + * #define Storeinc(a,b,c) (*a++ = b << 16 | c & 0xffff) + */ +-#if defined(IEEE_LITTLE_ENDIAN) + defined(VAX) + defined(__arm__) ++#if defined(IEEE_LITTLE_ENDIAN) + defined(VAX) + defined(IEEE_BYTES_LITTLE_ENDIAN) + #define Storeinc(a,b,c) (((unsigned short *)a)[1] = (unsigned short)b, \ + ((unsigned short *)a)[0] = (unsigned short)c, a++) + #else --- php5-5.3.10.orig/debian/patches/CVE-2016-6296.patch +++ php5-5.3.10/debian/patches/CVE-2016-6296.patch @@ -0,0 +1,76 @@ +Backport of: + +From e6c48213c22ed50b2b987b479fcc1ac709394caa Mon Sep 17 00:00:00 2001 +From: Stanislav Malyshev +Date: Mon, 18 Jul 2016 21:44:39 -0700 +Subject: [PATCH] Fix bug #72606: heap-buffer-overflow (write) + simplestring_addn simplestring.c + +--- + ext/xmlrpc/libxmlrpc/simplestring.c | 61 ++++++++++++++++++++++--------------- + ext/xmlrpc/libxmlrpc/simplestring.h | 2 +- + 2 files changed, 38 insertions(+), 25 deletions(-) + +Index: php5-5.5.9+dfsg/ext/xmlrpc/libxmlrpc/simplestring.c +=================================================================== +--- php5-5.5.9+dfsg.orig/ext/xmlrpc/libxmlrpc/simplestring.c 2016-07-28 09:25:18.294310035 -0400 ++++ php5-5.5.9+dfsg/ext/xmlrpc/libxmlrpc/simplestring.c 2016-07-28 09:25:49.486708480 -0400 +@@ -172,6 +172,9 @@ + } + /******/ + ++#ifndef SIZE_MAX ++#define SIZE_MAX ((size_t)-1) ++#endif + /****f* FUNC/simplestring_addn + * NAME + * simplestring_addn +@@ -190,18 +193,31 @@ + * simplestring_add () + * SOURCE + */ +-void simplestring_addn(simplestring* target, const char* source, int add_len) { ++void simplestring_addn(simplestring* target, const char* source, size_t add_len) { ++ size_t newsize = target->size, incr = 0; + if(target && source) { + if(!target->str) { + simplestring_init_str(target); + } ++ ++ if((SIZE_MAX - add_len) < target->len || (SIZE_MAX - add_len - 1) < target->len) { ++ /* check for overflows, if there's a potential overflow do nothing */ ++ return; ++ } ++ + if(target->len + add_len + 1 > target->size) { + /* newsize is current length + new length */ +- int newsize = target->len + add_len + 1; +- int incr = target->size * 2; ++ newsize = target->len + add_len + 1; ++ incr = target->size * 2; + + /* align to SIMPLESTRING_INCR increments */ +- newsize = newsize - (newsize % incr) + incr; ++ if (incr) { ++ newsize = newsize - (newsize % incr) + incr; ++ } ++ if(newsize < (target->len + add_len + 1)) { ++ /* some kind of overflow happened */ ++ return; ++ } + target->str = (char*)realloc(target->str, newsize); + + target->size = target->str ? newsize : 0; +Index: php5-5.5.9+dfsg/ext/xmlrpc/libxmlrpc/simplestring.h +=================================================================== +--- php5-5.5.9+dfsg.orig/ext/xmlrpc/libxmlrpc/simplestring.h 2016-07-28 09:25:18.294310035 -0400 ++++ php5-5.5.9+dfsg/ext/xmlrpc/libxmlrpc/simplestring.h 2016-07-28 09:25:18.294310035 -0400 +@@ -63,7 +63,7 @@ + void simplestring_clear(simplestring* string); + void simplestring_free(simplestring* string); + void simplestring_add(simplestring* string, const char* add); +-void simplestring_addn(simplestring* string, const char* add, int add_len); ++void simplestring_addn(simplestring* string, const char* add, size_t add_len); + + #ifdef __cplusplus + } --- php5-5.3.10.orig/debian/patches/CVE-2015-5589-2.patch +++ php5-5.3.10/debian/patches/CVE-2015-5589-2.patch @@ -0,0 +1,64 @@ +Backport of: + +From 885edfef0a0eb1016a906d197399f92375a795e4 Mon Sep 17 00:00:00 2001 +From: Stanislav Malyshev +Date: Mon, 6 Jul 2015 22:58:28 -0700 +Subject: [PATCH] Better fix for bug #69958 + +--- + ext/phar/phar_object.c | 22 +++++++++++++--------- + ext/phar/tests/bug69958.phpt | 2 ++ + 2 files changed, 15 insertions(+), 9 deletions(-) + +Index: php5-5.3.10/ext/phar/phar_object.c +=================================================================== +--- php5-5.3.10.orig/ext/phar/phar_object.c 2015-09-29 12:28:51.042007869 -0400 ++++ php5-5.3.10/ext/phar/phar_object.c 2015-09-29 12:29:33.853733262 -0400 +@@ -2199,9 +2199,10 @@ + } + /* }}} */ + +-static zval *phar_rename_archive(phar_archive_data *phar, char *ext, zend_bool compress TSRMLS_DC) /* {{{ */ ++static zval *phar_rename_archive(phar_archive_data **sphar, char *ext, zend_bool compress TSRMLS_DC) /* {{{ */ + { + char *oldname = NULL, *oldpath = NULL; ++ phar_archive_data *phar = *sphar; + char *basename = NULL, *basepath = NULL; + char *newname = NULL, *newpath = NULL; + zval *ret, arg1; +@@ -2308,6 +2309,7 @@ + phar->fp = NULL; + phar_destroy_phar_data(phar TSRMLS_CC); + phar = *pphar; ++ *sphar = NULL; + phar->refcount++; + newpath = oldpath; + goto its_ok; +@@ -2518,17 +2520,19 @@ + phar_add_virtual_dirs(phar, newentry.filename, newentry.filename_len TSRMLS_CC); + } + +- if ((ret = phar_rename_archive(phar, ext, 0 TSRMLS_CC))) { ++ if ((ret = phar_rename_archive(&phar, ext, 0 TSRMLS_CC))) { + return ret; + } else { +- zend_hash_destroy(&(phar->manifest)); +- zend_hash_destroy(&(phar->mounted_dirs)); +- zend_hash_destroy(&(phar->virtual_dirs)); +- if (phar->fp) { +- php_stream_close(phar->fp); ++ if(phar != NULL) { ++ zend_hash_destroy(&(phar->manifest)); ++ zend_hash_destroy(&(phar->mounted_dirs)); ++ zend_hash_destroy(&(phar->virtual_dirs)); ++ if (phar->fp) { ++ php_stream_close(phar->fp); ++ } ++ efree(phar->fname); ++ efree(phar); + } +- efree(phar->fname); +- efree(phar); + return NULL; + } + } --- php5-5.3.10.orig/debian/patches/php5-fpm_5.3_error-reporting-fix.patch +++ php5-5.3.10/debian/patches/php5-fpm_5.3_error-reporting-fix.patch @@ -0,0 +1,113 @@ +Description: Fixes LaunchPad Bug 1006738, regarding PHP not reporting errors to web server (nginx confirmed) +Origin: upstream, https://bugs.php.net/patch-display.php?bug_id=61045&patch=bug61045-5.3.patch&revision=latest +Bug: https://bugs.php.net/bug.php?id=61045 +Bug-Debian: bugs.debian.org/cgi-bin/bugreport.cgi?bug=677994 +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1014044 + +--- a/sapi/fpm/fpm/fpm_main.c ++++ b/sapi/fpm/fpm/fpm_main.c +@@ -651,14 +651,38 @@ + } + } + +-static void sapi_cgi_log_message(char *message) ++/* {{{ sapi_cgi_log_fastcgi ++ * ++ * Ignore level, we want to send all messages through fastcgi ++ */ ++void sapi_cgi_log_fastcgi(int level, char *message, size_t len) + { + TSRMLS_FETCH(); + +- if (CGIG(fcgi_logging)) { +- zlog(ZLOG_NOTICE, "PHP message: %s", message); ++ fcgi_request *request = (fcgi_request*) SG(server_context); ++ ++ /* ensure we want: ++ * - to log (fastcgi.logging in php.ini) ++ * - we are currently dealing with a request ++ * - the message is not empty ++ */ ++ if (CGIG(fcgi_logging) && request && message && len > 0) { ++ char *buf = malloc(len + 2); ++ memcpy(buf, message, len); ++ memcpy(buf + len, "\n", sizeof("\n")); ++ fcgi_write(request, FCGI_STDERR, buf, len+1); ++ free(buf); + } + } ++/* }}} */ ++ ++/* {{{ sapi_cgi_log_message ++ */ ++static void sapi_cgi_log_message(char *message) ++{ ++ zlog(ZLOG_NOTICE, "PHP message: %s", message); ++} ++/* }}} */ + + /* {{{ php_cgi_ini_activate_user_config + */ +@@ -1774,6 +1798,9 @@ + fcgi_fd = fpm_run(&max_requests); + parent = 0; + ++ /* onced forked tell zlog to also send messages through sapi_cgi_log_fastcgi() */ ++ zlog_set_external_logger(sapi_cgi_log_fastcgi); ++ + /* make php call us to get _ENV vars */ + php_php_import_environment_variables = php_import_environment_variables; + php_import_environment_variables = cgi_php_import_environment_variables; +--- a/sapi/fpm/fpm/zlog.c ++++ b/sapi/fpm/fpm/zlog.c +@@ -22,6 +22,7 @@ + static int zlog_fd = -1; + static int zlog_level = ZLOG_NOTICE; + static int launched = 0; ++static void (*external_logger)(int, char *, size_t) = NULL; + + static const char *level_names[] = { + [ZLOG_DEBUG] = "DEBUG", +@@ -41,6 +42,12 @@ + }; + #endif + ++void zlog_set_external_logger(void (*logger)(int, char *, size_t)) /* {{{ */ ++{ ++ external_logger = logger; ++} ++/* }}} */ ++ + const char *zlog_get_level_name(int log_level) /* {{{ */ + { + if (log_level < 0) { +@@ -101,6 +108,19 @@ + int truncated = 0; + int saved_errno; + ++ if (external_logger) { ++ va_start(args, fmt); ++ len = vsnprintf(buf, buf_size, fmt, args); ++ va_end(args); ++ if (len >= buf_size) { ++ memcpy(buf + buf_size - sizeof("..."), "...", sizeof("...") - 1); ++ len = buf_size - 1; ++ } ++ external_logger(flags & ZLOG_LEVEL_MASK, buf, len); ++ len = 0; ++ memset(buf, '\0', buf_size); ++ } ++ + if ((flags & ZLOG_LEVEL_MASK) < zlog_level) { + return; + } +--- a/sapi/fpm/fpm/zlog.h ++++ b/sapi/fpm/fpm/zlog.h +@@ -9,6 +9,7 @@ + + struct timeval; + ++void zlog_set_external_logger(void (*logger)(int, char *, size_t)); + int zlog_set_fd(int new_fd); + int zlog_set_level(int new_value); + const char *zlog_get_level_name(int log_level); --- php5-5.3.10.orig/debian/patches/bug70014.patch +++ php5-5.3.10/debian/patches/bug70014.patch @@ -0,0 +1,42 @@ +Backport of: + +From 16023f3e3b9c06cf677c3c980e8d574e4c162827 Mon Sep 17 00:00:00 2001 +From: Stanislav Malyshev +Date: Sun, 26 Jul 2015 17:43:16 -0700 +Subject: [PATCH] Fix bug #70014 - use RAND_bytes instead of deprecated + RAND_pseudo_bytes + +--- + ext/openssl/openssl.c | 6 ++---- + 1 file changed, 2 insertions(+), 4 deletions(-) + +Index: php5-5.3.10/ext/openssl/openssl.c +=================================================================== +--- php5-5.3.10.orig/ext/openssl/openssl.c 2016-04-18 11:02:07.544751805 -0400 ++++ php5-5.3.10/ext/openssl/openssl.c 2016-04-18 11:03:41.161667300 -0400 +@@ -4986,7 +4986,6 @@ + long buffer_length; + unsigned char *buffer = NULL; + zval *zstrong_result_returned = NULL; +- int strong_result = 0; + + if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "l|z", &buffer_length, &zstrong_result_returned) == FAILURE) { + return; +@@ -5003,7 +5002,7 @@ + + buffer = emalloc(buffer_length + 1); + +- if ((strong_result = RAND_pseudo_bytes(buffer, buffer_length)) < 0) { ++ if (RAND_bytes(buffer, buffer_length) <= 0) { + efree(buffer); + RETURN_FALSE; + } +@@ -5012,7 +5011,7 @@ + RETVAL_STRINGL((char *)buffer, buffer_length, 0); + + if (zstrong_result_returned) { +- ZVAL_BOOL(zstrong_result_returned, strong_result); ++ ZVAL_BOOL(zstrong_result_returned, 1); + } + } + /* }}} */ --- php5-5.3.10.orig/debian/patches/fix_crash_in__php_mssql_get_column_content_without_type.patch +++ php5-5.3.10/debian/patches/fix_crash_in__php_mssql_get_column_content_without_type.patch @@ -0,0 +1,17 @@ +--- a/ext/mssql/php_mssql.c ++++ b/ext/mssql/php_mssql.c +@@ -1106,6 +1106,14 @@ static void php_mssql_get_column_content + return; + } + ++ if (res_length == 0) { ++ ZVAL_NULL(result); ++ return; ++ } else if (res_length < 0) { ++ ZVAL_FALSE(result); ++ return; ++ } ++ + res_buf = (unsigned char *) emalloc(res_length+1); + bin = ((DBBINARY *)dbdata(mssql_ptr->link, offset)); + res_buf[res_length] = '\0'; --- php5-5.3.10.orig/debian/patches/CVE-2013-4113.patch +++ php5-5.3.10/debian/patches/CVE-2013-4113.patch @@ -0,0 +1,161 @@ +Description: fix denial of service and possible code execution via xml + parser heap overflow +Origin: upstream, http://git.php.net/?p=php-src.git;a=commit;h=7d163e8a0880ae8af2dd869071393e5dc07ef271 +Origin: upstream, http://git.php.net/?p=php-src.git;a=commit;h=710eee5555bc5c95692bd3c84f5d2b5d687349b6 +Bug: https://bugs.php.net/bug.php?id=65236 + +Index: php5-5.3.10/ext/xml/tests/bug65236.phpt +=================================================================== +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ php5-5.3.10/ext/xml/tests/bug65236.phpt 2013-07-15 09:49:18.034820124 -0400 +@@ -0,0 +1,15 @@ ++--TEST-- ++Bug #65236 (heap corruption in xml parser) ++--SKIPIF-- ++ ++--FILE-- ++", 1000), $a); ++ ++echo "Done\n"; ++?> ++--EXPECTF-- ++Warning: xml_parse_into_struct(): Maximum depth exceeded - Results truncated in %s on line %d ++Done +Index: php5-5.3.10/ext/xml/xml.c +=================================================================== +--- php5-5.3.10.orig/ext/xml/xml.c 2013-07-15 09:49:18.038820125 -0400 ++++ php5-5.3.10/ext/xml/xml.c 2013-07-15 09:49:18.034820124 -0400 +@@ -427,7 +427,7 @@ + } + if (parser->ltags) { + int inx; +- for (inx = 0; inx < parser->level; inx++) ++ for (inx = 0; ((inx < parser->level) && (inx < XML_MAXLEVEL)); inx++) + efree(parser->ltags[ inx ]); + efree(parser->ltags); + } +@@ -905,45 +905,50 @@ + } + + if (parser->data) { +- zval *tag, *atr; +- int atcnt = 0; ++ if (parser->level <= XML_MAXLEVEL) { ++ zval *tag, *atr; ++ int atcnt = 0; + +- MAKE_STD_ZVAL(tag); +- MAKE_STD_ZVAL(atr); ++ MAKE_STD_ZVAL(tag); ++ MAKE_STD_ZVAL(atr); + +- array_init(tag); +- array_init(atr); ++ array_init(tag); ++ array_init(atr); + +- _xml_add_to_info(parser,((char *) tag_name) + parser->toffset); ++ _xml_add_to_info(parser,((char *) tag_name) + parser->toffset); + +- add_assoc_string(tag,"tag",((char *) tag_name) + parser->toffset,1); /* cast to avoid gcc-warning */ +- add_assoc_string(tag,"type","open",1); +- add_assoc_long(tag,"level",parser->level); ++ add_assoc_string(tag,"tag",((char *) tag_name) + parser->toffset,1); /* cast to avoid gcc-warning */ ++ add_assoc_string(tag,"type","open",1); ++ add_assoc_long(tag,"level",parser->level); + +- parser->ltags[parser->level-1] = estrdup(tag_name); +- parser->lastwasopen = 1; ++ parser->ltags[parser->level-1] = estrdup(tag_name); ++ parser->lastwasopen = 1; + +- attributes = (const XML_Char **) attrs; ++ attributes = (const XML_Char **) attrs; + +- while (attributes && *attributes) { +- att = _xml_decode_tag(parser, attributes[0]); +- val = xml_utf8_decode(attributes[1], strlen(attributes[1]), &val_len, parser->target_encoding); +- +- add_assoc_stringl(atr,att,val,val_len,0); ++ while (attributes && *attributes) { ++ att = _xml_decode_tag(parser, attributes[0]); ++ val = xml_utf8_decode(attributes[1], strlen(attributes[1]), &val_len, parser->target_encoding); + +- atcnt++; +- attributes += 2; ++ add_assoc_stringl(atr,att,val,val_len,0); + +- efree(att); +- } ++ atcnt++; ++ attributes += 2; + +- if (atcnt) { +- zend_hash_add(Z_ARRVAL_P(tag),"attributes",sizeof("attributes"),&atr,sizeof(zval*),NULL); +- } else { +- zval_ptr_dtor(&atr); +- } ++ efree(att); ++ } ++ ++ if (atcnt) { ++ zend_hash_add(Z_ARRVAL_P(tag),"attributes",sizeof("attributes"),&atr,sizeof(zval*),NULL); ++ } else { ++ zval_ptr_dtor(&atr); ++ } + +- zend_hash_next_index_insert(Z_ARRVAL_P(parser->data),&tag,sizeof(zval*),(void *) &parser->ctag); ++ zend_hash_next_index_insert(Z_ARRVAL_P(parser->data),&tag,sizeof(zval*),(void *) &parser->ctag); ++ } else if (parser->level == (XML_MAXLEVEL + 1)) { ++ TSRMLS_FETCH(); ++ php_error_docref(NULL TSRMLS_CC, E_WARNING, "Maximum depth exceeded - Results truncated"); ++ } + } + + efree(tag_name); +@@ -995,7 +1000,7 @@ + + efree(tag_name); + +- if (parser->ltags) { ++ if ((parser->ltags) && (parser->level <= XML_MAXLEVEL)) { + efree(parser->ltags[parser->level-1]); + } + +@@ -1079,18 +1084,23 @@ + } + } + +- MAKE_STD_ZVAL(tag); +- +- array_init(tag); +- +- _xml_add_to_info(parser,parser->ltags[parser->level-1] + parser->toffset); ++ if (parser->level <= XML_MAXLEVEL) { ++ MAKE_STD_ZVAL(tag); + +- add_assoc_string(tag,"tag",parser->ltags[parser->level-1] + parser->toffset,1); +- add_assoc_string(tag,"value",decoded_value,0); +- add_assoc_string(tag,"type","cdata",1); +- add_assoc_long(tag,"level",parser->level); ++ array_init(tag); + +- zend_hash_next_index_insert(Z_ARRVAL_P(parser->data),&tag,sizeof(zval*),NULL); ++ _xml_add_to_info(parser,parser->ltags[parser->level-1] + parser->toffset); ++ ++ add_assoc_string(tag,"tag",parser->ltags[parser->level-1] + parser->toffset,1); ++ add_assoc_string(tag,"value",decoded_value,0); ++ add_assoc_string(tag,"type","cdata",1); ++ add_assoc_long(tag,"level",parser->level); ++ ++ zend_hash_next_index_insert(Z_ARRVAL_P(parser->data),&tag,sizeof(zval*),NULL); ++ } else if (parser->level == (XML_MAXLEVEL + 1)) { ++ TSRMLS_FETCH(); ++ php_error_docref(NULL TSRMLS_CC, E_WARNING, "Maximum depth exceeded - Results truncated"); ++ } + } + } else { + efree(decoded_value); --- php5-5.3.10.orig/debian/patches/CVE-2015-4022.patch +++ php5-5.3.10/debian/patches/CVE-2015-4022.patch @@ -0,0 +1,267 @@ +From ac2832935435556dc593784cd0087b5e576bbe4d Mon Sep 17 00:00:00 2001 +From: Stanislav Malyshev +Date: Wed, 29 Apr 2015 21:57:33 -0700 +Subject: [PATCH] Fix bug #69545 - avoid overflow when reading list + +--- + ext/ftp/ftp.c | 82 +++++++++++++++++++++++++++++------------------------------ + 1 file changed, 41 insertions(+), 41 deletions(-) + +Index: php5-5.3.10/ext/ftp/ftp.c +=================================================================== +--- php5-5.3.10.orig/ext/ftp/ftp.c 2015-06-26 13:30:49.868962981 -0400 ++++ php5-5.3.10/ext/ftp/ftp.c 2015-06-26 13:30:49.868962981 -0400 +@@ -183,9 +183,9 @@ + if (ftp->ssl_active) { + SSL_shutdown(ftp->ssl_handle); + } +-#endif ++#endif + closesocket(ftp->fd); +- } ++ } + ftp_gc(ftp); + efree(ftp); + return NULL; +@@ -256,7 +256,7 @@ + if (!ftp_getresp(ftp)) { + return 0; + } +- ++ + if (ftp->resp != 234) { + if (!ftp_putcmd(ftp, "AUTH", "SSL")) { + return 0; +@@ -264,7 +264,7 @@ + if (!ftp_getresp(ftp)) { + return 0; + } +- ++ + if (ftp->resp != 334) { + return 0; + } else { +@@ -272,7 +272,7 @@ + ftp->use_ssl_for_data = 1; + } + } +- ++ + ctx = SSL_CTX_new(SSLv23_client_method()); + if (ctx == NULL) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "failed to create the SSL context"); +@@ -315,8 +315,8 @@ + if (!ftp_getresp(ftp)) { + return 0; + } +- +- ftp->use_ssl_for_data = (ftp->resp >= 200 && ftp->resp <=299); ++ ++ ftp->use_ssl_for_data = (ftp->resp >= 200 && ftp->resp <=299); + } + } + #endif +@@ -350,7 +350,7 @@ + { + if (ftp == NULL) { + return 0; +- } ++ } + + ftp_gc(ftp); + +@@ -385,7 +385,7 @@ + if (!ftp_putcmd(ftp, "SYST", NULL)) { + return NULL; + } +- if (!ftp_getresp(ftp) || ftp->resp != 215) { ++ if (!ftp_getresp(ftp) || ftp->resp != 215) { + return NULL; + } + syst = ftp->inbuf; +@@ -421,14 +421,14 @@ + if (!ftp_putcmd(ftp, "PWD", NULL)) { + return NULL; + } +- if (!ftp_getresp(ftp) || ftp->resp != 257) { ++ if (!ftp_getresp(ftp) || ftp->resp != 257) { + return NULL; + } + /* copy out the pwd from response */ +- if ((pwd = strchr(ftp->inbuf, '"')) == NULL) { ++ if ((pwd = strchr(ftp->inbuf, '"')) == NULL) { + return NULL; + } +- if ((end = strrchr(++pwd, '"')) == NULL) { ++ if ((end = strrchr(++pwd, '"')) == NULL) { + return NULL; + } + ftp->pwd = estrndup(pwd, end - pwd); +@@ -598,7 +598,7 @@ + if (!ftp_getresp(ftp) || ftp->resp != 200) { + return 0; + } +- ++ + return 1; + } + /* }}} */ +@@ -632,7 +632,7 @@ + return 0; + } + +- return 1; ++ return 1; + } + /* }}} */ + +@@ -664,7 +664,7 @@ + if (ftp == NULL) { + return 0; + } +- if (type == ftp->type) { ++ if (type == ftp->type) { + return 1; + } + if (type == FTPTYPE_ASCII) { +@@ -755,7 +755,7 @@ + if (!ftp_putcmd(ftp, "PASV", NULL)) { + return 0; + } +- if (!ftp_getresp(ftp) || ftp->resp != 227) { ++ if (!ftp_getresp(ftp) || ftp->resp != 227) { + return 0; + } + /* parse out the IP and port */ +@@ -798,7 +798,7 @@ + if ((data = ftp_getdata(ftp TSRMLS_CC)) == NULL) { + goto bail; + } +- ++ + ftp->data = data; + + if (resumepos > 0) { +@@ -896,7 +896,7 @@ + if ((data = ftp_getdata(ftp TSRMLS_CC)) == NULL) { + goto bail; + } +- ftp->data = data; ++ ftp->data = data; + + if (startpos > 0) { + if (startpos > 2147483647) { +@@ -1101,7 +1101,7 @@ + + if (strpbrk(cmd, "\r\n")) { + return 0; +- } ++ } + /* build the output buffer */ + if (args && args[0]) { + /* "cmd args\r\n\0" */ +@@ -1249,7 +1249,7 @@ + #if HAVE_OPENSSL_EXT + if (ftp->use_ssl && ftp->fd == s && ftp->ssl_active) { + sent = SSL_write(ftp->ssl_handle, buf, size); +- } else if (ftp->use_ssl && ftp->fd != s && ftp->use_ssl_for_data && ftp->data->ssl_active) { ++ } else if (ftp->use_ssl && ftp->fd != s && ftp->use_ssl_for_data && ftp->data->ssl_active) { + sent = SSL_write(ftp->data->ssl_handle, buf, size); + } else { + #endif +@@ -1289,14 +1289,14 @@ + #if HAVE_OPENSSL_EXT + if (ftp->use_ssl && ftp->fd == s && ftp->ssl_active) { + nr_bytes = SSL_read(ftp->ssl_handle, buf, len); +- } else if (ftp->use_ssl && ftp->fd != s && ftp->use_ssl_for_data && ftp->data->ssl_active) { ++ } else if (ftp->use_ssl && ftp->fd != s && ftp->use_ssl_for_data && ftp->data->ssl_active) { + nr_bytes = SSL_read(ftp->data->ssl_handle, buf, len); + } else { + #endif + nr_bytes = recv(s, buf, len, 0); + #if HAVE_OPENSSL_EXT + } +-#endif ++#endif + return (nr_bytes); + } + /* }}} */ +@@ -1512,7 +1512,7 @@ + + data_accepted: + #if HAVE_OPENSSL_EXT +- ++ + /* now enable ssl if we need to */ + if (ftp->use_ssl && ftp->use_ssl_for_data) { + ctx = SSL_CTX_new(SSLv23_client_method()); +@@ -1566,18 +1566,18 @@ + SSL_shutdown(data->ssl_handle); + data->ssl_active = 0; + } +-#endif ++#endif + closesocket(data->listener); +- } ++ } + if (data->fd != -1) { + #if HAVE_OPENSSL_EXT + if (data->ssl_active) { + SSL_shutdown(data->ssl_handle); + data->ssl_active = 0; + } +-#endif ++#endif + closesocket(data->fd); +- } ++ } + if (ftp) { + ftp->data = NULL; + } +@@ -1595,8 +1595,8 @@ + databuf_t *data = NULL; + char *ptr; + int ch, lastch; +- int size, rcvd; +- int lines; ++ size_t size, rcvd; ++ size_t lines; + char **ret = NULL; + char **entry; + char *text; +@@ -1614,7 +1614,7 @@ + if ((data = ftp_getdata(ftp TSRMLS_CC)) == NULL) { + goto bail; + } +- ftp->data = data; ++ ftp->data = data; + + if (!ftp_putcmd(ftp, cmd, path)) { + goto bail; +@@ -1638,7 +1638,7 @@ + lines = 0; + lastch = 0; + while ((rcvd = my_recv(ftp, data->fd, data->buf, FTP_BUFSIZE))) { +- if (rcvd == -1) { ++ if (rcvd == -1 || rcvd > ((size_t)(-1))-size) { + goto bail; + } + +@@ -1854,7 +1854,7 @@ + if (!ftp_getresp(ftp) || (ftp->resp != 150 && ftp->resp != 125)) { + goto bail; + } +- if ((data = data_accept(data, ftp TSRMLS_CC)) == NULL) { ++ if ((data = data_accept(data, ftp TSRMLS_CC)) == NULL) { + goto bail; + } + ftp->data = data; +@@ -1910,7 +1910,7 @@ + goto bail; + } + ftp->data = data_close(ftp, ftp->data); +- ++ + if (!ftp_getresp(ftp) || (ftp->resp != 226 && ftp->resp != 250)) { + goto bail; + } --- php5-5.3.10.orig/debian/patches/fix_broken_5.3_tests.patch +++ php5-5.3.10/debian/patches/fix_broken_5.3_tests.patch @@ -0,0 +1,30 @@ +Author: Sean Finney +Description: Fix another small batch of broken test cases + * ext/standard/tests/php_ini_loaded_file.phpt: this test only works if + you call run-tests directly, but the included Makefile invokes the + test in such a way that it fails (it explicitly loads an ini file, + and the test assumes that none are loaded). since it therefore seems + like a somewhat useless test it has been removed. + * cli/tests/006.phpt: $subject is according to the docs for + the two pcre functions that report it as such, so the expected string has + been updated to match the output. + * php.orig/ext/posix/tests/posix_errno_variation2.phpt: SIGKILL is not + a defined constant unless the pcntl extension is loaded. As was + done elsewhere (posix_kill_basic.phpt, which oddly seems to do the + same *incredibly sketchy* test that's done here), it's passed as a + variable hardcoded to 9 instead. Did i mention that this test is + sketchy? +Origin: vendor +--- a/ext/posix/tests/posix_errno_variation2.phpt ++++ b/ext/posix/tests/posix_errno_variation2.phpt +@@ -21,7 +21,9 @@ do { + $result = shell_exec("ps -p " . $pid); + } while (strstr($pid, $result)); + +-posix_kill($pid, SIGKILL); ++/* don't depend on SIGKILL being defined (pcntl might not not be loaded) */ ++$SIGKILL = 9; ++posix_kill($pid, $SIGKILL); + var_dump(posix_errno()); + + ?> --- php5-5.3.10.orig/debian/patches/113-php.ini_securitynotes.patch +++ php5-5.3.10/debian/patches/113-php.ini_securitynotes.patch @@ -0,0 +1,44 @@ +Description: Adds security notices to php.ini settings +Origin: vendor +Forwarded: not-needed +Last-Update: 2010-01-18 + +--- a/php.ini-development ++++ b/php.ini-development +@@ -335,6 +335,11 @@ allow_call_time_pass_reference = Off + + ; Safe Mode + ; http://php.net/safe-mode ++; NOTE: this is considered a "broken" security measure. ++; Applications relying on this feature will not recieve full ++; support by the security team. For more information please ++; see /usr/share/doc/php5-common/README.Debian.security ++; + safe_mode = Off + + ; By default, Safe Mode does a UID compare check when +@@ -376,6 +381,12 @@ safe_mode_protected_env_vars = LD_LIBRAR + ; or per-virtualhost web server configuration file. This directive is + ; *NOT* affected by whether Safe Mode is turned On or Off. + ; http://php.net/open-basedir ++ ++; NOTE: this is considered a "broken" security measure. ++; Applications relying on this feature will not recieve full ++; support by the security team. For more information please ++; see /usr/share/doc/php5-common/README.Debian.security ++; + ;open_basedir = + + ; This directive allows you to disable certain functions for security reasons. +@@ -700,6 +711,11 @@ request_order = "GP" + ; register_globals to be on; Using form variables as globals can easily lead + ; to possible security problems, if the code is not very well thought of. + ; http://php.net/register-globals ++ ++; NOTE: applications relying on this feature will not recieve full ++; support by the security team. For more information please ++; see /usr/share/doc/php5-common/README.Debian.security ++; + register_globals = Off + + ; Determines whether the deprecated long $HTTP_*_VARS type predefined variables --- php5-5.3.10.orig/debian/patches/CVE-2012-233x.patch +++ php5-5.3.10/debian/patches/CVE-2012-233x.patch @@ -0,0 +1,34 @@ +Description: improve php5-cgi query string parameter parsing +Origin: upstream, http://git.php.net/?p=php-src.git;a=commitdiff;h=000e84aa88ce16deabbf61e7086fc8db63ca88aa + +Index: php5-5.3.10/sapi/cgi/cgi_main.c +=================================================================== +--- php5-5.3.10.orig/sapi/cgi/cgi_main.c 2012-06-12 13:33:43.949077708 -0400 ++++ php5-5.3.10/sapi/cgi/cgi_main.c 2012-06-12 13:39:06.701074630 -0400 +@@ -1556,10 +1556,15 @@ + } + } + +- if(query_string = getenv("QUERY_STRING")) { ++ if((query_string = getenv("QUERY_STRING")) != NULL && strchr(query_string, '=') == NULL) { ++ /* we've got query string that has no = - apache CGI will pass it to command line */ ++ unsigned char *p; + decoded_query_string = strdup(query_string); + php_url_decode(decoded_query_string, strlen(decoded_query_string)); +- if(*decoded_query_string == '-' && strchr(query_string, '=') == NULL) { ++ for (p = decoded_query_string; *p && *p <= ' '; p++) { ++ /* skip all leading spaces */ ++ } ++ if(*p == '-') { + skip_getopt = 1; + } + free(decoded_query_string); +@@ -1814,7 +1819,7 @@ + } + + zend_first_try { +- while ((c = php_getopt(argc, argv, OPTIONS, &php_optarg, &php_optind, 1, 2)) != -1) { ++ while (!skip_getopt && (c = php_getopt(argc, argv, OPTIONS, &php_optarg, &php_optind, 1, 2)) != -1) { + switch (c) { + case 'T': + benchmark = 1; --- php5-5.3.10.orig/debian/patches/CVE-2016-3141.patch +++ php5-5.3.10/debian/patches/CVE-2016-3141.patch @@ -0,0 +1,113 @@ +From b1bd4119bcafab6f9a8f84d92cd65eec3afeface Mon Sep 17 00:00:00 2001 +From: Stanislav Malyshev +Date: Sun, 14 Feb 2016 22:34:39 -0800 +Subject: [PATCH] Fixed bug #71587 - Use-After-Free / Double-Free in WDDX + Deserialize + +--- + ext/wddx/tests/bug71587.phpt | 43 +++++++++++++++++++++++++++++++++++++++++++ + ext/wddx/wddx.c | 19 +++++++++++++++---- + 2 files changed, 58 insertions(+), 4 deletions(-) + create mode 100644 ext/wddx/tests/bug71587.phpt + +Index: php5-5.5.9+dfsg/ext/wddx/tests/bug71587.phpt +=================================================================== +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ php5-5.5.9+dfsg/ext/wddx/tests/bug71587.phpt 2016-04-15 13:25:55.489442998 -0400 +@@ -0,0 +1,43 @@ ++--TEST-- ++Bug #71587 (Use-After-Free / Double-Free in WDDX Deserialize) ++--SKIPIF-- ++ ++--FILE-- ++ ++ ++ ++ ++ ++ manhluat ++ ++ ++ ++ ++ ++EOF; ++ ++$wddx = wddx_deserialize($xml); ++var_dump($wddx); ++// Print mem leak ++foreach($wddx as $k=>$v) ++ printf("Key: %s\nValue: %s\n",bin2hex($k),bin2hex($v)); ++ ++?> ++DONE ++--EXPECTF-- ++array(2) { ++ [0]=> ++ string(8) "manhluat" ++ [1]=> ++ bool(true) ++} ++Key: 30 ++Value: 6d616e686c756174 ++Key: 31 ++Value: 31 ++DONE +Index: php5-5.5.9+dfsg/ext/wddx/wddx.c +=================================================================== +--- php5-5.5.9+dfsg.orig/ext/wddx/wddx.c 2016-04-15 13:25:55.493443048 -0400 ++++ php5-5.5.9+dfsg/ext/wddx/wddx.c 2016-04-15 13:25:55.493443048 -0400 +@@ -933,6 +933,16 @@ + !strcmp(name, EL_DATETIME)) { + wddx_stack_top(stack, (void**)&ent1); + ++ if (!ent1->data) { ++ if (stack->top > 1) { ++ stack->top--; ++ } else { ++ stack->done = 1; ++ } ++ efree(ent1); ++ return; ++ } ++ + if (!strcmp(name, EL_BINARY)) { + int new_len=0; + unsigned char *new_str; +@@ -1028,6 +1038,7 @@ + } + } else if (!strcmp(name, EL_VAR) && stack->varname) { + efree(stack->varname); ++ stack->varname = NULL; + } else if (!strcmp(name, EL_FIELD)) { + st_entry *ent; + wddx_stack_top(stack, (void **)&ent); +@@ -1047,7 +1058,7 @@ + + if (!wddx_stack_is_empty(stack) && !stack->done) { + wddx_stack_top(stack, (void**)&ent); +- switch (Z_TYPE_P(ent)) { ++ switch (ent->type) { + case ST_STRING: + if (Z_STRLEN_P(ent->data) == 0) { + STR_FREE(Z_STRVAL_P(ent->data)); +@@ -1086,11 +1097,11 @@ + } else if (!strcmp(s, "false")) { + Z_LVAL_P(ent->data) = 0; + } else { +- stack->top--; + zval_ptr_dtor(&ent->data); +- if (ent->varname) ++ if (ent->varname) { + efree(ent->varname); +- efree(ent); ++ } ++ ent->data = NULL; + } + break; + --- php5-5.3.10.orig/debian/patches/CVE-2016-4542.patch +++ php5-5.3.10/debian/patches/CVE-2016-4542.patch @@ -0,0 +1,75 @@ +Backport of: + +From 082aecfc3a753ad03be82cf14f03ac065723ec92 Mon Sep 17 00:00:00 2001 +From: Stanislav Malyshev +Date: Sun, 24 Apr 2016 19:33:52 -0700 +Subject: [PATCH] Fix bug #72094 - Out of bounds heap read access in exif + header processing + +--- + ext/exif/exif.c | 17 ++++++++++-- + ext/exif/tests/bug72094.phpt | 61 ++++++++++++++++++++++++++++++++++++++++++ + ext/exif/tests/bug72094_1.jpg | Bin 0 -> 140 bytes + ext/exif/tests/bug72094_2.jpg | Bin 0 -> 140 bytes + ext/exif/tests/bug72094_3.jpg | Bin 0 -> 112 bytes + ext/exif/tests/bug72094_4.jpg | Bin 0 -> 32 bytes + 6 files changed, 76 insertions(+), 2 deletions(-) + create mode 100644 ext/exif/tests/bug72094.phpt + create mode 100644 ext/exif/tests/bug72094_1.jpg + create mode 100644 ext/exif/tests/bug72094_2.jpg + create mode 100644 ext/exif/tests/bug72094_3.jpg + create mode 100644 ext/exif/tests/bug72094_4.jpg + +Index: php5-5.3.10/ext/exif/exif.c +=================================================================== +--- php5-5.3.10.orig/ext/exif/exif.c 2016-05-19 12:52:28.589907636 -0400 ++++ php5-5.3.10/ext/exif/exif.c 2016-05-19 12:52:28.577907475 -0400 +@@ -2981,8 +2981,8 @@ + if (lengthCopyrightPhotographer = estrdup(value_ptr); +- ImageInfo->CopyrightEditor = estrdup(value_ptr+length+1); +- spprintf(&ImageInfo->Copyright, 0, "%s, %s", value_ptr, value_ptr+length+1); ++ ImageInfo->CopyrightEditor = estrndup(value_ptr+length+1, byte_count-length-1); ++ spprintf(&ImageInfo->Copyright, 0, "%s, %s", ImageInfo->CopyrightPhotographer, ImageInfo->CopyrightEditor); + /* format = TAG_FMT_UNDEFINED; this musn't be ASCII */ + /* but we are not supposed to change this */ + /* keep in mind that image_info does not store editor value */ +@@ -3151,6 +3151,11 @@ + + ImageInfo->sections_found |= FOUND_IFD0; + ++ if ((dir_start + 2) >= (offset_base+IFDlength)) { ++ exif_error_docref("exif_read_data#error_ifd" EXIFERR_CC, ImageInfo, E_WARNING, "Illegal IFD size"); ++ return FALSE; ++ } ++ + NumDirEntries = php_ifd_get16u(dir_start, ImageInfo->motorola_intel); + + if ((dir_start+2+NumDirEntries*12) > (offset_base+IFDlength)) { +@@ -3174,6 +3179,10 @@ + * Hack to make it process IDF1 I hope + * There are 2 IDFs, the second one holds the keys (0x0201 and 0x0202) to the thumbnail + */ ++ if ((dir_start+2+12*de + 4) >= (offset_base+IFDlength)) { ++ exif_error_docref("exif_read_data#error_ifd" EXIFERR_CC, ImageInfo, E_WARNING, "Illegal IFD size"); ++ return FALSE; ++ } + NextDirOffset = php_ifd_get32u(dir_start+2+12*de, ImageInfo->motorola_intel); + if (NextDirOffset) { + /* the next line seems false but here IFDlength means length of all IFDs */ +@@ -3223,9 +3232,13 @@ + } + + /* Check the next two values for correctness. */ ++ if (length < 8) { ++ exif_error_docref(NULL EXIFERR_CC, ImageInfo, E_WARNING, "Invalid TIFF start (1)"); ++ return; ++ } + exif_value_2a = php_ifd_get16u(CharBuf+2, ImageInfo->motorola_intel); + offset_of_ifd = php_ifd_get32u(CharBuf+4, ImageInfo->motorola_intel); +- if ( exif_value_2a != 0x2a || offset_of_ifd < 0x08) { ++ if (exif_value_2a != 0x2a || offset_of_ifd < 0x08) { + exif_error_docref(NULL EXIFERR_CC, ImageInfo, E_WARNING, "Invalid TIFF start (1)"); + return; + } --- php5-5.3.10.orig/debian/patches/bug69218.patch +++ php5-5.3.10/debian/patches/bug69218.patch @@ -0,0 +1,22 @@ +From 809610f5ea38a83b284e1125d1fff129bdd615e7 Mon Sep 17 00:00:00 2001 +From: Stanislav Malyshev +Date: Sat, 4 Apr 2015 15:03:46 -0700 +Subject: [PATCH] Fix bug #68486 and bug #69218 (segfault in apache2handler + with apache 2.4) + +--- + sapi/apache2handler/sapi_apache2.c | 1 + + 1 file changed, 1 insertion(+) + +Index: php5-5.3.10/sapi/apache2handler/sapi_apache2.c +=================================================================== +--- php5-5.3.10.orig/sapi/apache2handler/sapi_apache2.c 2015-04-17 06:25:08.218560975 -0400 ++++ php5-5.3.10/sapi/apache2handler/sapi_apache2.c 2015-04-17 06:25:08.214560939 -0400 +@@ -708,6 +708,7 @@ + } zend_end_try(); + } + apr_brigade_cleanup(brigade); ++ apr_pool_cleanup_run(r->pool, (void *)&SG(server_context), php_server_context_cleanup); + } else { + ctx->r = parent_req; + } --- php5-5.3.10.orig/debian/patches/CVE-2015-8835.patch +++ php5-5.3.10/debian/patches/CVE-2015-8835.patch @@ -0,0 +1,37 @@ +From c96d08b27226193dd51f2b50e84272235c6aaa69 Mon Sep 17 00:00:00 2001 +From: Stanislav Malyshev +Date: Sun, 26 Jul 2015 16:44:18 -0700 +Subject: [PATCH] Fix bug #70081: check types for SOAP variables + +--- + ext/soap/php_http.c | 23 +++++++++++++---------- + 1 file changed, 13 insertions(+), 10 deletions(-) + +Index: php5-5.3.10/ext/soap/php_http.c +=================================================================== +--- php5-5.3.10.orig/ext/soap/php_http.c 2016-04-18 10:57:21.217225941 -0400 ++++ php5-5.3.10/ext/soap/php_http.c 2016-04-18 10:57:21.213225893 -0400 +@@ -683,18 +683,21 @@ + zend_hash_internal_pointer_reset(Z_ARRVAL_PP(cookies)); + smart_str_append_const(&soap_headers, "Cookie: "); + for (i = 0; i < n; i++) { ++ ulong numindx; ++ int res = zend_hash_get_current_key(Z_ARRVAL_PP(cookies), &key, &numindx, FALSE); + zend_hash_get_current_data(Z_ARRVAL_PP(cookies), (void **)&data); +- zend_hash_get_current_key(Z_ARRVAL_PP(cookies), &key, NULL, FALSE); + +- if (Z_TYPE_PP(data) == IS_ARRAY) { ++ if (res == HASH_KEY_IS_STRING && Z_TYPE_PP(data) == IS_ARRAY) { + zval** value; + + if (zend_hash_index_find(Z_ARRVAL_PP(data), 0, (void**)&value) == SUCCESS && + Z_TYPE_PP(value) == IS_STRING) { + zval **tmp; + if ((zend_hash_index_find(Z_ARRVAL_PP(data), 1, (void**)&tmp) == FAILURE || ++ Z_TYPE_PP(tmp) != IS_STRING || + strncmp(phpurl->path?phpurl->path:"/",Z_STRVAL_PP(tmp),Z_STRLEN_PP(tmp)) == 0) && + (zend_hash_index_find(Z_ARRVAL_PP(data), 2, (void**)&tmp) == FAILURE || ++ Z_TYPE_PP(tmp) != IS_STRING || + in_domain(phpurl->host,Z_STRVAL_PP(tmp))) && + (use_ssl || zend_hash_index_find(Z_ARRVAL_PP(data), 3, (void**)&tmp) == FAILURE)) { + smart_str_appendl(&soap_headers, key, strlen(key)); --- php5-5.3.10.orig/debian/patches/CVE-2015-4116.patch +++ php5-5.3.10/debian/patches/CVE-2015-4116.patch @@ -0,0 +1,54 @@ +From 1cbd25ca15383394ffa9ee8601c5de4c0f2f90e1 Mon Sep 17 00:00:00 2001 +From: Stanislav Malyshev +Date: Mon, 1 Jun 2015 22:06:16 -0700 +Subject: [PATCH] Fix bug #69737 - Segfault when SplMinHeap::compare produces + fatal error + +--- + NEWS | 4 ++++ + ext/spl/spl_heap.c | 3 ++- + ext/spl/tests/bug69737.phpt | 16 ++++++++++++++++ + 3 files changed, 22 insertions(+), 1 deletion(-) + create mode 100644 ext/spl/tests/bug69737.phpt + +diff --git a/ext/spl/spl_heap.c b/ext/spl/spl_heap.c +index 0283307..fad2379 100644 +--- a/ext/spl/spl_heap.c ++++ b/ext/spl/spl_heap.c +@@ -249,9 +249,10 @@ static void spl_ptr_heap_insert(spl_ptr_heap *heap, spl_ptr_heap_element elem, v + heap->ctor(elem TSRMLS_CC); + + /* sifting up */ +- for(i = heap->count++; i > 0 && heap->cmp(heap->elements[(i-1)/2], elem, cmp_userdata TSRMLS_CC) < 0; i = (i-1)/2) { ++ for(i = heap->count; i > 0 && heap->cmp(heap->elements[(i-1)/2], elem, cmp_userdata TSRMLS_CC) < 0; i = (i-1)/2) { + heap->elements[i] = heap->elements[(i-1)/2]; + } ++ heap->count++; + + if (EG(exception)) { + /* exception thrown during comparison */ +diff --git a/ext/spl/tests/bug69737.phpt b/ext/spl/tests/bug69737.phpt +new file mode 100644 +index 0000000..d39ce3d +--- /dev/null ++++ b/ext/spl/tests/bug69737.phpt +@@ -0,0 +1,16 @@ ++--TEST-- ++Bug #69737 (Segfault when SplMinHeap::compare produces fatal error) ++--FILE-- ++insert(1); ++$h->insert(6); ++?> ++===DONE=== ++--EXPECTF-- ++Fatal error: Call to undefined method SplMinHeap::notexist() in %s/bug69737.php on line %d +-- +2.1.4 + --- php5-5.3.10.orig/debian/patches/CVE-2016-5399.patch +++ php5-5.3.10/debian/patches/CVE-2016-5399.patch @@ -0,0 +1,61 @@ +Backport of: + +From f3feddb5b45b5abd93abb1a95044b7e099d51c84 Mon Sep 17 00:00:00 2001 +From: Stanislav Malyshev +Date: Mon, 18 Jul 2016 22:20:45 -0700 +Subject: [PATCH] Partial fix for bug #72613 - do not treat negative returns + from bz2 as size_t + +--- + ext/bz2/bz2.c | 80 +++++++++++++++++++++++--------------------- + ext/bz2/tests/72613.bz2 | Bin 0 -> 351 bytes + ext/bz2/tests/bug72613.phpt | 23 +++++++++++++ + 3 files changed, 65 insertions(+), 38 deletions(-) + create mode 100644 ext/bz2/tests/72613.bz2 + create mode 100644 ext/bz2/tests/bug72613.phpt + +Index: php5-5.3.10/ext/bz2/bz2.c +=================================================================== +--- php5-5.3.10.orig/ext/bz2/bz2.c 2016-07-28 15:17:58.738208314 -0400 ++++ php5-5.3.10/ext/bz2/bz2.c 2016-07-28 15:17:58.738208314 -0400 +@@ -137,29 +137,33 @@ + static size_t php_bz2iop_read(php_stream *stream, char *buf, size_t count TSRMLS_DC) + { + struct php_bz2_stream_data_t *self = (struct php_bz2_stream_data_t *) stream->abstract; +- size_t ret; +- +- ret = BZ2_bzread(self->bz_file, buf, count); ++ int bz2_ret; + +- if (ret == 0) { ++ bz2_ret = BZ2_bzread(self->bz_file, buf, count); ++ ++ if (bz2_ret < 0) { ++ stream->eof = 1; ++ return -1; ++ } ++ if (bz2_ret == 0) { + stream->eof = 1; + } + +- return ret; ++ return (size_t)bz2_ret; + } + + static size_t php_bz2iop_write(php_stream *stream, const char *buf, size_t count TSRMLS_DC) + { + struct php_bz2_stream_data_t *self = (struct php_bz2_stream_data_t *) stream->abstract; + +- return BZ2_bzwrite(self->bz_file, (char*)buf, count); ++ return BZ2_bzwrite(self->bz_file, (char*)buf, count); + } + + static int php_bz2iop_close(php_stream *stream, int close_handle TSRMLS_DC) + { + struct php_bz2_stream_data_t *self = (struct php_bz2_stream_data_t *)stream->abstract; + int ret = EOF; +- ++ + if (close_handle) { + BZ2_bzclose(self->bz_file); + } --- php5-5.3.10.orig/debian/patches/force_libmysqlclient_r.patch +++ php5-5.3.10/debian/patches/force_libmysqlclient_r.patch @@ -0,0 +1,41 @@ +Description: Force linking to mysqlclient_r to avoid symbol conflicts. + apr-util's mysql driver is linked against that version of the library + but due to missing proper symbols versioning we are forced to link to + the re-entrant library too. +Origin: other, http://bugs.debian.org/469081 +Forwarded: not-needed +Last-Update: 2010-01-18 + +--- a/ext/mysql/config.m4 ++++ b/ext/mysql/config.m4 +@@ -78,7 +78,7 @@ elif test "$PHP_MYSQL" != "no"; then + Note that the MySQL client library is not bundled anymore!]) + fi + +- if test "$enable_maintainer_zts" = "yes"; then ++ if true || test "$enable_maintainer_zts" = "yes"; then + MYSQL_LIBNAME=mysqlclient_r + else + MYSQL_LIBNAME=mysqlclient +--- a/ext/mysqli/config.m4 ++++ b/ext/mysqli/config.m4 +@@ -29,7 +29,7 @@ elif test "$PHP_MYSQLI" != "no"; then + MYSQL_LIB_CFG='--libmysqld-libs' + dnl mysqlnd doesn't support embedded, so we have to add some extra stuff + mysqli_extra_sources="mysqli_embedded.c" +- elif test "$enable_maintainer_zts" = "yes"; then ++ elif true || test "$enable_maintainer_zts" = "yes"; then + MYSQL_LIB_CFG='--libs_r' + MYSQL_LIB_NAME='mysqlclient_r' + else +--- a/ext/pdo_mysql/config.m4 ++++ b/ext/pdo_mysql/config.m4 +@@ -64,7 +64,7 @@ if test "$PHP_PDO_MYSQL" != "no"; then + if test "x$SED" = "x"; then + AC_PATH_PROG(SED, sed) + fi +- if test "$enable_maintainer_zts" = "yes"; then ++ if true || test "$enable_maintainer_zts" = "yes"; then + PDO_MYSQL_LIBNAME=mysqlclient_r + PDO_MYSQL_LIBS=`$PDO_MYSQL_CONFIG --libs_r | $SED -e "s/'//g"` + else --- php5-5.3.10.orig/debian/patches/CVE-2016-6290.patch +++ php5-5.3.10/debian/patches/CVE-2016-6290.patch @@ -0,0 +1,72 @@ +From 3798eb6fd5dddb211b01d41495072fd9858d4e32 Mon Sep 17 00:00:00 2001 +From: Stanislav Malyshev +Date: Tue, 12 Jul 2016 23:27:45 -0700 +Subject: [PATCH] Fix bug #72562 - destroy var_hash properly + +--- + ext/session/session.c | 3 ++- + ext/session/tests/bug72562.phpt | 44 +++++++++++++++++++++++++++++++++++++++++ + 2 files changed, 46 insertions(+), 1 deletion(-) + create mode 100644 ext/session/tests/bug72562.phpt + +Index: php5-5.3.10/ext/session/session.c +=================================================================== +--- php5-5.3.10.orig/ext/session/session.c 2016-07-28 15:27:16.165492880 -0400 ++++ php5-5.3.10/ext/session/session.c 2016-07-28 15:27:16.161492827 -0400 +@@ -874,6 +874,7 @@ + namelen = ((unsigned char)(*p)) & (~PS_BIN_UNDEF); + + if (namelen < 0 || namelen > PS_BIN_MAX || (p + namelen) >= endptr) { ++ PHP_VAR_UNSERIALIZE_DESTROY(var_hash); + return FAILURE; + } + +Index: php5-5.3.10/ext/session/tests/bug72562.phpt +=================================================================== +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ php5-5.3.10/ext/session/tests/bug72562.phpt 2016-07-28 15:27:16.161492827 -0400 +@@ -0,0 +1,44 @@ ++--TEST-- ++Bug #72562: Use After Free in unserialize() with Unexpected Session Deserialization ++--SKIPIF-- ++ ++--FILE-- ++>= 8; ++ } ++ return $out; ++} ++?> ++--EXPECTF-- ++Warning: session_decode(): Failed to decode session object. Session has been destroyed in %s/bug72562.php on line %d ++ ++Notice: unserialize(): Error at offset 0 of 1 bytes in %s/bug72562.php on line %d ++ ++Notice: unserialize(): Error at offset 4 of 4 bytes in %s/bug72562.php on line %d ++bool(false) --- php5-5.3.10.orig/debian/patches/CVE-2012-2386.patch +++ php5-5.3.10/debian/patches/CVE-2012-2386.patch @@ -0,0 +1,35 @@ +Description: fix phar extension heap overflow +Origin: upstream, http://git.php.net/?p=php-src.git;a=commit;h=a10e778bfb7ce9caa1f91666ddf2705db7982d68 +Origin: upstream, http://git.php.net/?p=php-src.git;a=commit;h=158d8a6b088662ce9d31e0c777c6ebe90efdc854 +Bug: https://bugs.php.net/bug.php?id=61065 + +Index: php5-5.3.10/ext/phar/tar.c +=================================================================== +--- php5-5.3.10.orig/ext/phar/tar.c 2012-01-01 08:15:04.000000000 -0500 ++++ php5-5.3.10/ext/phar/tar.c 2012-06-12 13:40:08.549074041 -0400 +@@ -161,7 +161,7 @@ + size_t save = php_stream_tell(fp), read; + phar_entry_info *mentry; + +- metadata = (char *) emalloc(entry->uncompressed_filesize + 1); ++ metadata = (char *) safe_emalloc(1, entry->uncompressed_filesize, 1); + + read = php_stream_read(fp, metadata, entry->uncompressed_filesize); + if (read != entry->uncompressed_filesize) { +@@ -337,6 +337,16 @@ + last_was_longlink = 1; + /* support the ././@LongLink system for storing long filenames */ + entry.filename_len = entry.uncompressed_filesize; ++ ++ /* Check for overflow - bug 61065 */ ++ if (entry.filename_len == UINT_MAX) { ++ if (error) { ++ spprintf(error, 4096, "phar error: \"%s\" is a corrupted tar file (invalid entry size)", fname); ++ } ++ php_stream_close(fp); ++ phar_destroy_phar_data(myphar TSRMLS_CC); ++ return FAILURE; ++ } + entry.filename = pemalloc(entry.filename_len+1, myphar->is_persistent); + + read = php_stream_read(fp, entry.filename, entry.filename_len); --- php5-5.3.10.orig/debian/patches/CVE-2016-4540.patch +++ php5-5.3.10/debian/patches/CVE-2016-4540.patch @@ -0,0 +1,80 @@ +Backport of: + +From fd9689745c44341b1bd6af4756f324be8abba2fb Mon Sep 17 00:00:00 2001 +From: Stanislav Malyshev +Date: Sun, 24 Apr 2016 12:49:01 -0700 +Subject: [PATCH] Fix bug #72061 - Out-of-bounds reads in zif_grapheme_stripos + with negative offset + +--- + ext/intl/grapheme/grapheme_string.c | 12 +++++++----- + ext/intl/tests/bug72061.phpt | 15 +++++++++++++++ + 2 files changed, 22 insertions(+), 5 deletions(-) + create mode 100644 ext/intl/tests/bug72061.phpt + +Index: php5-5.3.10/ext/intl/grapheme/grapheme_string.c +=================================================================== +--- php5-5.3.10.orig/ext/intl/grapheme/grapheme_string.c 2016-05-19 12:49:07.103205195 -0400 ++++ php5-5.3.10/ext/intl/grapheme/grapheme_string.c 2016-05-19 12:49:36.859603713 -0400 +@@ -112,7 +112,7 @@ + int haystack_len, needle_len; + unsigned char *found; + long loffset = 0; +- int32_t offset = 0; ++ int32_t offset = 0, noffset = 0; + int ret_pos, uchar_pos; + + if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "ss|l", (char **)&haystack, &haystack_len, (char **)&needle, &needle_len, &loffset) == FAILURE) { +@@ -132,6 +132,7 @@ + + /* we checked that it will fit: */ + offset = (int32_t) loffset; ++ noffset = offset >= 0 ? offset : haystack_len + offset; + + /* the offset is 'grapheme count offset' so it still might be invalid - we'll check it later */ + +@@ -146,7 +147,7 @@ + /* quick check to see if the string might be there + * I realize that 'offset' is 'grapheme count offset' but will work in spite of that + */ +- found = (unsigned char *)php_memnstr((char *)haystack + offset, (char *)needle, needle_len, (char *)haystack + haystack_len); ++ found = (unsigned char *)php_memnstr((char *)haystack + noffset, (char *)needle, needle_len, (char *)haystack + haystack_len); + + /* if it isn't there the we are done */ + if (!found) { +@@ -214,12 +215,13 @@ + is_ascii = ( grapheme_ascii_check(haystack, haystack_len) >= 0 ); + + if ( is_ascii ) { ++ int32_t noffset = offset >= 0 ? offset : haystack_len + offset; + needle_dup = (unsigned char *)estrndup((char *)needle, needle_len); + php_strtolower((char *)needle_dup, needle_len); + haystack_dup = (unsigned char *)estrndup((char *)haystack, haystack_len); + php_strtolower((char *)haystack_dup, haystack_len); + +- found = (unsigned char*) php_memnstr((char *)haystack_dup + offset, (char *)needle_dup, needle_len, (char *)haystack_dup + haystack_len); ++ found = (unsigned char*) php_memnstr((char *)haystack_dup + noffset, (char *)needle_dup, needle_len, (char *)haystack_dup + haystack_len); + + efree(haystack_dup); + efree(needle_dup); +Index: php5-5.3.10/ext/intl/tests/bug72061.phpt +=================================================================== +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ php5-5.3.10/ext/intl/tests/bug72061.phpt 2016-05-19 12:49:07.099205142 -0400 +@@ -0,0 +1,15 @@ ++--TEST-- ++Bug #72061: Out-of-bounds reads in zif_grapheme_stripos with negative offset ++--SKIPIF-- ++ ++--FILE-- ++ ++DONE ++--EXPECT-- ++int(65336) ++int(65336) ++DONE +\ No newline at end of file --- php5-5.3.10.orig/debian/patches/gentoo/009_ob-memory-leaks.patch +++ php5-5.3.10/debian/patches/gentoo/009_ob-memory-leaks.patch @@ -0,0 +1,35 @@ +009_ob-memory-leaks.patch +PHP_5_2 +http://cvs.php.net/viewvc.cgi/php-src/main/output.c?r1=1.167.2.3.2.8&r2=1.167.2.3.2.9&diff_format=u +Fixed memory leak in ob_get_clean/ob_get_flush. + +--- a/main/output.c ++++ b/main/output.c +@@ -809,11 +809,13 @@ PHP_FUNCTION(ob_clean) + + if (!OG(ob_nesting_level)) { + php_error_docref("ref.outcontrol" TSRMLS_CC, E_NOTICE, "failed to delete buffer. No buffer to delete"); ++ zval_dtor(return_value); + RETURN_FALSE; + } + + if (!OG(active_ob_buffer).status && !OG(active_ob_buffer).erase) { + php_error_docref("ref.outcontrol" TSRMLS_CC, E_NOTICE, "failed to delete buffer %s", OG(active_ob_buffer).handler_name); ++ zval_dtor(return_value); + RETURN_FALSE; + } + +@@ -832,11 +834,13 @@ PHP_FUNCTION(ob_end_flush) + + if (!OG(ob_nesting_level)) { + php_error_docref("ref.outcontrol" TSRMLS_CC, E_NOTICE, "failed to delete and flush buffer. No buffer to delete or flush"); ++ zval_dtor(return_value); + RETURN_FALSE; + } + + if (OG(ob_nesting_level) && !OG(active_ob_buffer).status && !OG(active_ob_buffer).erase) { + php_error_docref("ref.outcontrol" TSRMLS_CC, E_NOTICE, "failed to delete buffer %s", OG(active_ob_buffer).handler_name); ++ zval_dtor(return_value); + RETURN_FALSE; + } +