--- php5-5.3.2.orig/main/php_version.h +++ php5-5.3.2/main/php_version.h @@ -4,5 +4,5 @@ #define PHP_MINOR_VERSION 3 #define PHP_RELEASE_VERSION 2 #define PHP_EXTRA_VERSION "" -#define PHP_VERSION "5.3.2" +#define PHP_VERSION "5.3.2-1ubuntu1" #define PHP_VERSION_ID 50302 --- php5-5.3.2.orig/debian/php5-sybase.postrm +++ php5-5.3.2/debian/php5-sybase.postrm @@ -0,0 +1,10 @@ +#!/bin/sh +set -e + +NEW_CONFFILE=/etc/php5/conf.d/mssql.ini +if [ "$1" = "upgrade" ] && dpkg --compare-versions "$2" lt 5.2.3-2 +then + rm $NEW_CONFFILE +fi + +#DEBHELPER# --- php5-5.3.2.orig/debian/php5-dev.files +++ php5-5.3.2/debian/php5-dev.files @@ -0,0 +1,6 @@ +usr/bin/php-config +usr/bin/phpize +usr/share/man/man1/php-config.1 +usr/share/man/man1/phpize.1 +usr/include +usr/lib/php5/build --- php5-5.3.2.orig/debian/source_php5.py +++ php5-5.3.2/debian/source_php5.py @@ -0,0 +1,57 @@ +#!/usr/bin/python + +'''PHP5 Apport interface + +Copyright (C) 2010 Canonical Ltd. +Author: Chuck Short + +This program is free software; you can redistribute it and/or modify it +under the terms of the GNU General Public License as published by the +Free Software Foundation; either version 2 of the License, or (at your +option) any later version. See http://www.gnu.org/copyleft/gpl.html for +the full text of the license. +''' + +import os +import subprocess +from apport.hookutils import * + +def _add_my_conf_files(report, filename): + if not os.path.exists(filename): + return + + key = 'PHPConf' + path_to_key(filename) + report[key] = "" + for line in read_file(filename).split('\n'): + try: + if 'mysql.default_password ' in line.split('=')[0]: + line = "%s = @@APPORTREPLACED@@" % (line.split('=')[0]) + if 'mysqli.default_pw ' in line.split('=')[0]: + line = "%s = @@APPORTREPLACED@@" % (line.split('=')[0]) + if 'ifx.default_password ' in line.split('=')[0]: + line = "%s = @@APPORTREPLACED@@" % (line.split('=')[0]) + report[key] += line + '\n' + except IndexError: + continue + +def add_info(report): + _add_my_conf_files(report, '/etc/php5/apache2/php.ini') + _add_my_conf_files(report, '/etc/php5/cli/php5.ini') + + # packages in main + packages=['php5', 'php-common', 'libapache2-mod-php5', 'libapache2-mod-php5filter' + 'php5-cgi', 'php5-cli', 'php5-dev', 'php5-dbg', 'php-pear', 'php5-curl', 'php5-gd' + 'php5-gmp', 'php5-ldap', 'php5-mhash', 'php5-mysql', 'php5-odbc', 'php5-pgsql', + 'php5-pspell', 'php5-recode', 'php5-snmp', 'php5-sqlite', 'php5-sybase', 'php5-tidy', + 'php5-xmlrpc', 'php5-xsl'] + + versions = '' + for package in packages: + try: + version = packaging.get_version(package) + except ValueError: + version = 'N/A' + if version is None: + version = 'N/A' + versions += '%s %s\n' %(package, version) + report['PHPInstalledModules'] = versions --- php5-5.3.2.orig/debian/libapache2-mod-php5.postinst +++ php5-5.3.2/debian/libapache2-mod-php5.postinst @@ -0,0 +1,48 @@ +#!/bin/sh + +set -e + +#DEBHELPER# + +reload_apache() +{ + if apache2ctl configtest 2>/dev/null; then + invoke-rc.d apache2 force-reload || true + else + echo "Your apache2 configuration is broken, so we're not restarting it for you." + fi +} + +# we've registered a trigger to handle extension updates. +if [ "$1" = "triggered" ] && [ "$2" = "/etc/php5/conf.d" ]; then + reload_apache + exit 0 +elif [ "$1" != "configure" ]; then + exit 0 +fi + +phpini="/etc/php5/apache2/php.ini" + +ucf /usr/share/php5/php.ini-production $phpini + +if [ -n "$2" ]; then + # recover the previous state + if [ -e /etc/php5/apache2/.start ]; then + a2enmod php5 >/dev/null || true + rm -f /etc/php5/apache2/.start + fi +# we're upgrading. test if we're enabled, and if so, restart to reload the module. + if [ -e /etc/apache2/mods-enabled/php5.load ]; then + reload_apache + fi + exit 0 +fi + +if [ -e /etc/apache2/apache2.conf ]; then +# Enable the module, but hide a2enmod's misleading message about apachectl +# and force-reload the thing ourselves. + a2enmod php5 >/dev/null || true + reload_apache +fi + +exit 0 --- php5-5.3.2.orig/debian/php5-module.ini +++ php5-5.3.2/debian/php5-module.ini @@ -0,0 +1,2 @@ +; configuration for php @extname@ module +extension=@dsoname@.so --- php5-5.3.2.orig/debian/gbp.conf +++ php5-5.3.2/debian/gbp.conf @@ -0,0 +1,8 @@ +[DEFAULT] +debian-branch = debian-sid +debian-tag = debian/%(version)s +upstream-branch = upstream-sid +upstream-tag = upstream/%(version)s + +[git-dch] +meta = 1 --- php5-5.3.2.orig/debian/php5-sapi.lintian-overrides +++ php5-5.3.2/debian/php5-sapi.lintian-overrides @@ -0,0 +1,6 @@ +# The extensions directory must exist, even if empty +@sapi@: package-contains-empty-directory @extdir@/ +# Not a spelling mistake, just a compilation curiosity +@sapi@: spelling-error-in-binary * ment meant +# Not a spelling mistake, tz code for Tahiti +@sapi@: spelling-error-in-binary * taht that --- php5-5.3.2.orig/debian/php5-dev.dirs +++ php5-5.3.2/debian/php5-dev.dirs @@ -0,0 +1,2 @@ +/usr/bin +/usr/share/lintian/overrides --- php5-5.3.2.orig/debian/php5-sapi.links +++ php5-5.3.2/debian/php5-sapi.links @@ -0,0 +1 @@ +etc/php5/conf.d etc/php5/@sapi@/conf.d --- php5-5.3.2.orig/debian/extramodulelist +++ php5-5.3.2/debian/extramodulelist @@ -0,0 +1,9 @@ +mysql MySQL mysqli +mysql MySQL pdo_mysql +interbase InterBase/Firebird pdo_firebird +common PDO pdo +odbc ODBC pdo_odbc +pgsql PostgreSQL pdo_pgsql +sqlite SQLite pdo_sqlite +sqlite SQLite3 sqlite3 +sybase Sybase pdo_dblib --- php5-5.3.2.orig/debian/libapache2-mod-php5.dirs +++ php5-5.3.2/debian/libapache2-mod-php5.dirs @@ -0,0 +1,3 @@ +/etc/apache2/mods-available +/etc/php5/apache2 +/usr/lib/apache2/modules --- php5-5.3.2.orig/debian/libapache2-mod-php5filter.prerm +++ php5-5.3.2/debian/libapache2-mod-php5filter.prerm @@ -0,0 +1,20 @@ +#!/bin/sh + +set -e + +#DEBHELPER# + +if [ "$1" != "remove" -a "$1" != "purge" ]; then + exit 0 +fi + +if [ -e /etc/apache2/apache2.conf ]; then + if [ -e /etc/apache2/mods-enabled/php5.load ] && [ "$1" != "purge" ]; then + # set a flag to remember the original state + # useful when reinstalling the same version. + touch /etc/php5/apache2filter/.start + fi + a2dismod php5filter || true +fi + +exit 0 --- php5-5.3.2.orig/debian/php5-common.docs +++ php5-5.3.2/debian/php5-common.docs @@ -0,0 +1,10 @@ +CREDITS +EXTENSIONS +TODO +CODING_STANDARDS +README.SVN-RULES +README.EXT_SKEL +README.SELF-CONTAINED-EXTENSIONS +README.Zeus +README.PHP4-TO-PHP5-THIN-CHANGES +debian/README.Debian.security --- php5-5.3.2.orig/debian/php5-common.dirs +++ php5-5.3.2/debian/php5-common.dirs @@ -0,0 +1,7 @@ +/usr/lib/php5/libexec +/usr/share/lintian/overrides +/usr/share/doc/php5-common/examples +/usr/share/php5 +/var/lib/php5 +/usr/lib/php5 +/etc/php5/conf.d --- php5-5.3.2.orig/debian/php-pear.dirs +++ php5-5.3.2/debian/php-pear.dirs @@ -0,0 +1 @@ +/usr/share/doc/php-pear/PEAR --- php5-5.3.2.orig/debian/rules +++ php5-5.3.2/debian/rules @@ -0,0 +1,640 @@ +#!/usr/bin/make -f +# Sample debian/rules that uses debhelper. +# GNU copyright 1997 by Joey Hess. +# +# This version is for a hypothetical package that builds an +# architecture-dependant package, as well as an architecture-independent +# package. + +# Uncomment this to turn on verbose mode. +#export DH_VERBOSE=1 + +# This has to be exported to make some magic below work. +export DH_OPTIONS + +# Set this flag to 'yes' if you want to disable all modifications breaking abi +# compatibility to upstream +PHP5_COMPAT=no + +DEB_HOST_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_HOST_GNU_TYPE) +DEB_BUILD_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_BUILD_GNU_TYPE) +DEB_HOST_ARCH ?= $(shell dpkg-architecture -qDEB_HOST_ARCH) + +PHP5_HOST_GNU_TYPE = $(subst gnulp,gnu,$(DEB_HOST_GNU_TYPE)) +PHP5_BUILD_GNU_TYPE = $(subst gnulp,gnu,$(DEB_BUILD_GNU_TYPE)) + +PHP5_HOST_GNU_TYPE := $(shell echo $(PHP5_HOST_GNU_TYPE) | sed 's/-gnu$$//') +PHP5_BUILD_GNU_TYPE := $(shell echo $(PHP5_BUILD_GNU_TYPE) | sed 's/-gnu$$//') + +PHP5_SOURCE_VERSION = $(shell dpkg-parsechangelog | grep ^Version | sed "s/Version: //") +PHP5_UPSTREAM_VERSION = $(shell echo $(PHP5_SOURCE_VERSION) | sed -e "s/-.*//" -e "s/.*://") +PHP5_DEBIAN_REVISION = $(shell echo $(PHP5_SOURCE_VERSION) | sed "s/.*-//") + +# specify some options to our patch system +QUILT_DIFF_OPTS=-p +QUILT_NO_DIFF_TIMESTAMPS=1 +export QUILT_DIFF_OPTS QUILT_NO_DIFF_TIMESTAMPS + +PROG_SENDMAIL = /usr/sbin/sendmail +ifeq (,$(findstring noopt,$(DEB_BUILD_OPTIONS))) + CFLAGS += -O2 +else + CFLAGS += -O0 +endif +CFLAGS += -Wall -fsigned-char -fno-strict-aliasing +# LFS support +ifneq (yes,$(PHP5_COMPAT)) + CFLAGS += $(shell getconf LFS_CFLAGS) +endif + +# Enable IEEE-conformant floating point math on alphas (not the default) +ifeq (alpha-linux-gnu,$(DEB_HOST_GNU_TYPE)) + CFLAGS += -mieee +endif + +ifeq ($(DEB_HOST_GNU_TYPE), $(findstring $(DEB_HOST_GNU_TYPE), ia64-linux-gnu powerpc64-linux-gnu avr32-linux-gnu)) + CFLAGS += -g +else + CFLAGS += -gstabs +endif + +# some other helpful (for readability at least) shorthand variables +PHPIZE_BUILDDIR = debian/php5-dev/usr/lib/php5/build + +# support new (>= 2.2) and older versions of libtool for backporting ease +LIBTOOL_DIRS = /usr/share/libtool/config /usr/share/libtool +LTMAIN = $(firstword $(wildcard $(foreach d,$(LIBTOOL_DIRS),$d/ltmain.sh))) +LTMAIN_DIR = $(dir $(LTMAIN)) + +ifeq ($(LTMAIN_DIR), /usr/share/libtool/) +LIBTOOL_CONFLICTS:=libtool (>= 2.2) +else ifeq ($(LTMAIN_DIR), /usr/share/libtool/config/) +LIBTOOL_CONFLICTS:=libtool (<< 2.2) +else +LIBTOOL_CONFLICTS:=$(error "could not resolve path to ltmain.sh") +endif + +ifneq (,$(filter parallel=%,$(DEB_BUILD_OPTIONS))) + NUMJOBS = $(patsubst parallel=%,%,$(filter parallel=%,$(DEB_BUILD_OPTIONS))) + MAKEFLAGS += -j$(NUMJOBS) +endif + +# enable the hardening wrapper +DEB_BUILD_HARDENING = 1 +# but disable PIE +DEB_BUILD_HARDENING_PIE = 0 +export DEB_BUILD_HARDENING DEB_BUILD_HARDENING_PIE + +COMMON_CONFIG=--build=$(DEB_BUILD_GNU_TYPE) \ + --host=$(DEB_HOST_GNU_TYPE) \ + --sysconfdir=/etc \ + --mandir=/usr/share/man \ + --disable-debug \ + --with-regex=php \ + --disable-rpath \ + --disable-static \ + --with-pic \ + --with-layout=GNU \ + --with-pear=/usr/share/php \ + --enable-calendar \ + --enable-sysvsem \ + --enable-sysvshm \ + --enable-sysvmsg \ + --enable-bcmath \ + --with-bz2 \ + --enable-ctype \ + --with-db4 \ + --without-gdbm \ + --with-iconv \ + --enable-exif \ + --enable-ftp \ + --with-gettext \ + --enable-mbstring \ + --with-pcre-regex=/usr \ + --enable-shmop \ + --enable-sockets \ + --enable-wddx \ + --with-libxml-dir=/usr \ + --with-zlib \ + --with-kerberos=/usr \ + --with-openssl=/usr \ + --enable-soap \ + --enable-zip \ + --with-mhash=yes \ + --with-exec-dir=/usr/lib/php5/libexec \ + --with-system-tzdata + +BUILTIN_EXTENSION_CHECK=$$e=get_loaded_extensions(); natcasesort($$e); \ + $$s="The following extensions are built in:"; \ + foreach($$e as $$i) { $$s .= " $$i"; } \ + echo("php:Extensions=" . wordwrap($$s . ".\n", 75, "\$${Newline} ")); + +# include the patch/unpatch rules from quilt +include /usr/share/quilt/quilt.make + +prepared: prepared-stamp +prepared-stamp: $(QUILT_STAMPFN) + dh_testdir + sed -i -e 's/EXTRA_VERSION=""/EXTRA_VERSION="-$(PHP5_DEBIAN_REVISION)"/' configure.in + ./buildconf --force + touch prepared-stamp + +unprepared: + dh_testdir + sed -i -e 's/EXTRA_VERSION="-$(PHP5_DEBIAN_REVISION)"/EXTRA_VERSION=""/' configure.in + rm -f prepared-stamp + +test-results.txt: build-apache2-stamp build-cli-stamp build-cgi-stamp +ifeq (,$(findstring nocheck,$(DEB_BUILD_OPTIONS))) + mkdir -p temp_session_store + extensions=""; \ + for f in $(CURDIR)/apache2-build/modules/*.so; do \ + ext=`basename "$$f"`; \ + test -d "$(CURDIR)/ext/$${ext%.so}/tests" || continue; \ + test ! -f "$(CURDIR)/ext/$${ext%.so}/tests/config.inc" || continue; \ + test ! -f "$(CURDIR)/ext/$${ext%.so}/tests/README" || continue; \ + test "$${ext#pdo}" = "$$ext" || test "$${ext#pdo}" = ".so" || continue; \ + test "$$ext" != "mysql.so" || continue; \ + test "$$ext" != "mysqli.so" || continue; \ + test "$$ext" != "snmp.so" || continue; \ + test "$$ext" != "interbase.so" || continue; \ + extensions="$$extensions -d extension=$$ext"; \ + done; \ + [ "$$extensions" ] || { echo "extensions list is empty"; exit 1; }; \ + env NO_INTERACTION=1 TEST_PHP_CGI_EXECUTABLE=$(CURDIR)/cgi-build/sapi/cgi/cgi-bin.php5 TEST_PHP_EXECUTABLE=$(CURDIR)/cli-build/sapi/cli/php $(CURDIR)/cli-build/sapi/cli/php run-tests.php -d extension_dir=$(CURDIR)/apache2-build/modules/ $$extensions| tee test-results.txt + rm -rf temp_session_store + @for test in `find . -name '*.log' -a '!' -name 'config.log'`; do \ + echo; \ + echo -n "$${test#./}:"; \ + cat $$test; \ + echo; \ + done | tee -a test-results.txt +else + echo 'nocheck found in DEB_BUILD_OPTIONS' | tee test-results.txt +endif + +build: build-apache2-stamp build-apache2filter-stamp build-cgi-stamp build-cli-stamp build-pear-stamp test-results.txt + +build-apache2-stamp: configure-apache2-stamp + dh_testdir + cd apache2-build && $(MAKE) + + touch build-apache2-stamp + +build-apache2filter-stamp: configure-apache2filter-stamp + dh_testdir + cd apache2filter-build && $(MAKE) + + touch build-apache2filter-stamp + +build-cli-stamp: configure-cli-stamp + dh_testdir + cd cli-build && $(MAKE) + + touch build-cli-stamp + + +build-cgi-stamp: configure-cgi-stamp + dh_testdir + cd cgi-build && $(MAKE) && mv sapi/cgi/php-cgi sapi/cgi/cgi-bin.php5 + + # Dirty hack to not rebuild everything twice + cd cgi-build/main && \ + sed -i -e 's/FORCE_CGI_REDIRECT 1/FORCE_CGI_REDIRECT 0/' \ + -e 's/DISCARD_PATH 0/DISCARD_PATH 1/' php_config.h && \ + sed -i -e 's/--enable-force-cgi-redirect/--enable-discard-path/' build-defs.h && \ + touch ../../ext/standard/info.c && \ + touch ../../sapi/cgi/cgi_main.c + + cd cgi-build && $(MAKE) && mv sapi/cgi/php-cgi sapi/cgi/usr.bin.php5-cgi + + touch build-cgi-stamp + +build-pear-stamp: build-cgi-stamp + dh_testdir + -mkdir pear-build + -mkdir pear-build-download + cd cgi-build && PHP_PEAR_DOWNLOAD_DIR=$(CURDIR)/pear-build-download $(MAKE) install-pear PHP_PEAR_PHP_BIN=/usr/bin/php PHP_PEAR_INSTALL_DIR=/usr/share/php PHP_PEAR_SYSCONF_DIR=/etc/pear PHP_PEAR_SIG_BIN=/usr/bin/gpg INSTALL_ROOT=$(CURDIR)/pear-build + sed -i -e 's/-d output_buffering=1 -d open_basedir="" -d safe_mode=0/-d output_buffering=1 -d open_basedir="" -d safe_mode=0 -d memory_limit="-1"/' \ + $(CURDIR)/pear-build/usr/bin/pear && \ + sed -i -e 's/-d output_buffering=1 -d safe_mode=0/-d output_buffering=1 -d open_basedir="" -d safe_mode=0 -d memory_limit="-1"/' \ + $(CURDIR)/pear-build/usr/bin/pecl && \ + sed -i -e 's/-d memory_limit="-1"//' \ + -e 's/-d output_buffering=1 -d open_basedir="" -d safe_mode=0/-d output_buffering=1 -d open_basedir="" -d safe_mode=0 -d memory_limit="-1"/' \ + $(CURDIR)/pear-build/usr/bin/peardev + sed -i -re "s#('PEAR_CONFIG_SYSCONFDIR', PHP_SYSCONFDIR)#\1 . '/pear'#" $(CURDIR)/pear-build/usr/share/php/PEAR/Config.php + patch -s -d $(CURDIR)/pear-build/usr/share/php/ -p0 -i $(CURDIR)/debian/patches/php5-pear-CVE-2011-1072.patch + patch -s -d $(CURDIR)/pear-build/usr/share/php/ -p0 -i $(CURDIR)/debian/patches/php5-pear-CVE-2011-1144.patch + patch -s -d $(CURDIR)/pear-build/usr/share/php/ -p0 -i $(CURDIR)/debian/patches/php5-pear-CVE-2011-1144-regression.patch + touch build-pear-stamp + +configure: configure-apache2-stamp configure-apache2filter-stamp configure-cli-stamp configure-cgi-stamp + +configure-apache2-stamp: prepared-stamp + dh_testdir + if [ -d apache2-build ]; then rm -rf apache2-build; fi + -mkdir apache2-build + cd apache2-build && \ + CFLAGS="$(CFLAGS)" PROG_SENDMAIL="$(PROG_SENDMAIL)" ../configure \ + --prefix=/usr --with-apxs2=/usr/bin/apxs2 \ + --with-config-file-path=/etc/php5/apache2 \ + --with-config-file-scan-dir=/etc/php5/apache2/conf.d \ + $(COMMON_CONFIG) \ + --without-mm \ + --with-curl=shared,/usr \ + --with-enchant=shared,/usr \ + --with-zlib-dir=/usr \ + --with-gd=shared,/usr --enable-gd-native-ttf \ + --with-gmp=shared,/usr \ + --with-jpeg-dir=shared,/usr \ + --with-xpm-dir=shared,/usr/X11R6 \ + --with-png-dir=shared,/usr \ + --with-freetype-dir=shared,/usr \ + --enable-intl=shared \ + --with-ttf=shared,/usr \ + --with-t1lib=shared,/usr \ + --with-ldap=shared,/usr \ + --with-ldap-sasl=/usr \ + --with-mysql=shared,/usr \ + --with-mysqli=shared,/usr/bin/mysql_config \ + --with-pspell=shared,/usr \ + --with-unixODBC=shared,/usr \ + --with-recode=shared,/usr \ + --with-xsl=shared,/usr \ + --with-snmp=shared,/usr \ + --with-sqlite=shared,/usr \ + --with-sqlite3=shared,/usr \ + --with-mssql=shared,/usr \ + --with-tidy=shared,/usr \ + --with-xmlrpc=shared \ + --with-pgsql=shared,/usr PGSQL_INCLUDE=`pg_config --includedir` \ + --enable-pdo=shared \ + --without-pdo-dblib \ + --with-pdo-mysql=shared,/usr \ + --with-pdo-odbc=shared,unixODBC,/usr \ + --with-pdo-pgsql=shared,/usr/bin/pg_config \ + --with-pdo-sqlite=shared,/usr \ + --with-pdo-dblib=shared,/usr + cd apache2-build && \ + cp ../Zend/zend_ini_scanner.c ../Zend/zend_language_scanner.c \ + ../Zend/zend_ini_parser.h ../Zend/zend_language_parser.h \ + ../Zend/zend_ini_parser.c ../Zend/zend_language_parser.c \ + Zend/ + touch configure-apache2-stamp + +configure-apache2filter-stamp: prepared-stamp + dh_testdir + if [ -d apache2filter-build ]; then rm -rf apache2filter-build; fi + -mkdir apache2filter-build + cd apache2filter-build && \ + CFLAGS="$(CFLAGS)" PROG_SENDMAIL="$(PROG_SENDMAIL)" ../configure \ + --prefix=/usr --with-apxs2filter=/usr/bin/apxs2 \ + --with-config-file-path=/etc/php5/apache2filter \ + --with-config-file-scan-dir=/etc/php5/apache2filter/conf.d \ + $(COMMON_CONFIG) \ + --without-mm \ + --disable-pdo \ + --without-mysql --without-sybase-ct --without-mssql \ + --without-sqlite --without-sqlite3 + cd apache2filter-build && \ + cp ../Zend/zend_ini_scanner.c ../Zend/zend_language_scanner.c \ + ../Zend/zend_ini_parser.h ../Zend/zend_language_parser.h \ + ../Zend/zend_ini_parser.c ../Zend/zend_language_parser.c \ + Zend/ + touch configure-apache2filter-stamp + +configure-cgi-stamp: prepared-stamp + dh_testdir + if [ -d cgi-build ]; then rm -rf cgi-build; fi + -mkdir cgi-build + cd cgi-build && \ + CFLAGS="$(CFLAGS)" PROG_SENDMAIL="$(PROG_SENDMAIL)" ../configure \ + --prefix=/usr --enable-force-cgi-redirect --enable-fastcgi \ + --with-config-file-path=/etc/php5/cgi \ + --with-config-file-scan-dir=/etc/php5/cgi/conf.d \ + $(COMMON_CONFIG) \ + --without-mm \ + --disable-pdo \ + --without-mysql --without-sybase-ct --without-mssql \ + --without-sqlite --without-sqlite3 + cd cgi-build && \ + cp ../Zend/zend_ini_scanner.c ../Zend/zend_language_scanner.c \ + ../Zend/zend_ini_parser.h ../Zend/zend_language_parser.h \ + ../Zend/zend_ini_parser.c ../Zend/zend_language_parser.c \ + Zend/ + touch configure-cgi-stamp + +configure-cli-stamp: prepared-stamp + dh_testdir + if [ -d cli-build ]; then rm -rf cli-build; fi + -mkdir cli-build + cd cli-build && \ + CFLAGS="$(CFLAGS)" PROG_SENDMAIL="$(PROG_SENDMAIL)" ../configure \ + --prefix=/usr --disable-cgi \ + --with-config-file-path=/etc/php5/cli \ + --with-config-file-scan-dir=/etc/php5/cli/conf.d \ + $(COMMON_CONFIG) \ + --with-libedit \ + --without-mm \ + --disable-pdo \ + --without-mysql --without-sybase-ct --without-sqlite \ + --without-mssql --without-sqlite3 --enable-pcntl + cd cli-build && \ + cp ../Zend/zend_ini_scanner.c ../Zend/zend_language_scanner.c \ + ../Zend/zend_ini_parser.h ../Zend/zend_language_parser.h \ + ../Zend/zend_ini_parser.c ../Zend/zend_language_parser.c \ + Zend/ + touch configure-cli-stamp + +clean: unprepared unpatch + dh_testdir + dh_testroot + + + rm -f configure-apache2-stamp build-apache2-stamp + rm -f configure-apache2filter-stamp build-apache2filter-stamp + rm -f configure-cgi-stamp build-cgi-stamp + rm -f configure-cli-stamp build-cli-stamp + rm -f build-pear-stamp + rm -f install-stamp + rm -rf apache2-build + rm -rf apache2filter-build + rm -rf cgi-build + rm -rf cli-build + rm -rf pear-build pear-build-download + rm -f debian/copyright + rm -f test-results.txt + dh_clean -Xorig + + # clean up autogenerated cruft + cat debian/modulelist | while read package extname dsoname; do \ + rm -f debian/php5-$$package.postinst; \ + done + for sapi in libapache2-mod-php5 libapache2-mod-php5filter php5-cgi php5-cli; do \ + for cruft in postrm links; do \ + rm -f debian/$${sapi}.$${cruft}; \ + done; \ + done + +install: DH_OPTIONS= +install: build + dh_testdir + dh_testroot + dh_clean -k + dh_installdirs + + chmod 01733 debian/php5-common/var/lib/php5 + + # Add here commands to install the package into debian/php5. + # install apache2 DSO module + cp apache2-build/.libs/libphp5.so \ + debian/libapache2-mod-php5/`apxs2 -q LIBEXECDIR`/ + cp debian/libapache2-mod-php5.load \ + debian/libapache2-mod-php5/etc/apache2/mods-available/php5.load + cp debian/libapache2-mod-php5.conf \ + debian/libapache2-mod-php5/etc/apache2/mods-available/php5.conf + + # Add here commands to install the package into debian/php5. + # install apache2 DSO filter module + cp apache2filter-build/.libs/libphp5.so \ + debian/libapache2-mod-php5filter/`apxs2 -q LIBEXECDIR`/libphp5filter.so + cp debian/libapache2-mod-php5filter.load \ + debian/libapache2-mod-php5filter/etc/apache2/mods-available/php5filter.load + cp debian/libapache2-mod-php5filter.conf \ + debian/libapache2-mod-php5filter/etc/apache2/mods-available/php5filter.conf + + # sanitize php.ini file + cat php.ini-production | tr "\t" " " | sed -e'/short_open_tag =/ s/Off/On/g' > debian/php5-common/usr/share/php5/php.ini-production + # memory_limit: 16M for cgi/apache; 32M for cli + cat php.ini-production | tr "\t" " " | sed -e'/memory_limit =/ s/128M/32M/g' > debian/php5-common/usr/share/php5/php.ini-production-dist + cat php.ini-production | tr "\t" " " | sed -e'/memory_limit =/ s/128M/-1/g;/short_open_tag =/ s/Off/On/g' > debian/php5-common/usr/share/php5/php.ini-production.cli + cat php.ini-production | tr "\t" " " > debian/php5-common/usr/share/doc/php5-common/examples/php.ini-production + cat php.ini-development | tr "\t" " " > debian/php5-common/usr/share/doc/php5-common/examples/php.ini-development + cp test-results.txt debian/php5-common/usr/share/doc/php5-common/ + + # install the apache modules' files + cd apache2-build && $(MAKE) install-headers install-build install-modules install-programs INSTALL_ROOT=$(CURDIR)/debian/libapache2-mod-php5 + # remove netware and win32 headers that we don't want + cd debian/libapache2-mod-php5/usr/include/php5/ && \ + $(RM) TSRM/readdir.h \ + TSRM/tsrm_config.nw.h TSRM/tsrm_config.w32.h\ + TSRM/tsrm_nw.h TSRM/tsrm_win32.h\ + Zend/zend_config.nw.h Zend/zend_config.w32.h\ + main/config.nw.h main/config.w32.h\ + main/win95nt.h + + # install PEAR + cp -a pear-build/* debian/php-pear/ + + # everything under usr/share/php/data except 'PEAR' is b0rken + # and actually needs to be fixed + [ ! -f debian/php-pear/usr/share/php/data/Structures_Graph/LICENSE ] || \ + $(RM) debian/php-pear/usr/share/php/data/Structures_Graph/LICENSE + [ ! -f debian/php-pear/usr/share/php/doc/PEAR/INSTALL ] || \ + $(RM) debian/php-pear/usr/share/php/doc/PEAR/INSTALL + [ ! -f debian/php-pear/usr/share/php/doc/Structures_Graph/docs/generate.sh ] || \ + $(RM) debian/php-pear/usr/share/php/doc/Structures_Graph/docs/generate.sh + for f in Structures_Graph/publish.sh Structures_Graph/package.sh \ + Structures_Graph/genpackage.xml.pl; do \ + $(RM) debian/php-pear/usr/share/php/data/$$f; \ + done + # we don't want test suites + $(RM) -r debian/php-pear/usr/share/php/test/ + [ -d debian/php-pear/usr/share/php/doc ] && { \ + mkdir -p debian/php-pear/usr/share/doc/php5-common/PEAR; \ + mv debian/php-pear/usr/share/php/doc/* \ + debian/php-pear/usr/share/doc/php5-common/PEAR/; \ + $(RM) -r debian/php-pear/usr/share/php/doc; \ + ln -s ../doc/php-pear/PEAR debian/php-pear/usr/share/php/doc; \ + echo "Dummy placeholder to prevent the directory's deletion" > \ + debian/php-pear/usr/share/doc/php5-common/PEAR/.placeholder; \ + } + + # install extensions + ext=`./debian/libapache2-mod-php5/usr/bin/php-config --extension-dir`;\ + for i in libapache2-mod-php5 libapache2-mod-php5filter php5-cgi php5-cli; do \ + mkdir -p debian/$$i/$${ext}; \ + done; \ + cat debian/modulelist debian/extramodulelist | while read package extname dsoname; do \ + if [ -z "$$dsoname" ]; then dsoname=$$package; fi; \ + mkdir -p debian/php5-$$package$${ext}; \ + chrpath debian/libapache2-mod-php5/$${ext}/$$dsoname.so; \ + chrpath -d debian/libapache2-mod-php5/$${ext}/$$dsoname.so; \ + install -m 644 -o root -g root \ + debian/libapache2-mod-php5/$${ext}/$$dsoname.so \ + debian/php5-$$package$${ext}/$$dsoname.so; \ + rm debian/libapache2-mod-php5/$${ext}/$$dsoname.so; \ + done + + # install CGI + cp cgi-build/sapi/cgi/cgi-bin.php5 debian/php5-cgi/usr/lib/cgi-bin/php5 + cp cgi-build/sapi/cgi/usr.bin.php5-cgi debian/php5-cgi/usr/bin/php5-cgi + cp cli-build/sapi/cli/php.1 debian/php5-cgi/usr/share/man/man1/php5-cgi.1 + + # install CLI + cp cli-build/sapi/cli/php debian/php5-cli/usr/bin/php5 + cp cli-build/sapi/cli/php.1 debian/php5-cli/usr/share/man/man1/php5.1 + + # move and install -dev files + dh_movefiles --sourcedir=debian/libapache2-mod-php5 + rm -rf debian/libapache2-mod-php5/usr/lib/php5/build/ \ + debian/libapache2-mod-php5/usr/include/ \ + debian/libapache2-mod-php5/usr/bin/ + rm -rf debian/libapache2-mod-php5filter/usr/lib/php5/build/ \ + debian/libapache2-mod-php5filter/usr/include/ \ + debian/libapache2-mod-php5filter/usr/bin/ + for i in Makefile.global acinclude.m4 mkdep.awk phpize.m4 scan_makefile_in.awk; do \ + chmod 644 debian/php5-dev/usr/lib/php5/build/$$i; \ + done + # shipping duplicate files from other packages is hell for security audits + ln -sf /usr/share/misc/config.guess $(PHPIZE_BUILDDIR)/config.guess + ln -sf /usr/share/misc/config.sub $(PHPIZE_BUILDDIR)/config.sub + ln -sf /usr/share/aclocal/libtool.m4 $(PHPIZE_BUILDDIR)/libtool.m4 + ln -sf $(LTMAIN_DIR)ltmain.sh $(PHPIZE_BUILDDIR)/ltmain.sh + ln -sf /usr/bin/shtool $(PHPIZE_BUILDDIR)/shtool + # make php-dev stuff versioned + for i in php-config phpize; do \ + mv debian/php5-dev/usr/bin/$$i debian/php5-dev/usr/bin/"$$i"5; \ + mv debian/php5-dev/usr/share/man/man1/"$$i".1 debian/php5-dev/usr/share/man/man1/"$$i"5.1; \ + done + + # install common files + install -m755 debian/maxlifetime debian/php5-common/usr/lib/php5 + + # install lintian overrides + cp debian/php5.lintian-overrides $(CURDIR)/debian/php5-common/usr/share/lintian/overrides/php5-common + cp debian/php5-dev.lintian-overrides $(CURDIR)/debian/php5-dev/usr/share/lintian/overrides/php5-dev + + # install the apport hook + install -D -m 644 debian/source_php5.py debian/php5-common/usr/share/apport/package-hooks/source_php5.py + + # install some generic lintian overrides + ext=`debian/php5-dev/usr/bin/php-config5 --extension-dir | cut -b2- `; \ + for sapi in php5-cli php5-cgi libapache2-mod-php5 libapache2-mod-php5filter; do \ + mkdir -p $(CURDIR)/debian/"$$sapi"/usr/share/lintian/overrides/; \ + sed "s/@sapi@/$$sapi/g;s,@extdir@,$$ext,g" \ + < $(CURDIR)/debian/php5-sapi.lintian-overrides \ + >> $(CURDIR)/debian/"$$sapi"/usr/share/lintian/overrides/"$$sapi"; \ + done + + # directories cleanup: + -rmdir -p debian/libapache2-mod-php5/usr/share/man/man1 + -find debian/php-pear -type d -exec rmdir --ignore-fail-on-non-empty -p '{}' \; >/dev/null 2>&1 + + touch install-stamp + +# Build architecture-independent files here. +# Pass -i to all debhelper commands in this target to reduce clutter. +binary-indep: DH_OPTIONS=-i +binary-indep: build install + # Need this version of debhelper for DH_OPTIONS to work. + dh_testdir + dh_testroot + cat debian/copyright.header LICENSE Zend/LICENSE > debian/copyright + + dh_installdocs + + for package in php5 php-pear; do \ + rm -rf debian/$$package/usr/share/doc/$$package; \ + ln -s php5-common debian/$$package/usr/share/doc/$$package; \ + done + + dh_link + dh_compress -Xphp.ini + dh_fixperms + dh_installdeb + dh_gencontrol + dh_md5sums + dh_builddeb + +# Build architecture-dependent files here. +binary-arch: build install + # Need this version of debhelper for DH_OPTIONS to work. + dh_testdir + dh_testroot + # Do this first so we don't overwrite any debhelper-generated files + # + # generate the maintscripts for various php + # modules from the templates. + cat debian/modulelist | while read package extname dsoname; do \ + if [ -z "$$dsoname" ]; then dsoname=$$package; fi; \ + sed -e"s/@extname@/$$extname/g; s/@dsoname@/$$dsoname/g; \ + /#EXTRA#/ r debian/php5-$${package}.postinst.extra" \ + < debian/php5-module.postinst \ + | sed -e'/#EXTRA#/ d' \ + > debian/php5-$${package}.postinst; \ + c=`grep -vE '^(#|set|$$)' < debian/php5-$${package}.postinst | wc -l`; \ + [ "$$c" != "0" ] || $(RM) debian/php5-$${package}.postinst; \ + done + + # generate the config snippets for various php + # modules from the templates. + cat debian/modulelist debian/extramodulelist | while read package extname dsoname; do \ + if [ -z "$$dsoname" ]; then dsoname=$$package; fi; \ + mkdir -p debian/php5-$$package/etc/php5/conf.d; \ + sed -e"s/@extname@/$$extname/g; s/@dsoname@/$$dsoname/g" \ + < debian/php5-module.ini \ + > debian/php5-$${package}/etc/php5/conf.d/$${dsoname}.ini; \ + done + + # likewise, for the different sapi implementations + for tmpl in postrm links; do \ + for sapi in apache2 apache2filter cgi cli; do \ + sed -e "s/@sapi@/$$sapi/g" \ + < debian/php5-sapi.$$tmpl \ + > debian/php5-$${sapi}.$$tmpl; \ + done; \ + mv debian/php5-apache2.$$tmpl debian/libapache2-mod-php5.$$tmpl; \ + mv debian/php5-apache2filter.$$tmpl debian/libapache2-mod-php5filter.$$tmpl; \ + done + + cat debian/copyright.header LICENSE Zend/LICENSE > debian/copyright + dh_installdocs -s + + cat debian/modulelist | while read package extname dsoname; do \ + rm -rf debian/php5-$$package/usr/share/doc/php5-$$package; \ + ln -s php5-common debian/php5-$$package/usr/share/doc/php5-$$package; \ + done + + for package in php5-dbg php5-dev php5-cgi php5-cli libapache2-mod-php5 libapache2-mod-php5filter; do \ + rm -rf debian/$$package/usr/share/doc/$$package; \ + ln -s php5-common debian/$$package/usr/share/doc/$$package; \ + done + dh_installcron -pphp5-common --name=php5 + dh_installchangelogs -pphp5-common NEWS + dh_strip -s --dbg-package=php5-dbg + dh_link -s + dh_compress -s -Xphp.ini + dh_fixperms -s -X /var/lib/php5 + dh_installdeb -s + dh_shlibdeps -s + + phpapi=`./debian/php5-dev/usr/bin/php-config5 --phpapi`; \ + for i in libapache2-mod-php5 libapache2-mod-php5filter php5-cgi php5-cli; do \ + echo "php:Provides=phpapi-$${phpapi}" >> debian/$$i.substvars; \ + done; \ + cat debian/modulelist | while read package extname dsoname; do \ + echo "php:Depends=phpapi-$${phpapi}" >> debian/php5-$$package.substvars; \ + done + + for i in cgi cli; do \ + "$$i"-build/sapi/cli/php -n -r '$(BUILTIN_EXTENSION_CHECK)' \ + >> debian/php5-"$$i".substvars; \ + done + for i in apache2; do \ + "$$i"-build/sapi/cli/php -n -r '$(BUILTIN_EXTENSION_CHECK)' \ + >> debian/lib"$$i"-mod-php5.substvars; \ + "$$i"filter-build/sapi/cli/php -n -r '$(BUILTIN_EXTENSION_CHECK)' \ + >> debian/lib"$$i"-mod-php5filter.substvars; \ + done + + echo "apache2:Depends=apache2-mpm-prefork (>> 2.0.52) | apache2-mpm-itk, apache2.2-common" >>debian/libapache2-mod-php5.substvars + echo "apache2:Depends=apache2-mpm-prefork (>> 2.0.52) | apache2-mpm-itk, apache2.2-common" >>debian/libapache2-mod-php5filter.substvars + + echo "libtool:Conflicts=$(LIBTOOL_CONFLICTS)" >>debian/php5-dev.substvars + dh_gencontrol -s + dh_md5sums -s + dh_builddeb -s + +binary: binary-arch binary-indep +.PHONY: build clean binary-indep binary-arch binary install configure --- php5-5.3.2.orig/debian/php5-cli.postinst +++ php5-5.3.2/debian/php5-cli.postinst @@ -0,0 +1,19 @@ +#!/bin/sh + +set -e + +#DEBHELPER# + +if [ "$1" != "configure" ]; then + exit 0 +fi + +phpini="/etc/php5/cli/php.ini" + +ucf /usr/share/php5/php.ini-production.cli $phpini + +update-alternatives \ + --install /usr/bin/php php /usr/bin/php5 50 \ + --slave /usr/share/man/man1/php.1.gz php.1.gz /usr/share/man/man1/php5.1.gz + +exit 0 --- php5-5.3.2.orig/debian/php5-dev.prerm +++ php5-5.3.2/debian/php5-dev.prerm @@ -0,0 +1,15 @@ +#!/bin/sh + +set -e + +#DEBHELPER# + +if [ "$1" != "remove" -a "$1" != "purge" ]; then + exit 0 +fi + +for i in php-config phpize; do + update-alternatives --remove $i /usr/bin/"$i"5 +done + +exit 0 --- php5-5.3.2.orig/debian/README.Debian.security +++ php5-5.3.2/debian/README.Debian.security @@ -0,0 +1,22 @@ +the Debian stable security team does not provide security support +for certain configurations known to be inherently insecure. Most +specifically, the security team will not provide support for flaws in: + +- problems which are not flaws in the design of php but can be problematic + when used by sloppy developers (for example, not checking the contents + of a tar file before extracting it). + +- vulnerabilities involving register_globals being activated, unless + specifically the vulnerability activates this setting when it was + configured as deactivated. + +- vulnerabilities involving any kind of safe_mode or open_basedir + violation, as these are security models flawed by design and no longer + have upstream support either. + +- any "works as expected" vulnerabilities, such as "user can cause php + to crash by writing a malcious php script", unless such vulnerabilities + involve some kind of higher-level DoS or privilege escalation that would + not otherwise be available. + + -- sean finney Tue, 10 Oct 2006 12:42:06 +0200 --- php5-5.3.2.orig/debian/php5-cgi.dirs +++ php5-5.3.2/debian/php5-cgi.dirs @@ -0,0 +1,4 @@ +/etc/php5/cgi +/usr/lib/cgi-bin +/usr/bin +/usr/share/man/man1 --- php5-5.3.2.orig/debian/libapache2-mod-php5filter.load +++ php5-5.3.2/debian/libapache2-mod-php5filter.load @@ -0,0 +1 @@ +LoadModule php5_module /usr/lib/apache2/modules/libphp5filter.so --- php5-5.3.2.orig/debian/libapache2-mod-php5.triggers +++ php5-5.3.2/debian/libapache2-mod-php5.triggers @@ -0,0 +1 @@ +interest /etc/php5/conf.d --- php5-5.3.2.orig/debian/libapache2-mod-php5filter.postinst +++ php5-5.3.2/debian/libapache2-mod-php5filter.postinst @@ -0,0 +1,47 @@ +#!/bin/sh + +set -e + +#DEBHELPER# + +reload_apache() +{ + if apache2ctl configtest 2>/dev/null; then + invoke-rc.d apache2 force-reload || true + else + echo "Your apache2 configuration is broken, so we're not restarting it for you." + fi +} + +# we've registered a trigger to handle extension updates. +if [ "$1" = "triggered" ] && [ "$2" = "/etc/php5/conf.d" ]; then + reload_apache + exit 0 +elif [ "$1" != "configure" ]; then + exit 0 +fi + +phpini="/etc/php5/apache2filter/php.ini" + +ucf /usr/share/php5/php.ini-production $phpini + +if [ -n "$2" ]; then + # recover the previous state + if [ -e /etc/php5/apache2filter/.start ]; then + a2enmod php5filter >/dev/null || true + fi +# we're upgrading. test if we're enabled, and if so, restart to reload the module. + if [ -e /etc/apache2/mods-enabled/php5filter.load ]; then + reload_apache + fi + exit 0 +fi + +if [ -e /etc/apache2/apache2.conf ]; then +# Enable the module, but hide a2enmod's misleading message about apachectl +# and force-reload the thing ourselves. + a2enmod php5filter >/dev/null || true + reload_apache +fi + +exit 0 --- php5-5.3.2.orig/debian/php5-cli.prerm +++ php5-5.3.2/debian/php5-cli.prerm @@ -0,0 +1,11 @@ +#!/bin/sh + +set -e + +#DEBHELPER# + +if [ "$1" = "remove" -o "$1" = "deconfigure" ]; then + update-alternatives --remove php /usr/bin/php5 +fi + +exit 0 --- php5-5.3.2.orig/debian/php5-cli.dirs +++ php5-5.3.2/debian/php5-cli.dirs @@ -0,0 +1,3 @@ +/etc/php5/cli +/usr/bin +/usr/share/man/man1 --- php5-5.3.2.orig/debian/maxlifetime +++ php5-5.3.2/debian/maxlifetime @@ -0,0 +1,13 @@ +#!/bin/sh -e + +max=1440 + +for ini in /etc/php5/*/php.ini; do + cur=$(sed -n -e 's/^[[:space:]]*session.gc_maxlifetime[[:space:]]*=[[:space:]]*\([0-9]\+\).*$/\1/p' $ini 2>/dev/null || true); + [ -z "$cur" ] && cur=0 + [ "$cur" -gt "$max" ] && max=$cur +done + +echo $(($max/60)) + +exit 0 --- php5-5.3.2.orig/debian/README.source +++ php5-5.3.2/debian/README.source @@ -0,0 +1,51 @@ + == Generation of the php5-dbg package Depends == + +The following command can be used to generate a heuristic list of +packages the php5-dbg package probably needs to Depend on: + +dh_testdir && egrep '^Package' debian/control | cut '-d ' -f2 | \ + egrep -v '(^php5|dbg|dev|common|pear)$' | tr "\n" "|" | sed 's/|$//' |\ + sed -r 's/([^|]+)(\||$)/ \1 (= ${binary:Version}) \2/g'; echo + + == Used patch system == + +This package uses quilt to manage all modifications to the upstream +source. Changes are stored in the source package as diffs in +debian/patches and applied during the build. + +See /usr/share/doc/quilt/README.source for a detailed explanation. + + == Making some sense out of the configure options == + +The COMMON_CONFIG variable contains the configure options that are to +be used on all the SAPIs. Built-in extensions and other general options +should be set here. +The shared extensions are built when building the apache2 SAPI and as +such they need to be specified there. +The calls to configure for the other SAPIs usually only need +--without-foo when the extension or feature is otherwise enabled by +default. + + == The *modulelist files == + +When building a new module (or extension) on an individual binary +package, it must be added to the debian/modulelist file. However, if +the extension is to be included in an existing binary package, it +must be added to the debian/extramodulelist file. + +The format of these files is: +" " + +E.g. for, if we want the mysql extension to be shipped in the +php5-mysql package we use: +"mysql MySQL mysql" +But we also want mysqli and the PDO in the same package, so we add the +following lines to extramoduleslist: +"mysql MySQLi mysqli +mysql MySQL_PDO pdo_mysql" + + == More debian/rules foo == + +* The shared extensions are built under the apache2 target (see above). +* The CLI SAPI is built on the build-cli-stamp AND build-cgi-stamp, with + different configure options. --- php5-5.3.2.orig/debian/libapache2-mod-php5filter.triggers +++ php5-5.3.2/debian/libapache2-mod-php5filter.triggers @@ -0,0 +1 @@ +interest /etc/php5/conf.d --- php5-5.3.2.orig/debian/php5.lintian-overrides +++ php5-5.3.2/debian/php5.lintian-overrides @@ -0,0 +1,2 @@ +php5-common: non-standard-dir-perm var/lib/php5/ 1733 != 0755 +php5-common: package-contains-empty-directory usr/lib/php5/libexec/ --- php5-5.3.2.orig/debian/libapache2-mod-php5.load +++ php5-5.3.2/debian/libapache2-mod-php5.load @@ -0,0 +1 @@ +LoadModule php5_module /usr/lib/apache2/modules/libphp5.so --- php5-5.3.2.orig/debian/changelog +++ php5-5.3.2/debian/changelog @@ -0,0 +1,3494 @@ +php5 (5.3.2-1ubuntu4.9) lucid-security; urgency=low + + * debian/patches/php5-pear-CVE-2011-1144-regression.patch: fix + mkdir parenthesis issue and PEAR::raiseErro typo (LP: #774452) + + -- Steve Beattie Mon, 02 May 2011 09:21:53 -0700 + +php5 (5.3.2-1ubuntu4.8) lucid-security; urgency=low + + * SECURITY UPDATE: arbitrary files removal via cronjob + - debian/php5-common.php5.cron.d: take greater care when removing + session files. + - http://git.debian.org/?p=pkg-php%2Fphp.git;a=commitdiff_plain;h=d09fd04ed7bfcf7f008360c6a42025108925df09 + - CVE-2011-0441 + * SECURITY UPDATE: symlink tmp races in pear install + - debian/patches/php5-pear-CVE-2011-1072.patch: improved + tempfile handling. + - debian/rules: apply patch manually after unpacking PEAR phar + archive. + - CVE-2011-1072 + * SECURITY UPDATE: more symlink races in pear install + - debian/patches/php5-pear-CVE-2011-1144.patch: add TOCTOU save + file handler. + - debian/rules: apply patch manually after unpacking PEAR phar + archive. + - CVE-2011-1144 + * SECURITY UPDATE: pathname restriction bypass vulnerability + - debian/patches/php5-CVE-2006-7243.patch: check for passed + filenames containing NULL bytes. + - CVE-2006-7243 + * SECURITY UPDATE: use-after-free vulnerability + - debian/patches/php5-CVE-2010-4697.patch: retain reference to + object until getter/setter are done. + - CVE-2010-4697 + * SECURITY UPDATE: denial of service through application crash with + invalid images + - debian/patches/php5-CVE-2010-4698.patch: verify anti-aliasing + steps are either 4 or 16. + - CVE-2010-4698 + * SECURITY UPDATE: denial of service through application crash + - debian/patches/php5-CVE-2011-0420.patch: improve grapheme_extract() + argument validation. + - CVE-2011-0420 + * SECURITY UPDATE: denial of service through application crash + - debian/patches/php5-CVE-2011-0421.patch: fail operation gracefully + when handling zero sized zipfile with the FL_UNCHANGED argument + - CVE-2011-0421 + * SECURITY UPDATE: denial of service through application crash when + handling images with invalid exif tags + - debian/patches/php5-CVE-2011-0708.patch: stricter exif checking + - CVE-2011-0708 + * SECURITY UPDATE: denial of service and possible data disclosure + through integer overflow + - debian/patches/php5-CVE-2011-1092.patch: better boundary + condition checks in shmop_read() + - CVE-2011-1092 + * SECURITY UPDATE: use-after-free vulnerability + - debian/patches/php5-CVE-2011-1148.patch: improve reference + counting + - CVE-2011-1148 + * SECURITY UPDATE: format string vulnerability + - debian/patches/php5-CVE-2011-1153.patch: correctly quote format + strings + - CVE-2011-1153 + * SECURITY UPDATE: denial of service through buffer overflow crash + (code execution mitigated by compilation with Fortify Source) + - debian/patches/php5-CVE-2011-1464.patch: limit amount of precision + to ensure fitting within MAX_BUF_SIZE + - CVE-2011-1464 + * SECURITY UPDATE: denial of service through application crash via + integer overflow. + - debian/patches/php5-CVE-2011-1466.patch: improve boundary + condition checking in SdnToJulian() + - CVE-2011-1466 + * SECURITY UPDATE: denial of service through application crash + - debian/patches/php5-CVE-2011-1467.patch: check for invalid + attribute symbols in NumberFormatter::setSymbol() + - CVE-2011-1467 + * SECURITY UPDATE: denial of service through memory leak + - debian/patches/php5-CVE-2011-1468.patch: fix memory leak of + openssl contexts + - CVE-2011-1468 + * SECURITY UPDATE: denial of service through application crash + when using HTTP proxy with the FTP wrapper + - debian/patches/php5-CVE-2011-1469.patch: improve pointer handling + - CVE-2011-1469 + * SECURITY UPDATE: denial of service through application crash when + handling ziparchive streams + - debian/patches/php5-CVE-2011-1470.patch: set necessary elements of + the meta data structure + - CVE-2011-1470 + * SECURITY UPDATE: denial of service through application crash when + handling malformed zip files + - debian/patches/php5-CVE-2011-1471.patch: correct integer + signedness error when handling zip_fread() return value. + - CVE-2011-1471 + + -- Steve Beattie Thu, 21 Apr 2011 11:07:40 -0700 + +php5 (5.3.2-1ubuntu4.7) lucid-security; urgency=low + + * debian/patches/php5-CVE-2010-3436-regression.patch: update + main/fopen_wrappers.c to include fix for open_basedir restriction + regression (LP: #701896) + + -- Steve Beattie Wed, 12 Jan 2011 07:28:55 -0800 + +php5 (5.3.2-1ubuntu4.6) lucid-security; urgency=low + + * SECURITY UPDATE: open_basedir bypass + - debian/patches/php5-CVE-2010-3436.patch: more strict checking in + php_check_specific_open_basedir() + - CVE-2010-3436 + * SECURITY UPDATE: NULL pointer dereference crash + - debian/patches/php5-CVE-2010-3709.patch: check for NULL when + getting zip comment + - CVE-2010-3709 + * SECURITY UPDATE: memory consumption denial of service + - debian/patches/php5-CVE-2010-3710.patch: check for email address + longer than RFC 2821 allows + - CVE-2010-3710 + * SECURITY UPDATE: xml decode bypass + - debian/patches/php5-CVE-2010-3870.patch: improve utf8 decoding + - CVE-2010-3870 + * SECURITY UPDATE: integer overflow can cause an application crash + - debian/patches/php5-CVE-2010-4409.patch: fix invalid args in + NumberFormatter::getSymbol() + - CVE-2010-4409 + * SECURITY UPDATE: infinite loop/denial of service when dealing with + certain textual forms of MAX_FLOAT (LP: #697181) + - debian/patches/php5-CVE-2010-4645.patch: treat local doubles + as volatile to avoid x87 registers in zend_strtod() + - CVE-2010-4645 + + -- Steve Beattie Fri, 07 Jan 2011 10:56:23 -0800 + +php5 (5.3.2-1ubuntu4.5) lucid-security; urgency=low + + * SECURITY UPDATE: denial of service and possible memory corruption via + negative size in HTTP chunked encoding stream + - debian/patches/CVE-2010-1866.patch: prevent chunk_size from + overflowing in ext/standard/filters.c. + - CVE-2010-1866 + * SECURITY UPDATE: arbitrary code execution via empty SQL query + - debian/patches/CVE-2010-1868.patch: use ecalloc instead of emalloc in + ext/sqlite/sqlite.c. + - CVE-2010-1868 + * SECURITY UPDATE: denial of service via fnmatch stack consumption + - debian/patches/CVE-2010-1917.patch: limit size of pattern in + ext/standard/file.c. + - CVE-2010-1917 + * SECURITY UPDATE: arbitrary memory disclosure and possible code + execution via phar extension + - debian/patches/CVE-2010-2094.patch: use correct format string in + ext/phar/dirstream.c, ext/phar/stream.c. + - CVE-2010-2094 + - CVE-2010-2950 + * SECURITY UPDATE: sensitive information disclosure or arbitrary code + execution via use-after-free in SplObjectStorage unserializer + - debian/patches/CVE-2010-2225.patch: fix logic in + ext/spl/spl_observer.c, ext/standard/{php_var.h,var_unserializer.*}, + add tests to ext/spl/tests. + - CVE-2010-2225 + * SECURITY UPDATE: sensitive information disclosure via error messages + - debian/patches/CVE-2010-2531.patch: don't display data when flushing + output buffer in ext/standard/{var.c,php_var.h}, fix tests in + ext/standard/tests/general_functions. + - CVE-2010-2531 + * SECURITY UPDATE: arbitrary session variable modification via crafted + session variable name + - debian/patches/CVE-2010-3065.patch: handle PS_UNDEF_MARKER marker in + ext/session/session.c. + - CVE-2010-3065 + * debian/patches/lp564920-fix-big-files.patch: Fix downloading of large + files (LP: #564920) + + -- Marc Deslauriers Fri, 17 Sep 2010 08:14:26 -0400 + +php5 (5.3.2-1ubuntu4.2) lucid-proposed; urgency=low + + * debian/patches/session_save_path.patch: Save PHP sessions to + /var/lib/php rather than /tmp (LP: #573222) + + -- Chuck Short Mon, 10 May 2010 04:00:03 -0400 + +php5 (5.3.2-1ubuntu4.1) lucid-proposed; urgency=low + + * debian/patches/fix-mysql-badmem.patch: Fix mysql crash when using php5-cgi. (LP: #567043) + + -- Chuck Short Mon, 03 May 2010 11:23:43 -0400 + +php5 (5.3.2-1ubuntu4) lucid; urgency=low + + * debian/control, debian/rules: Re-enable libedit-dev. (LP: #548823) + + -- Chuck Short Mon, 05 Apr 2010 15:33:21 -0400 + +php5 (5.3.2-1ubuntu3) lucid; urgency=low + + * debian/control: Fix upgrade of php5-ldap from 5.3.1. (LP: #) + + -- Chuck Short Sun, 28 Mar 2010 15:41:34 -0400 + +php5 (5.3.2-1ubuntu2) lucid; urgency=low + + * debian/control: Dont build with libmcrypt-dev. + + -- Chuck Short Fri, 26 Mar 2010 14:39:36 -0400 + +php5 (5.3.2-1ubuntu1) lucid; urgency=low + + * Merge from debian unstable: + - debian/control: + * Dropped firebird2.1-dev, libc-client-dev, libmcrypt-dev as it is in universe. + * Dropped libmysqlclient15-dev, build against mysql 5.1. + * Dropped libcurl-dev not in the archive. + * Suggest php5-suhosin rather than recommends. + * Dropped php5-imap, php5-interbase, php5-mcrypt since we have versions already in + universe. + * Dropped libonig-dev and libqgdbm since its in universe. (will be re-added in lucid+1) + * Dropped locales-all. + - modulelist: Drop imap, interbase, and mcrypt. + - debian/rules: + * Dropped building of mcrypt, imap, and interbase. + * Install apport hook for php5. + - Dropped debian/patches/libedit_is_editline.patch. + + -- Chuck Short Tue, 16 Mar 2010 09:09:50 -0400 + +php5 (5.3.2-1) unstable; urgency=high + + [ Sean Finney ] + * Fix improper signed overflow detection in filter extension + (Closes: #570287) + * Another integer overflow/underflow logic fix. (Closes: #570144) + * new debian patch fix_filter_var_email_test.patch (Closes: #571764) + * New debian patch fix_var_dump_64bit.phpt.patch (Closes: #571772) + * New debian patch use_embedded_timezonedb_fixes.patch (Closes: #571762) + + [ Raphael Geissert ] + * Build with qdbm support + * Really run extensions' tests + * Add a note about user_dirs in apache conf file (Closes: #571714) + * Fix typo in debian/NEWS + * Don't install a(nother) useless Structures_Graph sh script + * Re-enable short_open_tag for CLI too (Closes: #573367) + * Disable memory limit in CLI, letting ulimit do its job (Closes: #407425) + * Fix the locale name in some tests (Closes: #573511) + * Fix some gd tests that need the bundled library + * Fix a null pointer dereference when processing invalid XML-RPC + requests (CVE-2010-0397, Closes: #573573) + * Fix an unaligned memory access in enchant_dict_suggest() + * Fix another unaligned memory access in enchant + * Test that the list of extensions to test is never empty + * Update the list of alternative dependencies of php5-dbg + * debian/rules cleanup + * debian/control cleanup + * Build against the system oniguruma library + * Add libjpeg-dev as an alternative to libjpeg62-dev for future + transitions + + [ OndÅ™ej Surý ] + * Imported Upstream version 5.3.2 + * Updated suhosin patch to 0.9.9.1 version. + * Removed debian/patches/suhosin_page_size_fixes.patch. (Closes: #571974) + * Refreshed debian/patches/001-libtool_fixes.patch + * Refreshed debian/patches/006-debian_quirks.patch + * Adapt debian patches to 5.3.2. + * Remove "binary" contents from + debian/patches/fix_var_dump_64bit.phpt.patch + * New debian patch fix_broken_sha2_test.patch + * New debian patch always_use_system_crypt.patch (Closes: #572601) + * New debian patch php_crypt_revamped.patch (Closes: #572601) + + -- Raphael Geissert Sat, 13 Mar 2010 15:11:48 -0600 + +php5 (5.3.1-5) unstable; urgency=low + + [ Sean Finney ] + * Pass full path to php cli executable for unit tests + * dont-gitclean-in-build.patch: Don't run git-clean via buildconf + * update debian patch page_size_fixes.patch with upstream bug ref + * new debian patch broken_5.3_test-posix_uname.patch (Closes: #570286) + + [ Raphael Geissert ] + * Add build-dependency on netbase to fix a test (Closes: #570291) + * Suhosin PAGE_SIZE fixes have been already forwarded + * Fix a race condition on shtool's mkdir -p (Closes: #570111) + * Actually test the binary that is to be shipped in the -cli package + * Add some more documentation about the build system + * Documentation updates + * Update the suhosin patch version information + * Build-dep on locales-all to enable multiple tests + * Don't ship empty maintainer scripts + * Add patch to allow building with qdbm + * Test the extensions that don't require a special setup + * Get the correct list of built-in extensions of apache2filter + + -- Raphael Geissert Mon, 22 Feb 2010 10:41:51 -0600 + +php5 (5.3.1-4) unstable; urgency=low + + [ Raphael Geissert ] + * Pass -O0 when using 'noopt' to actually disable any optimization + * Add patch to use sysconf() to determine the page size + * Add patch to remove PAGE_SIZE assumptions in suhosin code + * Fix an unaligned memory access in the phar extension + * Fix another unaligned memory access + * Print the expected/actual output of failed test + * Add missing PEAR directory (Closes: #542483) + * Build sqlite3 as shared (Closes: #568956) + * Add some more documentation about the source package + + [ Sean Finney ] + * New debian patch fix_broken_5.3_tests.patch + + -- Raphael Geissert Thu, 11 Feb 2010 02:22:47 -0600 + +php5 (5.3.1-3) unstable; urgency=low + + [ OndÅ™ej Surý ] + * get rid of php4 dependencies + * Enable short_open_tag again (Closes: #537099) + * fix dependency on automake1.4 in php5-dev package + * fix typo s/firefox/firebird/ in changelog + * Removed long inactive Adam Conrad and Jeroen van Wolffelaar from uploaders + + [ Raphael Geissert ] + * Fix maintainer scripts to use php.ini-production (Closes: #565130) + * Revert b22a350: Turn the phpapi dependencies into php5 | phpapi + * Allow parallel building via parallel=n + * Build with the hardening wrapper + * Remove no-longer-needed dfsg-repack script + * Add DEP-3-format metadata to some of the patches + * Build the intl extension + * Drop exif_read_data-segfault patch, merged upstream + * Build the enchant extension + * Add ${misc:Depends} where missing + * Disable mod_php in user directories (Closes: #555606) + * Add missing comment character to php.ini-paranoid (Closes: #564622) + * Build the interbase extension on all the supported architectures + + [ Sean Finney ] + * 5.3 upload for unstable. + - Includes backported fix for "ref converted to value" (Closes: #556237). + + -- Raphael Geissert Sun, 07 Feb 2010 23:31:51 -0600 + +php5 (5.3.1-2) experimental; urgency=low + + * Merged changes from 5.2.x sid branch. + * Adapt mssql-null-exception.patch and sybase-alias.patch to 5.3.1 + * Update strcmp_null-OnUpdateErrorLog.patch; merged upstream, leave a + patch with a test case + * Removed check_ini_on_modify_status.patch and gentoo/117- + 4_digit_year_big_endian.patch; merged upstream + * Removed max_file_uploads.patch; no need for backwards compatibility + between major releases + * Refreshed 112-proc_open.patch,exif_read_data-segfault.patch + * Fix duplicate Provides: in debian/control introduced by cherry- + picking 94f0ec3 + * Update sybase aliases to include correct arguments, needed for 5.3.x + * Update Build-Depends: to include firebird2.1-dev as preferred + alternative (Closes: #564691) + * Reformat Build-Depends: to one-dependency-per-line + * Reduce number of libdb*-dev to include only version in + stable/testing/unstable + * Switch to automake (>= 1.11) | automake1.11, depend on autoconf >= + 2.63 (Closes: #549148) + + -- OndÅ™ej Surý Mon, 11 Jan 2010 16:56:01 +0100 + +php5 (5.3.1-1) experimental; urgency=low + + * Imported Upstream version 5.3.1 + * Change dependcy to libdb-dev instead on arbitrary version of + libdb4.x-dev + * Refreshed 006-debian_quirks patch to apply cleanly. + * Removed 114-php_gd_segfault.patch, merged upstream. + * Refreshed 115-autoconf_ftbfs.patch to apply cleanly + * Updated suhosin.patch to 0.9.8 version for php-5.3.1 + * Refreshed 001-libtool_fixes.patch + * Refreshed 004-ldap_fix.patch + * Refreshed 013-force_getaddrinfo.patch + * Refreshed 036-fd_setsize_fix.patch + * Refreshed 052-phpinfo_no_configure.patch + * Refreshed 053-extension_api.patch + * Refreshed 108-64_bit_datetime.patch + * Refreshed 113-php.ini_securitynotes.patch + * Refreshed 116-posixness_fix.patch + * Refreshed gentoo/006_ext-curl-set_opt-crash.patch + * Refreshed gentoo/009_ob-memory-leaks.patch + * Refreshed libedit_is_editline.patch + * Refreshed suhosin.patch + * Add .gitignore file to ignore .pc/ directory + * Removed README.CVS-RULES from debian/php5-common.docs, file is no + longer shipped by upstream. + + -- OndÅ™ej Surý Thu, 07 Jan 2010 17:21:47 +0100 + +php5 (5.3.0-3) experimental; urgency=low + + * Fix segmentation fault in php-gd (Closes: #543496) + * Update suhosin patch to 0.9.8 *BETA* and enable it again + * Fix FTBFS with current autoconf/automake (Closes: #542906, #542088) + * Add avr32-linux-gnu to no -gstabs toolchains (Closes: #543278) + * Fix FTBFS on Debian Hurd (Closes: #530281) + * Use updated (v7) version of use_embedded_timezonedb.patch (Closes: #535770) + + -- OndÅ™ej Surý Tue, 25 Aug 2009 16:12:13 +0200 + +php5 (5.2.12.dfsg.1-2) unstable; urgency=low + + * Update Build-Depends: to include firebird2.1-dev as preferred + alternative (Closes: #564691) + * Reformat Build-Depends: to one-dependency-per-line + * Reduce number of firebird*-dev to include only version in + stable/testing/unstable + * Reduce number of libdb*-dev to include only version in + stable/testing/unstable + * Switch to automake (>= 1.11) | automake1.11, depend on autoconf + (>= 2.63) (Closes: #549148) + + -- OndÅ™ej Surý Mon, 11 Jan 2010 17:31:33 +0100 + +php5 (5.2.12.dfsg.1-1) unstable; urgency=low + + [ Thijs Kinkhorst ] + * Change comment in module .ini snippets from # to ; to avoid deprecation + warnings with PHP 5.3.0. + + [ OndÅ™ej Surý ] + * Imported Upstream version 5.2.12.dfsg.1 + * Removed manpage_spelling.patch, merged upstream. + * Removed libedit_is_editline.patch, merged upstream. + * Refreshed max_file_uploads.patch, patch can be removed, it's kept to + raise max_file_uploads to 50. + * Refreshed and updated suhosin.patch + * Refreshed 001-libtool_fixes.patch, 004-ldap_fix.patch, + 006-debian_quirks.patch, 013-force_getaddrinfo.patch, + 034-apache2_umask_fix.patch, 053-extension_api.patch, + 056-mime_magic_liberal.patch, 115-autoconf_ftbfs.patch, + gentoo/009_ob-memory-leaks.patch, mssql-null-exception.patch, + use_embedded_timezonedb.patch + * Removed autogenerated main/php_config.h.in from suhosin.patch + (Ubuntu: #493761) + * Short open tags are On again in php.ini-dist (Closes: #537099) + * Don't leave .start if we are purging (Closes: #561739) + * Add README.Debian file to /usr/share/doc/php-pear/PEAR, so the + directory is not deleted (Closes: #563437, #542483) + + [ Upstream ] + * Fix default pear.php.net channel definitions (Closes: #559029) + + -- OndÅ™ej Surý Fri, 08 Jan 2010 18:18:43 +0100 + +php5 (5.2.11.dfsg.1-2) unstable; urgency=high + + * max_file_uploads: limit the maximum number of file uploads to 50 + + Reduces the chances of a temporary file exhaustion DoS + * Add libdb4.8-dev as an alternative dependency (Closes: #555945) + * Add libdb-dev as another alternative, hopefully the last one + (Closes: #548486) + * Add a versioned dependency on libtool 2.2 (Closes: #548015) + * Use FilesMatch and SetHandler on apache setups (Closes: #491928) + * Gentoo patch ext-curl-set_opt-crash has already been merged upstream + * Drop unused lintian override + + -- Raphael Geissert Sat, 21 Nov 2009 13:37:51 -0600 + +php5 (5.2.11.dfsg.1-1) unstable; urgency=low + + * New upstream release + + [ Fixes incorporated upstream ] + * Fix 4-year digit year on big-endian platforms (Closes: #542301) + * patch curl_streams_sleep.patch + * patch strcmp_null-OnUpdateErrorLog.patch (partially addresses #540605) + * patch check_ini_on_modify_status.patch + + [ Raphael Geissert ] + * Add aliases to the mssql functions on the sybase extension (Closes: #523073) + * Fix the rows_affected alias, it should be affected_rows + * Avoid possible memory dumps via PG on restored ini values (Closes: #540605) + + [ Ondrej Sury ] + * Fix FTBFS with current autoconf/automake (Closes: #542906, #542088) + * Add avr32-linux-gnu to no -gstabs toolchains (Closes: #543278) + * Fix FTBFS on Debian Hurd (Closes: #530281) + * fix whitespace in libapache2-mod-php5.postinst + + [ Sean Finney ] + * incorporate/ack previous NMU's, thanks Andreas. + * update debian patch 115-autoconf_ftbfs.patch for new upstream version + * update debian patch fix_broken_upstream_tests.patch + * update debian patch mssql-null-exception.patch + * refresh various quilt patches against new upstream version + * remove no longer needed "legacy" support for conffile migration + * add dpkg trigger in the apache2 and apache2filter sapis for reloading + apache2 on extension updates (Closes: #490023, #524206) + * let libmysqlclient15-dev be a fallback alternative for libmysqlclient-dev + in case someone wants to backport the package. + * update list of installed documentation + + -- Sean Finney Sun, 20 Sep 2009 11:05:35 +0200 + +php5 (5.2.10.dfsg.1-2.2) unstable; urgency=medium + + * Non-maintainer upload. + * Drop hand-crafted dependency on libmysqlclient15. + + -- Andreas Barth Mon, 31 Aug 2009 09:22:16 +0200 + +php5 (5.2.10.dfsg.1-2.1) unstable; urgency=medium + + * Non-maintainer upload. + * Fix FTBFS with new autoconf. Thanks to Russ Allbery for the patch. + Closes: #542906 + + -- Andreas Barth Sun, 30 Aug 2009 13:49:40 +0200 + +php5 (5.2.10.dfsg.1-2) unstable; urgency=low + + * Declare that PEAR replaces XML_UTIL (Closes: #534621) + * Bump standards-version, no change needed + * Fix an unconditional limit on dblib_driver.c (Closes: #534881) + * Fix a segfault on exif_data_read with corrupted jpg files (Closes: #535888) + * Recommend php5-suhosin, as suggested by Thijs (Closes: #529760) + * Set sysconfig to /etc, to avoid getting /usr/etc in PHP_SYSCONFDIR + * Add myself to uploaders + * Fix the path to PEAR's config, directly in rules (Closes: #507762) + + -- Raphael Geissert Thu, 09 Jul 2009 18:25:48 -0500 + +php5 (5.3.0-2) experimental; urgency=low + + * update configuration file names to new upstream naming convention + + -- Sean Finney Wed, 01 Jul 2009 09:12:10 +0200 + +php5 (5.3.0-1) experimental; urgency=low + + * New Upstream Version + + [ Sean Finney ] + * use ';' instead of '#' as comments in module ini files + * remove binary package for php5-mhash which is now built-in + * update removed windows modules in 006-debian_quirks.patch + * quilt refresh for new upstream release + + -- Sean Finney Tue, 30 Jun 2009 20:09:07 +0200 + +php5 (5.3.0~RC4-1) UNRELEASED; urgency=low + + * New Upstream Version + + [ Sean Finney ] + * (temporarily) disable suhosin patch while it does not apply to 5.3 + * refresh various debian patches, fixing whitespace and offsets + * copy the gbp.conf from debian-sid and adapt it for experimental + * cherry-pick relevant gentoo patches from unstable + * cherry-pick debian fixes in libtool2.2.patch from unstable + * Update package sections to match override. + + [ Raphael Geissert ] + * Detect the path to ltmain.sh at build time and set conflicts + appropriately + * Add libdb4.7-dev as an ORed build dependency to fix FTBFS + * Update the Vcs-* fields to reflect the move from svn to git + * Turn the phpapi dependencies into php5 | phpapi to fix + installability issues + * Bump Standards-Version to 3.8.1, no change needed + * Add a set of lintian overrides for some FP spelling-error-in-binary + + [ Thijs Kinkhorst ] + * Update php5-cli package description to make it more neutral + + -- Sean Finney Mon, 29 Jun 2009 07:54:51 +0200 + +php5 (5.3.0~RC1-1) unstable; urgency=low + + * New Upstream Version + + -- Mark A. Hershberger Wed, 25 Mar 2009 19:39:48 -0400 + +php5 (5.2.9.dfsg.1-1) unstable; urgency=low + + * New upstream release (closes: #520538). + - fixes regressions with parsing via libxml2 (closes: #520246, #520423). + + [ Sean Finney ] + * Refresh all patches. + * Update suhosin patch to 5.2.9, remove autotools-generated files (configure, + php_config.h.in) and .dsp files from patch. + * remove obsolete configure options from ./configure: --enable-memory-limit, + --enable-track-vars, --enable-trans-sid, --enable-filepro and --enable-dbx. + * Remove obsoleted patches which have been incorporated upstream: + - snmp_leaks.patch + - BG-initializing-fix.patch + - CVE-2008-2829.patch + - CVE-2008-3658.patch + - CVE-2008-3659.patch + - CVE-2008-3660.patch + - CVE-2008-5557.patch + - CVE-2008-5658.patch + - pdo-fetchobject-prototype-error.patch + - zend_object_handlers-invalid-write.patch + - dba-inifile-truncation.patch + - gentoo/freetds-compat.patch + - gentoo/010_ticks-zts-crashes.patch + - gentoo/019_new-memory-corruption.patch + - gentoo/009_array-function-crashes.patch + - gentoo/015_CVE-2008-2665-wrapper-safemode-bypass.patch + - gentoo/017_xmlrpc-invalid-callback-crash.patch + - gentoo/007_dom-setAttributeNode-crash.patch + - gentoo/006_PDORow-crash.patch + - gentoo/005_stream_context_set_params-crash.patch + * Update fix_broken_upstream_tests.patch, one of the tests is fixed. + + -- Sean Finney Tue, 24 Mar 2009 19:05:09 +0100 + +php5 (5.2.6.dfsg.1-3) unstable; urgency=low + + [ Sean Finney ] + * Do not add -O2 to CFLAGS if DEB_BUILD_OPTIONS contains noopt. + * Security related fixes: + - php: inifile handler for the dba functions can be used to truncate a file + Patch: dba-inifile-truncation.patch (closes: #507101). + - CVE-2008-5658.patch: ZipArchive::extractTo directory traversal + Patch: CVE-2008-5658.patch (closes: #507857). + Thanks to Pierre Joye for help with the patch. + + [ Raphael Geissert ] + * Picked up some patches from Gentoo (most included in PHP 5.2.7 and later): + + patches/gentoo/005_stream_context_set_params-crash.patch + + patches/gentoo/006_PDORow-crash.patch + + patches/gentoo/007_dom-setAttributeNode-crash.patch + + patches/gentoo/009_array-function-crashes.patch + + patches/gentoo/010_ticks-zts-crashes.patch + + patches/gentoo/015_CVE-2008-2665-wrapper-safemode-bypass.patch + + patches/gentoo/017_xmlrpc-invalid-callback-crash.patch + + patches/gentoo/019_new-memory-corruption.patch + + patches/gentoo/freetds-compat.patch + - was deprecated_freetds_check.patch + + -- Sean Finney Sat, 24 Jan 2009 21:17:13 +0100 + +php5 (5.2.6.dfsg.1-2) unstable; urgency=low + + [ Sean Finney ] + * Make sure a file used to track state is properly removed in the + postinst, thanks Raphael (closes: #511049). + + [ Thijs Kinkhorst ] + * Fix watch file to mangle version. + + [ Raphael Geissert ] + * Ship script used to take an upstream tarball and remove the non + DFSG-free stuff, update watch file accordingly. + + -- Sean Finney Tue, 13 Jan 2009 08:24:36 +0100 + +php5 (5.2.6.dfsg.1-1) unstable; urgency=high + + [ Sean Finney ] + * Incorporate previous NMU. + * Updated system tzdata patch from Joe Orton. + * Removed tzdb-nofree_ents_ifnotzdata.patch, which is now incorporated + into Joe's patch. + * Two backported fixes from 5.2.8, thanks to Olivier Bonvalet for looking + them up. + - Upstream bug #46157 (PDOStatement::fetchObject prototype error) + Patch: pdo-fetchobject-prototype-error.patch + - Upstream bug #46308 (Invalid write in zend object handler / getter) + Patch: zend_object_handlers-invalid-write.patch + * Security related fixes: + - CVE-2008-5624: Incorporate fix from 5.3 for proper initialization of + uid/gid for apache2 sapi. + Patch: BG-initializing-fix.patch + - CVE-2008-5557: heap overflows in the mbstring extension. + Patch: CVE-2008-5557.patch (closes: #511493). + + [ Thijs Kinkhorst ] + * Correct description typo, thanks Mathias Brodala (Closes: #508989). + + -- Sean Finney Mon, 12 Jan 2009 12:12:36 +0100 + +php5 (5.2.6.dfsg.1-0.1) unstable; urgency=low + + * Non-maintainer upload. + * Remove exts/dbase from orig tarball (Closes: #341420) + + -- Ben Hutchings Sat, 29 Nov 2008 19:19:28 +0000 + +php5 (5.2.6-5) unstable; urgency=high + + * Update debian/copyright to document that the DFSG-unfree email + requirement in ext/standard/rand.c has been rescinded by the + copyrightholder (Closes: #498621). + + -- Thijs Kinkhorst Sun, 05 Oct 2008 11:32:35 +0200 + +php5 (5.2.6-4) unstable; urgency=high + + [ Sean Finney ] + * Take three unreleased fixes from upstream CVS: + - CVE-2008-3658: Buffer overflow in the imageloadfont function. + Patch: CVE-2008-3658.patch (closes: #499989) + - CVE-2008-3659: Buffer overflow in the memnstr function. + Patch: CVE-2008-3659.patch (closes: #499988) + - CVE-2008-3660: Remote DoS in fastcgi module + Patch: CVE-2008-3660.patch (closes: #499987) + + [ Raphael Geissert ] + * snmp_leaks.patch: fixes memory leaks in the snmp extension (Closes: #423296) + - Thanks to Rodrigo Campos for the follow up + - Thanks to Federico Cuello for the original patch + * php5-dev.lintian-override: fix it so it actually works + + -- Sean Finney Sun, 14 Sep 2008 14:25:11 +0200 + +php5 (5.2.6-3) unstable; urgency=high + + [ Thijs Kinkhorst ] + * Drop unneeded php5-timezonedb Suggests and obsolete php3 Conflicts. + * Add documentation about the timezonedb change (Closes: #492025). + + [ Adam Conrad ] + * Modify 033-we_WANT_libtool.patch to cope with newer versions of + libtool that only copy auxilliary files when --install is used, + while still working with older versions that DTRT without. + + [ Raphael Geissert ] + * debian/rules: + + Avoid installing useless test suites in php-pear (Closes: #478995) + + Remove any empty directory in php-pear + + Also get rid of usr/share/php/data/Structures_Graph/* + - Those were meant to be used by upstream maintainer + * debian/php5-dev.lintian-overrides: + - usr/lib/php5/build/run-tests.php is not meant to be used directly + * debian/control: bumped Standards Version to 3.8.0, no changes needed + * bad_whatis_entries.patch: fixes the whatis entries of all the manpages + * deprecated_freetds_check.patch: fixes the freetds detection routine + + Closes: #494230 + - Thanks to jklowden@freetds.org and the Gentoo folks for the patch + (RC bugfix, upload urgency bumped) + * debian/libapache2-mod-php5*-{prerm,postinst}: + - Create a status file when removing the package (but not purging) + while having the mod enabled so reinstallation of the package + does not end up disabling the module (Closes: #471548) + + [ Sean Finney ] + * Bump dependency on libmysqlclient15off to require the version from + lenny or later, in order to avoid subtle problems not previously detected + with libmysqlclient_r on mixed etch/lenny/sid systems (closes: #495575). + + -- Sean Finney Wed, 20 Aug 2008 19:32:02 +0200 + +php5 (5.2.6-2) unstable; urgency=high + + [ Raphael Geissert ] + * Lintian-based changes: + - also install a lintian override for libapache2-mod-php5filter + - fixed the generic lintian overrides so they are meaningful + - dropping linda overrides, linda is gone now + - s/meta-package/metapackage + * debian/control: + - Updated php5's description so it mentions three instead of + only two server-side SAPIs + - Depend on php5-cli in php-pear (Closes: #482517) + + Previous change reverted because of PEAR packages FTBFS + - {B-,}Depend on tzdata to avoid crashes caused by the tz ext patch + - Dropped some versioned {b-,}dependencies that are satisified + even on sarge + * php.ini-*: state that when using a custom save_path, + gc_probability should also be set (Closes: #388808, #321460) + * tzdb-nofree_ents_ifnotzdata.patch: avoid free'ing ents when the tz dir does + not exist (Closes: #483461) + + [ Sean Finney ] + * Fix for CVE-2008-2829: unsafe usage of deprecated imap functions + Patch: CVE-2008-2829.patch + * Modifications to suhosin.patch due to alignment problems on some + architectures. Thanks to Stefan Esser for the initial suggestion. + (Closes: #481737). + * Rename the apache2 filter module to libphp5filter.so, to prevent + conflicting filenames for symbols in the debug package. + + -- Sean Finney Thu, 03 Jul 2008 08:14:45 +0200 + +php5 (5.2.6-1) unstable; urgency=medium + + * New upstream release. Fixes several security issues of unknown impact: + + possible stack buffer overflow in the FastCGI SAPI + + integer overflow in printf() + + unknown issue CVE-2008-0599 + + a safe_mode bypass in cURL + + incomplete multibyte chars inside escapeshellcmd() + + [ Sean Finney ] + * New patch (use_embedded_timezonedb.patch) allows us to default to + using the system provided timezone database instead of the one bundled + with PHP. Many thanks to Joe Orten from Red Hat for the patch! + (closes: #447174, #471104). + * Updated the Suhosin patch to v0.9.6 (5.2.6). + * New patch: force_libmysqlclient_r.patch, forcing the build system + to link against the threadsafe libmysqlclient without having to enable + the other zts features in php. This is required since the apr libraries + are now linking against this as well and mysql exports the same symbols + from both libraries. Thanks to Stefan Fritsch (closes: #469081). + * Massaged/updated various other patches in debian/patches + * Update copyright information to have information about non-trivial + patches worthy of copyright attributions, and update information about + current debian maintainers. + * Add some useful quilt settings in debian/rules to lower the amount of + noise in future quilt updates. + * Now building a php5 apache2 module with filter-module support in a new + libapache2-mod-php5filter package (closes: #438120). + + [ Thijs Kinkhorst ] + * Checked for policy 3.7.3, no changes. + + [ Raphael Geissert ] + * Build a php5-dbg package with the debug symbols of the SAPIs & extensions + + Bump debhelper dependency to >= 5 as dh_strip behaves differently. + * debian/watch: refactored so it can actually be used to download the tarball + * debian/rules: removed bashisms (Closes: #478613) + * debian/control: add a notice about Suhosin being applied (Closes: #471324) + + Additionally make sure the PHP boilerplate is the same for each package + * debian/patches/manpage_spelling.patch: + - fix spelling mistakes in man page (Closes: #413712) + * debian/NEWS: s/suhosin/Suhosin (Closes: #434351) + * debian/control: removed ORed postgresql-dev build-dep (Closes: #429981) + + postgresql-dev is a transitional package since etch + * Override the following lintian messages: + + SAPI packages package-contains-empty-directory usr/lib/php5/20060613+lfs/ + + php5-common package-contains-empty-directory usr/lib/php5/libexec/ + * Set our custom PHP_PEAR_DOWNLOAD_DIR when building the pear stuff + + Avoids the creation of /tmp/pear (Closes: #463979) + * Replaced all 'make' with '$(MAKE)' so any extra flag is preserved + * debian/rules: s/DEB_BUILD_ARCH/DEB_HOST_ARCH + + HOST is the machine the package is built for. + * Recommend php5-cli instead of depending on it in php-pear (Closes: #243214) + + php5-cli is only needed by the, rearely used, pear installer + * debian/README.source: inform how to generate php5-dbg's Depends + * debian/patches/029-php.ini_paranoid.patch: updated (Closes: #459814) + + Thanks to Javier Fernández-Sanguino Peña + Changes: + - includes some variables which were no present in the first version and + removes modules not available in PHP5. Also fixes typos in comments which + have since been fixed in php.ini-dist + - adds notes (Debian-specific) of which security features applications + should not rely on + - add more information of why some variables were enabled + - reorder the description of changes to suit the location in the config file + - add notes of deprecated features in PHP6 + - add more (suggested) changes to the session module to make a more secure + use and storage of session IDs. + - remove the 'include' function from the list of disabled functions as it + is quite common for most applications + - modify the valid 'include_path' to make it really paranoid ('.' is not + allowed anymore) + - adjust locations of directories, including the upload dir and session dir + - proper definition for sql.safe_mode and description (missing in + php.ini-dist of what it is really for) + - added session configuration variables which are not available in + php.ini-dist together with recommended paranoid values + (session.referer_check, session.entropy_file, session.entropy_length) + - added more information to session configuration (not available in php.ini) + based on the information at php.net + * Lintian-based changes: + - debian/php5-common.dirs: do NOT create usr/share/doc/php5-common/PEAR/ + - fixed a hyphen-used-as-minus-sign in php5(1):319 + - get rid of usr/share/php/data/Structures_Graph/LICENSE in php-pear + * Move /usr/share/php/docs to /usr/share/doc/pear-php/PEAR (Closes: #331034) + + [ Steve Langasek ] + * Step down from the PHP maintenance team, removing myself from uploaders. + So long, and thanks for all the fish! + + -- Sean Finney Sun, 04 May 2008 21:15:47 +0200 + +php5 (5.2.5-3) unstable; urgency=high + + * zend_parse_parameters does not handle size_t's, causing issues with + 043-recode_size_t.patch and segmentation faults for recode-using pages. + changed problematic parameters back to "int" and added an overflow check. + thanks to Thomas Stegbauer, Tim Dijkstra, Bart Cortooms, Sebastian Göbel, + and Vincent Tondellier for their reports. closes: #459020. + + -- Sean Finney Thu, 21 Feb 2008 00:59:21 +0100 + +php5 (5.2.5-2) unstable; urgency=low + + * debian/patches/libdb_is_-ldb: reorder the search for db4 instances to + give precedence to -ldb, so that we always get the version that matches + the installed -dev package instead of whichever most recent version php + upstream currently knows about. Closes: #463397. + * Update suhosin patch to not patch .dsp files (and config.w32), which + are irrelevant to Unix builds and seem to cause problems for clean + patching/unpatching. + + -- Steve Langasek Fri, 01 Feb 2008 18:46:15 +0000 + +php5 (5.2.5-1) unstable; urgency=low + + [ Sean Finney ] + * New upstream release + * Updated suhosin patch for 5.2.5 minus ./configure as before. + * Workaround for xargs not handling extra long cmdlines in session + cleanup script (Closes: #461755). + * Remove unneccesary DEB_BUILD_GNU_TYPE fudging (Closes: #429066). Thanks + to Riku Voipio for the report/patch. + + [ Raphael Geissert ] + * debian/rules: now DEB_BUILD_OPTIONS=nocheck aware + * Updated description of the php5 meta-package to reflect removal of apache + (Closes: #418038) + * Capitalise apache where needed (Closes: #439575) + * Homepage is now a control entry (moved from Description), Closes: #439578 + * Fixed test-results.txt target so parallel package building doesn't fail + * Added Suggests: php5-timezonedb to all the SAPIs + + [ Steve Langasek ] + * Add ${shlibs:Depends} to php5-common, since it does build ELF objects now + (pdo.so) + * Update build-deps to libdb4.6-dev now that libaprutil1-dev has switched. + Closes: #461192. + + -- Steve Langasek Thu, 17 Jan 2008 13:39:17 -0800 + +php5 (5.2.4-2) unstable; urgency=low + + [ sean finney ] + * for posterity revised previous changelog to reference the CVE id's + of security issues resolved by the latest upstream release. + * lintian: use debian/compat instead of DH_COMPAT in debian/rules. + * lintian: use source:Version and binary:Version where appropriate, + instead of Source-Version + * lintian: remove a couple pieces of cruft in the changelog that were causing + false-postive wrong-bug-number-in-closes, but were generally useless + anyway. + + [ Raphael Geissert ] + * Using test-results.txt as a target + * cronjob now checks for existance of /usr/lib/php5/maxlifetime (Closes: #439286) + * Fixed memory limit of 1232M in php.ini for cli (Closes: #440624) + * Build the interbase extension using firebird2.0-dev (Closes: #433736) + * Unapply patches with debian/rules clean + + [ Steve Langasek ] + * Don't patch configure or php_config.h.in in suhosin.patch, as these are + auto-generated and including them in the patch results in a race + condition for the necessary build-time regeneration. Thanks to Daniel + Schepler for reporting, and to Damyan Ivanov for helping to sort out the + fix. Closes: #443637. + * Also remove the modified auto-generated files in the clean target, + which triggers a warning about disappearing files when building the + source package but avoids carrying irrelevant diffs to these files + in the Debian diff. + * Now that the testsuite is being run at build time, test failures cause + a bunch of junk files to be left around in the Debian diff. So clean up + several false-positive failures: + - 052-phpinfo_no_configure.patch: we're patching the output of phpinfo(), + so patch the test as well + - fix_broken_upstream_tests.patch: use a local directory for tests that + use sessions, skip the phpinfo test after all because it doesn't appear + to be compatible with current testsuite behavior, and disable the + moneyformat test if en_US locale is not available. + There are still several other failing tests, but these are not false + positives and remain enabled pending investigation. + + -- sean finney Wed, 24 Oct 2007 21:51:14 +0200 + +php5 (5.2.4-1) unstable; urgency=low + + * New upstream release. + * Security issues resolved in the latest release: + - CVE-2007-2519 - Directory traversal vulnerability in PEAR + + + [ sean finney ] + * patch from Jan Wagner to be able to conditionally disable any + patches that break binary-compatibility with official php + binary-only extensions. see debian/rules for more information. + * now incorporate the php unit tests into the build process. for + those interested the output is stored in the file + /usr/share/doc/php5-common/test-results.txt . + * by default we now ship with enable_dl = Off, as there are some + fairly significant ramifications security-wise to having it on. + * we shipping with the suhosin patch enabled by default. + special thanks to Blars Blarson for providing a sparc machine for + testing purposes with 5.2.3 (closes: #397179). + * new binary package php5-gmp, with the newly enabled gmp extension, + since whatever reason for not doing so either never existed or no + no longer exists (closes: #344137). Build-Depends added for libgmp3-dev. + + [ Steve Langasek ] + * php5-module.postinst: don't assume that the postinst is only relevant + when called with 'configure' as an argument, some future debhelper code + could apply in the case of other methods of invocation. + * Clean up build dependencies for recent library transitions: + - libsnmp-dev is now the real package name, and is supported as a virtual + package for backports. + - re-add firebird2-dev as an alternative to firebird1.5-dev, to support + backports. + - the curl -dev package name has changed from libcurl3-openssl-dev to + libcurl4-openssl-dev; update to the proper name, with libcurl-dev as + an alternative. + * Switch php5-sybase to use the mssql extension instead of the sybase_ct + extension. Closes: #418734, #329065. + + -- sean finney Sun, 16 Sep 2007 14:46:06 +0200 + +php5 (5.2.3-1) unstable; urgency=low + + * new upstream release. + * upstream has incorporated the last of the recent CVE fixes, so + the patches have been removed. + * change build dependencies for firebird2-dev -> firebird1.5-dev, + as the firebird maintainer has changed names in order to provide + more clarity since there's also a firebird2.0 now (closes: #427181). + * now include, but do not apply by default, the suhosin patch. see + NEWS.Debian for more information. + + -- sean finney Mon, 04 Jun 2007 22:02:10 +0200 + +php5 (5.2.2-2) unstable; urgency=low + + [sean finney] + - build with --with-ldap-sasl and modify build-depends to include + libsasl2-dev in order to get the ldap_sasl_bind function (closes: #422490). + - the json extension is now on by default in php builds, so there's + no need for the php5-json package. added a Provides/Conflicts to + help set an upgrade path. + - apache 1.x support is soon disappearing. as a consequence we are + no longer building the libapache-mod-php5 module. the php5 metapackage + should as a result bring in libapache2-mod-php5 by default for those who + already have it installed. + + -- sean finney Sun, 20 May 2007 21:59:56 +0200 + +php5 (5.2.2-1) unstable; urgency=low + + [ sean finney ] + * new upstream release (closes: #422405). + * /most/ of the previous CVE patches have been committed upstream, though: + - the patch for MOPB-41 was fixed in a different way and we'll be keeping + our fix for the time being. + - it doesn't seem like MOPB-45 has been fixed yet. + * remove build-dependency option on libmysqlclient12-dev, since the mysqli + option requires it, and 15 is in stable now anyway. thanks to + Henk van de kamer for finding this (closes: #422224). + * now includes requested fix for mysql row counts (closes: #418471). + * needle/haystack issues are reported fixed (closes: #399924). + * oh yeah, because we're using quilt now: (closes: #338315). + * update build-deps to libdb4.5-dev | libdb4.4-dev (closes: #421929). + note that the resulting php packages won't actually build against + libdb4.5 until all of our build-dependant packages do too. + + -- sean finney Sat, 05 May 2007 19:56:30 +0200 + +php5 (5.2.0-12) unstable; urgency=high + + [ sean finney ] + * modify the build-depends to play more nicely when the net-snmp + maintainers decide to change their package names (closes: #421061). + + -- sean finney Tue, 01 May 2007 14:24:01 +0200 + +php5 (5.2.0-11) unstable; urgency=high + + [ sean finney ] + * The following security issues are addressed with this update: + - CVE-2007-0910/MOPB-32 session_decode() Double Free Vulnerability + * note that this is an update to the previous version of the upstream + fix for CVE-2007-0910, which introduced a seperate exploit path. + - CVE-2007-1286/MOPB-04 unserialize() ZVAL Reference Counter Overflow + - CVE-2007-1380/MOPB-10 php_binary Session Deserialization Information Leak + - CVE-2007-1375/MOPB-14 substr_compare() Information Leak Vulnerability + - CVE-2007-1376/MOPB-15 shmop Functions Resource Verification Vulnerability + - CVE-2007-1453/MOPB-18 ext/filter HTML Tag Stripping Bypass Vulnerability + - CVE-2007-1453/MOPB-19 ext/filter Space Trimming Buffer Underflow Vuln. + - CVE-2007-1521/MOPB-22 session_regenerate_id() Double Free Vulnerability + - CVE-2007-1583/MOPB-26 mb_parse_str() register_globals Activation Vuln. + - CVE-2007-1700/MOPB-30 _SESSION unset() Vulnerability + - CVE-2007-1718/MOPB-34 mail() Header Injection + - CVE-2007-1777/MOPB-35 zip_entry_read() Integer Overflow Vulnerability + - CVE-2007-1887-1888/MOPB-41 sqlite_udf_decode_binary() Buffer Overflow + - CVE-2007-1824/MOPB-42 php_stream_filter_create() Off By One Vulnerablity + - CVE-2007-1889/MOPB-44 Memory Manager Signed Comparision Vulnerability + - CVE-2007-1900/MOPB-45 ext/filter Email Validation Vulnerability + * The other security issues resulting from the "Month of PHP bugs" either + did not affect the version of php5 shipped in unstable, or did not merit + a security update according to the established security policy for php + in debian. You are encouraged to verify that your configuration is not + affected by any of the other vulnerabilities by visiting: + http://www.php-security.org/ + * other, less interesting changes: + - now use quilt for managing local patches. + - massage all of the patches, eliminating fuzz and offsets. + + -- sean finney Mon, 23 Apr 2007 19:02:51 +0200 + +php5 (5.2.0-10) unstable; urgency=high + + [ sean finney ] + * The php security update contained a regression in the streams + module. this version contains an updated version of the patch + for CVE-2007-0906 (116-CVE-2007-0906_streams.patch), which should + fix the regression. Thanks to Martin Pitt for noticing this. + * Fix the patch names in the previous changelog entry, and fix a factual + inaccuracy that was accidentally pasted from the php4 changelog. + * The previous update was missing two fixes from CVE-2007-0906: + * interbase: (116-CVE-2007-0906_interbase.patch) + * zip: (116-CVE-2007-0906_zip.patch) + + -- sean finney Wed, 07 Mar 2007 23:11:29 +0100 + +php5 (5.2.0-9) unstable; urgency=high + + [ sean finney ] + * The following security issues are addressed with this update: + - CVE-2007-0906: Multiple buffer overflows in various code: + * session (116-CVE-2007-0906_session.patch) + * imap (116-CVE-2007-0906_imap.patch) + * str_replace: (116-CVE-2007-0906_string.patch) + * the sqlite and mail related vulnerabilities in this CVE do not + affect the php5 source packages. + - CVE-2007-0907: sapi_header_op buffer underflow (116-CVE-2007-0907.patch) + - CVE-2007-0908: wddx information disclosure (116-CVE-2007-0908.patch) + - CVE-2007-0909: More buffer overflows: + * the odbc_result_all function (116-CVE-2007-0909_odbc.patch) + * various formatted print functions (116-CVE-2007-0909_print.patch) + - CVE-2007-0910: Clobbering of super-globals (116-CVE-2007-0910.patch) + - CVE-2007-0988: 64bit unserialize DoS (116-CVE-2007-0988.patch) + Closes: #410995. + * The package maintainers would like to thank Joe Orton from redhat and + Martin Pitt from ubuntu for their help in preparation of this update. + * backport upstream fix for AUTH PLAIN support in imap extension + Closes: #401712. + + -- sean finney Sat, 03 Mar 2007 11:13:33 +0100 + +php5 (5.2.0-8) unstable; urgency=high + + [ sean finney ] + * Update package information to say simply "Apache 2" instead + of "Apache 2.0" (ref: #400306). + * Update package description for php-pear to mention needing + phpN-dev for building PECL extensions (closes: #401825). + * Add mention of Freetype fonts to php5-gd package description, + thanks to Ole Laursen for the suggestion (closes: #387881). + * Include a backported version of upstream's fix for + alignment calculatations which cause FTBFS problems for + some arches. Thanks to Roman Zippel for finding this (closes: #401129). + patch: 114-zend_alloc.c_m68k_alignment.patch + * Remove --enable-yp, as it's no longer used and seperately + packaged. Thanks to Martijn Grendelman for mentioning this + (closes: #402161). + * Add mention to README.Debian of needing to restart apache when + installing modules (closes: #392249). + * Don't strip the DSO modules if building with DEB_BUILD_OPTIONS + containing nostrip + * Backported a patch from upstream CVS to fix a rather nasty + memory leak in zend_alloc (closes: #402506). + patch: 115-zend_alloc.c_memleak.patch + * The memleak and FTBFS are targeted at etch, and there aren't + any other significant changes, so priority=high. + + -- sean finney Sun, 17 Dec 2006 16:49:35 +0100 + +php5 (5.2.0-7) unstable; urgency=high + + [ Steve Langasek ] + * Also disable firebird in the PDO config for archs other than + i386/amd64. + + -- sean finney Fri, 24 Nov 2006 15:20:53 +0100 + +php5 (5.2.0-6) unstable; urgency=high + + [ sean finney ] + * firebird2-dev (and thus php5-interbase) is only available on + i386/amd64, so update the control/rules information accordingly. + thanks to Bastian Blank for reporting this (closes: #399558). + + -- sean finney Wed, 22 Nov 2006 19:04:04 +0100 + +php5 (5.2.0-5) unstable; urgency=high + + [ sean finney ] + * bring some of the mainline php4 modules back into the php source + package instead of distributing them in independant source packages: + - php5-imap + - php5-interbase + - php5-mcrypt + - php5-pspell + - php5-tidy + these modules are still provided in the same binary packages as + before, but will now be built in tandem with the core php packages. + * fix for pdo.so duplicate loading warnings, thanks to Jan Wagner + (closes: #398367, #399248). + + -- sean finney Mon, 20 Nov 2006 12:41:37 +0100 + +php5 (5.2.0-4) unstable; urgency=high + + * Re-re-enable LFS support, forward-porting vorlon's fixes in + the php4 tree. + * Add a bit of support in upgrade scripts to avoid unnecessary + ucf prompting during upgrades (closes: #398363). + * Update build-dependencies to reflect that libpcre3-dev >= 6.6 + is required. Thanks to Jan Wagner for pointing this out. + * loosen dependencys for libapache2-mod-php5 to allow usage with + apache2-mpm-itk as an alternative to prefork. + Closes: #398580, #398481. + + -- sean finney Wed, 15 Nov 2006 08:33:28 +0100 + +php5 (5.2.0-3) unstable; urgency=high + + * Unify PHP options for pear binaries to: + -d output_buffering=1 -d open_basedir="" -d safe_mode=0 -d memory_limit="-1" + (Closes: #397625) + * [debian/rules]: Enable PDO building only in apache2 build. + + -- OndÅ™ej Surý Fri, 10 Nov 2006 14:09:00 +0100 + +php5 (5.2.0-2) unstable; urgency=high + + [ OndÅ™ej Surý ] + * Revert Large File Support for this moment. We will try to found + root of the problem for etch, but we do not promise anything. + (Closes: #397465) + + -- OndÅ™ej Surý Wed, 8 Nov 2006 01:13:48 +0100 + +php5 (5.2.0-1) unstable; urgency=high + + [ sean finney ] + * new upstream release. since this means the 5.1 series is deadware + in the eyes of its developers, we better get on this train before + it's too late. Note: this also fixes the htmlentities() exploit. + Reference: CVE-2006-5465. + Closes: #396766. + * s/postinst/postrm/ on one critical line in debian/rules. whoops. + Thanks to Bart Martens for finding this (closes: #396873). + * as a pennance i've enabled LFS support (closes: #359686). + * new version now includes all mbstring headers (closes: #391368). + * enable new built-in zip support. + * enable pdo support for currently supported db types, and place the + extensions in the respective extension packages. future db + types will be added, but probably post-etch as they will probably + introduce new packages/dependencies (closes: #348882). + * move the mysqli module into the mysql module's package, and remove + the no longer necessary mysqli package. + * massaging/removal of various patches to upstream changes: + D patches/106-strptime_xopen.patch + D patches/110-CVE-2006-4812_zend_alloc.patch + M patches/006-debian_quirks.patch + D patches/111-mbstring-headers.patch + M patches/053-extension_api.patch + + [ OndÅ™ej Surý ] + * Package checked, upload to unstable. + + -- OndÅ™ej Surý Tue, 7 Nov 2006 09:26:51 +0100 + +php5 (5.1.6-6) unstable; urgency=high + + [ sean finney ] + * add notes to php.ini(-dist) about "unsupported" security features. + patch: 113-php.ini_securitynotes.patch + + [ OndÅ™ej Surý ] + * SECURITY: include patch for html buffer overflows in ext/standard/html.c + Reference: CVE-2006-5465 + Patch: 114-CVE-2006-5465_htmlentities.patch + Closes: #396766 + + -- OndÅ™ej Surý Fri, 3 Nov 2006 12:32:50 +0100 + +php5 (5.1.6-5) unstable; urgency=high + + [sean finney] + * add a README.Debian.security to clarify how we handle/respond + to security problems in stable releases. + * SECURITY: include patch for integer overflow in zend_alloc.c. + Reference: CVE-2006-04812 (closes: #391586). + patch: 110-CVE-2006-4812_zend_alloc.patch + * bump the debhelper compatibility level to 4. + * remove cyclic depends for mysql/mysqli. + * the long overdue rework of configuration file handling. this also + removes the need for debconf and template translations + (closes: #361211, #393788, #388697). + * start using ucf to manage the the various SAPI php.ini files. + * cleanup and consolidation of a few things in the ./debian dir + * bump the memory limit to 32M for the cli API (closes: #375070, #340586). + * include a fix for missing mbstring headers reported by Jan Wagner + (closes: #391368). + patch: 111-mbstring-headers.patch. + * include support for PTY's in proc_open, as reported by Eike Dehling. + according to php's BTS (http://bugs.php.net/bug.php?id=39224) the + feature was disabled only because the configure script couldn't + accurately determine whether the feature was available, and we know + it is :) (closes: #381438). + patch: 112-proc_open.patch. + * update standards-version to 3.7.2 + + -- sean finney Sat, 28 Oct 2006 14:29:44 +0200 + +php5 (5.1.6-4) unstable; urgency=high + + [sean finney] + * no longer build against GPL'd gdbm library (closes: #390452). + * updated apache2 module dependencies to build against and coexist + with apache2.2 (closes: #390455). + + -- sean finney Sat, 07 Oct 2006 12:06:09 +0200 + +php5 (5.1.6-3) unstable; urgency=low + + [ sean finney ] + * php5 was building against db4.3 even though db4.4 headers were + installed. fix applied to ./ext/dba/config.m4 while we wait + for a real fix from upstream (closes: #388601). + + -- sean finney Mon, 02 Oct 2006 17:42:50 +0200 + +php5 (5.1.6-2) unstable; urgency=low + + [ sean finney ] + * enable the mysqli extension (closes: #320835). + + -- sean finney Tue, 19 Sep 2006 19:31:27 +0200 + +php5 (5.1.6-1) unstable; urgency=high + + [ Adam Conrad ] + * Drop 041-shut_up_snmp.patch, which was no longer needed as of 5.1.0. + + [ OndÅ™ej Surý ] + * Acknowledge NMU. + * New upstream release (Closes: #383596) + - Added missing safe_mode/open_basedir checks inside the error_log(), + file_exists(), imap_open() and imap_reopen() functions. + - Fixed overflows inside str_repeat() and wordwrap() functions on 64bit + systems. + - Fixed possible open_basedir/safe_mode bypass in cURL extension and + with realpath cache. (CVE-2006-2563) (Closes: #370165) + - Fixed overflow in GD extension on invalid GIF images. + - Fixed a buffer overflow inside sscanf() function. (CVE-2006-4020) + (Closes: #382256) + - Fixed an out of bounds read inside stripos() function. + - Fixed memory_limit restriction on 64 bit system (really with 5.1.6). + * Bump libdb build-dep from libdb4.3 to libdb4.4, to match with apache. + + -- OndÅ™ej Surý Sat, 19 Aug 2006 14:41:43 +0200 + +php5 (5.1.4-0.1) unstable; urgency=high + + * Non-maintainer upload. + * New upstream release. (Closes: #366109) + * Fixes information leak in html_entity_decode() (CVE-2006-1490). + (Closes: #359907) + * Fixes phpinfo() XSS (CVE-2006-0996). (Closes: #361914) + * Fixes copy() safe mode bypass (CVE-2006-1608). (Closes: #361915) + * Fixes tempnam() open_basedir bypass (CVE-2006-1494). (Closes: #361916) + * Fixes wordwrap() buffer overflow (CVE-2006-1990). (Closes: #365312) + * Fixes substr_compare() DoS condition (CVE-2006-1991). + * Fixes crash during too deep recursion (CVE-2006-1549). (Closes: #361917) + * Fixes injection in mb_send_mail() (CVE-2006-1014, CVE-2006-1015); not + mentioned in upstream changelog. (Closes: #368595) + * 044-strtod_arm_fix.patch: Adapted for new upstream; pulled in from + Piotr Roszatycki's packages. + * 108-64bit_datetime.patch: Patch to fix possible segfault on systems where + sizeof(void*) > sizeof(int); patch from David Mosberger-Tang. + + -- Steinar H. Gunderson Tue, 13 Jun 2006 22:38:33 +0200 + +php5 (5.1.2-1) unstable; urgency=low + + * New upstream bugfix and security update release (closes: #347894) + - Fixes multiple cross-site-scripting vulnerabilities; CVE-2006-0208 + - Resolves multiple HTTP response splitting vulnerabilities, allowing + arbitrary header injection via Set-Cookie headers; see CVE-2006-0207 + - While we don't currently build it, this release also fixes a format + string vulnerability in the mysqli extension; see CVE-2006-0200 + - Includes a new version of the PEAR installer that seems to have a + slightly better clue about the difference between INSTALL_ROOT and + PHP_PEAR_INSTALL_DIR, fixing pear.conf (closes: #346479, #346501) + * While the above is partially true, the PEAR installer is still a bit + broken (it won't install correctly under fakeroot anymore, YAY), so + shuffle debian/rules to have a build-pear-stamp target, as a stopgap. + * Add 106-strptime_xopen.patch, moving the _XOPEN_SOURCE definition down + in ext/standard/datetime.c, below the php.h include (closes: #346550) + * Add 107-reflection_is_ext.patch, munging ext/reflection/config.m4 to + properly call the PHP_ARG_ENABLE macro for an extension, not built-in. + * Stop php-pear from Replacing and Conflicting with php-html-template-it, + as we only now ship the bare essential to make the pear installer go. + + -- Adam Conrad Mon, 16 Jan 2006 16:12:31 +1100 + +php5 (5.1.1-1) unstable; urgency=low + + * New upstream bugfix release, skipping the problematic 5.1.0 release: + - Fixes a zend.ze1_compatibility_mode segfault (closes: #333374) + - Remove libtool patch from acinclude.m4, now integrated upstream. + - Remove 038-round_test_fix.patch, now integrated upstream. + - Remove 049-exported-headers.patch, as upstream's build system has + gotten more clever about what they should and shouldn't export. + - Remove 054-open_basedir_slash.patch, now integrated upstream. + - Remove 055-gd_safe_mode_checks.patch, fixed differently upstream. + - Mangle 101-sqlite_is_shared.patch, to deal with upstream changes. + - Remove 104-64_bit_serialize.patch, now integrated upstream. + - Remove 105-64_bit_imagettftext.patch, now integrated upstream. + * Many security vulnerabilities fixed (closes: #341368, #336005, #336654): + - Resolves a local denial of service in the apache2 SAPI, which can + be triggered by using session.save_path in .htaccess; CVE-2005-3319 + - Resolves an infinite loop in the exif_read_data function which can + be triggered with a specially-crafted JPEG image; CVE-2005-3353 + - Resolves a vulnerability in the parse_str function whereby a remote + attacker can fool PHP into turning on register_globals, thus making + applications vulnerable to global variable injections; CVE-2005-3389 + - Resolves a vulnerability in the RFC1867 file upload feature where, if + register_globals is enabled, a remote attacker can modify the GLOBALS + array with a multipart/form-data POST request; see CVE-2005-3390 + - Resolves numerous safe_mode and open_basedir bypasses; CVE-2005-3391 + - Resolves INI settings leaks in the apache2 SAPI, leading to safe_mode + and open_basedir bypasses between virtual hosts; CVE-2005-3392 + - Resolves a CRLF injection vulnerability in the mb_send_mail function, + allowing injection of arbitrary mail headers; see CVE-2005-3883 + - Includes PEAR 1.4.5, resolving a vulnerability in the pear installer + which could lead to arbitrary code execution; see CVE-2005-4154 + * Bump libdb build-dep from libdb4.2 to libdb4.3, to match with apache. + * Bump our MySQL build-dep to 5.0's libmysqlclient15-dev (closes: #343793) + * Automate the process of getting the list of built-in modules into the + package descriptions, so it stays fresh in the future (closes: #341867) + * Intentionally disable PDO support until I've sorted out the best way to + deal with shipping this shiny new feature that won't break the world. + * The new PEAR happens to fix the Command.php greedy match bug filed in + Debian as part of the fix for the wider security issue (closes: #334969) + * Create 056-mime_magic_strings.patch, making the mime_magic extension + more liberal about what mime-types is accepts, as well as making it skip + over ones it dislikes, rather than disabling itself (closes: #335674) + * Add 057-no_apache_installed.patch, to stop spewing a mess of errors in + configure because we don't have the apache binaries in the build chroot. + * Fix small typo in the php5-xsl package description (closes: #344816) + + -- Adam Conrad Thu, 15 Dec 2005 14:46:56 +1100 + +php5 (5.0.5-3) unstable; urgency=low + + * Build-Depend on libcurl3-openssl-dev, since libcurl3-dev is going away + soon. Keep libcurl3-dev as an alternate for backporting (see: #334367) + * Switch from libmysqlclient12 to libmysqlclient14; this puts us on the + *other* side of the line regarding which combinations of DSOs cause + segfaults, so hopefully the others catch up with us soon (closes: #332453) + * Look for magic.mime in /usr/share/file now instead of /usr/share/misc/file, + as the path has been changed to comply with the FHS (see: #334510) + * Make the above backportable as well, by searching for both files, and + picking the one that's currently installed on the user's system. + * Include swedish debconf translation from Daniel Nylander (closes: #330763) + * Make pear use '/usr/bin/php' instead of just 'php' to make sure we don't + get some random binary on $PATH that won't work right (closes: #329415) + * Set PHP_PEAR_SIG_BIN to /usr/bin/gpg, and have php-pear Recommends: gnupg + + -- Adam Conrad Fri, 21 Oct 2005 02:30:19 +1000 + +php5 (5.0.5-2) unstable; urgency=medium + + * Remove Andres Salomon from the Uploaders field, at his request. Thanks + for all your work on the PHP packages, Andres, now fix our kernel bugs. + * Add 054-open_basedir_slash.patch, which fixes a bug where if open_basedir + is set to "/foo/", users can access files in "/foobar/", which is not the + documented behaviour; this addresses CAN-2005-3054 (see: #323585) + * Add 104-64_bit_serialize.patch from Joe Orton, resolving a segfault when + serializing objects on all 64-bit architectures (closes: #329768) + * Add 105-64_bit_imagettftext.patch, fixing a type mismatch in the GD + extension, causing memory corruption on 64-bit arches (closes: #331001) + * Add 055-gd_safe_mode_checks.patch from PHP CVS, adding missing safe_mode + checks to the _php_image_output and _php_image_output_ctx GD functions. + * Make php-pear Provide, Replace, and Conflict php-html-template-it, which + we appear to have absorbed into the main PEAR packaging (closes: #332393) + + -- Adam Conrad Tue, 27 Sep 2005 16:09:29 +1000 + +php5 (5.0.5-1) unstable; urgency=low + + * New upstream release, adjust patch offsets and fuzz, and drop patches: + - Drop 009-snmp-int-sizes.patch, finally fixed upstream. + - Drop 051-gcc-4.0.patch, fixed differently upstream. + - Drop 102-php_streams.patch, fixed upstream. + - Drop 103-catch_segv.patch, also fixed upstream. + - Includes PEAR XML_RPC fix for CAN-2005-2498. + - Includes phpinfo() XSS fix for CVE-2005-3388. + * Distribute the shiny new manpages for php-config and phpize. + + -- Adam Conrad Mon, 12 Sep 2005 02:29:24 +1000 + +php5 (5.0.4-4) unstable; urgency=low + + * OndÅ™ej Surý : + - Add patch from CVS to fix regression in PHP 5.0.4, where file related + functions all stop reading at 2,000,000 bytes (closes: #321930) + * Adam Conrad : + - Enable support for gdbm files in the dba handler; half the base system + already appears to depend on libgdm, so we can't make things worse. + - Add another patch from CVS to fix a segfault in the catch/throw + handler under interesting nesting cases (closes: #322507) + - Rebuild against libsnmp9-dev for new libsnmp SOVER (closes: #327107) + + -- Adam Conrad Thu, 8 Sep 2005 00:36:36 +1000 + +php5 (5.0.4-3) unstable; urgency=low + + * And fix the module/extension API situation one last time, this time + we read ZEND_EXTENSION_API_NO, ZEND_MODULE_API_NO, and PHP_API_VERSION, + pick the most recent of the three, assume things broke in ways we're + not willing to cope with, and both change the extension directory to + use that value, as well as setting it to the provides/depends for the + various SAPI and extension packages. + * Add a new option to php-config, 'php-config --phpapi', which extension + packagers should now be using to get the current phpapi they're building + against and set their dependencies accordingly. + * Strip the -gnu off the end of the DEB_*_* variables and drop the + versioned dpkg-dev build-dep to ease backporting to sarge and hoary; + doing so in such a way as to still allow for easy cross-compiling. + * Add postgresql-dev build-dep alternate for easy hoary/sarge backports. + * Make libapache2-mod-php5 the default alternate dependency for the php5 + metapackage, since we really do want to encourage the apache upgrade. + * Make php5-dev stop shipping copies of files from autotools-dev, shtool, + and libtool, and instead symlink to them and depend on those packages, + thus avoiding the shtool issues from CAN-2005-1751 and CAN-2005-1759. + + -- Adam Conrad Sun, 31 Jul 2005 03:05:08 +1000 + +php5 (5.0.4-2) unstable; urgency=low + + * We now have a mailing list. Set the maintainer to the list, and move + myself to Uploaders where, apparently, I belong. + * Use ZEND_MODULE_API_NO rather than PHP_API_VERSION for extension deps, + as recent upstream ABI breakage in 4.4.0 leads me to believe this is + the only constant they actually bother to update on ABI changes. + * Bring back some concflicts that went missing (libapache-mod-php5 needs + to conflict with libapache-mod-php4 and older versions of php4, while + the two libapache2-mod-php[45] modules also need to conflict). + * Adjust debian/watch to not match on upstream's alpha/beta/rc releases. + + -- Adam Conrad Wed, 27 Jul 2005 22:30:42 +1000 + +php5 (5.0.4-1) unstable; urgency=low + + * Initial PHP5 release; packaging forked from php4 4:4.3.11-1. + - Closes: #262977, #293832 + * Ondrej Sury : + - Removed some obsolete cruft, since there wasn't any previous php5 + packages there is no need, to check /usr/share/doc/*, etc. + - Removed apache2 IfModule hack, it's been fixed in php5. + - Updated patches to php5, removing those which are obsolete. + - Changes xslt extension to xsl (using libxslt). + - Updated debian/* including changelog. + - Raised update-alternatives priority to 50. + * Adam Conrad : + - Merged with php4 4:4.4.0-1 packaging. + - Re-roll upstream tarball to include PEAR::XML_RPC 1.3.3, which + includes a security fix for CVE CAN-2005-1921. + - Bump to Standards-Version 3.6.2, with no source changes. + - Stop distributing the phpextdist binary, as upstream has stopped. + - Drop the ext_skel binary and skeleton dir from php5-dev, as it has + been deemed obsolete upstream and the version in the tarball is not + considered useful anymore. PEAR::PECL_Gen upstream will replace it. + - Fix longstanding broken shebang lines in debconf config scripts. + - Remove lintian overrides for modules; lintian no longer complains + about missing shlibs for libraries outside the linker path. + - Add a linda override for the non-standard directory permissions on + /var/lib/php5 in php5-common. + - Rename php5-pear to php-pear, have it replace php4-pear, and depend + on php5-cli OR php4-cli; make sure it works with both. + - Compile in SOAP extension (closes: #307580) + - Enable SQLite extension as shared, make the xmlrpc extension shared. + - Enabled the pgsql extension, and disabled the imap extension (which + will be moving to another source package and become the example + package for out-of-tree builds). + + -- Adam Conrad Sat, 16 Jul 2005 23:42:36 +1000 + +php4 (4:4.3.11-1) unstable; urgency=low + + * New upstream release (closes: #304052) + - Drop CVS patches, we're back in step with upstream versions. + - Remove 048-x509_multiple_orgUnits.patch, incorporated in 4.3.11. + - Remove 050-4.3.11_file_copy_fix.patch, incorporated in 4.3.11. + - Remove 040-curl_open_basedir.patch, as upstream has solved this + in a different fashion. + - Adjust patches for offset and fuzz. + - Remove bits from debian/rules dealing with the DB PEAR extension, + since it's no longer shipped in the php4-pear package. + * Rebuild against newer version of freetds library (closes: #317369) + * Add 052-phpinfo_no_configure.patch, which disables the display of our + "Configure Command" in phpinfo(), which was the source of many bogus + bug reports over the years, due to people misinterpreting its meaning. + * New translations to Vietnamese and Russian (closes: #316821, #310199) + - vi.po contributed by Clytie Siddall + - ru.po contributed by Yuriy Talakan' + * Mention FastCGI in the description of php4-cgi (closes: #310810) + + -- Adam Conrad Mon, 4 Jul 2005 17:47:32 +1000 + +php4 (4:4.3.10-15) unstable; urgency=low + + * Bring back the shipping of /usr/share/doc symlinks in our packages, + as this, in concert with moving the migration detection from preinst + to postinst (which was done in the last upload), seems to give us the + sanest upgrade path. Thanks to Steve Langasek for smacking me around + with unpack/upgrade scenarios for a while to convince me of this. + + -- Adam Conrad Mon, 9 May 2005 02:13:19 -0600 + +php4 (4:4.3.10-14) unstable; urgency=high + + * Revert the directory->symlink magic to work how it used to, since the + new behaviour broke hideously on upgrades from Woody, causing certain + files (like the changelog) to mysteriously go missing (closes: #307591) + * Move our template php.ini to /usr/share/php4, so we stop violating + policy by using files from /usr/share/doc (as seen in #307591) + * Remove 'readline' from the php4-cli package description, since we don't + actually build with readline support enabled anymore (closes: #306571) + + -- Adam Conrad Wed, 4 May 2005 01:48:19 -0600 + +php4 (4:4.3.10-13) unstable; urgency=low + + * Update email address for Andres Salomon + * Add Portuguese translation from Miguel Figueiredo (closes: #305038) + * Include 051-gcc-4.0.patch, which resolves a build failure in + libxmlrpc (from the xmlrpc extension) with gcc-4.0 (closes: #287956) + + -- Adam Conrad Mon, 18 Apr 2005 00:29:54 -0600 + +php4 (4:4.3.10-12) unstable; urgency=low + + * Add 050-4.3.11_file_copy_fix.patch, which reverts a broken 'fix' + made to the copy() function, causing it to fail in particularly + spectacular ways when used on remote files (closes: #304601) + * Use -g instead of -gstabs on powerpc64-linux (closes: #301571) + + -- Adam Conrad Thu, 14 Apr 2005 03:53:27 -0600 + +php4 (4:4.3.10-11) unstable; urgency=medium + + * Address an FTBFS waiting to happen in the php4-dev package: + - Remove Win32 and Netware specific headers. + - Stop shipping php4-pgsql headers. + - Stop shipping the expat headers, since we don't even + use the bundled expat library. + - Make php4-dev depend on libssl-dev, since it wants to include + ssl.h when you use it to build network-using extensions. + * Stop building extensions twice; we don't need two copies. + + -- Adam Conrad Tue, 12 Apr 2005 03:14:03 -0600 + +php4 (4:4.3.10-10) unstable; urgency=low + + * Update to 200503131325 CVS (AKA: 4.3.11RC1), fixing several bugs + including a segfault in mysql_fetch_field() (closes: #299608) + * Remove 042-remove_windows_paths.patch, incorporated upstream. + * Add 048-x509_multiple_orgUnits.patch to bring the openssl extension + in line with the upcoming 4.3.11 behaviour of listing multiple + Organisational Units in an x509 cert as an array, rather than only + listing the last in the list. + * After much talk with upstream, revert the ZTS changes. We are no + longer building a thread-safe PHP. (closes: #299820, #297223, #297679) + * ZTS was breaking file search paths, leading to errors loading files + from the cwd (closes: #298282, #298518, #299089, #299356) + * Stop building caudium-php4 (closes: #294718, #297702, #295100) + - We can't link against the GPL pike7.2, which we've been doing. Oops. + - Even if the above weren't true, upstream has insisted that ZTS is a + horribly broken solution, slated for eventual removal, and should + never, ever be used. In light of that, caudium users should instead + use php4-cgi, either as a plain CGI, or as a FastCGI backend. + - Not even attempting to provide an upgrade path, as it would be + needlessly complex, and caudium-php4 in previous stable releases + was nothing more than a useless toy, given that it had nearly no + useful extensions built-in or supported. + * Rewrite 041-shut_up_snmp.patch to take a different approach, this time + regrettably reverting a fix for a memory leak, in the name of making + things work properly, including squashing the putenv() intecaction + bug between PHP and other apache modules (closes: #298511, #300628) + * On sidegrades from distributions where different modules may be built + from their own source, and thus have their own doc directories, bad + things happen when we try to replace those with symlinks, so now we + check for this in preinst, and fix stuff up magically to Just Work. + * Add Jeroen van Wolffelaar to Uploaders. + * Fix up modules regexes to use "\.so" instead of ".so" (cf: #300998) + + -- Adam Conrad Wed, 16 Mar 2005 22:46:05 -0700 + +php4 (4:4.3.10-9) unstable; urgency=low + + * Update 040-curl_open_basedir.patch once more to make sure it doesn't + segfault when fed a null or uninitialised URL (closes: #295447) + * Add 047-zts_with_dl.patch, courtesy of Steve Langasek to re-enable the + dl() function in our builds, despite upstream's claim that it "might + not be threadsafe on all platforms"; it is on ours (closes: #297839) + * Make the php4-dev binaries versioned with alternatives (closes: #295903) + * Update build-deps to libmysqlclient12-dev (closes: #290989, #227549) + + -- Adam Conrad Sun, 6 Mar 2005 07:30:35 -0700 + +php4 (4:4.3.10-8) unstable; urgency=high + + * Add 046-zend_plist_buggery.patch which unrolls the changes made to + zend.c in CVS post-4.3.10. The memory leaks fixed by these changes + seem to not have been hurting us terribly so far, while the "fix" + (breaking persistent lists) was, uhm, bad (closes: #295998, #296694) + * Revise 041-shut_up_snmp.patch to call init_snmp with 'snmpapp' as the + appname, rather than 'php', to maintain backward compatibility, and to + wrap our setenv/unsetenv magic only around snmp_shutdown, which seems to + solve a segfault when php4-snmp is loaded with mod_perl (closes: #296282) + * Fix 042-remove_windows_paths.patch to catch both cases where windows + path stripping should occur (closes: #296406) + + -- Adam Conrad Tue, 22 Feb 2005 07:49:32 -0700 + +php4 (4:4.3.10-7) unstable; urgency=high + + * Rewrite 040-curl_open_basedir.patch, so it now does what it's supposed + to (addressing CAN-2004-1392) and no longer segfaults (closes: #295447) + + -- Adam Conrad Thu, 17 Feb 2005 00:06:36 -0700 + +php4 (4:4.3.10-6) unstable; urgency=high + + * Add 044-strtod_arm_fix.patch to fix the FPU confusion FTBFS on arm. + * Add 045-exif_nesting_level.patch to bump the exif header parsing max + nesting level to something that actually works with most JPEG images. + + -- Adam Conrad Mon, 14 Feb 2005 16:04:28 -0700 + +php4 (4:4.3.10-5) unstable; urgency=low + + * Add 043-recode_size_t.patch to fix 32/64-bit issues causing the recode + extension to segfault on alpha/amd64/ia64 (closes: #294986) + * Move the ./buildconf stuff in the unpatch target inside the test + for patch-stamp, as it's uselss unless we're unpatching. + + -- Adam Conrad Sun, 13 Feb 2005 19:09:39 -0700 + +php4 (4:4.3.10-4) unstable; urgency=medium + + * Make php4-dev arch:any, as it contains some arch-specific defines. + * Add 042-remove_windows_paths.patch, a patch to rfc1867.c to strip Windows + paths from uploaded filenames, like it used to. (closes: #294305) + * Fix up caudium description to reflect the fact that caudium it is no + longer restricted from sharing extensions with other SAPIs. + * Build-dep on apache2-threaded-dev (>= 2.0.53-3) to make sure we + get a version with non-broken headers. + + -- Adam Conrad Wed, 9 Feb 2005 11:52:10 -0700 + +php4 (4:4.3.10-3) unstable; urgency=medium + + * Update to CVS, as of 200502060530 (closes: #288672) + - Fixes two vulnerabilities in exif.c, CAN-2005-1042 and CAN-2005-1043 + - Fixes two vulnerabilities in image.c, CAN-2005-0524 and CAN-2005-0525 + - File uploads with "'" in them aren't cut off anymore (closes: #288679) + - unserialize() is no longer ridiculously slow (closes: #291392) + - Add 000-200502060530_CVS.patch + - Adapt debian/rules to the realities of upstream's new buildconf + - Add 033-we_WANT_libtool.patch, to force relibtoolizing with Debian's + libtool, rather than using upstream's broken bundled libtool + - Drop 031_zend_strtod_1.1.2.10.patch and 032_zend_strtod_debian.patch + - Adjust patches for offsets and fuzz + - Force --with-pic, as policy demands it, and the build system doesn't + * Added several patches, yanked from the Fedora PHP sources: + - 034-apache2_umask_fix.patch, fixes umask not being properly reset + after each request (closes: #286225) + - 036-fd_setsize_fix.patch, fixes misuse of FD_SET() + - 038-round_test_fix.patch, makes the rounding test work on gcc-3.3 + * Removed --with-libedit, as being able to background php is more useful, + in my opinion, than using readline functions (see #286356) + * Include zip support in all SAPIs (closes: #288534, #288909) + * Enable Zend Thread Safety for all SAPIs, meaning that our modules + are now compiled for ZTS APIs as well. (closes: #278212, #264015) + - Make sure caudium-php4 now provides phpapi-$(ver), and modules can + be configured with the caudium SAPI. + - Add 039-reentrant_libs.patch to link to the reentrant versions of + libldap and libmysqlclient + * Stop suggesting phpdoc, as it's undistributable anyway. + * Add 040-curl_open_basedir.patch, to make php4-curl respect the value + of open_basedir, thanks to Martin Pitt (closes: #291410) + * Add 041-shut_up_snmp.patch, to prevent libsnmp5 from attempting (and + failing) to write persistent data every time it shuts down. Ugh. + + -- Adam Conrad Sun, 6 Feb 2005 05:32:11 -0700 + +php4 (4:4.3.10-2) unstable; urgency=high + + * Patch Zend/zend_strtod.c twice: + - Patch from upstream CVS to fix FTBFS on Sparc/Linux systems + - Patch from me to fix FTBFS on __mc68000__, __ia64__, and __s390__ + + -- Adam Conrad Sat, 18 Dec 2004 19:35:30 -0700 + +php4 (4:4.3.10-1) unstable; urgency=high + + * New upstream release, including the following security fixes: + - CAN-2004-1018 - shmop_write() out of bounds memory write access. + - CAN-2004-1018 - integer overflow/underflow in pack() and unpack() + functions. + - CAN-2004-1019 - possible information disclosure, double free and + negative reference index array underflow in deserialization code. + - CAN-2004-1020 - addslashes() not escaping \0 correctly. + - CAN-2004-1063 - safe_mode execution directory bypass. + - CAN-2004-1064 - arbitrary file access through path truncation. + - CAN-2004-1065 - exif_read_data() overflow on long sectionname. + - magic_quotes_gpc could lead to one level directory traversal with + file uploads. + * Adjust patch offsets for new upstream, fix 013-force_getaddrinfo.patch + to match with new configure.in and drop 026-4.3.10_session_fixes.patch + which is included in 4.3.10. + + -- Adam Conrad Wed, 15 Dec 2004 17:17:40 -0700 + +php4 (4:4.3.9-2) unstable; urgency=low + + * Adam Conrad : + - Add -fno-strict-aliasing to CFLAGS, as the (several thousand) + warnings I'm getting from GCC are frightening me a tad. + - Remove the php-cgi alternative in php4-cgi's prerm, to avoid + leaving dangling symlinks (closes: #275962, #282315) + - Include 030-imap_getacl.patch, adding the imap_getacl() function + required by the GOsa project (closes: #282484) + - Include php.ini-paranoid in doc/examples, provided and maintained + by Javier Fernández-Sanguino Peña (closes: #274374) + - Make /cgi-bin/php4 an alternative for /cgi-bin/php (closes: #282464) + - Remove obsolete info from README.Debian relating to session_mm, + since we stopped building with libmm a while back. + - Reintroduce /usr/lib/php4/libexec that went missing in a previous + upload, since the build uses it as the default safe_mode exec dir. + * Andres Salomon : + - Add patch to include gd headers in php4-dev, as some PECL modules + (notably, pdflib) expect it; 028-export_gd_headers.patch. + - Lintian fix: Add missing #DEBHELPER# token to php4-common.postrm. + + -- Adam Conrad Wed, 01 Dec 2004 18:48:13 -0700 + +php4 (4:4.3.9-1) unstable; urgency=high + + * New upstream release, removed the following patches fixed upstream: + 014-apache2handler_CVS_fixes.patch, 015-gdNewDynamicCtx_Add_Ex.patch, + 018-unix_socket_fd_leak.patch, 020-4.3.9_overflow_fixes.patch, + 021-4.3.9_sybase_ct_fixes.patch, 022-4.3.9_sprintf_fixes.patch, + 023-4.3.9_array_fixes.patch, 024-4.3.9_glob_fix.patch, + and 025-4.3.9_domxml_segfaults.patch + * Resolves undiscolsed vulnerabilities in GPC processing and rfc1867 + handling of file uploads via the $_FILES array; these have since + been assigned CVE CAN-2004-0958 and CAN-2004-0959 (closes: #274206) + * After some fairly heavy testing from several users and developers, + finally update php4-snmp to use libsnmp5 (closes: #195929) + * Add 026-4.3.10_session_fixes.patch from CVS, which prevents PHP + from segfaulting when a nonexistant or unsupported save_handler or + serialize_handler is specified in php.ini. + * Add /etc/apache/conf.d/php4.conf, setting up our mime-types, on the + off chance that the user's /etc/mime.types is broken (closes: #271171) + * Reintroduce a CGI binary at /usr/bin/php4-cgi, so people who can't + make use of the --force-cgi-redirect CGI binary in /usr/lib/cgi-bin + can instead use #!/usr/bin/php4-cgi scripts (closes: #273143) + * Enable FastCGI for both CGI binaries, now that it no longer conflicts + with, but rather complements, the CGI SAPI (closes: #233849) + * Bump libgd2 build-dep a notch to make sure we build against a version + that actually has XPM support built in (closes: #270435) + * Finally drop the bogus libapache-mod-ssl dependency from the apache1.3 + php4 module, as glibc (>= 2.3.2.ds1-17) has fixed the dlopen refcount + bug that we were hacking around (closes: #205553, #230956, #271000) + * Remove the mm session handler from the apache1.3 build. Since the + files handler now works on all arches, and is configured to be secure + by default, mm seems to have outlived its usefulness. + (closes: #119902, #149430, #166811, #272463, #232840) + * Rename sapi/apache2handler/sapi_apache2.c to mod_php4.c so that + directives aren't ambiguous between php4 and php5. + * Add Czech translation, thanks to Miroslav Kure (closes: #274038) + * Configure CLI with --with-libedit for readline support, and add + 027-readline_is_editline.patch, since Debian's libedit headers are + not installed in /usr/include/readline (closes: #274031) + * libcurl grew a new SONAME somewhere along the way, and upgrading + doesn't seem to cause regressions in php4-curl, so upgrade we shall, + changing build-deps accordingly (closes: #260389) + + -- Adam Conrad Mon, 4 Oct 2004 22:57:37 -0600 + +php4 (4:4.3.8-12) unstable; urgency=high + + * On new php4-cli installations, if php4-cgi is installed, we copy its + php.ini as a starting reference, so that command line scripts that + used to work don't start mysteriously failing (closes: #270153) + * php4-common has grown a postrm script to make sure we completely + clean out and remove /var/lib/php4 during the purge phase. + * Optimize garbage collection cronjob to use 'xargs -r -0 rm', so we + aren't forking for every session file we delete (closes: #268918) + + -- Adam Conrad Sun, 5 Sep 2004 19:17:42 -0600 + +php4 (4:4.3.8-11) unstable; urgency=high + + * Andres Salomon : + - Fix bashism in maxlifetime script (closes: #270015) + * Adam Conrad : + - Clarify setup instructions in README.Debian for using php4-cgi + with the apache and apache2 packages (closes: #228342, #228343) + + -- Adam Conrad Sat, 04 Sep 2004 23:21:21 -0600 + +php4 (4:4.3.8-10) unstable; urgency=high + + * Andres Salomon : + - Change frequency of session file cleansing, based on the maximum value + of session.gc_maxlifetime from all php.ini files (closes: #269688). + - Update README.Debian to mention session cleaning cron job. + * Adam Conrad : + - Drop php4-cgi from the list of alternate dependencies for the php4 + metpackage to smooth upgrades for woody users who have both php4 and + php4-cgi installed (closes: #269628, #269348, #269377) + - Fix cut-n-paste issue in php4-cli postinst (closes: #269466) + - Add 023-4.3.9_array_fixes.patch, which fixes problems with the + extract() function misbehaving with multiple element references. + - Add 024-4.3.9_glob_fix.patch to fix broken return values from glob() + when it succeeds with no matches (closes: #269287) + - Add 025-4.3.9_domxml_segfaults.patch, fixing segfaults in the domxml + extension when it shares memory space with other libxml2-using libs. + - Update the comments in php.ini to point out that, due to dilinger's + changes above, session.gc_maxlifetime is honoured by the gc cronjob. + + -- Adam Conrad Fri, 03 Sep 2004 20:42:56 -0600 + +php4 (4:4.3.8-9) unstable; urgency=high + + * Re-introduce the changelog.Debian that went missing in the last + upload due to the php4-common move from arch:all to arch:any + * Clean up lintian warnings regarding scripts that weren't executable + and executables that weren't scripts. + * Add a lintian override for the non-standard-dir-perm of /var/lib/php4 + * Update to Standards-Version 3.6.1 (no changes, other than the above) + + -- Adam Conrad Thu, 26 Aug 2004 21:53:27 -0600 + +php4 (4:4.3.8-8) unstable; urgency=low + + * Default session.save_path is now compiled in to php4, allowing + us to, again, comment out the value in php.ini. + * Comment out session.gc_probability in the default php.ini, as we've + now compiled in a default of 0, allowing the cronjob to do the + garbage collection for us instead. (closes: #267720) + * Make the 5 SAPI postinsts smarter, allowing them to poke around in + people's configs and make sure that sessions won't be broken + after we upgraded them from a perfectly functional system. + * Add 022-4.3.9_sprintf_fixes.patch, fixing incorrect formatting of + floats with padding by sprintf(). + * Make php4-common arch:any, and loosen up some of the other any->all + package dependencies to make sure binNMUs won't break. + + -- Adam Conrad Tue, 24 Aug 2004 03:09:43 -0600 + +php4 (4:4.3.8-7) unstable; urgency=high + + * Back out LFS support AGAIN, as we're disabling LFS in apache2 for + the Sarge release. (closes: #266869) + * Add 021-4.3.9_sybase_ct_fixes.patch, backporting several fixes + for the sybase_ct extension from 4.3.9rc1. + * Tidy up descriptions a fair bit: + - Disambiguate short descriptions of SAPIs. (closes: #244571) + - Refresh the (now much longer) lists of built-in modules for each SAPI. + - Explain why caudium-php4 can't use any loadable extensions. + - Remove silly advertising blurb for Zend, since very few people are + still using php3, and those who are can't be convinced to upgrade + just by telling them "Hey, it's faster!". + - Add Homepage URI to each SAPI description. + - Fix typo in php4-domxml description. (closes: #146124) + * Make caudium-php4 provide php4-mysql and php4-pgsql, so it can be used + with packages that depend on something like "php4, php4-mysql". + * Enable --with-mime-magic and make sure all SAPIs depend on libmagic1 + to pull in /usr/share/misc/file/magic.mime (closes: #175136) + + -- Adam Conrad Thu, 19 Aug 2004 18:27:17 -0600 + +php4 (4:4.3.8-6) unstable; urgency=high + + * Add libgcrypt11-dev to the build-depends, as something seems to be + pulling it in and causing an FTBFS (closes: #265952) + * Add 020-4.3.9_overflow_fixes, backporting fix for integer overflows + in array_slice(), array_splice(), substr(), substr_replace(), + strspn() and strcspn(). + * Bump the apache2 build-dep to (>= 2.0.50-9) to ensure we're building + against the new ABI-incompatble libapr0, which brings in proper + large file support. Bump the apache2 binary dependency as well. + (closes: #266210, #266192) + * Enable large file support on all SAPIs except for caudium, as I'm not + sure how caudium will react to the change, and I don't want to + destabilise anything just before release. This change has been + heavily tested with apache2/apache/cgi/cli, and all is well there. + * Re-enable 019-z_off_t_as_long.patch, which is needed to make sure + that LFS-enabled SAPIs can still use zlib file functions correctly. + * Rework the apache2 restarting logic to only restart apache2 if + apache2ctl configtest succeeds, otherwise kick out a warning to + the user. Even then, we run force-reload with ||true, in case + apache2 fails to start for other reasons (closes: #264958) + * Make php4-gd Provide php4-gd2, so packages which still depend on + php4-gd2 are installable (and so packaging frontends can take the + provides/conflicts/replaces hint and DTRT with it) + * Split php4-cgi to php4-cgi and php4-cli (closes: #227915) + - Add php4-cli to debian/control, replaces older php4-cgi versions + - php4-cgi depends on php4-cli for smooth transitions + - php4-pear now depends on php4-cli (closes: #243214, #221434) + - Add php4-cli to list of SAPIs configurable for modules + - Munge php.1 manpage to include -cli info + - Enable pcntl and ncurses in -cli (closes: #135861, #190947, #241806) + * Move all of php4's files to libapache-mod-php4, and make php4 a + metapackage that depends on libapache-mod-php4 | libapache2-mod-php4 | + php4-cgi | caudium-php4 (closes: #244573, #246654, #244571, #266517) + * Include skeleton directory in php4-dev (closes: #95832, #211338) + * Include php.ini-recommended in php4-common's examples (closes: #181396) + * Move /var/lib/php4 to php4-common and install a cronjob that cleans + out old sessions every 30 minutes (closes: #256831, #257111) + * Move the libapache-mod-ssl dependency from php4-imap to + libapache-mod-php4 to stop irritating users of other SAPIs + (closes: #240003, #246887, #263381) + * Compile pgsql and mysql support into the caudium SAPI, so it's + slightly less useless (closes: #181175) + + -- Adam Conrad Sun, 15 Aug 2004 19:56:14 -0600 + +php4 (4:4.3.8-5) unstable; urgency=low + + * Build-depend on chrpath and use it to nuke rpath from modules + during the install target of debian/rules. + * Add 018-unix_socket_fd_leak.patch to get rid of UNIX socket file + descriptor leak on failed fsockopen() calls. (closes: #257269) + * It would seem that if we want LFS support, all SAPIs and all extensions + that do file access need to be built with LFS support, and since + apache2 currently doesn't have LFS, this presents a problem. As + such, I'm disabling LFS accross the board until apache2 supports it. + (closes: #263962) + * Add 019-z_off_t_as_long.patch, including local headers for zlib, + forcing off_t = long for gzip file functions, however disable it + for now, as we'll only need it if we reenable LFS (closes: #208608) + * Add the Debian package revision as EXTRAVERSION to PHP, so one can + more easily tell what version is currently running (for instance, + if a user fails to restart Apache after an upgrade of php4, this + would become obvious to them in the version banner and in phpinfo() + * Fixed up debian/patches, adjusting offsets and adding newlines, + so patch stops complaining and applies them cleanly. + * libapache2-mod-php4 postinst now forces a reload of apache2, which + should get the module properly working in all cases where people + previously thought 'apachectl graceful' would cut it. + (closes: #241352, #263424, #228343) + * debian/rules explicitly sets PROG_SENDMAIL during configure so + that builds on buildds with no sendmail installed don't get the + mail() function disabled. (closes: #180734) + * Enable XMLRPC-EPI support for all SAPIs (closes: #228825, #249368) + * Enable sysvmsg support for all SAPIs (closes: #236190) + * Enable dbx support for all SAPIs (closes: #229508, #249797) + * Nuke aclocal.m4 before we run ./buildconf to ensure we get it + regenerated correctly, and we get an up-to-date libtoolization. + + -- Adam Conrad Mon, 9 Aug 2004 07:47:46 -0600 + +php4 (4:4.3.8-4) unstable; urgency=low + + * Drop 016-pread_pwrite_XOPEN_SOURCE_500.patch, as it didn't seem to + solve anything, really, and add 017-pread_pwrite_disable.patch, + wich completely disables pread/pwrite usage, fixing session support + on sparc, and pread/pwrite usage on amd64. (closes: #261311) + + -- Adam Conrad Mon, 26 Jul 2004 06:15:59 -0600 + +php4 (4:4.3.8-3) unstable; urgency=low + + * Steve Langasek : + - Give php4-pear a versioned dependency on php4-cgi, due to + backwards-compatibility issues (closes: #260924). + + * Adam Conrad : + - Added a debian/watch file for the curious, or people running + automated uscan scripts over the entire archive. + - Bump libgd2 build-dep to 2.0.28 to buy us guaranteed GIF + support in php4-gd (closes: #66293) + - Add 015-gdNewDynamicCtx_Add_Ex.patch, which fixes three double-free + errors in php4-gd. This, in concert with the librrd0 update + (see #261323) should clear up all known segfaults in php4-gd + (closes: #220196, #234571, #241270, #246833, #251220, #260790) + Thanks to Klaus Reimer for the tip. + - Add 016-pread_pwrite_XOPEN_SOURCE_500.patch, which fixes use of + pread/pwrite in conjunction with LFS64. This should fix the files + session handler on sparc, as well as the amd64 build failure. + (closes: #234766, #239420, #261311, #248765) + - Clean up debian/rules to remove a bunch of obsolete cruft, as well + as introducing an LFSFLAGS, allowing us to easily turn LFS support + on and off for each SAPI. + - Re-enable LFS for apache 1.3, as it was enable in Woody and we should + remain backward compatible. + + -- Adam Conrad Sun, 25 Jul 2004 18:49:31 -0600 + +php4 (4:4.3.8-2) unstable; urgency=high + + * Urgency "high" to make up for the last upload which contained + security fixes but was uploaded urgency "low". + + * Adam Conrad : + - Bump debhelper build-dep to >= 3, as we were using DH_COMPAT=3 + in debian/rules. Not sure how this was missed for so long. + - Add 014-apache2handler_CVS_fixes.patch, which fixes a memory + leak in the apache2handler SAPI, as well as a logical mishandling + of fatal errors during activation. + + * Steve Langasek : + - Revert large file support, which appears to cause + ABI-incompatibilities (and therefore segfaults) for apache2 + (closes: #259659). + + -- Adam Conrad Mon, 19 Jul 2004 20:44:00 -0600 + +php4 (4:4.3.8-1) unstable; urgency=low + + * Adam Conrad : + - New upstream release (4.3.8). Fixes several security issues: + + Fixed strip_tags() to correctly handle '\0' characters. + + Improved stability during startup when memory_limit is used. + + Replace alloca() with emalloc() for better stack protection. + + Added missing safe_mode checks inside ftok and itpc. + + Fixed address allocation routine in IMAP extension. + + Prevent open_basedir bypass via MySQL's LOAD DATA LOCAL. + + Fixes DoS in readfile() function, see CAN-2005-0596. + - php4-pear now includes PEAR::Mail 1.1.3 (closes: #257688) + - debian/control: change libpng3-dev build-dep to libpng12-dev + - Add Turkish debconf translation, thanks to Osman Yuksel. + (closes: #252940) + + * Andres Salomon : + - New upstream release (4.3.7). The following patches are dropped: + 007-dba_fix.patch + 008-xbithack.patch + 011-curl_api_update.patch + 012-curl_deprecated_opts.patch. + - Add 013-force_getaddrinfo.patch, so that getaddrinfo support is + always enabled (instead of doing check during build). + + * Steve Langasek : + - Enumerate supported SAPIs in both the module postinst and the module + config script, to avoid "question not found" errors from debconf. + This doesn't give us automatic support for new SAPIs as they're + added, but it avoids trying to configure SAPIs that we don't support + (e.g., caudium), and it also sidesteps shell syntax errors caused by + strangely-named subdirectories. + - Remove apache2 from the TODO list, because it's done + (closes: #243793). + - Add /var/lib/php4 to the list of directories for the apache2 module, + so we don't end up with a missing session dir (closes: #240962). + - s/modules-config/apache-modconf/, now that the canonical name of the + apache-common tool has changed + - Drop references to php3 in README.Debian, and document the + simplified process for enabling php4 in apache 1.3 (closes: #244564). + - Enable large files support for all SAPIs (closes: #249500). + - Fix commented-out default include path in php.ini (closes: #250274). + + -- Adam Conrad Wed, 14 Jul 2004 18:06:42 -0600 + +php4 (4:4.3.4-4) unstable; urgency=low + + * Drop apache2 work-around patch and add build-dep on apache2 2.0.48-8, + now that #228840 is fixed. + * Fix FTBFS problem caused by curl api changes, adding patches 011 and + 012 (closes: #239159). + * Add phpapi Provides for libapache2-mod-php4 (closes: #240386). + * Add versioned build-dep for pcre, as apache2 has proven that pcre-3.9 + and older won't work (closes: #215069). + * Tighten build-dep versions to match upstream's autoconf version checks + (closes: #214060). + + -- Andres Salomon Fri, 26 Mar 2004 23:27:27 -0500 + +php4 (4:4.3.4-3) unstable; urgency=low + + * Andres Salomon : + - Fix incorrect php.ini path in CLI manpage (closes: #233757). + - Add libapache2-mod-php4 module (closes: #214611). + * Updated Japanese debconf translation; thanks to Kenshi Muto + (closes: #222424). + * Build php4-gd against libgd2-xpm, removing the need for a separate + php4-gd2 package (closes: #235390, #206045, #135664). + * Add new Catalan debconf translation; thanks to Aleix Badia i Bosch + (closes: #236630). + * Add new Spanish debconf translation; thanks to Carlos Valdivia + Yagüe (closes: #235052). + + -- Steve Langasek Sat, 28 Feb 2004 12:11:57 -0600 + +php4 (4:4.3.4-2) unstable; urgency=low + + * Add build-depends on autoconf, missed earlier (closes: #235012). + * Minor updates to README.Debian list of supported extensions. + * Fix integer size mismatch in snmp extension affecting 64-bit + platforms + + -- Steve Langasek Thu, 26 Feb 2004 22:25:27 -0600 + +php4 (4:4.3.4-1) unstable; urgency=low + + * New upstream version. Update local patch set accordingly, with help + from Andres Salomon . + - includes fix for snmpget() not closing its socket + (closes: #207363). + * Update build-depends to libdb4.2-dev, to match apache-dev + (closes: #231692). + * Drop translations of stale templates, and add new German debconf + translation; thanks to Alwin Meschede + (closes: #232270). + * Add new Danish debconf translation; thanks to Claus Hindsgaul + (closes: #233887). + * Move local patches into debian/patches/ for easier management, and + add debian/rules targets for build-time application of patches. + * Fix a problem with PHP "xbithack" causing ini scope leakage + (closes: #230047). + * Re-enable the openssl extension statically, since we now know for + sure that the php4-imap problems are a glibc bug (closes: #197450). + * Fix pear to set /usr/bin/php4 instead of /usr/bin/php for the value + of php_bin, so PEAR-managed scripts work correctly + (closes: #228381). In addition, use alternatives for /usr/bin/php + for the benefit of user scripts (closes: #185283). + * Set the default session save_path to /var/lib/php4 instead of to + /tmp, and create this directory such that all users (for php4-cgi) + can create files there and access their own files once created, but + not see the names of other files in the directory (closes: #139810). + * Drop our override of upstream's register_globals default + (closes: #230878). + + -- Steve Langasek Sat, 14 Feb 2004 10:23:24 -0600 + +php4 (4:4.3.3-5) unstable; urgency=low + + * Have php4-pear Suggest: php4-dev, for PECL extensions + (closes: #225969). + * Recompiled against the new version of libxslt, to get rid of the + dependency on libxsltbreakpoint (closes: #224806). + * Also recompiled against the new version of libc-client (closes: #227347). + * Fix pear to not expect to be able to twiddle locks when running as + non-root, which also seems to fix a memory utilization problem + (closes: #225026). + * Make php4-imap depend on libapache-mod-ssl, since this seems to be + the only reliable way of getting apache to stop segfaulting. + * Build-depend on libt1-dev, which replaces t1lib-dev. + + -- Steve Langasek Mon, 5 Jan 2004 22:53:18 -0600 + +php4 (4:4.3.3-4) unstable; urgency=low + + * Fix prerm script to remove mod_php4, *not* mod_perl, from the + config (Closes: #216889). + * Use /etc/$i/httpd.conf instead of /etc/$i to decide whether to + call modules-config. + * Don't invoke debconf unless we have to in the postinst, to reduce + the risk of interactions between modules-config and our questions. + * Add Dutch debconf translation; thanks to Tim Dijkstra + (closes: #221439). + * Sync dba lock handling against upstream CVS HEAD, to fix a bug with + truncating db4 files when opening with 'c' (create). + (Closes: #221559). + + -- Steve Langasek Tue, 21 Oct 2003 16:49:03 -0500 + +php4 (4:4.3.3-3) unstable; urgency=low + + * Disable -gstabs on ia64, since this debugging symbol type is + apparently unknown there; we should now have clean builds (with + appropriate debugging symbols) on all archs. + + -- Steve Langasek Mon, 20 Oct 2003 19:07:40 -0500 + +php4 (4:4.3.3-2) unstable; urgency=low + + * Don't call db_stop in the postinst, as this seems to cause problems + for modules-config (closes: #215663, #215584). + * Remove duplicate -prefer-pic flag on caudium build, in hope of + making libtool do something sensible on ia64,hppa (closes: #216020). + * Always build with debugging symbols, per current policy. + * Unconditionally call dh_strip, which knows about DEB_BUILD_OPTIONS; + and call install -s when installing shared extensions by hand. + * Fix upstream build rules to not call libtool --silent. + + -- Steve Langasek Wed, 15 Oct 2003 23:19:55 -0500 + +php4 (4:4.3.3-1) unstable; urgency=low + + * New upstream release. + * Add Japanese debconf translation; thanks to Kenshi Muto + (closes: #211961). + * Fix caudium handling to always grab the current pike version from + dpkg when constructing include paths (closes: #212585). + * Bump the c-client build dependencies to use the new -dev package + name. + * Convert php4 postinst/prerm scripts to use the new apache + modules-config interface. + + -- Steve Langasek Sun, 21 Sep 2003 17:26:31 -0500 + +php4 (4:4.3.2+rc3-6) unstable; urgency=low + + * Add Brazilian Portuguese debconf translation; thanks to André Luís + Lopes (closes: #207078). + * Catch debian/control up with debian/rules for the zendapi -> phpapi + transition. + + -- Steve Langasek Sun, 31 Aug 2003 20:35:57 -0500 + +php4 (4:4.3.2+rc3-5) unstable; urgency=low + + * Kill the lintian warning on the grammar in the copyright file. + * Redirect apacheconfig I/O to /dev/tty, to work around debconf + behavior (for real this time). Closes: #207468, #206404. + * Replace 'zendapi' with 'phpapi', since the former does not + accurately describe the ABI changes that affect modules and can + leave some packages installable but broken (closes: #208020). Also, + remove the versioned conflicts with php4-{mysql,pgsql}, since this + now supersedes. + * Add French debconf translation; thanks to Michel Grentzinger + (closes: #207662). + + -- Steve Langasek Sat, 23 Aug 2003 21:43:24 -0500 + +php4 (4:4.3.2+rc3-4) unstable; urgency=low + + * Have all php extensions automatically detect and configure for any + installed SAPIs (closes: #143436). + * Remove spurious dependencies from php4-dev, and replace autoconf2.13 + with autoconf (closes: #180497). + * Conflict with old php4-pgsql as we do with php4-mysql, as it + manifests the same bug. + * Add preliminary rules for building apache2 SAPI, but don't enable. + * Call db_stop before trying to run apacheconfig (closes: #206404). + * Check for the existence of /etc/php4 before trying to rmdir it, + since there are apparently those who remove such directories + prematurely (closes: #206120). + + -- Steve Langasek Sun, 17 Aug 2003 00:19:38 -0500 + +php4 (4:4.3.2+rc3-3) unstable; urgency=low + + * Fixes for spurious package dependencies + * Fix the paths emitted by php-config, so we can build php4-pgsql et al. + + -- Steve Langasek Fri, 15 Aug 2003 23:44:55 -0500 + +php4 (4:4.3.2+rc3-2) unstable; urgency=low + + * Make sure pear.conf is properly marked as a conffile, by bumping + DH_COMPAT to 3. + * Generate all per-extension postinsts/prerms at build time, instead + of managing them by hand. + * Get rid of bogus, non-FHS directories from the caudium build. + * Install the upstream php manpage in the php4-cgi package + (closes: #175836). + * Prevent null dereferencing in ldap_explode_dn() (closes: #205405). + * Hard-code /usr/share/pear at the end of the include path, for + backwards compatibility. + * Debconf support for PHP extension registration, including + po-debconf support (closes: #122353). + * Fix interpreter path in /usr/bin/pear. + * Make php4-pear depends: php4-cgi (closes: #182393). + + -- Steve Langasek Wed, 13 Aug 2003 22:39:08 -0500 + +php4 (4:4.3.2+rc3-1) unstable; urgency=low + + * New upstream version. + - includes fix for buffer overflow crashes in imap module + (closes: #191640) + - includes fix for dysfunctional open_basedir directive + (closes: #197803) + - include fix for various XSS vulnerabilities (closes: #200736) + * Recompile against newest libc-client libs, following another soname + change (closes: #199049) + * Replace db2 with db4. + * Trim down the cgi sapi rules, since it will now build both cli and + cgi for us by default. + * Kludge the caudium sapi, by hard-coding the include path we need for + pike headers. + * Copy the lex/yacc-generated .c and .h files into the build + directories, since generating them at build time gives wildly + different, and undisputably broken, results. + * Update the install rules so they're compatible with current upstream + handling of pear and the various SAPIs. + * Add '=shared' to the --enable-xslt option, to get the right results + for that extension. + * Move PEAR extensions from /usr/share/pear to /usr/share/php. + * Conflict with php4-mysql=4:4.2.3-14, due to bizarre Zend errors. + + -- Steve Langasek Wed, 6 Aug 2003 22:43:28 -0500 + +php4 (4:4.2.3-14) unstable; urgency=low + + * Disable openssl extensions AGAIN. It appears that this double-linking mess + is still causing nasty segfaults. + (closes: #188014, #188025, #188058, #189202, #189653) + + -- Adam Conrad Sun, 20 Apr 2003 17:31:59 -0600 + +php4 (4:4.2.3-13) unstable; urgency=low + + * Revert NET-SNMP patch and build php4-snmp against UCD-SNMP again + (closes: #185534) + * Build against libmm13, as libmm12 no longer exists (closes: #187401) + * Rebuild caudium-php4 against latest caudium-dev + * Re-enable openssl linking and functions, now that our glibc 2.3 + problems appear to be ironed out. + * Enable xslt and exslt support in php4-domxml (closes: #172881) + + -- Adam Conrad Thu, 3 Apr 2003 05:53:24 -0700 + +php4 (4:4.2.3-12) unstable; urgency=low + + * Rebuild php4-sybase against libct1 (closes: #184461) + + -- Steve Langasek Sat, 8 Mar 2003 20:03:33 -0600 + +php4 (4:4.2.3-11) unstable; urgency=low + + * Remove pike header location detection from debian/rules and do it + properly in sapi/caudium/config.m4, using pike7.2-config --version + + -- Adam Conrad Mon, 3 Mar 2003 23:33:26 -0700 + +php4 (4:4.2.3-10) unstable; urgency=low + + * Added patch to build with NET-SNMP 5.x + * Updated build-dep for libc-client to 2003debian + (closes: #181565, #182854, #169886) + * Updated build-dep for libcurl to libcurl2-dev (closes: #179722) + * Added -mieee to alpha build to solve FPE errors (closes: #180656) + * Removed arch-specific logic to build with gcc-3.2 on arm, since gcc-3.2 + is now the default compiler on all architectures. + * Add libwrap0-dev to the end of the build-depends to work around #183041. + Someone remember to remove this later when the bug is fixed. :) + * Build against newer libsablot0-dev (closes: #179886, #181550) + * Introduce ugly hack in debian/rules to get the pike includes + directory right for the caudium SAPI. + + -- Adam Conrad Sun, 2 Mar 2003 12:49:07 -0700 + +php4 (4:4.2.3-9) unstable; urgency=low + + * Fix caudium-php4 to not conflict with php4-pear (closes: #175415). + + -- Steve Langasek Sun, 5 Jan 2003 16:40:20 -0600 + +php4 (4:4.2.3-8) unstable; urgency=low + + * Fix typo in debian/rules + * Rebuild to bring in sync with latest caudium packages + + -- Adam Conrad Wed, 25 Dec 2002 20:00:59 -0700 + +php4 (4:4.2.3-7) unstable; urgency=low + + * Set a sane default for safe_mode_exec_dir (closes: #122920). + * Rebuild against libmm-dev on i386, instead of against the + no-longer-available libmm11-dev which Provides: the same + (closes: #173509). + + -- Steve Langasek Mon, 16 Dec 2002 22:48:40 -0600 + +php4 (4:4.2.3-6) unstable; urgency=low + + * Build with PEAR for all SAPIs, so that the built-in include_path is + set correctly (overkill?). Closes: #169786, #172321 + * Change section of php4-dev package to devel. + * Add libkrb5-dev to build-depends, since libc-client2002-dev doesn't + pull it in (closes: #173313). + * Depend on coreutils instead of fileutils, since the latter is now an + empty package (closes: #171265). + + -- Steve Langasek Sun, 15 Dec 2002 23:20:30 -0600 + +php4 (4:4.2.3-5) unstable; urgency=low + + * Fix (snip, snip) the upstream build scripts, so that libphp4.so + isn't worthlessly linked against the problematic openssl libs + (closes: #165699, #165718, #165719, #166414). + * Update config.{sub,guess} so that the package builds on mips + platforms (closes #173218) + * Replace libc-client-ssl2001-dev with libc-client2002-dev in build + dependencies, fixing various php4-imap segfaults (closes: #169610, + #169769). + + -- Steve Langasek Sun, 15 Dec 2002 19:42:43 -0600 + +php4 (4:4.2.3-4) unstable; urgency=low + + * Remove build dependency on non-extant libmagick5-dev, which is no + longer used anyway (closes: #169829, #172402). + * Add myself to the Uploaders: field of the control file. + + -- Steve Langasek Sat, 14 Dec 2002 12:52:06 -0600 + +php4 (4:4.2.3-3) unstable; urgency=low + + * Backport a patch from CVS to sanitize control characters in php_url_parse() + to prevent ASCII control injection in fopen() calls. + + -- Adam Conrad Thu, 12 Sep 2002 16:29:46 -0600 + +php4 (4:4.2.3-2) unstable; urgency=low + + * I'm a moron (thanks to James Troup for pointing this out). + * Change gcc-3.1 references in debian/rules to gcc-3.2. + * Change GD build-dep to libgd-xpm-dev until GD package mess is worked out. + + -- Adam Conrad Tue, 10 Sep 2002 12:18:21 -0600 + +php4 (4:4.2.3-1) unstable; urgency=low + + * New upstream version + * Added a patch from Ginger Alliance to eliminate warnings in xslt compile + * Messed with the php4-imap build: + - compiling with SSL support (closes: #122700) + - commented out the static-on-i386 hack, libc-client is now linked dynamically + * Sessions should finally be fixed, however I won't tag the bugs "woody" + until I know for sure. (if you were affected, please test and send + followups to me) + * Updated arm build-dep to use gcc-3.2 since gcc-3.1 is gone now. + + -- Adam Conrad Tue, 10 Sep 2002 09:02:51 -0600 + +php4 (4:4.2.2-3) unstable; urgency=low + + * Fix typo resulting in php4-odbc not having a postinst + (closes: #157116, #157927) + * Build against latest caudium-dev to made caudium-php4 installable + again. (closes: #158247) + * Update build-deps to swap libpng3 for libpng2. (closes: #158908) + + -- Adam Conrad Sat, 7 Sep 2002 01:22:57 -0600 + +php4 (4:4.2.2-2) unstable; urgency=low + + * Pulled --with-ndbm out of ./configure, as libc6 no longer ships with + headers or the library for db1 (closes: #156141, #155889) + * Update build deps to build against libmm12 (closes: #155042) + * php4-curl no longer depends on libcurl2-ssl (closes: #155015) + + -- Adam Conrad Sat, 10 Aug 2002 01:12:47 -0600 + +php4 (4:4.2.2-1) unstable; urgency=medium + + * New upstream + * Fixes input validation vulnerability in rfc1867.c (closes: #153850) + * Added missing prerm/postinst for php4-xslt (oops) + + -- Adam Conrad Mon, 22 Jul 2002 11:58:53 -0600 + +php4 (4:4.2.1-3) unstable; urgency=low + + * Yet more build fixes. This time, bump the arm build-dep from gcc-3.0 to + gcc-3.1 to avoid compiler errors. I love the arm toolchain. No, really. + + -- Adam Conrad Wed, 29 May 2002 17:40:30 -0600 + +php4 (4:4.2.1-2) unstable; urgency=low + + * Applied small patch to fix building on non-32-bit architectures + (closes: #148231) + * Added still /more/ documentation about the unserializer, sessions, + and the session.save_handler php.ini option. + + -- Adam Conrad Sun, 26 May 2002 14:43:55 -0600 + +php4 (4:4.2.1-1) unstable; urgency=low + + * The "When is Debian going to have new software like XF^H^HPHP 4.2?" release. + * Probably the last update (barring huge packaging bugs or plain broken + binaries) before starting on a complete reorg of the PHP packages. + * Deserializer now works on big-endian architectures (addresses bug #121391 + and probably others) + * This release probably fixes a whole bunch of bugs. Will be going through + the bug list and playing the reproducibility game after the upload. + * Default include_path in php.ini now set to include pear. + * Upstream default for register_globals HAS CHANGED. In the Debian php.ini + we are still using "register_globals = On" for compatibility reasons, + however our packages will change too. This is a warning for anyone + packaging PHP scripts and applications to make sure you'll be compatible + with the new default once it's set. + + -- Adam Conrad Sun, 26 May 2002 06:24:21 -0600 + +php4 (4:4.1.2-4) unstable; urgency=high + + * No binaries were harmed in the making up this upload. + * Updated README.Debian and changelog. All other files untouched, + as the binaries were merely unpacked and repacked. + - Added a note to README.Debian about how to properly set up + Apache for use with php4, if the installation didn't (and it usually + doesn't ) get it right. + - Added a note to README.Debian about the unserializer (and sessions) + being messed up on big endian architectures. It's too late to try + to get a proper fix in for this, so we're just going to have to cope. + + -- Adam Conrad Fri, 26 Apr 2002 12:27:40 -0600 + +php4 (4:4.1.2-3.1) unstable; urgency=low + + * The 'I broke it, I have to take credit for it' release. + * Rebuild the package to get proper binary dependencies on alpha. + + -- Steve Langasek Sun, 31 Mar 2002 17:13:09 -0600 + +php4 (4:4.1.2-3) unstable; urgency=low + + * Switched to --with-regex=php (from =system). This fixes all the + problems with eregi/parse_url/fopen/etc on Alpha. + * Cleaned up long descriptions (closes: #130977, #130954) + + -- Adam Conrad Wed, 27 Mar 2002 15:11:43 -0700 + +php4 (4:4.1.2-2) unstable; urgency=low + + * New maintainer (closes: #132980) + * Enabling unixodbc support (closes: #107201) + * Changed the install-modules target in build/rules_pear.mk so that + it will error out in the case of an empty modules directory or + failure to install modules (closes: #135304) + + -- Adam Conrad Tue, 12 Mar 2002 00:25:41 -0700 + +php4 (4:4.1.2-1) unstable; urgency=high + + * New upstream version with a security fix. This + supercedes 4.1.1-2.2 from Steve Langasek: + * Fix an error in the handling of MIME file upload headers, which left + open a potential security hole. (Closes: #136063) + * Fixed gcc-3.0 fix :-) + * Thanks for fixing apache-common fix + * This version should fix session bugs with upstream fix (closes: #133877) + * With a brutal change to main/SAPI.c try to fix(?) authorize bugs + + -- Petr Cech Thu, 28 Feb 2002 11:14:26 +0100 + +php4 (4:4.1.1-2.1) unstable; urgency=low + + * Non-maintainer upload. + * loosen apache-common dependency to make us forwards-compatible, as + recommended by the apache maintainer. + * use gcc-3.0 when building on arm, because the default toolchain on + that arch has Issues (closes: #135906, #135913). + + -- Steve Langasek Tue, 26 Feb 2002 09:59:49 -0600 + +php4 (4:4.1.1-2) unstable; urgency=medium + + * Rebuild with apache 1.3.23. + * This package is in maintainer change mode. Though I orphaned it I'm not + going to change maintainer to QA, because we already have fresh blood. + * ext/gd/gd.c: s/HAVE_GD_GIF/HAVE_GD_GIF_CREATE/ to build correctly with + libgd which has GIF support (fixed included upstream) + * debian/control: + - Build-Depends: s/libgd1g-dev/libgd-dev/ + also libc-client at least version 4:2001adebian-6 to fix some segfaults + * ext/standard/head.c: make the setcookie() thingie test more simple + + -- Petr Cech Mon, 11 Feb 2002 20:07:22 +0100 + +php4 (4:4.1.1-1) unstable; urgency=high + + * New upstream bugfix release. + * debian/control: php4-gd - Conflicts/Replaces: php4-gd2 if I ever get + to upload it + * debian/rules: Correctly supply modified CFLAGS to build process + + -- Petr Cech Fri, 28 Dec 2001 23:23:47 +0100 + +php4 (4:4.1.0-2) unstable; urgency=low + + * debian/php4-cgi.README.Debian: fix typo (closes: #123866) + * debian/rules: remove --enable-mbstr-enc-trans as it breaks parametr + parsing (closes: #121403) + * debian/README.Debian: document shmmax increase (closes: #119688) + + -- Petr Cech Fri, 14 Dec 2001 09:59:59 +0100 + +php4 (4:4.1.0-1) unstable; urgency=high + + * Finally final 4.1.0 + * Urgency to reflect previous version + * debian/control: php4-pear depends on php4-cgi + + -- Petr Cech Thu, 13 Dec 2001 23:09:54 +0100 + +php4 (3:4.1-2) unstable; urgency=high + + * FIxes from CSV 4.1.0RC5. Looks like it was not the release after all. + * ext/exif/exif.c: MFH + * ext/ldap/ldap.c: small crash fix from HEAD + * and misc tiny changes. Really :-) + * ext/imap/php_imap.c: HIGH. fix from CVS (imap_rfc822_parse_adrlist) changing + the argument + + -- Petr Cech Sun, 9 Dec 2001 00:01:37 +0100 + +php4 (3:4.1-1) unstable; urgency=medium + + * Final 4.1.0 (not released) + * NEWS: s/4.0/4.1/ + * Build with GD1. It should fix some GD bugs, as gd 2.0.1 is supposed to be + a beta version with known bugs. How should I know. + * sablot extension removed upstream. So use XSLT (C/R in place) + * Apply fix for file_exists() from tilo (closes: #114409) + * "Cannot redeclare" were fixed in previous RCs (closes: #112341) + * previous version is build in hppa and ia64, so I assume it + (closes: #115391) + * Add note to sybase_ct, that it conflicts with mod_gzip folowing a user + report. + * This should fix the "final HTML> stripped" bug that was introduced + in 4.0.6-3. (closes: #110415). + * add --enable-ucd-snmp-hack to try to fix segfaults with ucd-snmp + + -- Petr Cech Mon, 26 Nov 2001 14:56:50 +0100 + +php4 (3:4.0.100-1) unstable; urgency=low + + * Really a 4.1.0RC2 + * Remove hack for apache 1.3.14, as we build-depends on 1.3.22 anyway + * Build-depends: libexpat1 (>= 1.95.2-2.1) for the .1 + * Added Provides: zendapi-$version to php4 and php4-cgi + * Made modules depend on zendapi-$version instead of php4|php4-cgi. + Please use this in your php4-$module packages + * Apply c-client hack only to i386 most architectures don't support linking + both PIC and non-PIC code. I'm still affrai to do this on i386, as it + crashes a lot more :( + * Apply some CVS patches + + -- Petr Cech Wed, 14 Nov 2001 20:50:19 +0100 + +php4 (3:4.0.99-4) unstable; urgency=medium + + * Recompile because of new version of caudium. + (I really hope this gets into testing soon as php in testing + now doesn't do apache 1.3.22) + + -- Petr Cech Fri, 9 Nov 2001 11:11:46 +0100 + +php4 (3:4.0.99-3) unstable; urgency=medium + + * Recompile for new libexpat1 (closes: #116623 and others) + * upstream: ext/gd/gd.c, ext/iconv/iconv.c + * crypt(): defalt to using DES crypt() (closes: #117092) + * debian/rules: disable libmm in -cgi build. Will lesser the impact + of the infamous /tmp/session_mm.reg + * apply patch to Zend, which should fix the "cannot redeclare" error. + It's still a bug in your code though (use include_once). More changes + to this are comming (upstream). + * Add some documentation to sybase + + -- Petr Cech Mon, 22 Oct 2001 11:20:46 +0200 + +php4 (3:4.0.99-2) unstable; urgency=low + + * "Some days are just no good" release. + * Recompile with apache 1.3.22 from Incoming + * Deal with automake going to 1:1.4 and automake1.5 + + -- Petr Cech Fri, 19 Oct 2001 15:02:00 +0200 + +php4 (3:4.0.99-1) unstable; urgency=low + + * This is really 4.1.0RC1, but ... + * Applied setcookie(), which is not in upstream yet + + -- Petr Cech Fri, 19 Oct 2001 12:05:20 +0200 + +php4 (3:4.0.6.7rc3-3) unstable; urgency=medium + + * Fix dependency in caudium-php4. Sorry for this + + -- Petr Cech Fri, 19 Oct 2001 11:28:07 +0200 + +php4 (3:4.0.6.7rc3-2) unstable; urgency=medium + + * Recompile with recent caudium/pike. Please, no new version so it can get + into testing :) + * debian/control: move php4-pear to suggests + * Fix setcookie() again. I really hate this bug + * Build-Depends: re2c - it's usually not needed, but if you make some + strange changes to the parser ... + * FIx automake 1.5 build problems (I hope) + + -- Petr Cech Thu, 18 Oct 2001 12:03:39 +0200 + +php4 (3:4.0.6.7rc3-1) unstable; urgency=low + + * New upstream test release. + + -- Petr Cech Fri, 5 Oct 2001 09:23:35 +0000 + +php4 (3:4.0.6.7rc2-3) unstable; urgency=low + + * "Let's try to fix some bugs" release. + * Add some patches: ldap (does this fix things?), pgsql, + domxml + * Build-Conflicts: automake (>= 1.5) for now + + -- Petr Cech Tue, 2 Oct 2001 10:55:23 +0200 + +php4 (3:4.0.6.7rc2-2) unstable; urgency=low + + * Enable recode extension (the library is LGPL) - shared + * Enable iconv extension - in main php4. Experimental + * Build-Depends: s/libgd-dev/libgd2-dev/ + * Build-Depends: libxml2-dev (>= 2.4.2) (Closes: #112304) + and fix autoconf macros (Closes: #113980) + * Improve?? description of PEAR (Closes: #112432) + + -- Petr Cech Sat, 22 Sep 2001 10:37:42 +0200 + +php4 (3:4.0.6.7rc2-1) unstable; urgency=medium + + * 2nd release candidate + * ext/mbstring: fix compile (cp1252) + * ext/standard/url_scanner_ex: off by one + * WARNING: caudium builds with Zend Threading enabled, but other + modules don't. So you cannot safely use DSO with caudium + * Added some Build-Conflicts - with broken libmysqlclient + - with libtool 1.4b + + -- Petr Cech Mon, 10 Sep 2001 18:04:27 +0200 + +php4 (3:4.0.6-6) unstable; urgency=medium + + * The "Paul Hampson fixes release". + * Closed those atexit() bugs. Now to find out, how to make libtool link with + gcc instead of ld :(( + * ext/standard/head.c: Fix setcookie("bla) (closes: #109524, #109697) + Thanks to Paul Hampson for finding the cause, though I've used another + fix - fixed changes in CVS made in -3 I think. Silly me to think, that + all "small" changes are fixes. + * libc-client2001 was fixed in -5, so add a (closes: #109202) here + * Conflicts: only with libtool 1.4b-{1,2,3}. libtool 1.4.1 is OK + + -- Petr Cech Sat, 1 Sep 2001 20:59:40 +0200 + +php4 (3:4.0.6-5) unstable; urgency=low + + * Recompile for libc-client2001 (I hope it doesn't break anything else) + And many other libraries. + * ATTENTION. php4 still doesn't work with autoconf 2.52 and thus libtool 1.4b!! + You have to get libtool 1.4 to be able to use phpize. + + -- Petr Cech Wed, 22 Aug 2001 23:26:08 +0200 + +php4 (3:4.0.6-4) unstable; urgency=high + + * Add pear/CODING_STANDARDS into php4-pear (fixes 105574. closed too early. sorry) + * Fix the nasty segfaults with mail(). That'll teach me taking upstream + changes without looking. Thanks Cvetan Ivanov for the correct fix (also upstream now) + (closes: #105686, #105878). + + -- Petr Cech Fri, 20 Jul 2001 23:07:30 +0200 + +php4 (3:4.0.6-3) unstable; urgency=high + + * ext/standard/mail.c: security fix + * debian/control: Build-Depends: libtool (>= 1.4) + * ext/curl/curl.c: fix typo + * ext/gd/config.m4: fix typo + * ext/mcrypt/mcrypt.c: upstream buffer overflow fix + * ext/mhash/mhash.c: upstream buffer overflow fix + * ext/pgsql/pgsql.c: fix + * ext/posix/config.m4: check for getpgid + * ext/sablot/sablot.c: fix leaks + * ext/standard/url* : fixes + * ext/sysvshm/sysvshm.c: fixes + * Zend/*: small fixes + + -- Petr Cech Fri, 13 Jul 2001 16:21:04 +0200 + +php4 (3:4.0.6-2) unstable; urgency=low + + * pear/Makefile.in: add IT_Error.php to installed files (closes: #103087) + * debian/control: - allow also libcurl-ssl-dev as Build-Depends (closes: #103618) + - libfreetype6-dev to Build-Depends + - add auto* suite to php4-dev depends (closes: #104199) + * debian/rules: - build gd module with freetype2 support + - move common ./configure flags to COMMON_CONFIG + - build with mbstring support + + -- Petr Cech Fri, 13 Jul 2001 08:22:02 +0200 + +php4 (3:4.0.6-1) unstable; urgency=medium + + * New upstream release. + * NOTE: new extension will probably be in another upload, to get this + into testing ... + + -- Petr Cech Mon, 25 Jun 2001 20:43:24 +0200 + +php4 (3:4.0.5.6rc3-3) unstable; urgency=low + + * The "I hate sablot release". Recompile with 0.60 + * debian/php4-domxml.postrm: also fix the :: (closes: #101306) + * debian/rules: --enable-ctype - still EXPERIMENTAL!!! Bug upstream + + -- Petr Cech Mon, 18 Jun 2001 09:46:17 +0200 + +php4 (3:4.0.5.6rc3-2) unstable; urgency=low + + * ext/sablot/config.m4: link sablot.so with -lsablot, not main php4 + * build/ ... : upstream fix for building with automake 1.4-pX + * don't fail, when libssl-dev is not installed. sigh + + -- Petr Cech Thu, 14 Jun 2001 23:36:34 +0200 + +php4 (3:4.0.5.6rc3-1) unstable; urgency=low + + * New upstream test release. + * Recompile with apache 1.3.20 + * debian/control: + - php4-dev: Depends: bison, flex (closes: #100634) + - Build-Depends: libcurl-dev (>=7.8) + * debian/rules: + - add --enable-bcmath to all rules (closes: #100491) + * Zend/zend.c: apply upstream fix to allow building of caudium + + -- Petr Cech Tue, 12 Jun 2001 22:27:26 +0200 + +php4 (3:4.0.5.6rc2-1) unstable; urgency=low + + * New upstream test release. + * FIx regex/regex.h (int regoff_t) + * fix php4-cgi build with pcre - don't use supplied pcre + * Fix wddx support (closes: #99468) + * Add missing $(INSTALL_ROOT) to sapi/caudium/config.m4 + + -- Petr Cech Fri, 8 Jun 2001 11:37:07 +0200 + +php4 (3:4.0.5.6rc1-1) unstable; urgency=low + + * New upstream test release with new bugs :)) + * moved pear from /usr/lib/php4 to /usr/share/php4 + * Whups. Sorry about the epoch 3: . It somehow slipped in, so I'll + have to live with it + + -- Petr Cech Wed, 16 May 2001 14:14:04 +0200 + +php4 (3:4.0.5-2) unstable; urgency=low + + * Build-Depend on newer libmhash-dev, as it supposedly doesn't + compile on current woody (closes: #96555) + * Build-Depends: s/freetype2/libttf-dev/ + * Stop building php4-pgsql - move to non-US + * Build-Deps on new libsablot0 + + -- Petr Cech Thu, 10 May 2001 10:43:02 +0200 + +php4 (3:4.0.5-1) unstable; urgency=medium + + * New upstream release. + * recompile with new sablot - how I hate this (closes: #95401) + * Merge XML into main php4 + * Reword README.Debian (closes: #89667) + * Enable wddx + * debian/*.postinst: * only ask upon first install, not upgrade (closes: #93452) + * fix typos (closes: #94118) + * Added support for Sybase/MS SQL Server (using FreeTDS) + using patch from: + http://rpms.arvin.dk/php/source/patches/php-sybase_ct.patch + thanks to Bradley Bell for the patch + * ext/pcre : two upstream fixes + * ext/sablot/sablot.c: small upstream fix + * build/buildcheck.sh : fixes to allow compile with libtool 1.4 + * ext/standard/exec.c: upstream fixes + * sapi/apache/mod_php4.c: off by one fix + * sapi/cgi/cgi_main.c: fix POST bug + * main/snprintf.c: upstream fix + + -- Petr Cech Wed, 3 May 2001 22:17:10 +0200 + +php4 (4.0.4.5rc6-2) unstable; urgency=low + + * Build-depends: libcurl-dev will pull libcurl2 (closes: #92994) + * TSRM/TSRM.c: upstream fix + * ext/pgsql: upstream fix + + -- Petr Cech Thu, 5 Apr 2001 17:51:09 +0200 + +php4 (4.0.4.5rc6-1) unstable; urgency=low + + * New upstream test release. + * Don't mention CGI support, as it's not so for a long time. + + -- Petr Cech Wed, 4 Apr 2001 13:47:45 +0200 + +php4 (4.0.4.5rc5-1) unstable; urgency=low + + * New upstream test release. + * ask about /etc/php4/cgi/php.ini also + * It's really recompiled for 1.3.19 (closes: #91901, #91822) + * problems with modules documented (closes: #81141, #82611) + + -- Petr Cech Mon, 2 Apr 2001 09:38:16 +0200 + +php4 (4.0.4.5rc3-1) unstable; urgency=low + + * New upstream RC release + * debian/rules: s/with-yp/enable-yp/ to really enable YP support. Discovered + on broken potato upload. -0potato2 is fixed + * Looks like there was a bug in latest build, this should fix it (closes: #92018) + * remove libmcal0 workaround + + -- Petr Cech Wed, 28 Mar 2001 21:15:36 +0200 + +php4 (4.0.4.5rc2-1) unstable; urgency=low + + * New upstream release test release 4.0.5RC2. + * debian/rules: Add lintian overrides + * debian/control: * add libexpat1-dev to Build-Depends + * add libmcal0 to Build-Depends since libmcal0-dev is + missing this dependancy :(( Bug filled + * ext/socket/socket.c: minor upstream patch + + -- Petr Cech Mon, 26 Mar 2001 20:43:49 +0200 + +php4 (4.0.4pl1-6) unstable; urgency=low + + * NEVER RELEASED + * Build-depends on libcurl1-dev (>= 7.6.1-5), which fixes the libcurl1 or + libcurl1-ssl problem. + * remove dh_testversion and use versioned Build-depends instead + + -- Petr Cech Tue, 13 Mar 2001 23:20:58 +0100 + +php4 (4.0.4pl1-5) unstable; urgency=low + + * Add lintian overrides + * Rebuild with correct libgd-dev installed. Sorry + (closes: #88490, #88255, #88371, #88619, #88635) + * Closed by fixed libjpeg (closes: #85865, #88141) + + -- Petr Cech Tue, 6 Mar 2001 17:26:41 +0100 + +php4 (4.0.4pl1-4) unstable; urgency=low + + * The "Enable what you can" release. + * Enable sablot extension (many files) (closes: #84073) + * Enable mcal extension (finaly closes: #65688, #85925) + * Build-Conflicts: bind-dev - this supposedly causes unresolved symbols. + Why? + * ext/pgsql/pgsql.c: apply tiny patch, which should fix postgres + problems. There is a better patch in CVS, but it needs changes to Zend + * pear/pear.in: binary is php4 no php (closes: #87848) + * ext/domxml/config.m4: link with -lxml2 (closes: #87457) + * debian/README.Debian: add notes about ldap, imap and mhash extensions + * debian/{control,rules}: activate bz2 extension + * php4.ini-dist: comment out include_path so php will use compiled in + path (closes 2nd part of 87848) + + -- Petr Cech Wed, 28 Feb 2001 10:18:11 +0100 + +php4 (4.0.4pl1-3) unstable; urgency=medium + + * Fixed postrm issues. Sorry + + -- Petr Cech Sun, 4 Feb 2001 06:13:00 +0100 + +php4 (4.0.4pl1-2) unstable; urgency=medium + + * debian/control: Build-depends: xlibs-dev (seems it's missing and causes + failed builds for arm, m68k and powerpc) + s/libsnmp4.1/libsnmp4.2/ (closes: #84139) + * debian/php4.*: make LoadModule matching case insensitive (fixes 83641 + for unstable) + + -- Petr Cech Wed, 31 Jan 2001 10:14:29 +0100 + +php4 (4.0.4pl1-1) unstable; urgency=high + + * New upstream version. + * This release fixes some security problems. + * Some patches from previous versions are not here. + * debian/control: Build-depends on newer libcurl1-dev, remove librecode-dev + * debian/control: add libjpeg62-dev to build-depends from powerpc buildlog + (hmm. Where ir Roman?) + * debian/php4{,-cgi}.postinst: don't mark php.ini as conffile and install it + when it doesn't already exist. I should find a way to check, that the default + php.ini changed and user should update it. + * debian/php4{,-cgi}.postrm: cleanup the /etc/php4 dir after purge + * fix xml.so not working with php4-cgi + + -- Petr Cech Thu, 23 Jan 2001 11:12:59 +0100 + +php4 (4.0.4final-6) unstable; urgency=medium + + * OK. Now also fix the prerm issues (closes: #81418) and to ease + that thanks for submiting bugs (closes: #81818, #81819) + * some upstream updates: browsercap, php-config + + -- Petr Cech Wed, 10 Jan 2001 14:04:19 +0100 + +php4 (4.0.4final-5) unstable; urgency=medium + + * OK. Take a deep breath and fix those bloody postinst + bugs - fix it and rewrite from ed -> sed, because ed is not essential :( + closes: #80801. + * apply some upstream fixes. + * disable ctype extension - not yet ready + + -- Petr Cech Tue, 2 Jan 2001 13:40:35 +0100 + +php4 (4.0.4final-4) unstable; urgency=low + + * debian/libc-client.la: add -lpam -ldl -lcrypt + * fix php4-cgi.postinst bugs (closes: #80817, #80805, #80801) + + -- Petr Cech Fri, 29 Dec 2000 11:40:43 +0100 + +php4 (4.0.4final-3) unstable; urgency=low + + * Brown Xmas Sock Release + * Grr. correctly fix the php4 postinst error + (closes: #80303, #80324, #80326, #80359) + NMU by Wichert Akkerman (closes: #80381) + * also fix php4-cgi. NMU by Marcelo E. Magallon + (closes: #80406). + * fix fix for php4-cgi postinst s/apache/cgi/ + * apply some upstream fixes to ext/session/ + * domxml/config.m4: fix my -Lshared,/usr/lib error + * debian/rules: + * add --enable-ctype to both targets + * --diable-pear to CGI target + * generate Depends: php4 (=ver) | php4-cgi (=ver) + + -- Petr Cech Wed, 27 Dec 2000 15:29:56 +0100 + +php4 (4.0.4final-2) unstable; urgency=low + + * Run apacheconfig with --force-modules. + * Fix stupid bug in php4 and php4-cgi postinst. + * ext/sysvshm/sysvshm.c : upstream fix + + -- Petr Cech Thu, 21 Dec 2000 22:58:27 +0100 + +php4 (4.0.4final-1) unstable; urgency=low + + * New upstream version. + * Sorry for the version, but da-katie doesn't allow overwriting of files, notably + .orig.tar.gz. It's my fault I know, but it worked till now. + + -- Petr Cech Wed, 20 Dec 2000 01:32:34 +0100 + +php4 (4.0.4-0RC6.1) unstable; urgency=low + + * OK. Final final RC for 4.0.4. + * Build-depends on libxml2-dev (>= 2.2.7) because php needs this. + * Activate ndbm dba driver. + + -- Petr Cech Sun, 17 Dec 2000 19:43:51 +0100 + +php4 (4.0.4-0RC5.1) unstable; urgency=low + + * UNRELEASED. + * Final RC for 4.0.4. + * Some mods to README.Debian and TODO + + -- Petr Cech Wed, 13 Dec 2000 00:01:08 +0100 + +php4 (4.0.4-0RC4.1) unstable; urgency=low + + * New upstream beta release. Let's stabilize things now and add new + modules after final release of 4.0.4. + + -- Petr Cech Thu, 7 Dec 2000 10:12:11 +0100 + +php4 (4.0.4-0RC3.2) unstable; urgency=low + + * recompile with new libc-client200-dev. + * fix source recompile + * depend on fixed apache 1.3.14-2 + + -- Petr Cech Thu, 7 Dec 2000 00:49:14 +0100 + +php4 (4.0.4-0RC3.1) unstable; urgency=low + + * New upstream beta release. + * Add libxml2-dev to build-depends (closes: #78479). + * implement DEB_BUILD_OPTIONS + * fix apache build wrt. apxs + * fix typo in description of curl modules (closes: #78828) + + -- Petr Cech Tue, 5 Dec 2000 14:22:30 +0100 + +php4 (4.0.3pl1-7) unstable; urgency=low + + * Rebuild with apache 1.3.14-1 + + -- Petr Cech Fri, 1 Dec 2000 01:41:41 +0100 + +php4 (4.0.3pl1-6) unstable; urgency=low + + * add --enable-memory-limit + * add --enable-exif per request from William Ono. + * Add Suggests: phpdoc (yes. it's here). + * ext/standard/crypt.c - fix from CVS. + * ext/ftp/ftp.{c,h} - fix mkdir() and RETR, STOR + * ext/gd/gd.c - add format string + - add XBM to phpinfo() + * ext/imap/php_imap.{c,h} - CVS fixes + * main/main.c - fix CGI crash + - add HTTP_SERVER_VARS in CGI mode + * and many more. Taken from php4.srpm (thanks :)) + * recompile with apache 1.3.12-2.2 + * and hack large files support into DSO module. php4 doesn't use it now :(( + + -- Petr Cech Thu, 30 Nov 2000 00:01:39 +0100 + +php4 (4.0.3pl1-5) unstable; urgency=low + + * Back out changes about --enable-versioning + * ext/domxml/php_domxml.c : fix compilation with recent libxml2 (>=2.2.7) + + -- Petr Cech Tue, 21 Nov 2000 18:03:56 +0100 + +php4 (4.0.3pl1-4) unstable; urgency=low + + * Clarify README.Debian about the DB change a bit (dbm_ -> dba_*) + * Remove aliasing hack - deprecated upstream. (closes: #76558) + * Compile with libgd-dev again (Write 100x always reinstall libgd-dev). + * --enable-versioning and tweak debian/control a bit, let's see, what breaks + + -- Petr Cech Tue, 14 Nov 2000 10:00:54 +0100 + +php4 (4.0.3pl1-3) unstable; urgency=low + + * Activate curl module. + * Really enable shmop module. + * Fix include paths in phpize. Now everyone should be able to easilly build + php4 extension modules (php4-dbase anyone?). + + -- Petr Cech Mon, 6 Nov 2000 23:17:41 +0100 + +php4 (4.0.3pl1-2) unstable; urgency=low + + * Build with libgd-dev installed (NOT libgd-gif). + + -- Petr Cech Tue, 17 Oct 2000 02:08:36 +0200 + +php4 (4.0.3pl1-1) unstable; urgency=medium + + * New upstream bugfix release. + * Depend on libopenldap1 as with the newer ldap module crashes php&apache. + + -- Petr Cech Mon, 16 Oct 2000 15:30:55 +0200 + +php4 (4.0.3-2) unstable; urgency=high + + * Urgency=high because last upload didn't have it ad it fixes some + security holes. + * ext/domxml/config.m4: don't try to build then --without-domxml + + -- Petr Cech Thu, 12 Oct 2000 12:50:17 +0200 + +php4 (4.0.3-1) unstable; urgency=low + + * New upstream release. + - fixes also some string format bugs + * Build with fixed libmysqlclient10-dev. + + -- Petr Cech Thu, 12 Oct 2000 00:00:07 +0200 + +php4 (4.0.2-7) unstable; urgency=low + + * Really, really install libldap2-dev. + * Workaround broken libmysqlclient9-dev. It has broken (again) .so symlink. + + -- Petr Cech Tue, 10 Oct 2000 22:28:48 +0200 + +php4 (4.0.2-6) unstable; urgency=low + + * Again fix description a little bit. + * Correct build-depends. + * Sic. Recompile, because I've busted (libopenldap-dev instead of + libldap2-dev was installed). + * While at it install also new apache glibc NMU and recompile with it. + * Move PEAR from php4-dev to php4 and install ALL of PEAR. + * add --prefix=/usr + * debhelper v2 + * prepare for CURL module + * Updated README.Debian + * updated XML module from php4 CVS to close: #72360 + + -- Petr Cech Mon, 2 Oct 2000 14:36:35 +0200 + +php4 (4.0.2-5) unstable; urgency=low + + * Correct build-depends (libgd1-dev -> libgd-dev). Where is Roman? :) + * Add libdb2-dev (>= 2:2.7.7-2.1) to build-depends for glibc 2.1.94. + * and recompile with glibc 2.1.94 to fix it. + + -- Petr Cech Wed, 27 Sep 2000 09:00:27 +0200 + +php4 (4.0.2-4) unstable; urgency=low + + * Tweak description a little bit more. + + -- Petr Cech Sun, 24 Sep 2000 23:58:15 +0200 + +php4 (4.0.2-3) unstable; urgency=low + + * Add info about what modules and why are enabled/disabled + into README.Debian. + * Install not so many docs (only in -dev now). + * Enable calendar and sockets modules. + * Rearange package descriptions so module-specific comments + go first. + * Create domxml module aka xmlv2. + * Fix spelling wan't -> want (closes: #70544). + * Add libraries for gd module only when linking this one + and not globaly (closes: #71623). + * Say that we wait for ENTER (closes: #71769). + * Fix logic in prerm script (closes: #71770). + + -- Petr Cech Sun, 24 Sep 2000 17:54:52 +0000 + +php4 (4.0.2-2) unstable; urgency=low + + * Add info about what modules and why are enabled/disabled + into README.Debian. + * Install not so many docs (only in -dev now). + * Enable calendar and sockets modules. + * Rearange package descriptions so module-specific comments + go first. + * Create domxml module aka xmlv2. + * Fix building (small typo). + * Compile with libmysqlclient9-dev installed. + + -- Petr Cech Mon, 18 Sep 2000 23:46:40 +0200 + +php4 (4.0.2-1) unstable; urgency=low + + * The "Back from vacation" release. + * New upstream fixed (and bugs). + * Correct postm script (only cosmetic) closes: #67350, #68541 + * build with libpcre3, libldap2 + * Use modified patch from -3 (remove #define XML_... php_XML_...) + + -- Petr Cech Thu, 7 Sep 2000 23:17:59 +0200 + +php4 (4.0.1pl2-3) unstable; urgency=low + + * UNRELEASED + * Fixed the XML packages. + + -- Norman Jordan Thu, 10 Aug 2000 21:45:15 +0000 + +php4 (4.0.1pl2-2) unstable; urgency=low + + * Fix source archive. + + -- Petr Cech Tue, 11 Jul 2000 11:04:48 +0000 + +php4 (4.0.1pl2-1) unstable; urgency=low + + * New upstream bug fix release (variation of the patches in -2) + * Build with new libgd1 library (maybe still in Incoming) + * Move PEAR stuff to php4 package (closes: #66897). + + -- Petr Cech Sun, 9 Jul 2000 09:01:06 +0000 + +php4 (4.0.1-2) unstable; urgency=low + + * Apply some CVS diffs in an attempt to fix opendir() problems. + + -- Petr Cech Fri, 30 Jun 2000 09:04:24 +0000 + +php4 (4.0.1-1) unstable; urgency=low + + * New upstream release (taken from CVS tag php_4_0_1). + * --with-regex=system else it plays havoc. Dunno why ... + * remove autoconf,automake,aclocal from configure rules. + * Fix description of XML --help message (no, it's not MySQL). + + -- Petr Cech Wed, 28 Jun 2000 22:55:16 +0200 + +php4 (4.0.0-4) unstable; urgency=low + + * Add -dev package (closes: #65907). + * Add -cgi and -cgi-* packages (closes: #51097, #52855). + * --enable-filepro + * Tweak copyright file a bit. + * Generate mhash module (closes part of 63186). + * Ask to remove libphp4 from httpd.conf upon remove/purge. + * Fixed build-depends, thanks to Roman Hodek (closes: #65938). + (I told you the first time it won't work :)) + * Mark /etc/php4/cgi/php.ini as conffile. + * Every module now ask if it should be enabled on install + (if it's not already) and disabled on remove/purge. + + -- Petr Cech Tue, 20 Jun 2000 14:29:01 +0200 + +php4 (4.0.0-3) unstable; urgency=low + + * Ship correct php.ini (extension_dir=/usr/lib/php4/apache). + * Don't use included libmysqlclient and use system one (fixes + wrong location of mysqld.sock) + * link XML module dynamicly with system xmlparse and xmltok. + + -- Petr Cech Wed, 14 Jun 2000 22:30:07 +0000 + +php4 (4.0.0-2) unstable; urgency=low + + * fix the IS_SLASH bug (closes: #65625 and probably others as well). + * Really change the maintainer field. + + -- Petr Cech Wed, 14 Jun 2000 07:44:05 +0000 + +php4 (4.0.0-1) unstable; urgency=low + + * New maintainer. + * New upstream release. + * Fix dynamic module loading. + * Added Build-Depends (I wonder, if I got them right) + * Standards-Version: 3.1.1 + + -- Petr Cech Tue, 13 Jun 2000 13:40:56 +0000 + +php4 (4.0rc1-2) unstable; urgency=low + + * Compile with latest apache and libraries from woody + (Closes: #62631, #62640) + + -- Gergely Madarasz Wed, 19 Apr 2000 14:39:25 +0200 + +php4 (4.0rc1-1) unstable; urgency=low + + * New upstream version + * Fix db2 support (Closes: #61709) + * Fix gd support (Closes: #61708) + * Remove ucd-snmp-hack from config options + + -- Gergely Madarasz Sun, 16 Apr 2000 17:04:05 +0200 + +php4 (4.0b4pl1-2) unstable; urgency=low + + * Build with --disable-debug so it should work with the zend + optimizer (Closes: #60265) + * Build with --enable-trans-sid (Closes: #60430) + * Write some more about php4/php3 differences in the description + (Closes: #60155) + + -- Gergely Madarasz Fri, 17 Mar 2000 17:35:29 +0100 + +php4 (4.0b4pl1-1) unstable; urgency=low + + * New upstream version + * Upstream reorganized the build system quite a bit, lots of patches + removed + + -- Gergely Madarasz Wed, 23 Feb 2000 17:16:00 +0100 + +php4 (4.0b3-4) unstable; urgency=low + + * Add /etc/php4/apache/php.ini to conffiles (Closes: #54194) + * Add info file for apacheconfig + * Offer to run apacheconfig and/or apache-sslconfig in postinst + * Comment out sendmail_path from php.ini so the default sendmail path + should work (Closes: #51355) + + -- Gergely Madarasz Thu, 6 Jan 2000 14:38:20 +0100 + +php4 (4.0b3-3) unstable; urgency=low + + * Compile with libgd instead of libgd-gif + + -- Gergely Madarasz Tue, 4 Jan 2000 18:07:56 +0100 + +php4 (4.0b3-2) unstable; urgency=low + + * Build imap and ldap modules + * Fix rm -f in rules file (Closes: #51623) + + -- Gergely Madarasz Mon, 3 Jan 2000 16:54:19 +0100 + +php4 (4.0b3-1) unstable; urgency=low + + * Initial Release. + + -- Gergely Madarasz Tue, 16 Nov 1999 19:33:42 +0100 --- php5-5.3.2.orig/debian/NEWS +++ php5-5.3.2/debian/NEWS @@ -0,0 +1,80 @@ +php5 (5.3.1-3) unstable; urgency=low + + * mod_php disabled in userdirs. + + The default Debian libapache2-mod-php5 package now disables the PHP + engine on ~/public_html directories when mod_userdir is enabled, for + security reasons. Although discouraged, it can be re-enabled by + commenting the block in + /etc/apache2/mods-available/php5.conf + + * PHP 5.2 compatibility settings + + Given the short time to the Squeeze release freeze, the + short_open_tag setting has been turned On again (upstream now + defaults to Off on the php.ini files.) However, the request_order and + auto_globals_jit settings continue to be the default from upstream + ("GP" and On, respectively.) + + -- Raphael Geissert Mon, 11 Jan 2010 16:49:28 -0600 + +php5 (5.2.11.dfsg.1-2) unstable; urgency=high + + * Maximum number of file uploads per request limited + + To prevent Denial of Service attacks by exhausting the number of + available temporary file names, upstream introduced the max_file_uploads + option in 5.3.1 and 5.2.12. + + Due to the nature of this new option a default limit has been set + to 50, hoping it is sensible enough to not to cause disruptions on + existing services. + The value of this new limit can be changed in the php.ini file. + + If you installed the php5-suhosin extension there was a limiting + mechanism in place already. In this case you may want to make sure + the new limit imposed by PHP itself is not smaller than suhosin's. + + -- Raphael Geissert Sat, 21 Nov 2009 13:37:51 -0600 + +php5 (5.2.6-1) unstable; urgency=medium + + * Now uses system timezone database. + + Debian PHP now makes use of the system wide timezone database from the + tzdata package, making sure any updates there are automatically used + by PHP aswell. Note that this requires that the PHP process has access + to /etc/localtime and /usr/share/zoneinfo (this is usually the case). + + * New php5-dbg package. + + We are now shipping a php5-dgb package which will greatly aid in finding + the cause of many crashes that you may experience. So if you are going to + report a bug for a reproducible crash, please install this package before + sending a backtrace. + + * New libapache2-mod-php5filter package. + + We are now also shipping a new libapache2-mod-php5filter package which + uses the "Apache 2.0 filter-module support via DSO through APXS". + + -- Thijs Kinkhorst Wed, 23 Jul 2008 17:42:06 +0200 + +php5 (5.2.3-2) unstable; urgency=low + + The Suhosin patch is now enabled by default! + + For more information, see + . + + Special thanks to Blars Blarson for providing a sparc machine for testing + that the patch seems to work okay on that architecture. If you experience + otherwise let us know! + + Suggestions are welcome for default configuration options, examples, + documentation, etc. + + In any event please report successes and/or failures to us at + pkg-php-maint@lists.alioth.debian.org. + + -- sean finney Thu, 12 Jul 2007 23:38:43 +0200 --- php5-5.3.2.orig/debian/php5-cgi.postinst +++ php5-5.3.2/debian/php5-cgi.postinst @@ -0,0 +1,22 @@ +#!/bin/sh + +set -e + +#DEBHELPER# + +if [ "$1" != "configure" ]; then + exit 0 +fi + +phpini="/etc/php5/cgi/php.ini" + +ucf /usr/share/php5/php.ini-production $phpini + +update-alternatives \ + --install /usr/bin/php-cgi php-cgi /usr/bin/php5-cgi 50 \ + --slave /usr/share/man/man1/php-cgi.1.gz php-cgi.1.gz /usr/share/man/man1/php5-cgi.1.gz + +update-alternatives \ + --install /usr/lib/cgi-bin/php php-cgi-bin /usr/lib/cgi-bin/php5 50 + +exit 0 --- php5-5.3.2.orig/debian/control +++ php5-5.3.2/debian/control @@ -0,0 +1,430 @@ +Source: php5 +Section: php +Priority: optional +Maintainer: Ubuntu Developers +XSBC-Original-Maintainer: Debian PHP Maintainers +Uploaders: OndÅ™ej Surý , + Sean Finney , + Thijs Kinkhorst , + Raphael Geissert +Build-Depends: apache2-prefork-dev, + autoconf (>= 2.63), + automake (>= 1.11) | automake1.11, + bison, + chrpath, + debhelper (>= 5), + flex, + freetds-dev, + hardening-wrapper, + libapr1-dev (>= 1.2.7-8), + libbz2-dev, + libcurl4-openssl-dev, + libdb-dev (>= 4.7) | libdb4.8-dev | libdb4.6-dev, + libenchant-dev, + libexpat1-dev (>= 1.95.2-2.1), + libfreetype6-dev, + libgcrypt11-dev, + libgd2-xpm-dev, + libglib2.0-dev, + libgmp3-dev, + libicu-dev, + libjpeg-dev | libjpeg62-dev, + libkrb5-dev, + libldap2-dev, + libmhash-dev (>= 0.8.8), + libmysqlclient-dev, + libpam0g-dev, + libpcre3-dev (>= 6.6), + libpng12-dev, + libpq-dev, + libpspell-dev, + librecode-dev, + libsasl2-dev, + libsnmp-dev, + libsqlite0-dev, + libsqlite3-dev, + libssl-dev, + libt1-dev, + libtidy-dev, + libtool (>= 2.2), + libwrap0-dev, + libxmltok1-dev, + libxml2-dev, + libxslt1-dev (>= 1.0.18), + netbase, + quilt, + re2c, + unixodbc-dev, + zlib1g-dev, + libedit-dev, + tzdata +Build-Conflicts: bind-dev +Standards-Version: 3.8.2 +Vcs-Git: git://git.debian.org/pkg-php/php.git +Vcs-Browser: http://git.debian.org/?p=pkg-php/php.git +Homepage: http://www.php.net/ + +Package: php5 +Architecture: all +Depends: ${misc:Depends}, libapache2-mod-php5 (>= ${source:Version}) | libapache2-mod-php5filter (>= ${source:Version}) | php5-cgi (>= ${source:Version}), php5-common (>= ${source:Version}) +Description: server-side, HTML-embedded scripting language (metapackage) + This package is a metapackage that, when installed, guarantees that you + have at least one of the three server-side versions of the PHP5 interpreter + installed. Removing this package won't remove PHP5 from your system, however + it may remove other packages that depend on this one. + . + PHP5 is an HTML-embedded scripting language. Much of its syntax is borrowed + from C, Java and Perl with a couple of unique PHP-specific features thrown + in. The goal of the language is to allow web developers to write dynamically + generated pages quickly. This version of PHP5 was built with the Suhosin patch. + +Package: php5-common +Architecture: any +Depends: ${misc:Depends}, sed (>= 4.1.1-1), ${shlibs:Depends} +Suggests: php5-suhosin +Provides: php5-json, php5-mhash +Conflicts: php5-json, php5-mhash +Description: Common files for packages built from the php5 source + This package contains the documentation and example files relevant to all + the other packages built from the php5 source. + . + PHP5 is an HTML-embedded scripting language. Much of its syntax is borrowed + from C, Java and Perl with a couple of unique PHP-specific features thrown + in. The goal of the language is to allow web developers to write dynamically + generated pages quickly. This version of PHP5 was built with the Suhosin patch. + +Package: libapache2-mod-php5 +Section: httpd +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends}, mime-support, ${apache2:Depends}, php5-common (= ${binary:Version}), libmagic1, ucf, tzdata +Conflicts: libapache2-mod-php4, libapache2-mod-php5filter +Provides: ${php:Provides} +Suggests: php-pear +Description: server-side, HTML-embedded scripting language (Apache 2 module) + This package provides the PHP5 module for the Apache 2 webserver (as + found in the apache2-mpm-prefork package). Please note that this package + ONLY works with Apache's prefork MPM, as it is not compiled thread-safe. + . + ${php:Extensions} + . + PHP5 is an HTML-embedded scripting language. Much of its syntax is borrowed + from C, Java and Perl with a couple of unique PHP-specific features thrown + in. The goal of the language is to allow web developers to write dynamically + generated pages quickly. This version of PHP5 was built with the Suhosin patch. + +Package: libapache2-mod-php5filter +Section: httpd +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends}, mime-support, ${apache2:Depends}, php5-common (= ${binary:Version}), libmagic1, ucf, tzdata +Conflicts: libapache2-mod-php4, libapache2-mod-php5 +Provides: ${php:Provides} +Suggests: php-pear +Description: server-side, HTML-embedded scripting language (apache 2 filter module) + This package provides the PHP5 Filter module for the Apache 2 webserver (as + found in the apache2-mpm-prefork package). Please note that this package + ONLY works with Apache's prefork MPM, as it is not compiled thread-safe. + . + Unless you specifically need filter-module support, you most likely + should instead install libapache2-mod-php5. + . + ${php:Extensions} + . + PHP5 is an HTML-embedded scripting language. Much of its syntax is borrowed + from C, Java and Perl with a couple of unique PHP-specific features thrown + in. The goal of the language is to allow web developers to write dynamically + generated pages quickly. This version of PHP5 was built with the Suhosin patch. + +Package: php5-cgi +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends}, mime-support, php5-common (= ${binary:Version}), libmagic1, ucf, tzdata +Provides: ${php:Provides} +Suggests: php-pear +Description: server-side, HTML-embedded scripting language (CGI binary) + This package provides the /usr/lib/cgi-bin/php5 CGI interpreter built + for use in Apache 2 with mod_actions, or any other CGI httpd that + supports a similar mechanism. Note that MOST Apache users probably + want the libapache2-mod-php5 package. + . + ${php:Extensions} + . + PHP5 is an HTML-embedded scripting language. Much of its syntax is borrowed + from C, Java and Perl with a couple of unique PHP-specific features thrown + in. The goal of the language is to allow web developers to write dynamically + generated pages quickly. This version of PHP5 was built with the Suhosin patch. + +Package: php5-cli +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends}, mime-support, php5-common (= ${binary:Version}), libmagic1, ucf, tzdata +Provides: ${php:Provides} +Suggests: php-pear +Description: command-line interpreter for the php5 scripting language + This package provides the /usr/bin/php5 command interpreter, useful for + testing PHP scripts from a shell or performing general shell scripting tasks. + . + ${php:Extensions} + . + PHP5 is an HTML-embedded scripting language. Much of its syntax is borrowed + from C, Java and Perl with a couple of unique PHP-specific features thrown + in. The goal of the language is to allow web developers to write dynamically + generated pages quickly. This version of PHP5 was built with the Suhosin patch. + +Package: php5-dev +Depends: ${misc:Depends}, autoconf (>= 2.63), automake (>= 1.11), libssl-dev, libtool (>= 2.2), shtool, php5-common (>= ${binary:Version}) +Conflicts: ${libtool:Conflicts} +Architecture: any +Description: Files for PHP5 module development + This package provides the files from the PHP5 source needed for compiling + additional modules. + . + PHP5 is an HTML-embedded scripting language. Much of its syntax is borrowed + from C, Java and Perl with a couple of unique PHP-specific features thrown + in. The goal of the language is to allow web developers to write dynamically + generated pages quickly. This version of PHP5 was built with the Suhosin patch. + +Package: php5-dbg +Depends: ${misc:Depends}, php5-common (= ${binary:Version}), libapache2-mod-php5 (= ${binary:Version}) | libapache2-mod-php5filter (= ${binary:Version}) | php5-cgi (= ${binary:Version}) | php5-cli (= ${binary:Version}) | php5-curl (= ${binary:Version}) | php5-enchant (= ${binary:Version}) | php5-gd (= ${binary:Version}) | php5-gmp (= ${binary:Version}) | php5-intl (= ${binary:Version}) | php5-ldap (= ${binary:Version}) | php5-mcrypt (= ${binary:Version}) | php5-mysql (= ${binary:Version}) | php5-odbc (= ${binary:Version}) | php5-pgsql (= ${binary:Version}) | php5-pspell (= ${binary:Version}) | php5-recode (= ${binary:Version}) | php5-snmp (= ${binary:Version}) | php5-sqlite (= ${binary:Version}) | php5-sybase (= ${binary:Version}) | php5-tidy (= ${binary:Version}) | php5-xmlrpc (= ${binary:Version}) | php5-xsl (= ${binary:Version}) +Recommends: gdb +Section: debug +Priority: extra +Architecture: any +Description: Debug symbols for PHP5 + This package provides the debug symbols for PHP5 needed for properly + debugging errors in PHP5 with gdb. + . + PHP5 is an HTML-embedded scripting language. Much of its syntax is borrowed + from C, Java and Perl with a couple of unique PHP-specific features thrown + in. The goal of the language is to allow web developers to write dynamically + generated pages quickly. This version of PHP5 was built with the Suhosin patch. + +Package: php-pear +Architecture: all +Depends: ${misc:Depends}, php5-common (>= ${source:Version}), php5-cli +Recommends: gnupg +Conflicts: php-xml-util +Suggests: php5-dev +Replaces: php4-pear (<< 4:4.4.0-0), php-xml-util +Provides: php-xml-util +Description: PEAR - PHP Extension and Application Repository + This package contains the base PEAR classes for PHP, as well as the PEAR + installer. Many PEAR classes are already packaged for Debian, and can be + easily identified by names beginning with "php-", such as php-db and + php-auth. Note: to build and install precompiled PECL extensions, you + will need one of the php development packages installed. + . + PHP5 is an HTML-embedded scripting language. Much of its syntax is borrowed + from C, Java and Perl with a couple of unique PHP-specific features thrown + in. The goal of the language is to allow web developers to write dynamically + generated pages quickly. This version of PHP5 was built with the Suhosin patch. + +Package: php5-curl +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends}, ${php:Depends}, php5-common (= ${binary:Version}) +Description: CURL module for php5 + CURL is a library for getting files from FTP, GOPHER, HTTP server. + . + PHP5 is an HTML-embedded scripting language. Much of its syntax is borrowed + from C, Java and Perl with a couple of unique PHP-specific features thrown + in. The goal of the language is to allow web developers to write dynamically + generated pages quickly. This version of PHP5 was built with the Suhosin patch. + +Package: php5-enchant +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends}, ${php:Depends}, php5-common (= ${binary:Version}) +Description: Enchant module for php5 + This package provides a module for the generic spell checking library + Enchant, which can use engines such as ispell, aspell and myspells. + . + PHP5 is an HTML-embedded scripting language. Much of its syntax is borrowed + from C, Java and Perl with a couple of unique PHP-specific features thrown + in. The goal of the language is to allow web developers to write dynamically + generated pages quickly. This version of PHP5 was built with the Suhosin patch. + +Package: php5-gd +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends}, ${php:Depends}, php5-common (= ${binary:Version}) +Description: GD module for php5 + This package provides a module for handling graphics directly from PHP + scripts. It supports the PNG, JPEG, XPM formats as well as Freetype/ttf fonts. + . + PHP5 is an HTML-embedded scripting language. Much of its syntax is borrowed + from C, Java and Perl with a couple of unique PHP-specific features thrown + in. The goal of the language is to allow web developers to write dynamically + generated pages quickly. This version of PHP5 was built with the Suhosin patch. + +Package: php5-gmp +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends}, ${php:Depends}, php5-common (= ${binary:Version}) +Description: GMP module for php5 + This package provides a module for arbitrary precision arithmetic via the + GNU Multiple Precision (GMP) Arithmetic Library. + . + PHP5 is an HTML-embedded scripting language. Much of its syntax is borrowed + from C, Java and Perl with a couple of unique PHP-specific features thrown + in. The goal of the language is to allow web developers to write dynamically + generated pages quickly. This version of PHP5 was built with the Suhosin patch. + +Package: php5-intl +Architecture: any +Depends: ${shlibs:Depends}, ${php:Depends}, ${misc:Depends}, php5-common (= ${binary:Version}) +Description: internationalisation module for php5 + This package provides a module to ease internationalisation of PHP scripts. + . + PHP5 is an HTML-embedded scripting language. Much of its syntax is borrowed + from C, Java and Perl with a couple of unique PHP-specific features thrown + in. The goal of the language is to allow web developers to write dynamically + generated pages quickly. This version of PHP5 was built with the Suhosin patch. + +Package: php5-ldap +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends}, ${php:Depends}, php5-common (= ${binary:Version}) +Replaces: libapache2-mod-php5 (<< 5.3.1-1~) +Conflicts: libapache2-mod-php5 (<< 5.3.1-1~) +Description: LDAP module for php5 + This package provides a module for LDAP functions in PHP scripts. + . + PHP5 is an HTML-embedded scripting language. Much of its syntax is borrowed + from C, Java and Perl with a couple of unique PHP-specific features thrown + in. The goal of the language is to allow web developers to write dynamically + generated pages quickly. This version of PHP5 was built with the Suhosin patch. + +Package: php5-mysql +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends}, ${php:Depends}, php5-common (= ${binary:Version}) +Conflicts: php5-mysqli +Replaces: php5-mysqli +Description: MySQL module for php5 + This package provides modules for MySQL database connections directly from + PHP scripts. It includes the generic "mysql" module which can be used + to connect to all versions of MySQL, an improved "mysqli" module for + MySQL version 4.1 or later, and the pdo_mysql module for use with + the PHP Data Object extension. + . + PHP5 is an HTML-embedded scripting language. Much of its syntax is borrowed + from C, Java and Perl with a couple of unique PHP-specific features thrown + in. The goal of the language is to allow web developers to write dynamically + generated pages quickly. This version of PHP5 was built with the Suhosin patch. + +Package: php5-odbc +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends}, ${php:Depends}, php5-common (= ${binary:Version}) +Description: ODBC module for php5 + This package provides a module for database access through ODBC drivers. + It uses the unixODBC library as an ODBC provider. It also contains the + pdo_odbc module, for use with the PHP Data Object extension. + . + PHP5 is an HTML-embedded scripting language. Much of its syntax is borrowed + from C, Java and Perl with a couple of unique PHP-specific features thrown + in. The goal of the language is to allow web developers to write dynamically + generated pages quickly. This version of PHP5 was built with the Suhosin patch. + +Package: php5-pgsql +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends}, ${php:Depends}, php5-common (= ${binary:Version}) +Description: PostgreSQL module for php5 + This package provides a module for PostgreSQL database connections + directly from PHP scripts. It also includes the pdo_pgsql module for + use with the PHP Data Object extension. + . + PHP5 is an HTML-embedded scripting language. Much of its syntax is borrowed + from C, Java and Perl with a couple of unique PHP-specific features thrown + in. The goal of the language is to allow web developers to write dynamically + generated pages quickly. This version of PHP5 was built with the Suhosin patch. + +Package: php5-pspell +Architecture: any +Depends: ${shlibs:Depends}, ${php:Depends}, ${misc:Depends}, php5-common (= ${binary:Version}) +Description: pspell module for php5 + This package provides a module for pspell functions in PHP scripts. + . + PHP5 is an HTML-embedded scripting language. Much of its syntax is borrowed + from C, Java and Perl with a couple of unique PHP-specific features thrown + in. The goal of the language is to allow web developers to write dynamically + generated pages quickly. This version of PHP5 was built with the Suhosin patch. + +Package: php5-recode +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends}, ${php:Depends}, php5-common (= ${binary:Version}) +Description: recode module for php5 + This package provides a module for recode - character set recoding. + . + PHP5 is an HTML-embedded scripting language. Much of its syntax is borrowed + from C, Java and Perl with a couple of unique PHP-specific features thrown + in. The goal of the language is to allow web developers to write dynamically + generated pages quickly. This version of PHP5 was built with the Suhosin patch. + +Package: php5-snmp +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends}, ${php:Depends}, php5-common (= ${binary:Version}) +Description: SNMP module for php5 + This package provides a module for SNMP functions in PHP scripts. + . + PHP5 is an HTML-embedded scripting language. Much of its syntax is borrowed + from C, Java and Perl with a couple of unique PHP-specific features thrown + in. The goal of the language is to allow web developers to write dynamically + generated pages quickly. This version of PHP5 was built with the Suhosin patch. + +Package: php5-sqlite +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends}, ${php:Depends}, php5-common (= ${binary:Version}) +Description: SQLite module for php5 + This package provides a module allowing you to use the SQLite self-contained + database engine from within your PHP scripts, eliminating the need for a full + SQL server installation like MySQL or PostgreSQL. It also includes the + pdo_sqlite module, for use with the PHP Data Object extension. + . + PHP5 is an HTML-embedded scripting language. Much of its syntax is borrowed + from C, Java and Perl with a couple of unique PHP-specific features thrown + in. The goal of the language is to allow web developers to write dynamically + generated pages quickly. This version of PHP5 was built with the Suhosin patch. + +Package: php5-sybase +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends}, ${php:Depends}, php5-common (= ${binary:Version}) +Provides: php5-mssql +Description: Sybase / MS SQL Server module for php5 + This package provides a module for Sybase and Microsoft SQL Server + database connections directly from PHP scripts. It also includes the + pdo_dblib module for use with the PHP Data Object extension. + . + PHP5 is an HTML-embedded scripting language. Much of its syntax is borrowed + from C, Java and Perl with a couple of unique PHP-specific features thrown + in. The goal of the language is to allow web developers to write dynamically + generated pages quickly. This version of PHP5 was built with the Suhosin patch. + +Package: php5-tidy +Architecture: any +Depends: ${shlibs:Depends}, ${php:Depends}, ${misc:Depends}, php5-common (= ${binary:Version}) +Description: tidy module for php5 + This package provides a module for tidy functions in PHP scripts. + . + Tidy is an extension based on Libtidy (http://tidy.sf.net/) and allows + a PHP developer to clean, repair, and traverse HTML, XHTML, and XML + documents -- including ones with embedded scripting languages such as PHP + or ASP within them using OO constructs. + . + PHP5 is an HTML-embedded scripting language. Much of its syntax is borrowed + from C, Java and Perl with a couple of unique PHP-specific features thrown + in. The goal of the language is to allow web developers to write dynamically + generated pages quickly. This version of PHP5 was built with the Suhosin patch. + +Package: php5-xmlrpc +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends}, ${php:Depends}, php5-common (= ${binary:Version}) +Description: XML-RPC module for php5 + This package provides a module for XML-RPC functions in PHP scripts. + . + PHP5 is an HTML-embedded scripting language. Much of its syntax is borrowed + from C, Java and Perl with a couple of unique PHP-specific features thrown + in. The goal of the language is to allow web developers to write dynamically + generated pages quickly. This version of PHP5 was built with the Suhosin patch. + +Package: php5-xsl +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends}, ${php:Depends}, php5-common (= ${binary:Version}) +Description: XSL module for php5 + This package provides a module for XSL using the libxslt XSL parser. + . + PHP5 is an HTML-embedded scripting language. Much of its syntax is borrowed + from C, Java and Perl with a couple of unique PHP-specific features thrown + in. The goal of the language is to allow web developers to write dynamically + generated pages quickly. This version of PHP5 was built with the Suhosin patch. --- php5-5.3.2.orig/debian/libapache2-mod-php5filter.conf +++ php5-5.3.2/debian/libapache2-mod-php5filter.conf @@ -0,0 +1,6 @@ + + + SetInputFilter PHP + SetOutputFilter PHP + + --- php5-5.3.2.orig/debian/php5-module.postinst +++ php5-5.3.2/debian/php5-module.postinst @@ -0,0 +1,6 @@ +#!/bin/sh + +set -e + +#EXTRA# +#DEBHELPER# --- php5-5.3.2.orig/debian/libapache2-mod-php5.prerm +++ php5-5.3.2/debian/libapache2-mod-php5.prerm @@ -0,0 +1,20 @@ +#!/bin/sh + +set -e + +#DEBHELPER# + +if [ "$1" != "remove" -a "$1" != "purge" ]; then + exit 0 +fi + +if [ -e /etc/apache2/apache2.conf ]; then + if [ -e /etc/apache2/mods-enabled/php5.load ] && [ "$1" != "purge" ]; then + # set a flag to remember the original state + # useful when reinstalling the same version. + touch /etc/php5/apache2/.start + fi + a2dismod php5 || true +fi + +exit 0 --- php5-5.3.2.orig/debian/php5-common.php5.cron.d +++ php5-5.3.2/debian/php5-common.php5.cron.d @@ -0,0 +1,7 @@ +# /etc/cron.d/php5: crontab fragment for php5 +# This purges session files older than X, where X is defined in seconds +# as the largest value of session.gc_maxlifetime from all your php.ini +# files, or 24 minutes if not defined. See /usr/lib/php5/maxlifetime + +# Look for and purge old sessions every 30 minutes +09,39 * * * * root [ -x /usr/lib/php5/maxlifetime ] && [ -d /var/lib/php5 ] && find /var/lib/php5/ -type f -cmin +$(/usr/lib/php5/maxlifetime) -print0 | xargs -n 200 -r -0 rm --- php5-5.3.2.orig/debian/php5-dev.lintian-overrides +++ php5-5.3.2/debian/php5-dev.lintian-overrides @@ -0,0 +1 @@ +php5-dev: script-not-executable ./usr/lib/php5/build/run-tests.php --- php5-5.3.2.orig/debian/modulelist +++ php5-5.3.2/debian/modulelist @@ -0,0 +1,17 @@ +curl CURL +enchant Enchant +gd GD +gmp GMP +intl Internationalisation +ldap LDAP +mysql MySQL +odbc ODBC +pgsql PostgreSQL +pspell pspell +recode recode +snmp SNMP +sqlite SQLite +sybase Sybase mssql +tidy tidy +xmlrpc XML-RPC +xsl XSL --- php5-5.3.2.orig/debian/php5-dev.postinst +++ php5-5.3.2/debian/php5-dev.postinst @@ -0,0 +1,17 @@ +#!/bin/sh + +set -e + +#DEBHELPER# + +if [ "$1" != "configure" ]; then + exit 0 +fi + +for i in php-config phpize; do + update-alternatives \ + --install /usr/bin/"$i" $i /usr/bin/"$i"5 50 \ + --slave /usr/share/man/man1/"$i".1.gz "$i".1.gz /usr/share/man/man1/"$i"5.1.gz +done + +exit 0 --- php5-5.3.2.orig/debian/libapache2-mod-php5filter.dirs +++ php5-5.3.2/debian/libapache2-mod-php5filter.dirs @@ -0,0 +1,3 @@ +/etc/apache2/mods-available +/etc/php5/apache2filter +/usr/lib/apache2/modules --- php5-5.3.2.orig/debian/libapache2-mod-php5.conf +++ php5-5.3.2/debian/libapache2-mod-php5.conf @@ -0,0 +1,16 @@ + + + SetHandler application/x-httpd-php + + + SetHandler application/x-httpd-php-source + + # To re-enable php in user directories comment the following lines + # (from to .) Do NOT set it to On as it + # prevents .htaccess files from disabling it. + + + php_admin_value engine Off + + + --- php5-5.3.2.orig/debian/php5-cgi.prerm +++ php5-5.3.2/debian/php5-cgi.prerm @@ -0,0 +1,14 @@ +#!/bin/sh + +set -e + +#DEBHELPER# + +if [ "$1" != "remove" -a "$1" != "purge" ]; then + exit 0 +fi + +update-alternatives --remove php-cgi /usr/bin/php5-cgi +update-alternatives --remove php-cgi-bin /usr/lib/cgi-bin/php5 + +exit 0 --- php5-5.3.2.orig/debian/php5-common.README.Debian +++ php5-5.3.2/debian/php5-common.README.Debian @@ -0,0 +1,148 @@ +Table of Contents: +--------------------------------------------------------------------- +* Using php5 with threaded webservers (eg. apache2-mpm-worker, caudium) +* Problems starting apache2 with php5 +* Session storage +* Other caveats +* php5-cgi and apache2 +* Restarting your web server after installing modules +* Configuration layout +* Timezone data from system timezone database +* Further documentation, errata, etc + + +Using php5 with threaded webservers (eg. apache2-mpm-worker, caudium) +--------------------------------------------------------------------- + + After much back-and-forth with upstream (and even building our + packages thread-safe for a while), we're currently admitting defeat + on that front, and are NOT building any thread-safe versions of + PHP for any webservers. Our recommendation is that, if you need + to use a threaded webserver, you should use php5-cgi in either + 'normal' CGI mode, or in FastCGI mode. + +Adam Conrad Sun, 06 Feb 2005 08:24:56 -0700 + + +Problems starting apache2 with php5 +---------------------------------- + + At the time of writing, there are no *known* incompatibilities + between any of the php5 modules we ship. However, there have been + many bug reports in the past due to dynamically-loaded extensions, + and it's possible there are still bugs in the released packages. If + Apache fails to start after you install php5, check your list of + enabled extensions at the bottom of /etc/php5/apache2/php.ini (and in + the per-sapi configuration directory), and try commenting out or + reordering the extensions until you find a combination that works. + + For example, in the past the mhash extension was incompatible with + some other common extensions. To work around this, you could list + the mhash extension first in php.ini. + + If you find an extension-related bug in the Debian packages, and you + are willing to help debug the problem, please send us a bug report + that lists all enabled PHP5 extensions (extension=), in the order + in which they appear in php.ini, as well as all enabled Apache modules + (LoadModule), with version numbers where possible. + +Steve Langasek Fri, 26 Apr 2002 13:39:00 -0500 + + +Session storage +--------------- + + Session files are stored in /var/lib/php5. For security purposes, this + directory is unreadable by non-root users. This means that php5 running + from apache2, for example, will not be able to clean up stale session + files. Instead, we have a cron job run every 30 mins that cleans up + stale session files; /etc/cron.d/php5. You may need to modify how + often this runs, if you've modified session.gc_maxlifetime in your + php.ini; otherwise, it may be too lax or overly aggressive in cleaning + out stale session files. + +Andres Salomon Fri, 03 Sep 2004 03:12:54 -0400 + + +Other caveats +------------- + + * extension_dir and include_path should be commented out, if you don't need + special settings for them so php will look in compiled-in paths. If you set + them, you should also add appropriate php install directories there. + +php5-cgi and apache2 +--------------------------- + +In 99% of cases, what you probably want isn't php5-cgi at all, but rather +the libapache2-mod-php5 package, which will configure itself on +installation and Just Work(tm). If, however, you have a need to use +the CGI version of php5 with apache2, the following should help +get you going, though there are dozens of different ways to do this. + +Please note that this process will never be made automatic, as php5-cgi +is meant to be a webserver-agnostic package that can be used with any +httpd, and we don't want it to conflict with the httpd-specific packages +such as libapache2-mod-php5. If both were installed side-by-side and both +were automatically enabled, the results would be a bit confusing, obviously. + +To use php5-cgi with apache2 + 1) activate CGI (it's on by default in default debian setups) + a) If using the prefork MPM, use 'a2enmod cgi' + b) If using a threaded MPM, use 'a2enmod cgid' + 2) activate mod_actions (a2enmod actions) + 3) Add the following to a config snippet in /etc/apache2/conf.d + + Action application/x-httpd-php /cgi-bin/php5 + + +Adam Conrad Sat, 04 Sep 2004 23:04:26 -0600 + +Configuration Layout +--------------------------------------------------------------------- + +Each of the 3 SAPI's (apache2/cgi/cli) have a different +central configuration file /etc/php5/$SAPI/php.ini. + +Additionally, each SAPI is configured with the compile-time option + + --with-config-file-scan-dir=/etc/php5/$SAPI/conf.d + +which for all SAPI's is actually a symlink pointing to a central +directory /etc/php5/conf.d. Any file found in this directory ending +in .ini will be treated as a configuration file by the php SAPI. + +The rationale with this method is that each SAPI can thus be +identically configured with a minimal amount of conffile handling, +but at the same time if you want to have SAPI-specific configuration, +you can just remove the symlink. + +sean finney Thu, 19 Oct 2006 23:33:05 +0200 + +Timezone data from system timezone database +--------------------------------------------------------------------- + +Debian PHP has been patched to use of the system wide timezone database +from the tzdata package, making sure any updates there are automatically +used by PHP aswell. + +Note that this requires that the PHP process has access to /etc/localtime +and /usr/share/zoneinfo. For any regular installation this should be the +case, but in specific secured environments when reading the timezone +database is impossible PHP will give a "Timezone database is corrupt - +this should *never* happen!" error. + +Thijs Kinkhorst Wed, 23 Jul 2008 17:42:06 +0200 + +Further documentation, errata, etc +--------------------------------------------------------------------- + +Errata and other general information about PHP in Debian can be found +in the debian wiki at: + + http://wiki.debian.org/PHP + +If after reading the documentation in this file you still have unanswered +questions, that's a good next place to go. + +sean finney Thu, 19 Oct 2006 22:57:52 +0200 --- php5-5.3.2.orig/debian/watch +++ php5-5.3.2/debian/watch @@ -0,0 +1,5 @@ +version=3 +opts=downloadurlmangle=s#/a/#/this/#,\ +filenamemangle=s#/get/(php-(5\.[0-9\.]*)\.tar\.gz)/.*#$1#,\ +dversionmangle=s/\.dfsg\.\d+// \ +http://www.php.net/downloads.php /get/php-(5\.[0-9\.]*)\.tar\.gz/from/a/mirror debian --- php5-5.3.2.orig/debian/compat +++ php5-5.3.2/debian/compat @@ -0,0 +1 @@ +5 --- php5-5.3.2.orig/debian/suhosin_patch.watch +++ php5-5.3.2/debian/suhosin_patch.watch @@ -0,0 +1,8 @@ +# Check for new versions with: +# uscan --watchfile debian/suhosin_patch.watch --package suhosin-patch +# don't forget to update the version in this file when updating the patch! +version=3 + +opts=uversionmangle=s/RC/~RC/ \ +http://www.hardened-php.net/suhosin/download.html \ + http://download.suhosin.org/suhosin-patch-(.*)\.patch\.gz 5.3.1-0.9.8 --- php5-5.3.2.orig/debian/php5-common.TODO +++ php5-5.3.2/debian/php5-common.TODO @@ -0,0 +1,7 @@ +- Debconf: support removing of extension lines from php.ini on + dpkg-reconfigure, not just adding. Adjust wording of debconf template + to match. +- move default config files out of /usr/share/doc/php5/examples, per + policy +- more modules +- roxen support (oh my) --- php5-5.3.2.orig/debian/php5-sapi.postrm +++ php5-5.3.2/debian/php5-sapi.postrm @@ -0,0 +1,18 @@ +#! /bin/sh + +set -e + +phpini=/etc/php5/@sapi@/php.ini + +case "$1" in +purge) + if which ucf >/dev/null 2>&1; then + ucf --purge $phpini + fi + rm -f $phpini + ;; +esac + +#DEBHELPER# + +exit 0 --- php5-5.3.2.orig/debian/copyright.header +++ php5-5.3.2/debian/copyright.header @@ -0,0 +1,42 @@ +This package was debianized by Gergely Madarasz on +Tue, 16 Nov 1999 19:33:42 +0100. + +Previous maintainers of the package also include: + Petr Cech , who did a LOT of work on these packages. + Adam Conrad , who got a significant chunk of input and + help from Steve Langasek and + Andres Salomon . + +The current maintainers can be contacted via the debian php packaging list: + pkg-php-maint@lists.alioth.debian.org + +It was downloaded from www.php.net/version5/downloads +Changes: removed ext/dbase dir (non-free) + +Noteworthy/non-trivial patches: + patch: suhosin.patch + contributor: http://www.hardened-php.net/ + copyright © 2006-2007 Stefan Esser + may be used/modified/redistributed under the terms of PHP itself + + patch: use_embedded_timezonedb.patch + contributor: Joe Orton + copyright © 2008 Red Hat, Inc. + may be used/modified/redistributed under the terms of PHP itself + +Upstream Authors: The PHP group for PHP5, Andi Gutmans and Zeev Suraski +for libzend + +The file ext/standard/rand.c contains the following clause with a statement +that isn't compatible with the DFSG: + "The code as Shawn received it included the following notice: + + Copyright (C) 1997 Makoto Matsumoto and Takuji Nishimura. When + you use this, send an e-mail to with + an appropriate reference to your work." +However, this requirement has been rescinded by the copyright holder in +message <48E334A2.6050301@math.sci.hiroshima-u.ac.jp> to bug #498621. + +Two different licences apply to this package, one for PHP5, the other for +libzend. Both licences are shown here below. + --- php5-5.3.2.orig/debian/php5-common.postrm +++ php5-5.3.2/debian/php5-common.postrm @@ -0,0 +1,12 @@ +#! /bin/bash + +set -e + +if [ "$1" = "purge" ] +then + rm -rf /var/lib/php5 +fi + +#DEBHELPER# + +exit 0 --- php5-5.3.2.orig/debian/patches/fix_broken_locale_tests.patch +++ php5-5.3.2/debian/patches/fix_broken_locale_tests.patch @@ -0,0 +1,29 @@ +Description: Backport upstream fix for tests with incorrect locale name +Origin: upstream + +Index: php/ext/standard/tests/strings/strtolower.phpt +=================================================================== +--- php.orig/ext/standard/tests/strings/strtolower.phpt ++++ php/ext/standard/tests/strings/strtolower.phpt +@@ -22,7 +22,7 @@ if( substr(PHP_OS, 0, 3) == 'WIN') { + if( substr(PHP_OS, 0, 3) == 'WIN') { + setlocale(LC_ALL, 'C'); + } else { +- setlocale(LC_ALL, 'en-US.UTF-8'); ++ setlocale(LC_ALL, 'en_US.UTF-8'); + } + + echo "*** Testing strtolower() with all 256 chars ***\n"; +Index: php/ext/standard/tests/strings/strtoupper1.phpt +=================================================================== +--- php.orig/ext/standard/tests/strings/strtoupper1.phpt ++++ php/ext/standard/tests/strings/strtoupper1.phpt +@@ -22,7 +22,7 @@ if( substr(PHP_OS, 0, 3) == 'WIN') { + if( substr(PHP_OS, 0, 3) == 'WIN') { + setlocale(LC_ALL, 'C'); + } else { +- setlocale(LC_ALL, 'en-US.UTF-8'); ++ setlocale(LC_ALL, 'en_US.UTF-8'); + } + + echo "*** Testing strtoupper() with all 256 chars ***\n"; --- php5-5.3.2.orig/debian/patches/fix_broken_gd_bundled-specific_tests.patch +++ php5-5.3.2/debian/patches/fix_broken_gd_bundled-specific_tests.patch @@ -0,0 +1,92 @@ +Description: Backport upstream fix for tests that require the bundled + gd library but are not skipped in case the external library is used. +Origin: upstream + +Index: php/ext/gd/tests/bug42434.phpt +=================================================================== +--- php.orig/ext/gd/tests/bug42434.phpt ++++ php/ext/gd/tests/bug42434.phpt +@@ -5,6 +5,7 @@ Bug #42434 (ImageLine w/ antialias = 1px + if (!extension_loaded('gd')) { + die('skip gd extension not available'); + } ++if (!GD_BUNDLED) die("skip requires bundled GD library\n"); + ?> + --FILE-- + + --FILE-- + + --FILE-- + + --FILE-- + + --FILE-- + + --FILE-- + + --FILE-- + $@ ++ libtoolize --copy --install --automake --force ++ aclocal + + configure: aclocal.m4 configure.in $(config_m4_files) + @echo rebuilding $@ --- php5-5.3.2.orig/debian/patches/force_libmysqlclient_r.patch +++ php5-5.3.2/debian/patches/force_libmysqlclient_r.patch @@ -0,0 +1,41 @@ +Description: Force linking to mysqlclient_r to avoid symbol conflicts. + apr-util's mysql driver is linked against that version of the library + but due to missing proper symbols versioning we are forced to link to + the re-entrant library too. +Origin: other, http://bugs.debian.org/469081 +Forwarded: not-needed +Last-Update: 2010-01-18 + +--- a/ext/mysql/config.m4 ++++ b/ext/mysql/config.m4 +@@ -78,7 +78,7 @@ elif test "$PHP_MYSQL" != "no"; then + Note that the MySQL client library is not bundled anymore!]) + fi + +- if test "$enable_maintainer_zts" = "yes"; then ++ if true || test "$enable_maintainer_zts" = "yes"; then + MYSQL_LIBNAME=mysqlclient_r + else + MYSQL_LIBNAME=mysqlclient +--- a/ext/mysqli/config.m4 ++++ b/ext/mysqli/config.m4 +@@ -29,7 +29,7 @@ elif test "$PHP_MYSQLI" != "no"; then + MYSQL_LIB_CFG='--libmysqld-libs' + dnl mysqlnd doesn't support embedded, so we have to add some extra stuff + mysqli_extra_sources="mysqli_embedded.c" +- elif test "$enable_maintainer_zts" = "yes"; then ++ elif true || test "$enable_maintainer_zts" = "yes"; then + MYSQL_LIB_CFG='--libs_r' + MYSQL_LIB_NAME='mysqlclient_r' + else +--- a/ext/pdo_mysql/config.m4 ++++ b/ext/pdo_mysql/config.m4 +@@ -64,7 +64,7 @@ if test "$PHP_PDO_MYSQL" != "no"; then + if test "x$SED" = "x"; then + AC_PATH_PROG(SED, sed) + fi +- if test "$enable_maintainer_zts" = "yes"; then ++ if true || test "$enable_maintainer_zts" = "yes"; then + PDO_MYSQL_LIBNAME=mysqlclient_r + PDO_MYSQL_LIBS=`$PDO_MYSQL_CONFIG --libs_r | $SED -e "s/'//g"` + else --- php5-5.3.2.orig/debian/patches/libdb_is_-ldb +++ php5-5.3.2/debian/patches/libdb_is_-ldb @@ -0,0 +1,17 @@ +Description: Let configure check detect version-less libdbs to support + newer versions without patching the configure code. +Origin: vendor +Forwarded: no +Last-Update: 2010-01-18 + +--- pkg-php.orig/ext/dba/config.m4 ++++ pkg-php/ext/dba/config.m4 +@@ -306,7 +306,7 @@ if test "$PHP_DB4" != "no"; then + break + fi + done +- PHP_DBA_DB_CHECK(4, db-4.6 db-4.5 db-4.4 db-4.3 db-4.2 db-4.1 db-4.0 db-4 db4 db, [(void)db_create((DB**)0, (DB_ENV*)0, 0)]) ++ PHP_DBA_DB_CHECK(4, db db-4.6 db-4.5 db-4.4 db-4.3 db-4.2 db-4.1 db-4.0 db-4 db4, [(void)db_create((DB**)0, (DB_ENV*)0, 0)]) + fi + PHP_DBA_STD_RESULT(db4,Berkeley DB4) + --- php5-5.3.2.orig/debian/patches/113-php.ini_securitynotes.patch +++ php5-5.3.2/debian/patches/113-php.ini_securitynotes.patch @@ -0,0 +1,44 @@ +Description: Adds security notices to php.ini settings +Origin: vendor +Forwarded: not-needed +Last-Update: 2010-01-18 + +--- a/php.ini-development ++++ b/php.ini-development +@@ -335,6 +335,11 @@ allow_call_time_pass_reference = Off + + ; Safe Mode + ; http://php.net/safe-mode ++; NOTE: this is considered a "broken" security measure. ++; Applications relying on this feature will not recieve full ++; support by the security team. For more information please ++; see /usr/share/doc/php5-common/README.Debian.security ++; + safe_mode = Off + + ; By default, Safe Mode does a UID compare check when +@@ -376,6 +381,12 @@ safe_mode_protected_env_vars = LD_LIBRAR + ; or per-virtualhost web server configuration file. This directive is + ; *NOT* affected by whether Safe Mode is turned On or Off. + ; http://php.net/open-basedir ++ ++; NOTE: this is considered a "broken" security measure. ++; Applications relying on this feature will not recieve full ++; support by the security team. For more information please ++; see /usr/share/doc/php5-common/README.Debian.security ++; + ;open_basedir = + + ; This directive allows you to disable certain functions for security reasons. +@@ -688,6 +699,11 @@ request_order = "GP" + ; register_globals to be on; Using form variables as globals can easily lead + ; to possible security problems, if the code is not very well thought of. + ; http://php.net/register-globals ++ ++; NOTE: applications relying on this feature will not recieve full ++; support by the security team. For more information please ++; see /usr/share/doc/php5-common/README.Debian.security ++; + register_globals = Off + + ; Determines whether the deprecated long $HTTP_*_VARS type predefined variables --- php5-5.3.2.orig/debian/patches/strcmp_null-OnUpdateErrorLog.patch +++ php5-5.3.2/debian/patches/strcmp_null-OnUpdateErrorLog.patch @@ -0,0 +1,13 @@ +--- /dev/null ++++ b/tests/func/null-new_val.phpt +@@ -0,0 +1,10 @@ ++--TEST-- ++ini_restore strcmp NULL new_val ++--FILE-- ++ ++--EXPECT-- --- php5-5.3.2.orig/debian/patches/017-pread_pwrite_disable.patch +++ php5-5.3.2/debian/patches/017-pread_pwrite_disable.patch @@ -0,0 +1,28 @@ +Description: Completely disable the usage of pread/pwrite + . + This is an old patch and should be re-checked. +Origin: vendor +Bug-Debian: http://bugs.debian.org/261311 +Forwarded: no +Last-Update: 2010-01-18 + +--- pkg-php.orig/acinclude.m4 ++++ pkg-php/acinclude.m4 +@@ -1219,7 +1219,7 @@ $1 + } + + ],[ +- ac_cv_pwrite=yes ++ ac_cv_pwrite=no + ],[ + ac_cv_pwrite=no + ],[ +@@ -1248,7 +1248,7 @@ $1 + exit(0); + } + ],[ +- ac_cv_pread=yes ++ ac_cv_pread=no + ],[ + ac_cv_pread=no + ],[ --- php5-5.3.2.orig/debian/patches/shtool_mkdir_-p_-race-condition.patch +++ php5-5.3.2/debian/patches/shtool_mkdir_-p_-race-condition.patch @@ -0,0 +1,27 @@ +Description: Workaround a race condition in shtool's mkdir -p + This workaround can be affected by another race condition where a + different process running under a different user creates the directory, + which would make the chown/chmod calls fail. + . + This is the version of the patch sent to shtool upstream. +Origin: vendor +Forwarded: yes +Last-Update: 2010-02-18 + +Index: php/build/shtool +=================================================================== +--- php.orig/build/shtool ++++ php/build/shtool +@@ -991,7 +991,11 @@ mkdir ) + if [ ".$opt_t" = .yes ]; then + echo "mkdir $pathcomp" 1>&2 + fi +- mkdir $pathcomp || errstatus=$? ++ mkdir $pathcomp || { ++ _errstatus=$? ++ [ -d "$pathcomp" ] || errstatus=${_errstatus} ++ unset _errstatus ++ } + if [ ".$opt_o" != . ]; then + if [ ".$opt_t" = .yes ]; then + echo "chown $opt_o $pathcomp" 1>&2 --- php5-5.3.2.orig/debian/patches/php5-CVE-2011-1092.patch +++ php5-5.3.2/debian/patches/php5-CVE-2011-1092.patch @@ -0,0 +1,21 @@ +Subject: Fixed bug #54193 (Integer overflow in shmop_read()) +Origin: http://svn.php.net/viewvc/?view=revision&revision=309018 + +CVE-2011-1092 + +Patch differs from upstream commit in that the change to the NEWS file +was removed to reduce conflicts. + +Index: ext/shmop/shmop.c +=================================================================== +--- ext/shmop/shmop.c (revision 309017) ++++ ext/shmop/shmop.c (revision 309018) +@@ -256,7 +256,7 @@ + RETURN_FALSE; + } + +- if (start + count > shmop->size || count < 0) { ++ if (count < 0 || start > (INT_MAX - count) || start + count > shmop->size) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "count is out of range"); + RETURN_FALSE; + } --- php5-5.3.2.orig/debian/patches/qdbm-is-usr_include_qdbm.patch +++ php5-5.3.2/debian/patches/qdbm-is-usr_include_qdbm.patch @@ -0,0 +1,22 @@ +Description: Look for qdbm under $prefix/include/qdbm too. + The Debian package ships the header files under that directory, for + unknown reasons. +Origin: vendor +Forwarded: not-needed +Last-Update: 2010-02-21 + +Index: php/ext/dba/config.m4 +=================================================================== +--- php.orig/ext/dba/config.m4 ++++ php/ext/dba/config.m4 +@@ -109,6 +109,10 @@ if test "$PHP_QDBM" != "no"; then + THIS_PREFIX=$i + THIS_INCLUDE=$i/include/depot.h + break ++ elif test -f "$i/include/qdbm/depot.h"; then ++ THIS_PREFIX=$i ++ THIS_INCLUDE=$i/include/qdbm/depot.h ++ break + fi + done + --- php5-5.3.2.orig/debian/patches/043-recode_size_t.patch +++ php5-5.3.2/debian/patches/043-recode_size_t.patch @@ -0,0 +1,17 @@ +Description: Check for possible overflows in recode_string() +Origin: vendor +Bug-Debian: http://bugs.debian.org/294986, http://bugs.debian.org/459020 +Forwarded: no +Last-Update: 2010-01-18 + +--- pkg-php.orig/ext/recode/recode.c ++++ pkg-php/ext/recode/recode.c +@@ -149,7 +149,7 @@ PHP_FUNCTION(recode_string) + int req_len, str_len; + char *req, *str; + +- if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "ss", &req, &req_len, &str, &str_len) == FAILURE) { ++ if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "ss", &req, &req_len, &str, &str_len) == FAILURE || str_len < 0) { + return; + } + --- php5-5.3.2.orig/debian/patches/115-autoconf_ftbfs.patch +++ php5-5.3.2/debian/patches/115-autoconf_ftbfs.patch @@ -0,0 +1,76 @@ +--- a/configure.in ++++ b/configure.in +@@ -1,7 +1,7 @@ + ## $Id: configure.in 295792 2010-03-03 16:36:07Z johannes $ -*- autoconf -*- + dnl ## Process this file with autoconf to produce a configure script. + +-divert(1) ++dnl divert(1) + + dnl ## Diversion 1 is the autoconf + automake setup phase. We also + dnl ## set the PHP version, deal with platform-specific compile +@@ -290,7 +290,7 @@ sinclude(TSRM/threads.m4) + sinclude(TSRM/tsrm.m4) + + +-divert(2) ++dnl divert(2) + + dnl ## Diversion 2 is where we set PHP-specific options and come up + dnl ## with reasonable default values for them. We check for pthreads here +@@ -329,7 +329,7 @@ if test "$enable_maintainer_zts" = "yes" + PTHREADS_FLAGS + fi + +-divert(3) ++dnl divert(3) + + dnl ## In diversion 3 we check for compile-time options to the PHP + dnl ## core and how to deal with different system dependencies. +@@ -675,7 +675,7 @@ if test "x$php_crypt_r" = "x1"; then + PHP_CRYPT_R_STYLE + fi + +-divert(4) ++dnl divert(4) + + dnl ## In diversion 4 we check user-configurable general settings. + +@@ -916,7 +916,7 @@ else + AC_MSG_RESULT([using system default]) + fi + +-divert(5) ++dnl divert(5) + + dnl ## In diversion 5 we check which extensions should be compiled. + dnl ## All of these are normally in the extension directories. +--- a/ext/standard/config.m4 ++++ b/ext/standard/config.m4 +@@ -1,6 +1,6 @@ + dnl $Id: config.m4 295350 2010-02-22 00:34:22Z pajoye $ -*- autoconf -*- + +-divert(3)dnl ++dnl divert(3)dnl + + dnl + dnl Check if flush should be called explicitly after buffered io +@@ -333,7 +333,7 @@ dnl + AC_CHECK_FUNCS(getcwd getwd asinh acosh atanh log1p hypot glob strfmon nice fpclass isinf isnan mempcpy strpncpy) + AC_FUNC_FNMATCH + +-divert(5)dnl ++dnl divert(5)dnl + + dnl + dnl Check if there is a support means of creating a new process +--- a/scripts/phpize.m4 ++++ b/scripts/phpize.m4 +@@ -1,6 +1,6 @@ + dnl This file becomes configure.in for self-contained extensions. + +-divert(1) ++dnl divert(1) + + AC_PREREQ(2.13) + AC_INIT(config.m4) --- php5-5.3.2.orig/debian/patches/052-phpinfo_no_configure.patch +++ php5-5.3.2/debian/patches/052-phpinfo_no_configure.patch @@ -0,0 +1,33 @@ +Description: Disable configure parameters on phpinfo() output + . + Patch needs to be discussed with upstream and the issues that lead to + its addition re-checked. Quoting changelog entry: + . + Add [...], which disables the display of our "Configure Command" in + phpinfo(), which was the source of many bogus bug reports over the + years, due to people misinterpreting its meaning. +Origin: vendor +Forwarded: no +Last-Update: 2010-01-18 + +--- a/ext/standard/info.c ++++ b/ext/standard/info.c +@@ -693,7 +693,7 @@ PHPAPI void php_print_info(int flag TSRM + #ifdef ARCHITECTURE + php_info_print_table_row(2, "Architecture", ARCHITECTURE); + #endif +-#ifdef CONFIGURE_COMMAND ++#if 0 + php_info_print_table_row(2, "Configure Command", CONFIGURE_COMMAND ); + #endif + +--- a/ext/standard/tests/general_functions/phpinfo.phpt ++++ b/ext/standard/tests/general_functions/phpinfo.phpt +@@ -20,7 +20,6 @@ PHP Version => %s + + System => %s + Build Date => %s%a +-Configure Command => %s + Server API => Command Line Interface + Virtual Directory Support => %s + Configuration File (php.ini) Path => %s --- php5-5.3.2.orig/debian/patches/100-recode_is_shared.patch +++ php5-5.3.2/debian/patches/100-recode_is_shared.patch @@ -0,0 +1,16 @@ +Description: Turn recode conflicts error message into a warning. The + recode extension is packaged as a shared library in Debian. +Origin: vendor +Forwarded: no +Last-Update: 2010-01-18 + +--- pkg-php.orig/ext/recode/config9.m4 ++++ pkg-php/ext/recode/config9.m4 +@@ -13,6 +13,6 @@ if test "$PHP_RECODE" != "no"; then + fi + + if test -n "$recode_conflict"; then +- AC_MSG_ERROR([recode extension can not be configured together with:$recode_conflict]) ++ AC_MSG_WARN([recode extension can not be used together with:$recode_conflict]) + fi + fi --- php5-5.3.2.orig/debian/patches/php5-CVE-2011-1153.patch +++ php5-5.3.2/debian/patches/php5-CVE-2011-1153.patch @@ -0,0 +1,253 @@ +Subject: Fixed bug #54247 (format-string vulnerability on Phar) +Origin: http://svn.php.net/viewvc?view=revision&revision=309221 +Bug: http://bugs.php.net/bug.php?id=54247 + +CVE-2011-1153 + +Index: ext/phar/phar_object.c +=================================================================== +--- ext/phar/phar_object.c (revision 309220) ++++ ext/phar/phar_object.c (revision 309221) +@@ -1141,7 +1141,7 @@ + RETVAL_BOOL(phar_open_from_filename(fname, fname_len, alias, alias_len, REPORT_ERRORS, NULL, &error TSRMLS_CC) == SUCCESS); + + if (error) { +- zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, error); ++ zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, "%s", error); + efree(error); + } + } /* }}} */ +@@ -2007,7 +2007,7 @@ + phar_flush(phar_obj->arc.archive, 0, 0, 0, &error TSRMLS_CC); + + if (error) { +- zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, error); ++ zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, "%s", error); + efree(error); + } + +@@ -2070,7 +2070,7 @@ + phar_obj->arc.archive->ufp = pass.fp; + phar_flush(phar_obj->arc.archive, 0, 0, 0, &error TSRMLS_CC); + if (error) { +- zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, error); ++ zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, "%s", error); + efree(error); + } + } else { +@@ -2327,7 +2327,7 @@ + phar_flush(phar, 0, 0, 1, &error TSRMLS_CC); + + if (error) { +- zend_throw_exception_ex(spl_ce_BadMethodCallException, 0 TSRMLS_CC, error); ++ zend_throw_exception_ex(spl_ce_BadMethodCallException, 0 TSRMLS_CC, "%s", error); + efree(error); + efree(oldpath); + return NULL; +@@ -2787,7 +2787,7 @@ + + phar_flush(phar_obj->arc.archive, NULL, 0, 0, &error TSRMLS_CC); + if (error) { +- zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, error); ++ zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, "%s", error); + efree(error); + } + +@@ -2862,7 +2862,7 @@ + efree(error); + goto valid_alias; + } +- zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, error); ++ zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, "%s", error); + efree(error); + RETURN_FALSE; + } +@@ -2899,7 +2899,7 @@ + phar_obj->arc.archive->alias = oldalias; + phar_obj->arc.archive->alias_len = oldalias_len; + phar_obj->arc.archive->is_temporary_alias = old_temp; +- zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, error); ++ zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, "%s", error); + if (readd) { + zend_hash_add(&(PHAR_GLOBALS->phar_alias_map), oldalias, oldalias_len, (void*)&(phar_obj->arc.archive), sizeof(phar_archive_data*), NULL); + } +@@ -2972,7 +2972,7 @@ + phar_flush(phar_obj->arc.archive, 0, 0, 0, &error TSRMLS_CC); + + if (error) { +- zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, error); ++ zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, "%s", error); + efree(error); + } + } +@@ -3021,7 +3021,7 @@ + } + phar_flush(phar_obj->arc.archive, (char *) &zstub, len, 0, &error TSRMLS_CC); + if (error) { +- zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, error); ++ zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, "%s", error); + efree(error); + } + RETURN_TRUE; +@@ -3037,7 +3037,7 @@ + phar_flush(phar_obj->arc.archive, stub, stub_len, 0, &error TSRMLS_CC); + + if (error) { +- zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, error); ++ zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, "%s", error); + efree(error); + } + +@@ -3098,7 +3098,7 @@ + stub = phar_create_default_stub(index, webindex, &stub_len, &error TSRMLS_CC); + + if (error) { +- zend_throw_exception_ex(spl_ce_UnexpectedValueException, 0 TSRMLS_CC, error); ++ zend_throw_exception_ex(spl_ce_UnexpectedValueException, 0 TSRMLS_CC, "%s", error); + efree(error); + if (stub) { + efree(stub); +@@ -3120,7 +3120,7 @@ + } + + if (error) { +- zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, error); ++ zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, "%s", error); + efree(error); + RETURN_FALSE; + } +@@ -3175,7 +3175,7 @@ + + phar_flush(phar_obj->arc.archive, 0, 0, 0, &error TSRMLS_CC); + if (error) { +- zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, error); ++ zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, "%s", error); + efree(error); + } + break; +@@ -3477,7 +3477,7 @@ + phar_flush(phar_obj->arc.archive, 0, 0, 0, &error TSRMLS_CC); + + if (error) { +- zend_throw_exception_ex(spl_ce_BadMethodCallException, 0 TSRMLS_CC, error); ++ zend_throw_exception_ex(spl_ce_BadMethodCallException, 0 TSRMLS_CC, "%s", error); + efree(error); + } + } +@@ -3517,7 +3517,7 @@ + phar_flush(phar_obj->arc.archive, 0, 0, 0, &error TSRMLS_CC); + + if (error) { +- zend_throw_exception_ex(spl_ce_BadMethodCallException, 0 TSRMLS_CC, error); ++ zend_throw_exception_ex(spl_ce_BadMethodCallException, 0 TSRMLS_CC, "%s", error); + efree(error); + } + +@@ -3617,7 +3617,7 @@ + if (FAILURE == phar_copy_entry_fp(oldentry, &newentry, &error TSRMLS_CC)) { + efree(newentry.filename); + php_stream_close(newentry.fp); +- zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, error); ++ zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, "%s", error); + efree(error); + return; + } +@@ -3628,7 +3628,7 @@ + phar_flush(phar_obj->arc.archive, 0, 0, 0, &error TSRMLS_CC); + + if (error) { +- zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, error); ++ zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, "%s", error); + efree(error); + } + +@@ -3774,7 +3774,7 @@ + phar_flush(*pphar, 0, 0, 0, &error TSRMLS_CC); + + if (error) { +- zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, error); ++ zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, "%s", error); + efree(error); + } + } +@@ -3810,7 +3810,7 @@ + phar_flush(*pphar, 0, 0, 0, &error TSRMLS_CC); + + if (error) { +- zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, error); ++ zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, "%s", error); + efree(error); + } + } +@@ -3896,7 +3896,7 @@ + phar_flush(phar_obj->arc.archive, 0, 0, 0, &error TSRMLS_CC); + + if (error) { +- zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, error); ++ zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, "%s", error); + efree(error); + } + +@@ -4152,7 +4152,7 @@ + phar_flush(phar_obj->arc.archive, 0, 0, 0, &error TSRMLS_CC); + + if (error) { +- zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, error); ++ zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, "%s", error); + efree(error); + } + } +@@ -4179,7 +4179,7 @@ + phar_flush(phar_obj->arc.archive, 0, 0, 0, &error TSRMLS_CC); + + if (error) { +- zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, error); ++ zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, "%s", error); + efree(error); + RETURN_FALSE; + } else { +@@ -4727,7 +4727,7 @@ + phar_flush(entry_obj->ent.entry->phar, 0, 0, 0, &error TSRMLS_CC); + + if (error) { +- zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, error); ++ zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, "%s", error); + efree(error); + } + } +@@ -4813,7 +4813,7 @@ + phar_flush(entry_obj->ent.entry->phar, 0, 0, 0, &error TSRMLS_CC); + + if (error) { +- zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, error); ++ zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, "%s", error); + efree(error); + } + } +@@ -4858,7 +4858,7 @@ + phar_flush(entry_obj->ent.entry->phar, 0, 0, 0, &error TSRMLS_CC); + + if (error) { +- zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, error); ++ zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, "%s", error); + efree(error); + RETURN_FALSE; + } else { +@@ -5040,7 +5040,7 @@ + phar_flush(entry_obj->ent.entry->phar, 0, 0, 0, &error TSRMLS_CC); + + if (error) { +- zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, error); ++ zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, "%s", error); + efree(error); + } + +@@ -5115,7 +5115,7 @@ + phar_flush(entry_obj->ent.entry->phar, 0, 0, 0, &error TSRMLS_CC); + + if (error) { +- zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, error); ++ zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, "%s", error); + efree(error); + } + RETURN_TRUE; --- php5-5.3.2.orig/debian/patches/fix_var_dump_64bit.phpt.patch +++ php5-5.3.2/debian/patches/fix_var_dump_64bit.phpt.patch @@ -0,0 +1,25 @@ +Description: Backport upstream fix for broken var_dump test +Origin: http://svn.php.net/viewvc/php/php-src/trunk/ext/standard/tests/general_functions/var_dump_64bit.phpt?r1=279276&r2=295009&view=patch +Bug-Debian: http://bugs.debian.org/571772 +--- php.orig/ext/standard/tests/general_functions/var_dump_64bit.phpt ++++ php/ext/standard/tests/general_functions/var_dump_64bit.phpt +@@ -462,8 +462,7 @@ + -- Iteration 14 -- + string(22) "1234 + 5678 +- 9100 +-abcda" ++ 9100 abcda" + + *** Testing var_dump() on boolean variables *** + -- Iteration 1 -- +@@ -1303,8 +1302,7 @@ array(14) { + [13]=> + string(22) "1234 + 5678 +- 9100 +-abcda" ++ 9100 abcda" + } + array(15) { + [0]=> --- php5-5.3.2.orig/debian/patches/057-no_apache_installed.patch +++ php5-5.3.2/debian/patches/057-no_apache_installed.patch @@ -0,0 +1,89 @@ +Description: Disable installed-apache configure check +Origin: vendor +Forwarded: no +Last-Update: 2010-01-18 + +--- pkg-php.orig/sapi/apache2handler/config.m4 ++++ pkg-php/sapi/apache2handler/config.m4 +@@ -59,13 +59,13 @@ if test "$PHP_APXS2" != "no"; then + + APACHE_CFLAGS="$APACHE_CPPFLAGS -I$APXS_INCLUDEDIR $APR_CFLAGS $APU_CFLAGS" + +- # Test that we're trying to configure with apache 2.x +- PHP_AP_EXTRACT_VERSION($APXS_HTTPD) +- if test "$APACHE_VERSION" -le 2000000; then +- AC_MSG_ERROR([You have enabled Apache 2 support while your server is Apache 1.3. Please use the appropiate switch --with-apxs (without the 2)]) +- elif test "$APACHE_VERSION" -lt 2000044; then +- AC_MSG_ERROR([Please note that Apache version >= 2.0.44 is required]) +- fi ++dnl # Test that we're trying to configure with apache 2.x ++dnl PHP_AP_EXTRACT_VERSION($APXS_HTTPD) ++dnl if test "$APACHE_VERSION" -le 2000000; then ++dnl AC_MSG_ERROR([You have enabled Apache 2 support while your server is Apache 1.3. Please use the appropiate switch --with-apxs (without the 2)]) ++dnl elif test "$APACHE_VERSION" -lt 2000044; then ++dnl AC_MSG_ERROR([Please note that Apache version >= 2.0.44 is required]) ++dnl fi + + APXS_LIBEXECDIR='$(INSTALL_ROOT)'`$APXS -q LIBEXECDIR` + if test -z `$APXS -q SYSCONFDIR`; then +--- pkg-php.orig/sapi/apache/config.m4 ++++ pkg-php/sapi/apache/config.m4 +@@ -56,11 +56,11 @@ if test "$PHP_APXS" != "no"; then + APXS_HTTPD=`$APXS -q SBINDIR`/`$APXS -q TARGET` + APACHE_INCLUDE=-I$APXS_INCLUDEDIR + +- # Test that we're trying to configure with apache 1.x +- PHP_AP_EXTRACT_VERSION($APXS_HTTPD) +- if test "$APACHE_VERSION" -ge 2000000; then +- AC_MSG_ERROR([You have enabled Apache 1.3 support while your server is Apache 2. Please use the appropiate switch --with-apxs2]) +- fi ++dnl # Test that we're trying to configure with apache 1.x ++dnl PHP_AP_EXTRACT_VERSION($APXS_HTTPD) ++dnl if test "$APACHE_VERSION" -ge 2000000; then ++dnl AC_MSG_ERROR([You have enabled Apache 1.3 support while your server is Apache 2. Please use the appropiate switch --with-apxs2]) ++dnl fi + + for flag in $APXS_CFLAGS; do + case $flag in +--- pkg-php.orig/sapi/apache2filter/config.m4 ++++ pkg-php/sapi/apache2filter/config.m4 +@@ -60,13 +60,13 @@ if test "$PHP_APXS2FILTER" != "no"; then + + APACHE_CFLAGS="$APACHE_CPPFLAGS -I$APXS_INCLUDEDIR $APR_CFLAGS $APU_CFLAGS" + +- # Test that we're trying to configure with apache 2.x +- PHP_AP_EXTRACT_VERSION($APXS_HTTPD) +- if test "$APACHE_VERSION" -le 2000000; then +- AC_MSG_ERROR([You have enabled Apache 2 support while your server is Apache 1.3. Please use the appropiate switch --with-apxs (without the 2)]) +- elif test "$APACHE_VERSION" -lt 2000040; then +- AC_MSG_ERROR([Please note that Apache version >= 2.0.40 is required]) +- fi ++dnl # Test that we're trying to configure with apache 2.x ++dnl PHP_AP_EXTRACT_VERSION($APXS_HTTPD) ++dnl if test "$APACHE_VERSION" -le 2000000; then ++dnl AC_MSG_ERROR([You have enabled Apache 2 support while your server is Apache 1.3. Please use the appropiate switch --with-apxs (without the 2)]) ++dnl elif test "$APACHE_VERSION" -lt 2000040; then ++dnl AC_MSG_ERROR([Please note that Apache version >= 2.0.40 is required]) ++dnl fi + + APXS_LIBEXECDIR='$(INSTALL_ROOT)'`$APXS -q LIBEXECDIR` + if test -z `$APXS -q SYSCONFDIR`; then +--- pkg-php.orig/sapi/apache_hooks/config.m4 ++++ pkg-php/sapi/apache_hooks/config.m4 +@@ -57,11 +57,11 @@ if test "$PHP_APACHE_HOOKS" != "no"; the + APXS_HTTPD=`$APXS -q SBINDIR`/`$APXS -q TARGET` + APACHE_INCLUDE=-I$APXS_INCLUDEDIR + +- # Test that we're trying to configure with apache 1.x +- PHP_AP_EXTRACT_VERSION($APXS_HTTPD) +- if test "$APACHE_VERSION" -ge 2000000; then +- AC_MSG_ERROR([You have enabled Apache 1.3 support while your server is Apache 2. Please use the appropiate switch --with-apxs2]) +- fi ++dnl # Test that we're trying to configure with apache 1.x ++dnl PHP_AP_EXTRACT_VERSION($APXS_HTTPD) ++dnl if test "$APACHE_VERSION" -ge 2000000; then ++dnl AC_MSG_ERROR([You have enabled Apache 1.3 support while your server is Apache 2. Please use the appropiate switch --with-apxs2]) ++dnl fi + + for flag in $APXS_CFLAGS; do + case $flag in --- php5-5.3.2.orig/debian/patches/php5-CVE-2011-1471.patch +++ php5-5.3.2/debian/patches/php5-CVE-2011-1471.patch @@ -0,0 +1,46 @@ +Subject: Fixed bug #49072 (feof never returns true for damaged file in zip). +Origin: http://svn.php.net/viewvc?view=revision&revision=307917 +Bug: http://bugs.php.net/bug.php?id=49072 + +CVE-2011-1471 + +Patch differs from upstream commit in that it drops the add NEWS file +entry to reduce patch conflicts and is backported to earlier versions of +php. + +Index: ext/zip/zip_stream.c +=================================================================== +--- ext/zip/zip_stream.c (revision 307916) ++++ ext/zip/zip_stream.c (revision 307917) +@@ -30,11 +30,11 @@ + /* {{{ php_zip_ops_read */ + static size_t php_zip_ops_read(php_stream *stream, char *buf, size_t count TSRMLS_DC) + { +- int n = 0; ++ ssize_t n = 0; + STREAM_DATA_FROM_STREAM(); + + if (self->za && self->zf) { +- n = (size_t)zip_fread(self->zf, buf, (int)count); ++ n = zip_fread(self->zf, buf, count); + if (n < 0) { + int ze, se; + zip_file_error_get(self->zf, &ze, &se); +@@ -42,13 +42,15 @@ + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Zip stream error: %s", zip_file_strerror(self->zf)); + return 0; + } +- if (n == 0 || n < count) { ++ /* cast count to signed value to avoid possibly negative n ++ * being cast to unsigned value */ ++ if (n == 0 || n < (ssize_t)count) { + stream->eof = 1; + } else { + self->cursor += n; + } + } +- return (n < 1 ? 0 : n); ++ return (n < 1 ? 0 : (size_t)n); + } + /* }}} */ + --- php5-5.3.2.orig/debian/patches/bad_whatis_entries.patch +++ php5-5.3.2/debian/patches/bad_whatis_entries.patch @@ -0,0 +1,34 @@ +Description: Fix whatis entries of the man pages +Origin: vendor +Forwarded: http://bugs.php.net/50795 +Last-Update: 2010-01-18 + +--- a/sapi/cli/php.1.in ++++ b/sapi/cli/php.1.in +@@ -1,6 +1,5 @@ + .TH PHP 1 "2010" "The PHP Group" "Scripting Language" + .SH NAME +-.TP 15 + php \- PHP Command Line Interface 'CLI' + .SH SYNOPSIS + .B php +--- a/scripts/man1/php-config.1.in ++++ b/scripts/man1/php-config.1.in +@@ -1,6 +1,5 @@ + .TH php\-config 1 "2006" "The PHP Group" "Scripting Language" + .SH NAME +-.TP 15 + php\-config \- get information about PHP configuration and compile options + .SH SYNOPSIS + .B php\-config +--- a/scripts/man1/phpize.1.in ++++ b/scripts/man1/phpize.1.in +@@ -1,7 +1,6 @@ + .TH phpize 1 "2006" "The PHP Group" "Scripting Language" + .SH NAME +-.TP 15 +-phpize - prepare a PHP extension for compiling ++phpize \- prepare a PHP extension for compiling + .SH SYNOPSIS + .B phpize + [options] --- php5-5.3.2.orig/debian/patches/002-static_openssl.patch +++ php5-5.3.2/debian/patches/002-static_openssl.patch @@ -0,0 +1,13 @@ +--- pkg-php.orig/acinclude.m4 ++++ pkg-php/acinclude.m4 +@@ -2373,9 +2373,7 @@ AC_DEFUN([PHP_SETUP_OPENSSL],[ + + PHP_ADD_INCLUDE($OPENSSL_INCDIR) + +- PHP_CHECK_LIBRARY(crypto, CRYPTO_free, [ +- PHP_ADD_LIBRARY(crypto,,$1) +- ],[ ++ PHP_CHECK_LIBRARY(crypto, CRYPTO_free, [:],[ + AC_MSG_ERROR([libcrypto not found!]) + ],[ + -L$OPENSSL_LIBDIR --- php5-5.3.2.orig/debian/patches/CVE-2010-2225.patch +++ php5-5.3.2/debian/patches/CVE-2010-2225.patch @@ -0,0 +1,192 @@ +Description: fix sensitive information disclosure or arbitrary code + execution via use-after-free in SplObjectStorage unserializer +Origin: upstream, http://svn.php.net/viewvc?view=revision&revision=300843 + +diff -Nur php5-5.3.2/ext/spl/spl_observer.c php5-5.3.2.new/ext/spl/spl_observer.c +--- php5-5.3.2/ext/spl/spl_observer.c 2010-01-03 04:23:27.000000000 -0500 ++++ php5-5.3.2.new/ext/spl/spl_observer.c 2010-09-14 10:56:54.000000000 -0400 +@@ -115,6 +115,7 @@ + zval_ptr_dtor(&element->inf); + } /* }}} */ + ++ + spl_SplObjectStorageElement* spl_object_storage_get(spl_SplObjectStorage *intern, zval *obj TSRMLS_DC) /* {{{ */ + { + spl_SplObjectStorageElement *element; +@@ -632,15 +633,24 @@ + zval_ptr_dtor(&pcount); + + while(count-- > 0) { ++ spl_SplObjectStorageElement *pelement; ++ + if (*p != ';') { + goto outexcept; + } + ++p; ++ if(*p != 'O' && *p != 'C' && *p != 'r') { ++ goto outexcept; ++ } + ALLOC_INIT_ZVAL(pentry); + if (!php_var_unserialize(&pentry, &p, s + buf_len, &var_hash TSRMLS_CC)) { + zval_ptr_dtor(&pentry); + goto outexcept; + } ++ if(Z_TYPE_P(pentry) != IS_OBJECT) { ++ zval_ptr_dtor(&pentry); ++ goto outexcept; ++ } + ALLOC_INIT_ZVAL(pinf); + if (*p == ',') { /* new version has inf */ + ++p; +@@ -649,6 +659,16 @@ + goto outexcept; + } + } ++ ++ pelement = spl_object_storage_get(intern, pentry TSRMLS_CC); ++ if(pelement) { ++ if(pelement->inf) { ++ var_push_dtor(&var_hash, &pelement->inf); ++ } ++ if(pelement->obj) { ++ var_push_dtor(&var_hash, &pelement->obj); ++ } ++ } + spl_object_storage_attach(intern, pentry, pinf TSRMLS_CC); + zval_ptr_dtor(&pentry); + zval_ptr_dtor(&pinf); +diff -Nur php5-5.3.2/ext/spl/tests/SplObjectStorage_unserialize_bad.phpt php5-5.3.2.new/ext/spl/tests/SplObjectStorage_unserialize_bad.phpt +--- php5-5.3.2/ext/spl/tests/SplObjectStorage_unserialize_bad.phpt 1969-12-31 19:00:00.000000000 -0500 ++++ php5-5.3.2.new/ext/spl/tests/SplObjectStorage_unserialize_bad.phpt 2010-09-14 10:58:30.000000000 -0400 +@@ -0,0 +1,45 @@ ++--TEST-- ++SPL: Test that serialized blob contains unique elements (CVE-2010-2225) ++--FILE-- ++unserialize($blob); ++ var_dump($so); ++} catch(UnexpectedValueException $e) { ++ echo $e->getMessage()."\n"; ++} ++} ++--EXPECTF-- ++Error at offset 6 of 34 bytes ++Error at offset 46 of 89 bytes ++object(SplObjectStorage)#2 (1) { ++ ["storage":"SplObjectStorage":private]=> ++ array(2) { ++ ["%s"]=> ++ array(2) { ++ ["obj"]=> ++ object(stdClass)#3 (0) { ++ } ++ ["inf"]=> ++ int(1) ++ } ++ ["%s"]=> ++ array(2) { ++ ["obj"]=> ++ object(stdClass)#1 (0) { ++ } ++ ["inf"]=> ++ object(stdClass)#4 (0) { ++ } ++ } ++ } ++} ++ +diff -Nur php5-5.3.2/ext/spl/tests/SplObjectStorage_unserialize_nested.phpt php5-5.3.2.new/ext/spl/tests/SplObjectStorage_unserialize_nested.phpt +--- php5-5.3.2/ext/spl/tests/SplObjectStorage_unserialize_nested.phpt 1969-12-31 19:00:00.000000000 -0500 ++++ php5-5.3.2.new/ext/spl/tests/SplObjectStorage_unserialize_nested.phpt 2010-09-14 10:58:30.000000000 -0400 +@@ -0,0 +1,47 @@ ++--TEST-- ++SPL: Test unserializing tested & linked storage ++--FILE-- ++a = $a; ++ ++$so = new SplObjectStorage(); ++ ++$so[$o] = 1; ++$so[$a] = 2; ++ ++$s = serialize($so); ++echo $s."\n"; ++ ++$so1 = unserialize($s); ++var_dump($so1); ++ ++--EXPECTF-- ++C:16:"SplObjectStorage":76:{x:i:2;O:8:"stdClass":1:{s:1:"a";O:8:"stdClass":0:{}},i:1;;r:2;,i:2;;m:a:0:{}} ++object(SplObjectStorage)#4 (1) { ++ ["storage":"SplObjectStorage":private]=> ++ array(2) { ++ ["%s"]=> ++ array(2) { ++ ["obj"]=> ++ object(stdClass)#5 (1) { ++ ["a"]=> ++ object(stdClass)#6 (0) { ++ } ++ } ++ ["inf"]=> ++ int(1) ++ } ++ ["%s"]=> ++ array(2) { ++ ["obj"]=> ++ object(stdClass)#6 (0) { ++ } ++ ["inf"]=> ++ int(2) ++ } ++ } ++} ++ +diff -Nur php5-5.3.2/ext/standard/php_var.h php5-5.3.2.new/ext/standard/php_var.h +--- php5-5.3.2/ext/standard/php_var.h 2010-01-03 04:23:27.000000000 -0500 ++++ php5-5.3.2.new/ext/standard/php_var.h 2010-09-14 10:56:57.000000000 -0400 +@@ -60,6 +60,7 @@ + var_destroy(&(var_hash)) + + PHPAPI void var_replace(php_unserialize_data_t *var_hash, zval *ozval, zval **nzval); ++PHPAPI void var_push_dtor(php_unserialize_data_t *var_hash, zval **val); + PHPAPI void var_destroy(php_unserialize_data_t *var_hash); + + #define PHP_VAR_UNSERIALIZE_ZVAL_CHANGED(var_hash, ozval, nzval) \ +diff -Nur php5-5.3.2/ext/standard/var_unserializer.c php5-5.3.2.new/ext/standard/var_unserializer.c +--- php5-5.3.2/ext/standard/var_unserializer.c 2010-03-03 11:52:40.000000000 -0500 ++++ php5-5.3.2.new/ext/standard/var_unserializer.c 2010-09-14 10:56:59.000000000 -0400 +@@ -55,7 +55,7 @@ + var_hash->data[var_hash->used_slots++] = *rval; + } + +-static inline void var_push_dtor(php_unserialize_data_t *var_hashx, zval **rval) ++PHPAPI void var_push_dtor(php_unserialize_data_t *var_hashx, zval **rval) + { + var_entries *var_hash = var_hashx->first_dtor, *prev = NULL; + +diff -Nur php5-5.3.2/ext/standard/var_unserializer.re php5-5.3.2.new/ext/standard/var_unserializer.re +--- php5-5.3.2/ext/standard/var_unserializer.re 2010-01-03 03:22:14.000000000 -0500 ++++ php5-5.3.2.new/ext/standard/var_unserializer.re 2010-09-14 10:58:08.000000000 -0400 +@@ -54,7 +54,7 @@ + var_hash->data[var_hash->used_slots++] = *rval; + } + +-static inline void var_push_dtor(php_unserialize_data_t *var_hashx, zval **rval) ++PHPAPI void var_push_dtor(php_unserialize_data_t *var_hashx, zval **rval) + { + var_entries *var_hash = var_hashx->first_dtor, *prev = NULL; + --- php5-5.3.2.orig/debian/patches/CVE-2010-2531.patch +++ php5-5.3.2/debian/patches/CVE-2010-2531.patch @@ -0,0 +1,283 @@ +Description: fix sensitive information disclosure via error messages +Origin: upstream, http://svn.php.net/viewvc?view=revision&revision=301144 + +diff -Nur php5-5.3.2/ext/standard/php_var.h php5-5.3.2.new/ext/standard/php_var.h +--- php5-5.3.2/ext/standard/php_var.h 2010-09-14 11:00:31.000000000 -0400 ++++ php5-5.3.2.new/ext/standard/php_var.h 2010-09-14 11:00:38.000000000 -0400 +@@ -33,6 +33,8 @@ + + PHPAPI void php_var_dump(zval **struc, int level TSRMLS_DC); + PHPAPI void php_var_export(zval **struc, int level TSRMLS_DC); ++PHPAPI void php_var_export_ex(zval **struc, int level, smart_str *buf TSRMLS_DC); ++ + PHPAPI void php_debug_zval_dump(zval **struc, int level TSRMLS_DC); + + /* typdef HashTable php_serialize_data_t; */ +diff -Nur php5-5.3.2/ext/standard/tests/general_functions/var_export_error2.phpt php5-5.3.2.new/ext/standard/tests/general_functions/var_export_error2.phpt +--- php5-5.3.2/ext/standard/tests/general_functions/var_export_error2.phpt 2009-01-26 17:27:03.000000000 -0500 ++++ php5-5.3.2.new/ext/standard/tests/general_functions/var_export_error2.phpt 2010-09-14 11:00:41.000000000 -0400 +@@ -14,12 +14,5 @@ + ?> + ===DONE=== + --EXPECTF-- +-stdClass::__set_state(array( +- 'p' => +- stdClass::__set_state(array( +- 'p' => +- stdClass::__set_state(array( +- 'p' => +- stdClass::__set_state(array( + + Fatal error: Nesting level too deep - recursive dependency? in %s on line 9 +\ No newline at end of file +diff -Nur php5-5.3.2/ext/standard/tests/general_functions/var_export_error3.phpt php5-5.3.2.new/ext/standard/tests/general_functions/var_export_error3.phpt +--- php5-5.3.2/ext/standard/tests/general_functions/var_export_error3.phpt 2009-01-26 17:27:03.000000000 -0500 ++++ php5-5.3.2.new/ext/standard/tests/general_functions/var_export_error3.phpt 2010-09-14 11:00:43.000000000 -0400 +@@ -14,14 +14,5 @@ + ?> + ===DONE=== + --EXPECTF-- +-array ( +- 0 => +- array ( +- 0 => +- array ( +- 0 => +- array ( +- 0 => +- array ( + + Fatal error: Nesting level too deep - recursive dependency? in %s on line 9 +\ No newline at end of file +diff -Nur php5-5.3.2/ext/standard/var.c php5-5.3.2.new/ext/standard/var.c +--- php5-5.3.2/ext/standard/var.c 2010-01-03 04:23:27.000000000 -0500 ++++ php5-5.3.2.new/ext/standard/var.c 2010-09-14 11:00:46.000000000 -0400 +@@ -331,27 +331,47 @@ + } + /* }}} */ + ++#define buffer_append_spaces(buf, num_spaces) \ ++ do { \ ++ char *tmp_spaces; \ ++ int tmp_spaces_len; \ ++ tmp_spaces_len = spprintf(&tmp_spaces, 0,"%*c", num_spaces, ' '); \ ++ smart_str_appendl(buf, tmp_spaces, tmp_spaces_len); \ ++ efree(tmp_spaces); \ ++ } while(0); ++ + static int php_array_element_export(zval **zv TSRMLS_DC, int num_args, va_list args, zend_hash_key *hash_key) /* {{{ */ + { + int level; ++ smart_str *buf; + + level = va_arg(args, int); ++ buf = va_arg(args, smart_str *); + + if (hash_key->nKeyLength == 0) { /* numeric key */ +- php_printf("%*c%ld => ", level + 1, ' ', hash_key->h); ++ buffer_append_spaces(buf, level+1); ++ smart_str_append_long(buf, hash_key->h); ++ smart_str_appendl(buf, " => ", 4); + } else { /* string key */ + char *key, *tmp_str; + int key_len, tmp_len; + key = php_addcslashes(hash_key->arKey, hash_key->nKeyLength - 1, &key_len, 0, "'\\", 2 TSRMLS_CC); + tmp_str = php_str_to_str_ex(key, key_len, "\0", 1, "' . \"\\0\" . '", 12, &tmp_len, 0, NULL); +- php_printf("%*c'", level + 1, ' '); +- PHPWRITE(tmp_str, tmp_len); +- php_printf("' => "); ++ ++ buffer_append_spaces(buf, level + 1); ++ ++ smart_str_appendc(buf, '\''); ++ smart_str_appendl(buf, tmp_str, tmp_len); ++ smart_str_appendl(buf, "' => ", 5); ++ + efree(key); + efree(tmp_str); + } +- php_var_export(zv, level + 2 TSRMLS_CC); +- PUTS (",\n"); ++ php_var_export_ex(zv, level + 2, buf TSRMLS_CC); ++ ++ smart_str_appendc(buf, ','); ++ smart_str_appendc(buf, '\n'); ++ + return 0; + } + /* }}} */ +@@ -359,24 +379,33 @@ + static int php_object_element_export(zval **zv TSRMLS_DC, int num_args, va_list args, zend_hash_key *hash_key) /* {{{ */ + { + int level; ++ smart_str *buf; + char *prop_name, *class_name; + + level = va_arg(args, int); ++ buf = va_arg(args, smart_str *); + +- php_printf("%*c", level + 1, ' '); ++ buffer_append_spaces(buf, level + 2); + if (hash_key->nKeyLength != 0) { + zend_unmangle_property_name(hash_key->arKey, hash_key->nKeyLength - 1, &class_name, &prop_name); +- php_printf(" '%s' => ", prop_name); ++ ++ smart_str_appendc(buf, '\''); ++ smart_str_appends(buf, prop_name); ++ smart_str_appendc(buf, '\''); + } else { +- php_printf(" %ld => ", hash_key->h); ++ smart_str_append_long(buf, hash_key->h); + } +- php_var_export(zv, level + 2 TSRMLS_CC); +- PUTS (",\n"); ++ ++ smart_str_appendl(buf, " => ", 4); ++ php_var_export_ex(zv, level + 2, buf TSRMLS_CC); ++ smart_str_appendc(buf, ','); ++ smart_str_appendc(buf, '\n'); ++ + return 0; + } + /* }}} */ + +-PHPAPI void php_var_export(zval **struc, int level TSRMLS_DC) /* {{{ */ ++PHPAPI void php_var_export_ex(zval **struc, int level, smart_str *buf TSRMLS_DC) /* {{{ */ + { + HashTable *myht; + char *tmp_str, *tmp_str2; +@@ -386,82 +415,109 @@ + + switch (Z_TYPE_PP(struc)) { + case IS_BOOL: +- php_printf("%s", Z_LVAL_PP(struc) ? "true" : "false"); ++ if (Z_LVAL_PP(struc)) { ++ smart_str_appendl(buf, "true", 4); ++ } else { ++ smart_str_appendl(buf, "false", 5); ++ } + break; + case IS_NULL: +- php_printf("NULL"); ++ smart_str_appendl(buf, "NULL", 4); + break; + case IS_LONG: +- php_printf("%ld", Z_LVAL_PP(struc)); ++ smart_str_append_long(buf, Z_LVAL_PP(struc)); + break; + case IS_DOUBLE: +- php_printf("%.*H", (int) EG(precision), Z_DVAL_PP(struc)); ++ tmp_len = spprintf(&tmp_str, 0,"%.*H", (int) EG(precision), Z_DVAL_PP(struc)); ++ smart_str_appendl(buf, tmp_str, tmp_len); ++ efree(tmp_str); + break; + case IS_STRING: + tmp_str = php_addcslashes(Z_STRVAL_PP(struc), Z_STRLEN_PP(struc), &tmp_len, 0, "'\\", 2 TSRMLS_CC); + tmp_str2 = php_str_to_str_ex(tmp_str, tmp_len, "\0", 1, "' . \"\\0\" . '", 12, &tmp_len2, 0, NULL); +- PUTS ("'"); +- PHPWRITE(tmp_str2, tmp_len2); +- PUTS ("'"); ++ ++ smart_str_appendc(buf, '\''); ++ smart_str_appendl(buf, tmp_str2, tmp_len2); ++ smart_str_appendc(buf, '\''); ++ + efree(tmp_str2); + efree(tmp_str); + break; + case IS_ARRAY: + myht = Z_ARRVAL_PP(struc); + if (level > 1) { +- php_printf("\n%*c", level - 1, ' '); ++ smart_str_appendc(buf, '\n'); ++ buffer_append_spaces(buf, level - 1); + } +- PUTS ("array (\n"); +- zend_hash_apply_with_arguments(myht TSRMLS_CC, (apply_func_args_t) php_array_element_export, 1, level, 0); ++ smart_str_appendl(buf, "array (\n", 8); ++ zend_hash_apply_with_arguments(myht TSRMLS_CC, (apply_func_args_t) php_array_element_export, 2, level, buf); ++ + if (level > 1) { +- php_printf("%*c", level - 1, ' '); ++ buffer_append_spaces(buf, level - 1); + } +- PUTS(")"); ++ smart_str_appendc(buf, ')'); ++ + break; + case IS_OBJECT: + myht = Z_OBJPROP_PP(struc); + if (level > 1) { +- php_printf("\n%*c", level - 1, ' '); ++ smart_str_appendc(buf, '\n'); ++ buffer_append_spaces(buf, level - 1); + } + Z_OBJ_HANDLER(**struc, get_class_name)(*struc, &class_name, &class_name_len, 0 TSRMLS_CC); +- php_printf ("%s::__set_state(array(\n", class_name); ++ ++ smart_str_appendl(buf, class_name, class_name_len); ++ smart_str_appendl(buf, "::__set_state(array(\n", 21); ++ + efree(class_name); + if (myht) { +- zend_hash_apply_with_arguments(myht TSRMLS_CC, (apply_func_args_t) php_object_element_export, 1, level); ++ zend_hash_apply_with_arguments(myht TSRMLS_CC, (apply_func_args_t) php_object_element_export, 2, level, buf); + } + if (level > 1) { +- php_printf("%*c", level - 1, ' '); ++ buffer_append_spaces(buf, level - 1); + } +- php_printf ("))"); ++ smart_str_appendl(buf, "))", 2); ++ + break; + default: +- PUTS ("NULL"); ++ smart_str_appendl(buf, "NULL", 4); + break; + } + } + /* }}} */ + ++/* FOR BC reasons, this will always perform and then print */ ++PHPAPI void php_var_export(zval **struc, int level TSRMLS_DC) /* {{{ */ ++{ ++ smart_str buf = {0}; ++ php_var_export_ex(struc, level, &buf TSRMLS_CC); ++ smart_str_0 (&buf); ++ PHPWRITE(buf.c, buf.len); ++ smart_str_free(&buf); ++} ++/* }}} */ ++ + /* {{{ proto mixed var_export(mixed var [, bool return]) + Outputs or returns a string representation of a variable */ + PHP_FUNCTION(var_export) + { + zval *var; + zend_bool return_output = 0; ++ smart_str buf = {0}; + + if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "z|b", &var, &return_output) == FAILURE) { + return; + } + +- if (return_output) { +- php_start_ob_buffer (NULL, 0, 1 TSRMLS_CC); +- } +- +- php_var_export(&var, 1 TSRMLS_CC); ++ php_var_export_ex(&var, 1, &buf TSRMLS_CC); ++ smart_str_0 (&buf); + + if (return_output) { +- php_ob_get_buffer (return_value TSRMLS_CC); +- php_end_ob_buffer (0, 0 TSRMLS_CC); ++ RETVAL_STRINGL(buf.c, buf.len, 1); ++ } else { ++ PHPWRITE(buf.c, buf.len); + } ++ smart_str_free(&buf); + } + /* }}} */ + --- php5-5.3.2.orig/debian/patches/CVE-2010-1866.patch +++ php5-5.3.2/debian/patches/CVE-2010-1866.patch @@ -0,0 +1,25 @@ +Description: fix denial of service and possible memory corruption via + negative size in HTTP chunked encoding stream +Origin: upstream, http://svn.php.net/viewvc?view=revision&revision=298700 + +diff -Nur php5-5.3.2/ext/standard/filters.c php5-5.3.2.new/ext/standard/filters.c +--- php5-5.3.2/ext/standard/filters.c 2010-01-03 04:23:27.000000000 -0500 ++++ php5-5.3.2.new/ext/standard/filters.c 2010-09-14 10:53:58.000000000 -0400 +@@ -1914,7 +1914,7 @@ + + typedef struct _php_chunked_filter_data { + php_chunked_filter_state state; +- int chunk_size; ++ size_t chunk_size; + int persistent; + } php_chunked_filter_data; + +@@ -1991,7 +1991,7 @@ + continue; + } + case CHUNK_BODY: +- if (end - p >= data->chunk_size) { ++ if ((size_t) (end - p) >= data->chunk_size) { + if (p != out) { + memmove(out, p, data->chunk_size); + } --- php5-5.3.2.orig/debian/patches/php5-CVE-2011-0420.patch +++ php5-5.3.2/debian/patches/php5-CVE-2011-0420.patch @@ -0,0 +1,38 @@ +Subject: Fix bad args to grapheme_extract(), reported by Maksymilian Arciemowicz +Origin: http://svn.php.net/viewvc?view=revision&revision=306449 + +CVE-2011-0420 + +Index: ext/intl/grapheme/grapheme_string.c +=================================================================== +--- ext/intl/grapheme/grapheme_string.c (revision 306448) ++++ ext/intl/grapheme/grapheme_string.c (revision 306449) +@@ -799,7 +799,7 @@ + + if ( NULL != next ) { + if ( !PZVAL_IS_REF(next) ) { +- intl_error_set( NULL, U_ILLEGAL_ARGUMENT_ERROR, ++ intl_error_set( NULL, U_ILLEGAL_ARGUMENT_ERROR, + "grapheme_extract: 'next' was not passed by reference", 0 TSRMLS_CC ); + + RETURN_FALSE; +@@ -819,11 +819,17 @@ + } + + if ( lstart > INT32_MAX || lstart < 0 || lstart >= str_len ) { ++ intl_error_set( NULL, U_ILLEGAL_ARGUMENT_ERROR, "grapheme_extract: start not contained in string", 0 TSRMLS_CC ); ++ RETURN_FALSE; ++ } + +- intl_error_set( NULL, U_ILLEGAL_ARGUMENT_ERROR, "grapheme_extract: start not contained in string", 1 TSRMLS_CC ); +- ++ if ( size > INT32_MAX || size < 0) { ++ intl_error_set( NULL, U_ILLEGAL_ARGUMENT_ERROR, "grapheme_extract: size is invalid", 0 TSRMLS_CC ); + RETURN_FALSE; + } ++ if (size == 0) { ++ RETURN_EMPTY_STRING(); ++ } + + /* we checked that it will fit: */ + start = (int32_t) lstart; --- php5-5.3.2.orig/debian/patches/php5-pear-CVE-2011-1144.patch +++ php5-5.3.2/debian/patches/php5-pear-CVE-2011-1144.patch @@ -0,0 +1,131 @@ +Subject: Introduce a time-of-check-time-of-use (TOCTOU) save file + handler, this makes sure that from the time we check it is available + until we get the file handler that no one attempted to put in a + soft / hard link instead of what we checked for. +Origin: http://svn.php.net/viewvc?view=revision&revision=309042 + +CVE-2011-1144 + +Index: PEAR/REST.php +=================================================================== +--- PEAR/REST.php (revision 309041) ++++ PEAR/REST.php (revision 309042) +@@ -228,59 +228,75 @@ + $cacheidfile = $d . 'rest.cacheid'; + $cachefile = $d . 'rest.cachefile'; + ++ if (!is_dir($cache_dir)) { ++ if (System::mkdir(array('-p', $cache_dir) === false)) { ++ return PEAR::raiseError("The value of config option cache_dir ($cache_dir) is not a directory and attempts to create the directory failed."); ++ } ++ } ++ + if ($cacheid === null && $nochange) { + $cacheid = unserialize(implode('', file($cacheidfile))); + } + +- if (is_link($cacheidfile)) { +- return PEAR::raiseError('SECURITY ERROR: Will not write to ' . $cacheidfile . ' as it is symlinked to ' . readlink($cacheidfile) . ' - Possible symlink attack'); +- } ++ $idData = serialize(array( ++ 'age' => time(), ++ 'lastChange' => ($nochange ? $cacheid['lastChange'] : $lastmodified), ++ )); + +- if (is_link($cachefile)) { +- return PEAR::raiseError('SECURITY ERROR: Will not write to ' . $cacheidfile . ' as it is symlinked to ' . readlink($cacheidfile) . ' - Possible symlink attack'); ++ $result = $this->saveCacheFile($cacheidfile, $idData); ++ if (PEAR::isError($result)) { ++ return $result; ++ } elseif ($nochange) { ++ return true; + } + +- $cacheidfile_fp = @fopen($cacheidfile, 'wb'); +- if (!$cacheidfile_fp) { +- if (is_dir($cache_dir)) { +- return PEAR::raiseError("The value of config option cache_dir ($cache_dir) is not a directory. "); ++ $result = $this->saveCacheFile($cachefile, serialize($contents)); ++ if (PEAR::isError($result)) { ++ if (file_exists($cacheidfile)) { ++ @unlink($cacheidfile); + } + +- System::mkdir(array('-p', $cache_dir)); +- $cacheidfile_fp = @fopen($cacheidfile, 'wb'); +- if (!$cacheidfile_fp) { +- return PEAR::raiseError("Could not open $cacheidfile for writing."); +- } ++ return $result; + } + +- if ($nochange) { +- fwrite($cacheidfile_fp, serialize(array( +- 'age' => time(), +- 'lastChange' => $cacheid['lastChange'], +- )) +- ); ++ return true; ++ } + +- fclose($cacheidfile_fp); +- return true; +- } ++ function saveCacheFile($file, $contents) ++ { ++ $len = strlen($contents); + +- fwrite($cacheidfile_fp, serialize(array( +- 'age' => time(), +- 'lastChange' => $lastmodified, +- )) +- ); +- fclose($cacheidfile_fp); ++ $cachefile_fp = @fopen($file, 'xb'); // x is the O_CREAT|O_EXCL mode ++ if ($cachefile_fp !== false) { // create file ++ if (fwrite($cachefile_fp, $contents, $len) < $len) { ++ fclose($cachefile_fp); ++ return PEAR::raiseError("Could not write $file."); ++ } ++ } else { // update file ++ $cachefile_lstat = lstat($file); ++ $cachefile_fp = @fopen($file, 'wb'); ++ if (!$cachefile_fp) { ++ return PEAR::raiseError("Could not open $file for writing."); ++ } + +- $cachefile_fp = @fopen($cachefile, 'wb'); +- if (!$cachefile_fp) { +- if (file_exists($cacheidfile)) { +- @unlink($cacheidfile); ++ $cachefile_fstat = fstat($cachefile_fp); ++ if ( ++ $cachefile_lstat['mode'] == $cachefile_fstat['mode'] && ++ $cachefile_lstat['ino'] == $cachefile_fstat['ino'] && ++ $cachefile_lstat['dev'] == $cachefile_fstat['dev'] && ++ $cachefile_fstat['nlink'] === 1 ++ ) { ++ if (fwrite($cachefile_fp, $contents, $len) < $len) { ++ fclose($cachefile_fp); ++ return PEAR::raiseError("Could not write $file."); ++ } ++ } else { ++ fclose($cachefile_fp); ++ $link = function_exists('readlink') ? readlink($file) : $file; ++ return PEAR::raiseError('SECURITY ERROR: Will not write to ' . $file . ' as it is symlinked to ' . $link . ' - Possible symlink attack'); + } +- +- return PEAR::raiseError("Could not open $cacheidfile for writing."); + } + +- fwrite($cachefile_fp, serialize($contents)); + fclose($cachefile_fp); + return true; + } +@@ -464,4 +480,4 @@ + + return $data; + } +-} +\ No newline at end of file ++} --- php5-5.3.2.orig/debian/patches/fix_broken_5.3_tests.patch +++ php5-5.3.2/debian/patches/fix_broken_5.3_tests.patch @@ -0,0 +1,45 @@ +Author: Sean Finney +Description: Fix another small batch of broken test cases + * ext/standard/tests/php_ini_loaded_file.phpt: this test only works if + you call run-tests directly, but the included Makefile invokes the + test in such a way that it fails (it explicitly loads an ini file, + and the test assumes that none are loaded). since it therefore seems + like a somewhat useless test it has been removed. + * cli/tests/006.phpt: $subject is according to the docs for + the two pcre functions that report it as such, so the expected string has + been updated to match the output. + * php.orig/ext/posix/tests/posix_errno_variation2.phpt: SIGKILL is not + a defined constant unless the pcntl extension is loaded. As was + done elsewhere (posix_kill_basic.phpt, which oddly seems to do the + same *incredibly sketchy* test that's done here), it's passed as a + variable hardcoded to 9 instead. Did i mention that this test is + sketchy? +Origin: vendor +--- a/ext/posix/tests/posix_errno_variation2.phpt ++++ b/ext/posix/tests/posix_errno_variation2.phpt +@@ -21,7 +21,9 @@ do { + $result = shell_exec("ps -p " . $pid); + } while (strstr($pid, $result)); + +-posix_kill($pid, SIGKILL); ++/* don't depend on SIGKILL being defined (pcntl might not not be loaded) */ ++$SIGKILL = 9; ++posix_kill($pid, $SIGKILL); + var_dump(posix_errno()); + + ?> +--- a/ext/standard/tests/php_ini_loaded_file.phpt ++++ /dev/null +@@ -1,12 +0,0 @@ +---TEST-- +-Check the php_ini_loaded_file() function. No file is loaded in test, so false ins returned +---CREDITS-- +-Sebastian Schürmann +-sschuermann@chip.de +-Testfest 2009 Munich +---FILE-- +- +---EXPECTF-- +-string(%d) "%s/tmp-php.ini" --- php5-5.3.2.orig/debian/patches/series +++ php5-5.3.2/debian/patches/series @@ -0,0 +1,87 @@ +001-libtool_fixes.patch +002-static_openssl.patch +004-ldap_fix.patch +006-debian_quirks.patch +libtool2.2.patch +013-force_getaddrinfo.patch +017-pread_pwrite_disable.patch +019-z_off_t_as_long.patch +029-php.ini_paranoid.patch +033-we_WANT_libtool.patch +034-apache2_umask_fix.patch +036-fd_setsize_fix.patch +043-recode_size_t.patch +044-strtod_arm_fix.patch +045-exif_nesting_level.patch +047-zts_with_dl.patch +052-phpinfo_no_configure.patch +053-extension_api.patch +057-no_apache_installed.patch +100-recode_is_shared.patch +101-sqlite_is_shared.patch +108-64_bit_datetime.patch +112-proc_open.patch +113-php.ini_securitynotes.patch +115-autoconf_ftbfs.patch +116-posixness_fix.patch +libdb_is_-ldb +page_size_fixes.patch +suhosin.patch +fix_broken_upstream_tests.patch +use_embedded_timezonedb.patch +force_libmysqlclient_r.patch +bad_whatis_entries.patch +gentoo/009_ob-memory-leaks.patch +mssql-null-exception.patch +sybase-alias.patch +strcmp_null-OnUpdateErrorLog.patch +#deprecate_short_open_tag +unaligned_memory_access.patch +fix_broken_5.3_tests.patch +dont-gitclean-in-build.patch +broken_5.3_test-posix_uname.patch +shtool_mkdir_-p_-race-condition.patch +qdbm-is-usr_include_qdbm.patch +filter_validate_int.patch +zend_int_overflow.patch +fix_var_dump_64bit.phpt.patch +use_embedded_timezonedb_fixes.patch +fix_broken_sha2_test.patch +php_crypt_revamped.patch +fix_broken_locale_tests.patch +fix_broken_gd_bundled-specific_tests.patch +CVE-2010-0397.patch +enchant_unaligned_memory_access.patch +fix-mysql-badmem.patch +session_save_path.patch +lp564920-fix-big-files.patch +CVE-2010-1866.patch +CVE-2010-1868.patch +CVE-2010-1917.patch +CVE-2010-2094.patch +CVE-2010-2225.patch +CVE-2010-2531.patch +CVE-2010-3065.patch +php5-CVE-2010-3436.patch +php5-CVE-2010-3709.patch +php5-CVE-2010-3710.patch +php5-CVE-2010-3870.patch +php5-CVE-2010-4409.patch +php5-CVE-2010-4645.patch +php5-CVE-2010-3436-regression.patch +php5-CVE-2006-7243.patch -p0 +php5-CVE-2010-4697.patch -p0 +php5-CVE-2010-4698.patch -p0 +php5-CVE-2011-0420.patch -p0 +php5-CVE-2011-0421.patch -p0 +php5-CVE-2011-0708.patch -p0 +php5-CVE-2011-1092.patch -p0 +php5-CVE-2011-1148.patch -p0 +php5-CVE-2011-1153.patch -p0 +php5-CVE-2011-1464.patch -p0 +php5-CVE-2011-1466.patch -p0 +php5-CVE-2011-1467.patch -p0 +php5-CVE-2011-1468.patch -p0 +php5-CVE-2011-1469.patch -p0 +php5-CVE-2011-1470.patch -p0 +php5-CVE-2011-1471.patch -p0 --- php5-5.3.2.orig/debian/patches/dont-gitclean-in-build.patch +++ php5-5.3.2/debian/patches/dont-gitclean-in-build.patch @@ -0,0 +1,18 @@ +Author: Sean Finney +Description: Don't run git-clean via buildconf + Calling buildconf indirectly invokes vcsclean, which calls the gitclean-work + target of build/build.mk, which calls among other things git clean -X -f -d, + which in turn nukes the quilt .pc directory making life quite difficult for + us. + . + This patch doesn't need to go upstream, as they likely don't want to support + having a patch system on top of their source. +--- php.orig/build/build.mk ++++ php/build/build.mk +@@ -76,6 +76,5 @@ gitclean-work: + @if (test ! -f '.git/info/exclude' || grep -s "git-ls-files" .git/info/exclude); then \ + (echo "Rebuild .git/info/exclude" && echo '*.o' > .git/info/exclude && git svn propget svn:ignore | grep -v config.nice >> .git/info/exclude); \ + fi; \ +- git clean -X -f -d; + + .PHONY: $(ALWAYS) snapshot --- php5-5.3.2.orig/debian/patches/filter_validate_int.patch +++ php5-5.3.2/debian/patches/filter_validate_int.patch @@ -0,0 +1,124 @@ +From: Sean Finney +Subject: Fix improper signed overflow detection in filter extension + +The existing filter code relied on detecting invalid long integers by +examining computed values for wraparound. This is not defined behavior +in any C standard, and in fact recent versions of gcc will optimize out +such checks resulting in invalid code. + +This patch therefore changes how the overflow/underflow conditions are +detected, using more reliable arithmetic. It also fixes another bug, that +the minimum integer value (-PHP_INT_MAX)-1 could not be detected properly. + +This patch also includes an update to the test case that detects such +overflows, adding much more thorough and descriptive checking. + +Bug: http://bugs.php.net/bug.php?id=51023 +Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=570287 +--- php.orig/ext/filter/logical_filters.c ++++ php/ext/filter/logical_filters.c +@@ -68,7 +68,7 @@ + + static int php_filter_parse_int(const char *str, unsigned int str_len, long *ret TSRMLS_DC) { /* {{{ */ + long ctx_value; +- int sign = 0; ++ int sign = 0, digit = 0; + const char *end = str + str_len; + + switch (*str) { +@@ -82,7 +82,7 @@ static int php_filter_parse_int(const ch + + /* must start with 1..9*/ + if (str < end && *str >= '1' && *str <= '9') { +- ctx_value = ((*(str++)) - '0'); ++ ctx_value = ((sign)?-1:1) * ((*(str++)) - '0'); + } else { + return -1; + } +@@ -95,19 +95,18 @@ static int php_filter_parse_int(const ch + + while (str < end) { + if (*str >= '0' && *str <= '9') { +- ctx_value = (ctx_value * 10) + (*(str++) - '0'); ++ digit = (*(str++) - '0'); ++ if ( (!sign) && ctx_value <= (LONG_MAX-digit)/10 ) { ++ ctx_value = (ctx_value * 10) + digit; ++ } else if ( sign && ctx_value >= (LONG_MIN+digit)/10) { ++ ctx_value = (ctx_value * 10) - digit; ++ } else { ++ return -1; ++ } + } else { + return -1; + } + } +- if (sign) { +- ctx_value = -ctx_value; +- if (ctx_value > 0) { /* overflow */ +- return -1; +- } +- } else if (ctx_value < 0) { /* overflow */ +- return -1; +- } + + *ret = ctx_value; + return 1; +--- php.orig/ext/filter/tests/046.phpt ++++ php/ext/filter/tests/046.phpt +@@ -4,16 +4,46 @@ Integer overflow + + --FILE-- + +---EXPECT-- +-bool(true) +-bool(false) +-bool(true) ++--EXPECTF-- ++max filtered: int(%d) ++max is_long: bool(true) ++max equal: bool(true) ++overflow filtered: bool(false) ++overflow is_long: bool(false) ++overflow equal: bool(false) ++min filtered: int(-%d) ++min is_long: bool(true) ++min equal: bool(true) ++underflow filtered: bool(false) ++underflow is_long: bool(false) ++underflow equal: bool(false) --- php5-5.3.2.orig/debian/patches/029-php.ini_paranoid.patch +++ php5-5.3.2/debian/patches/029-php.ini_paranoid.patch @@ -0,0 +1,1512 @@ +Description: php.ini with paranoid settings +Origin: other +Forwarded: no +Last-Update: 2010-01-18 + +--- /dev/null ++++ pkg-php/php.ini-paranoid +@@ -0,0 +1,1504 @@ ++[PHP] ++ ++;;;;;;;;;;; ++; WARNING ; ++;;;;;;;;;;; ++; This file enables many features in the PHP configuration that will ++; break applications that rely on this. Make sure you test applications ++; with this configuration file before enabling it on production. ++ ++;;;;;;;;;;;;;;;;;;; ++; About php.ini ; ++;;;;;;;;;;;;;;;;;;; ++; This file controls many aspects of PHP's behavior. In order for PHP to ++; read it, it must be named 'php.ini'. PHP looks for it in the current ++; working directory, in the path designated by the environment variable ++; PHPRC, and in the path that was defined in compile time (in that order). ++; Under Windows, the compile-time path is the Windows directory. The ++; path in which the php.ini file is looked for can be overridden using ++; the -c argument in command line mode. ++; ++; The syntax of the file is extremely simple. Whitespace and Lines ++; beginning with a semicolon are silently ignored (as you probably guessed). ++; Section headers (e.g. [Foo]) are also silently ignored, even though ++; they might mean something in the future. ++; ++; Directives are specified using the following syntax: ++; directive = value ++; Directive names are *case sensitive* - foo=bar is different from FOO=bar. ++; ++; The value can be a string, a number, a PHP constant (e.g. E_ALL or M_PI), one ++; of the INI constants (On, Off, True, False, Yes, No and None) or an expression ++; (e.g. E_ALL & ~E_NOTICE), or a quoted string ("foo"). ++; ++; Expressions in the INI file are limited to bitwise operators and parentheses: ++; | bitwise OR ++; & bitwise AND ++; ~ bitwise NOT ++; ! boolean NOT ++; ++; Boolean flags can be turned on using the values 1, On, True or Yes. ++; They can be turned off using the values 0, Off, False or No. ++; ++; An empty string can be denoted by simply not writing anything after the equal ++; sign, or by using the None keyword: ++; ++; foo = ; sets foo to an empty string ++; foo = none ; sets foo to an empty string ++; foo = "none" ; sets foo to the string 'none' ++; ++; If you use constants in your value, and these constants belong to a ++; dynamically loaded extension (either a PHP extension or a Zend extension), ++; you may only use these constants *after* the line that loads the extension. ++; ++; ++;;;;;;;;;;;;;;;;;;; ++; About this file ; ++;;;;;;;;;;;;;;;;;;; ++; ++; This is the paranoid, PHP version of the php.ini-dist file. It ++; sets some non standard settings, that make PHP more efficient, more secure ++; in a very paranoid way. Note that these security settings will make some ++; applications not work properly. ++; ++; The price is that with these settings, PHP may be incompatible with some ++; applications, and sometimes, more difficult to develop with. Using this ++; file is recommended for production sites which want a high degree of ++; security. As all of the changes from the standard settings are thoroughly ++; documented, you can go over each one, ++; and decide whether you want to use it or not. ++; ++; For general information about the php.ini file, please consult the ++; php.ini-dist file, included in your PHP distribution. ++; ++; For further information see ++; http://www.php.net/features.safe-mode ++; http://www.phpsecure.info/ ++; ++; This file is different from the php.ini-dist file in the fact that it features ++; different values for several directives, in order to improve performance, while ++; possibly breaking compatibility with the standard out-of-the-box behavior of ++; PHP 3. Please make sure you read what's different, and modify your scripts ++; accordingly, if you decide to use this file instead. ++; ++; Notice that the paranoid configuration file might not be fully up-to-date ++; with the latest variables available so the diff will catch both the changes ++; to the default variable values as well as the variables that are missing in ++; the paranoid configuration file) ++; ++; This version was generated using the version 5.2.4-2 as a basis. ++; ++; Debian users can find the differences between both configurations might ++; be found by running: ++; ++; $ diff -u /usr/share/doc/php5-common/examples/php.ini-dist \ ++; /usr/share/doc/php5-common/examples/php.ini-paranoid |less ++; ++; ++; This is a (not complete) list of some of the changes introduced in this file: ++; ++; - safe_mode = On [Security, Performance loss] ++; Do UID checks when opening files. Enabling safe_mode also enables ++; other functions related to this mode. For more information read: ++; http://www.php.net/features.safe-mode ++; ++; However, this feature by itself cannot be relied on to protect all applications. ++; It is worthwhile reading also: ++; http://ilia.ws/archives/18_PHPs_safe_mode_or_how_not_to_implement_security.html ++; Bottomline: Do not trust that safe_mode will drive all your security vulnerabilities ++; away. ++; ++; - safe_mode_protected_env_vars = LD_LIBRARY_PATH, PATH [Security] ++; Environment variables that users will not be able to modify through ++; putenv(). PATH is added so that scripts cannot overwrite it ++; ++; - open_basedir = /var/www/:/usr/lib/php4/ [Security, Performance loss] ++; Limits the files that PHP can access to the directories specified. ++; This includes the webroot and the usual location of PHP libraries ++; (e.g. PEAR). Since all file locations are checked against this list ++; before any access is allowed, this impacts in the performance of all ++; file operations. ++; ++; - disable_functions = dl, phpinfo, system, .... [Security] ++; Some functions can be used by attackers and can be malversed by ++; applications, the list (not complete) of functions disabled includes ++; functions which might have a severe impact to the system if wrongly used ++; in scripts or subverted remotely by attackers. ++; ++; - expose_php = Off [?Security?] ++; Not exposing that PHP is used in the site (nor its version) can affect ++; how some dumb worms attempt to attack the site. Many might ++; not check this and attempt to compromise the server nevertheless, ++; however. This setting is just 'security by obscurity' so no real ++; security at all (save vs. the dumbest attackers) ++; ++; - error_log = syslog [Security, Performance log] ++; All errors are reported to syslog so that the errors can be easily ++; sent outsite the site to a syslog server. This prevents an intruder ++; from tampering with them in an attempt to hide his tracks since the ++; logs are stored in a different location. It also helps in forensic ++; investigation or when using automatic tools to produce reports or ++; generate alarms based on the syslog information. ++; ++; - error_reporting = E_ALL [Code Cleanliness, Security(?)] ++; By default, PHP surpresses errors of type E_NOTICE. These error messages ++; are emitted for non-critical errors, but that could be a symptom of a bigger ++; problem. Most notably, this will cause error messages about the use ++; of uninitialized variables to be displayed. ++; ++; - display_errors = Off [Security] ++; With this directive set to off, errors that occur during the execution of ++; scripts will no longer be displayed as a part of the script output, and thus, ++; will no longer be exposed to remote users. With some errors, the error message ++; content may expose information about your script, web server, or database ++; server that may be exploitable for hacking. Production sites should have this ++; directive set to off. ++; - log_errors = On [Security] ++; This directive complements the above one. Any errors that occur during the ++; execution of your script will be logged (typically, to your server's error log, ++; but can be configured in several ways). Along with setting display_errors to off, ++; this setup gives you the ability to fully understand what may have gone wrong, ++; without exposing any sensitive information to remote users. ++; - output_buffering = 4096 [Performance] ++; Set a 4KB output buffer. Enabling output buffering typically results in less ++; writes, and sometimes less packets sent on the wire, which can often lead to ++; better performance. The gain this directive actually yields greatly depends ++; on which Web server you're working with, and what kind of scripts you're using. ++; - register_globals = Off [Security, Performance] ++; Global variables are no longer registered for input data (POST, GET, cookies, ++; environment and other server variables). Instead of using $foo, you must use ++; you can use $_REQUEST["foo"] (includes any variable that arrives through the ++; request, namely, POST, GET and cookie variables), or use one of the specific ++; $_GET["foo"], $_POST["foo"], $_COOKIE["foo"] or $_FILES["foo"], depending ++; on where the input originates. Also, you can look at the ++; import_request_variables() function. ++; Note that register_globals is deprecated in PHP 6.0, because it often ++; leads to security bugs. ++; Read http://php.net/manual/en/security.registerglobals.php for further ++; information. ++; Also notice that applications should not rely on this feature being turned Off ++; to remain secure. ++; - register_long_arrays = Off [Performance] ++; Disables registration of HTTP_GET_VARS ++; - register_argc_argv = Off [Performance] ++; Disables registration of the somewhat redundant $argv and $argc global ++; variables. ++; - include_path = "/usr/share/php" [Security] ++; Only files under /usr can be included, this prevents applications from ++; including files from the same directory they are running in. ++; - magic_quotes_gpc = On [Security] ++; Input data is escaped with slashes so that applications that do ++; not use addslashes() are not so easily subjected to SQL injection ++; when talking to SQL databases. ++; This features is deprecated in PHP 6.0, applications should be fixed to ++; prevent SQL injection attacks through input data and not rely on this feature. ++; - magic_quotes_runtime = On [Security] ++; Quotes in data returned from functions that access external data sources (such as ++; databases) are escapted with a backslash. ++; This features is deprecated in PHP 6.0, applications should be fixed to ++; prevent SQL injection attacks through input data and not rely on this feature. ++; ++; - variables_order = "GPCS" [Performance] ++; The environment variables are not hashed into the $HTTP_ENV_VARS[]. To access ++; environment variables, you can use getenv() instead. ++; - allow_call_time_pass_reference = Off [Code cleanliness] ++; It's not possible to decide to force a variable to be passed by reference ++; when calling a function. The PHP 4 style to do this is by making the ++; function require the relevant argument by reference. ++; ++; - enable_dl = Off [Security] ++; The dl() function is not needed in most environments and does introduce ++; a number of security issues. ++; - file_uploads = Off [Security] ++; File uploads should not be allowed to the server. ++; - allow_url_fopen = Off [Security] ++; File calls should not transparently retrieve files from the network ++; since this could be subverted by attackers in poorly coded scripts ++; by forcing them to download (and execute) malicious remote content ++; from compromised hosts. This behaviour has been observed in automatic ++; worms/tools that use it to scan and propagate through badly written ++; applications (in conjuntion with other unsafe features) ++; http://myhost/myapplication.php?include=http://roguesever/rogueapp.php ++; ++; - session.save_path = /var/lib/php5 [Security] ++; This is defined to a non-world readable directory so users cannot ++; hihack sessions of other users by getting a list of the files. ++; ++; Notice that on on shared servers on a per application basis, otherwise ++; other users would be able to get access to other applications' data by ++; setting a proper session id in a different application. If session paths ++; are not shared sessions of one application will be invalid on another. ++; For more information see: ++; http://php.net/manual/en/ref.session.php#ini.session.save-path ++; and ++; http://php.net/manual/en/function.session-save-path.php ++; - session.cookie_secure = 1 [Security] ++; Cookies will only be sent through secure (SSL) connections. ++; - session.use_only_cookies = 1 [Security] ++; Session ids are not allowed in URLs which make it more difficult for ++; cross site scripting (XSS) attacks to be succesfull and also has the ++; advantaged that session ids will not be stored in the server's logs making ++; them vulnerable to reuse by people with access to the server logs. ++; - session.cookie_httponly = 1 [Security] ++; Cookies can only be set through the HTTP protocol, JavaScript can not ++; modify them, making applications less vulnerable to XSS attacks. This is ++; not supported, however, by all browsers. ++; - session.hash_function = 1 [Security, Performance loss] ++; Use SHA-1 instead of MD5 which is not (yet) broken but there are some known ++; attacks. Slight performance loss as it takes more time to compute. ++; ++; ++; This file is maintained by Javier Fernandez-Sanguino ++; please forward him any suggestions or changes you believe might be appropiate ++ ++ ++;;;;;;;;;;;;;;;;;;;; ++; Language Options ; ++;;;;;;;;;;;;;;;;;;;; ++ ++; Enable the PHP scripting language engine under Apache. ++engine = On ++ ++; Enable compatibility mode with Zend Engine 1 (PHP 4.x) ++zend.ze1_compatibility_mode = Off ++ ++; Allow the tags are recognized. ++; NOTE: Using short tags should be avoided when developing applications or ++; libraries that are meant for redistribution, or deployment on PHP ++; servers which are not under your control, because short tags may not ++; be supported on the target server. For portable, redistributable code, ++; be sure not to use short tags. ++short_open_tag = On ++ ++; Allow ASP-style <% %> tags. ++asp_tags = Off ++ ++; The number of significant digits displayed in floating point numbers. ++precision = 12 ++ ++; Enforce year 2000 compliance (will cause problems with non-compliant browsers) ++y2k_compliance = On ++ ++; Output buffering allows you to send header lines (including cookies) even ++; after you send body content, at the price of slowing PHP's output layer a ++; bit. You can enable output buffering during runtime by calling the output ++; buffering functions. You can also enable output buffering for all files by ++; setting this directive to On. If you wish to limit the size of the buffer ++; to a certain size - you can use a maximum number of bytes instead of 'On', as ++; a value for this directive (e.g., output_buffering=4096). ++output_buffering = 4096 ++ ++; You can redirect all of the output of your scripts to a function. For ++; example, if you set output_handler to "mb_output_handler", character ++; encoding will be transparently converted to the specified encoding. ++; Setting any output handler automatically turns on output buffering. ++; Note: People who wrote portable scripts should not depend on this ini ++; directive. Instead, explicitly set the output handler using ob_start(). ++; Using this ini directive may cause problems unless you know what script ++; is doing. ++; Note: You cannot use both "mb_output_handler" with "ob_iconv_handler" ++; and you cannot use both "ob_gzhandler" and "zlib.output_compression". ++; Note: output_handler must be empty if this is set 'On' !!!! ++; Instead you must use zlib.output_handler. ++;output_handler = ++ ++; Transparent output compression using the zlib library ++; Valid values for this option are 'off', 'on', or a specific buffer size ++; to be used for compression (default is 4KB) ++; Note: Resulting chunk size may vary due to nature of compression. PHP ++; outputs chunks that are few hundreds bytes each as a result of ++; compression. If you prefer a larger chunk size for better ++; performance, enable output_buffering in addition. ++; Note: You need to use zlib.output_handler instead of the standard ++; output_handler, or otherwise the output will be corrupted. ++zlib.output_compression = Off ++ ++; You cannot specify additional output handlers if zlib.output_compression ++; is activated here. This setting does the same as output_handler but in ++; a different order. ++;zlib.output_handler = ++ ++; Implicit flush tells PHP to tell the output layer to flush itself ++; automatically after every output block. This is equivalent to calling the ++; PHP function flush() after each and every call to print() or echo() and each ++; and every HTML block. Turning this option on has serious performance ++; implications and is generally recommended for debugging purposes only. ++implicit_flush = Off ++ ++; The unserialize callback function will be called (with the undefined class' ++; name as parameter), if the unserializer finds an undefined class ++; which should be instantiated. ++; A warning appears if the specified function is not defined, or if the ++; function doesn't include/implement the missing class. ++; So only set this entry, if you really want to implement such a ++; callback-function. ++unserialize_callback_func= ++ ++; When floats & doubles are serialized store serialize_precision significant ++; digits after the floating point. The default value ensures that when floats ++; are decoded with unserialize, the data will remain the same. ++serialize_precision = 100 ++ ++; Whether to enable the ability to force arguments to be passed by reference ++; at function call time. This method is deprecated and is likely to be ++; unsupported in future versions of PHP/Zend. The encouraged method of ++; specifying which arguments should be passed by reference is in the function ++; declaration. You're encouraged to try and turn this option Off and make ++; sure your scripts work properly with it in order to ensure they will work ++; with future versions of the language (you will receive a warning each time ++; you use this feature, and the argument will be passed by value instead of by ++; reference). ++allow_call_time_pass_reference = Off ++ ++; ++; Safe Mode ++; ++; Notice that with this mode on PHP will not create new files in ++; directories which have different owner than the owner of the script. This ++; typically applies to /tmp, so contrary to Unix intuition, you will not be able ++; to create new files there (even if the /tmp rights are set correctly). ++; ++; NOTE: this is considered a "broken" security measure. ++; Applications relying on this feature will not recieve full ++; support by the security team. For more information please ++; see /usr/share/doc/php5-common/README.Debian.security ++; ++safe_mode = On ++ ++; By default, Safe Mode does a UID compare check when ++; opening files. If you want to relax this to a GID compare, ++; then turn on safe_mode_gid. ++safe_mode_gid = Off ++ ++; When safe_mode is on, UID/GID checks are bypassed when ++; including files from this directory and its subdirectories. ++; (directory must also be in include_path or full path must ++; be used when including) ++safe_mode_include_dir = ++ ++; When safe_mode is on, only executables located in the safe_mode_exec_dir ++; will be allowed to be executed via the exec family of functions. ++; ++; Note: This should be customised per site (if exec is permitted) ++safe_mode_exec_dir = ++ ++; Setting certain environment variables may be a potential security breach. ++; This directive contains a comma-delimited list of prefixes. In Safe Mode, ++; the user may only alter environment variables whose names begin with the ++; prefixes supplied here. By default, users will only be able to set ++; environment variables that begin with PHP_ (e.g. PHP_FOO=BAR). ++; ++; Note: If this directive is empty, PHP will let the user modify ANY ++; environment variable! ++safe_mode_allowed_env_vars = PHP_ ++ ++; This directive contains a comma-delimited list of environment variables that ++; the end user won't be able to change using putenv(). These variables will be ++; protected even if safe_mode_allowed_env_vars is set to allow to change them. ++safe_mode_protected_env_vars = LD_LIBRARY_PATH,PATH ++ ++; open_basedir, if set, limits all file operations to the defined directory ++; and below. This directive makes most sense if used in a per-directory ++; or per-virtualhost web server configuration file. This directive is ++; *NOT* affected by whether Safe Mode is turned On or Off. ++; ++; In Debian, the WebRoot is /var/www/ so we limit file operations to it. ++; ++; NOTE: this is considered a "broken" security measure. ++; Applications relying on this feature will not recieve full ++; support by the security team. For more information please ++; see /usr/share/doc/php5-common/README.Debian.security ++open_basedir = /var/www/:/usr/lib/php4/ ++ ++; This directive allows you to disable certain functions for security reasons. ++; It receives a comma-delimited list of function names. This directive is ++; *NOT* affected by whether Safe Mode is turned On or Off. ++; ++; Notes: ++; - The list of functions disabled here might break some applications ++; however, they are considered dangerous and often subverted by attackers ++; remotely. ++; - 'include' is not in the list, if your applications do not depend on it ++; make sure you add it here too. ++disable_functions = dl, phpinfo, system, mail, shell_exec, exec, escapeshellarg, escapeshellcmd, passthru, proc_close, proc_open, proc_get_status, proc_nice, proc_open, proc_terminate, popen, pclose, chown, disk_free_space, disk_total_space, diskfreespace, fileinode, max_execution_time, set_time_limit, highlight_file, show_source ++ ++; This directive allows you to disable certain classes for security reasons. ++; It receives a comma-delimited list of class names. This directive is ++; *NOT* affected by whether Safe Mode is turned On or Off. ++disable_classes = ++ ++; Colors for Syntax Highlighting mode. Anything that's acceptable in ++; would work. ++;highlight.string = #DD0000 ++;highlight.comment = #FF9900 ++;highlight.keyword = #007700 ++;highlight.bg = #FFFFFF ++;highlight.default = #0000BB ++;highlight.html = #000000 ++ ++; If enabled, the request will be allowed to complete even if the user aborts ++; the request. Consider enabling it if executing long request, which may end up ++; being interrupted by the user or a browser timing out. ++; ignore_user_abort = On ++ ++; Determines the size of the realpath cache to be used by PHP. This value should ++; be increased on systems where PHP opens many files to reflect the quantity of ++; the file operations performed. ++; realpath_cache_size=16k ++ ++; Duration of time, in seconds for which to cache realpath information for a given ++; file or directory. For systems with rarely changing files, consider increasing this ++; value. ++; realpath_cache_ttl=120 ++ ++; ++; Misc ++; ++; Decides whether PHP may expose the fact that it is installed on the server ++; (e.g. by adding its signature to the Web server header). It is no security ++; threat in any way, but it makes it possible to determine whether you use PHP ++; on your server or not. ++expose_php = Off ++ ++ ++;;;;;;;;;;;;;;;;;;; ++; Resource Limits ; ++;;;;;;;;;;;;;;;;;;; ++ ++max_execution_time = 30 ; Maximum execution time of each script, in seconds ++max_input_time = 60 ; Maximum amount of time each script may spend parsing request data ++max_input_nesting_level = 64 ; Maximum input variable nesting level ++memory_limit = 8M ; Maximum amount of memory a script may consume (8MB) ++ ++ ++;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ++; Error handling and logging ; ++;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ++ ++; error_reporting is a bit-field. Or each number up to get desired error ++; reporting level ++; E_ALL - All errors and warnings (doesn't include E_STRICT) ++; E_ERROR - fatal run-time errors ++; E_RECOVERABLE_ERROR - almost fatal run-time errors ++; E_WARNING - run-time warnings (non-fatal errors) ++; E_PARSE - compile-time parse errors ++; E_NOTICE - run-time notices (these are warnings which often result ++; from a bug in your code, but it's possible that it was ++; intentional (e.g., using an uninitialized variable and ++; relying on the fact it's automatically initialized to an ++; empty string) ++; E_STRICT - run-time notices, enable to have PHP suggest changes ++; to your code which will ensure the best interoperability ++; and forward compatibility of your code ++; E_CORE_ERROR - fatal errors that occur during PHP's initial startup ++; E_CORE_WARNING - warnings (non-fatal errors) that occur during PHP's ++; initial startup ++; E_COMPILE_ERROR - fatal compile-time errors ++; E_COMPILE_WARNING - compile-time warnings (non-fatal errors) ++; E_USER_ERROR - user-generated error message ++; E_USER_WARNING - user-generated warning message ++; E_USER_NOTICE - user-generated notice message ++; ++; Examples: ++; ++; - Show all errors, except for notices and coding standards warnings ++; ++;error_reporting = E_ALL & ~E_NOTICE ++; ++; - Show all errors, except for notices ++; ++;error_reporting = E_ALL & ~E_NOTICE | E_STRICT ++; ++; - Show only errors ++; ++;error_reporting = E_COMPILE_ERROR|E_RECOVERABLE_ERROR|E_ERROR|E_CORE_ERROR ++; ++; - Show all errors ++; ++error_reporting = E_ALL ++ ++; Print out errors (as a part of the output). For production web sites, ++; you're strongly encouraged to turn this feature off, and use error logging ++; instead (see below). Keeping display_errors enabled on a production web site ++; may reveal security information to end users, such as file paths on your Web ++; server, your database schema or other information. ++; ++; possible values for display_errors: ++; ++; Off - Do not display any errors ++; stderr - Display errors to STDERR (affects only CGI/CLI binaries!) ++; stdout (On) - Display errors to STDOUT ++; ++display_errors = Off ++ ++; Even when display_errors is on, errors that occur during PHP's startup ++; sequence are not displayed. It's strongly recommended to keep ++; display_startup_errors off, except for when debugging. ++display_startup_errors = Off ++ ++; Log errors into a log file (server-specific log, stderr, or error_log (below)) ++; As stated above, you're strongly advised to use error logging in place of ++; error displaying on production web sites. ++log_errors = On ++ ++; Set maximum length of log_errors. In error_log information about the source is ++; added. The default is 1024 and 0 allows to not apply any maximum length at all. ++log_errors_max_len = 1024 ++ ++; Do not log repeated messages. Repeated errors must occur in same file on same ++; line until ignore_repeated_source is set true. ++ignore_repeated_errors = Off ++ ++; Ignore source of message when ignoring repeated messages. When this setting ++; is On you will not log errors with repeated messages from different files or ++; source lines. ++ignore_repeated_source = Off ++ ++; If this parameter is set to Off, then memory leaks will not be shown (on ++; stdout or in the log). This has only effect in a debug compile, and if ++; error reporting includes E_WARNING in the allowed list ++report_memleaks = On ++ ++;report_zend_debug = 0 ++ ++; Store the last error/warning message in $php_errormsg (boolean). ++track_errors = Off ++ ++; Disable the inclusion of HTML tags in error messages. ++; Note: Never use this feature for production boxes. ++html_errors = Off ++ ++; If html_errors is set On PHP produces clickable error messages that direct ++; to a page describing the error or function causing the error in detail. ++; You can download a copy of the PHP manual from http://www.php.net/docs.php ++; and change docref_root to the base URL of your local copy including the ++; leading '/'. You must also specify the file extension being used including ++; the dot. ++; Note: Never use this feature for production boxes. ++;docref_root = "/phpmanual/" ++;docref_ext = .html ++ ++; String to output before an error message. ++;error_prepend_string = "" ++ ++; String to output after an error message. ++;error_append_string = "" ++ ++; Log errors to specified file. ++;error_log = filename ++ ++; Log errors to syslog (Event Log on NT, not valid in Windows 95). ++error_log = syslog ++ ++ ++;;;;;;;;;;;;;;;;; ++; Data Handling ; ++;;;;;;;;;;;;;;;;; ++; ++; Note - track_vars is ALWAYS enabled as of PHP 4.0.3 ++ ++; The separator used in PHP generated URLs to separate arguments. ++; Default is "&". ++;arg_separator.output = "&" ++ ++; List of separator(s) used by PHP to parse input URLs into variables. ++; Default is "&". ++; NOTE: Every character in this directive is considered as separator! ++;arg_separator.input = ";&" ++ ++; This directive describes the order in which PHP registers GET, POST, Cookie, ++; Environment and Built-in variables (G, P, C, E & S respectively, often ++; referred to as EGPCS or GPC). Registration is done from left to right, newer ++; values override older values. ++variables_order = "GPCS" ++ ++; Whether or not to register the EGPCS variables as global variables. You may ++; want to turn this off if you don't want to clutter your scripts' global scope ++; with user data. This makes most sense when coupled with track_vars - in which ++; case you can access all of the GPC variables through the $HTTP_*_VARS[], ++; variables. ++; ++; You should do your best to write your scripts so that they do not require ++; register_globals to be on; Using form variables as globals can easily lead ++; to possible security problems, if the code is not very well thought of. ++ ++; NOTE: applications relying on this feature will not recieve full ++; support by the security team. For more information please ++; see /usr/share/doc/php5-common/README.Debian.security ++; ++register_globals = Off ++ ++; Whether or not to register the old-style input arrays, HTTP_GET_VARS ++; and friends. If you're not using them, it's recommended to turn them off, ++; for performance reasons. ++register_long_arrays = Off ++ ++; This directive tells PHP whether to declare the argv&argc variables (that ++; would contain the GET information). If you don't use these variables, you ++; should turn it off for increased performance. ++register_argc_argv = Off ++ ++; When enabled, the SERVER and ENV variables are created when they're first ++; used (Just In Time) instead of when the script starts. If these variables ++; are not used within a script, having this directive on will result in a ++; performance gain. The PHP directives register_globals, register_long_arrays, ++; and register_argc_argv must be disabled for this directive to have any affect. ++auto_globals_jit = On ++ ++; Maximum size of POST data that PHP will accept. ++post_max_size = 8M ++ ++; Magic quotes ++; ++ ++; Magic quotes for incoming GET/POST/Cookie data. ++; Note: This feature is deprecated in PHP 6.0. Applications should not rely ++; on this feature to prevent security attacks. ++magic_quotes_gpc = On ++ ++; Magic quotes for runtime-generated data, e.g. data from SQL, from exec(), etc. ++; Note: This feature is deprecated in PHP 6.0. Applications should not rely ++; on this feature to prevent security attacks. ++magic_quotes_runtime = On ++ ++; Use Sybase-style magic quotes (escape ' with '' instead of \'). ++magic_quotes_sybase = Off ++ ++; Automatically add files before or after any PHP document. ++auto_prepend_file = ++auto_append_file = ++ ++; As of 4.0b4, PHP always outputs a character encoding by default in ++; the Content-type: header. To disable sending of the charset, simply ++; set it to be empty. ++; ++; PHP's built-in default is text/html ++default_mimetype = "text/html" ++;default_charset = "iso-8859-1" ++ ++; Always populate the $HTTP_RAW_POST_DATA variable. ++;always_populate_raw_post_data = On ++ ++ ++;;;;;;;;;;;;;;;;;;;;;;;;; ++; Paths and Directories ; ++;;;;;;;;;;;;;;;;;;;;;;;;; ++ ++; UNIX: "/path1:/path2" ++; Note (paranoid): ++; - '.' (the default) is not allowed here, applications that rely on it ++; need to be modified ++; - /usr is allowed, but files there should be protected against being ++; overwritten by mounting the filesystem read-only and should be ++; monitored with a system integrity check tool. ++include_path = "/usr/share/php" ++ ++; Windows: "\path1;\path2" ++;include_path = ".;c:\php\includes" ++ ++; The root of the PHP pages, used only if nonempty. ++; if PHP was not compiled with FORCE_REDIRECT, you SHOULD set doc_root ++; if you are running php as a CGI under any web server (other than IIS) ++; see documentation for security issues. The alternate is to use the ++; cgi.force_redirect configuration below ++doc_root = ++ ++; The directory under which PHP opens the script using /~username used only ++; if nonempty. ++user_dir = ++ ++; Directory in which the loadable extensions (modules) reside. ++; extension_dir = "./" ++ ++; Whether or not to enable the dl() function. The dl() function does NOT work ++; properly in multithreaded servers, such as IIS or Zeus, and is automatically ++; disabled on them. ++; ++; NOTE: this is a potential security hole and is disabled by default in debian ++enable_dl = Off ++ ++; cgi.force_redirect is necessary to provide security running PHP as a CGI under ++; most web servers. Left undefined, PHP turns this on by default. You can ++; turn it off here AT YOUR OWN RISK ++; **You CAN safely turn this off for IIS, in fact, you MUST.** ++; cgi.force_redirect = 1 ++ ++; if cgi.nph is enabled it will force cgi to always sent Status: 200 with ++; every request. ++; cgi.nph = 1 ++ ++; if cgi.force_redirect is turned on, and you are not running under Apache or Netscape ++; (iPlanet) web servers, you MAY need to set an environment variable name that PHP ++; will look for to know it is OK to continue execution. Setting this variable MAY ++; cause security issues, KNOW WHAT YOU ARE DOING FIRST. ++; cgi.redirect_status_env = ; ++ ++; cgi.fix_pathinfo provides *real* PATH_INFO/PATH_TRANSLATED support for CGI. PHP's ++; previous behaviour was to set PATH_TRANSLATED to SCRIPT_FILENAME, and to not grok ++; what PATH_INFO is. For more information on PATH_INFO, see the cgi specs. Setting ++; this to 1 will cause PHP CGI to fix it's paths to conform to the spec. A setting ++; of zero causes PHP to behave as before. Default is 1. You should fix your scripts ++; to use SCRIPT_FILENAME rather than PATH_TRANSLATED. ++cgi.fix_pathinfo=1 ++ ++; FastCGI under IIS (on WINNT based OS) supports the ability to impersonate ++; security tokens of the calling client. This allows IIS to define the ++; security context that the request runs under. mod_fastcgi under Apache ++; does not currently support this feature (03/17/2002) ++; Set to 1 if running under IIS. Default is zero. ++; fastcgi.impersonate = 1; ++ ++; Disable logging through FastCGI connection ++; fastcgi.logging = 0 ++ ++; cgi.rfc2616_headers configuration option tells PHP what type of headers to ++; use when sending HTTP response code. If it's set 0 PHP sends Status: header that ++; is supported by Apache. When this option is set to 1 PHP will send ++; RFC2616 compliant header. ++; Default is zero. ++;cgi.rfc2616_headers = 0 ++ ++ ++;;;;;;;;;;;;;;;; ++; File Uploads ; ++;;;;;;;;;;;;;;;; ++ ++; Whether to allow HTTP file uploads. ++file_uploads = Off ++ ++; Temporary directory for HTTP uploaded files (will use system default if not ++; specified). ++; ++; Note: If enabled above you have to create this directory and set appropiate ++; permissions. The default (/tmp) is insecure since other users might be able ++; to access upload files or make symlink tricks. ++upload_tmp_dir = /var/lib/php5/uploads ++ ++; Maximum allowed size for uploaded files. ++upload_max_filesize = 2M ++ ++ ++;;;;;;;;;;;;;;;;;; ++; Fopen wrappers ; ++;;;;;;;;;;;;;;;;;; ++ ++; Whether to allow the treatment of URLs (like http:// or ftp://) as files. ++; ++; This is turned off to avoid variable redefinition by remote attacker ++; that attempts to have the server download (and execute) a remote file ++; from a compromised host. This behaviour has been observed in automatic ++; scanning against badly written applications: ++; http://myhost/myapplication.php?include=http://roguesever/rogueapp.php ++allow_url_fopen = Off ++ ++; Whether to allow include/require to open URLs (like http:// or ftp://) as files. ++allow_url_include = Off ++ ++; Define the anonymous ftp password (your email address) ++;from="john@doe.com" ++ ++; Define the User-Agent string ++; user_agent="PHP" ++ ++; Default timeout for socket based streams (seconds) ++default_socket_timeout = 60 ++ ++; If your scripts have to deal with files from Macintosh systems, ++; or you are running on a Mac and need to deal with files from ++; unix or win32 systems, setting this flag will cause PHP to ++; automatically detect the EOL character in those files so that ++; fgets() and file() will work regardless of the source of the file. ++; auto_detect_line_endings = Off ++ ++ ++;;;;;;;;;;;;;;;;;;;;;; ++; Dynamic Extensions ; ++;;;;;;;;;;;;;;;;;;;;;; ++; ++; If you wish to have an extension loaded automatically, use the following ++; syntax: ++; ++; extension=modulename.extension ++; ++; For example, on Windows: ++; ++; extension=msql.dll ++; ++; ... or under UNIX: ++; ++; extension=msql.so ++; ++; Note that it should be the name of the module only; no directory information ++; needs to go here. Specify the location of the extension with the ++; extension_dir directive above. ++ ++ ++;;;;;;;;;;;;;;;;;;; ++; Module Settings ; ++;;;;;;;;;;;;;;;;;;; ++ ++[Date] ++; Defines the default timezone used by the date functions ++;date.timezone = ++ ++;date.default_latitude = 31.7667 ++;date.default_longitude = 35.2333 ++ ++;date.sunrise_zenith = 90.583333 ++;date.sunset_zenith = 90.583333 ++ ++[filter] ++;filter.default = unsafe_raw ++;filter.default_flags = ++ ++[iconv] ++;iconv.input_encoding = ISO-8859-1 ++;iconv.internal_encoding = ISO-8859-1 ++;iconv.output_encoding = ISO-8859-1 ++ ++[sqlite] ++;sqlite.assoc_case = 0 ++ ++[xmlrpc] ++;xmlrpc_error_number = 0 ++;xmlrpc_errors = 0 ++ ++[Pcre] ++;PCRE library backtracking limit. ++;pcre.backtrack_limit=100000 ++ ++;PCRE library recursion limit. ++;Please note that if you set this value to a high number you may consume all ++;the available process stack and eventually crash PHP (due to reaching the ++;stack size limit imposed by the Operating System). ++;pcre.recursion_limit=100000 ++ ++[Syslog] ++; Whether or not to define the various syslog variables (e.g. $LOG_PID, ++; $LOG_CRON, etc.). Turning it off is a good idea performance-wise. In ++; runtime, you can define these variables by calling define_syslog_variables(). ++define_syslog_variables = Off ++ ++[mail function] ++; For Win32 only. ++SMTP = localhost ++smtp_port = 25 ++ ++; For Win32 only. ++;sendmail_from = me@example.com ++ ++; For Unix only. You may supply arguments as well (default: "sendmail -t -i"). ++;sendmail_path = ++ ++; Force the addition of the specified parameters to be passed as extra parameters ++; to the sendmail binary. These parameters will always replace the value of ++; the 5th parameter to mail(), even in safe mode. ++;mail.force_extra_parameters = ++ ++[SQL] ++; This configuration directive is unrelated to safe_mode. ++; If enabled, connections to databases (like mysql_connect() or mysql_pconnect()) ++; will ignore the arguments provided (which include username and password) and ++; will attempt to connect always using default values. These default values ++; are typically host=localhost, user=the script owner,password=empty password. ++; ++; Note (paranoid): This is disabled as it is not actually a security measure, unless ++; you want script to not have users and passwords hardcoded in them. ++sql.safe_mode = Off ++ ++[ODBC] ++;odbc.default_db = Not yet implemented ++;odbc.default_user = Not yet implemented ++;odbc.default_pw = Not yet implemented ++ ++; Allow or prevent persistent links. ++odbc.allow_persistent = On ++ ++; Check that a connection is still valid before reuse. ++odbc.check_persistent = On ++ ++; Maximum number of persistent links. -1 means no limit. ++odbc.max_persistent = -1 ++ ++; Maximum number of links (persistent + non-persistent). -1 means no limit. ++odbc.max_links = -1 ++ ++; Handling of LONG fields. Returns number of bytes to variables. 0 means ++; passthru. ++odbc.defaultlrl = 4096 ++ ++; Handling of binary data. 0 means passthru, 1 return as is, 2 convert to char. ++; See the documentation on odbc_binmode and odbc_longreadlen for an explanation ++; of uodbc.defaultlrl and uodbc.defaultbinmode ++odbc.defaultbinmode = 1 ++ ++[MySQL] ++; Allow or prevent persistent links. ++mysql.allow_persistent = On ++ ++; Maximum number of persistent links. -1 means no limit. ++mysql.max_persistent = -1 ++ ++; Maximum number of links (persistent + non-persistent). -1 means no limit. ++mysql.max_links = -1 ++ ++; Default port number for mysql_connect(). If unset, mysql_connect() will use ++; the $MYSQL_TCP_PORT or the mysql-tcp entry in /etc/services or the ++; compile-time value defined MYSQL_PORT (in that order). Win32 will only look ++; at MYSQL_PORT. ++mysql.default_port = ++ ++; Default socket name for local MySQL connects. If empty, uses the built-in ++; MySQL defaults. ++mysql.default_socket = ++ ++; Default host for mysql_connect() (doesn't apply in safe mode). ++mysql.default_host = ++ ++; Default user for mysql_connect() (doesn't apply in safe mode). ++mysql.default_user = ++ ++; Default password for mysql_connect() (doesn't apply in safe mode). ++; Note that this is generally a *bad* idea to store passwords in this file. ++; *Any* user with PHP access can run 'echo get_cfg_var("mysql.default_password") ++; and reveal this password! And of course, any users with read access to this ++; file will be able to reveal the password as well. ++mysql.default_password = ++ ++; Maximum time (in seconds) for connect timeout. -1 means no limit ++mysql.connect_timeout = 60 ++ ++; Trace mode. When trace_mode is active (=On), warnings for table/index scans and ++; SQL-Errors will be displayed. ++mysql.trace_mode = Off ++ ++[MySQLi] ++ ++; Maximum number of links. -1 means no limit. ++mysqli.max_links = -1 ++ ++; Default port number for mysqli_connect(). If unset, mysqli_connect() will use ++; the $MYSQL_TCP_PORT or the mysql-tcp entry in /etc/services or the ++; compile-time value defined MYSQL_PORT (in that order). Win32 will only look ++; at MYSQL_PORT. ++mysqli.default_port = 3306 ++ ++; Default socket name for local MySQL connects. If empty, uses the built-in ++; MySQL defaults. ++mysqli.default_socket = ++ ++; Default host for mysql_connect() (doesn't apply in safe mode). ++mysqli.default_host = ++ ++; Default user for mysql_connect() (doesn't apply in safe mode). ++mysqli.default_user = ++ ++; Default password for mysqli_connect() (doesn't apply in safe mode). ++; Note that this is generally a *bad* idea to store passwords in this file. ++; *Any* user with PHP access can run 'echo get_cfg_var("mysqli.default_pw") ++; and reveal this password! And of course, any users with read access to this ++; file will be able to reveal the password as well. ++mysqli.default_pw = ++ ++; Allow or prevent reconnect ++mysqli.reconnect = Off ++ ++[mSQL] ++; Allow or prevent persistent links. ++msql.allow_persistent = On ++ ++; Maximum number of persistent links. -1 means no limit. ++msql.max_persistent = -1 ++ ++; Maximum number of links (persistent+non persistent). -1 means no limit. ++msql.max_links = -1 ++ ++[OCI8] ++; enables privileged connections using external credentials (OCI_SYSOPER, OCI_SYSDBA) ++;oci8.privileged_connect = Off ++ ++; Connection: The maximum number of persistent OCI8 connections per ++; process. Using -1 means no limit. ++;oci8.max_persistent = -1 ++ ++; Connection: The maximum number of seconds a process is allowed to ++; maintain an idle persistent connection. Using -1 means idle ++; persistent connections will be maintained forever. ++;oci8.persistent_timeout = -1 ++ ++; Connection: The number of seconds that must pass before issuing a ++; ping during oci_pconnect() to check the connection validity. When ++; set to 0, each oci_pconnect() will cause a ping. Using -1 disables ++; pings completely. ++;oci8.ping_interval = 60 ++ ++; Tuning: This option enables statement caching, and specifies how ++; many statements to cache. Using 0 disables statement caching. ++;oci8.statement_cache_size = 20 ++ ++; Tuning: Enables statement prefetching and sets the default number of ++; rows that will be fetched automatically after statement execution. ++;oci8.default_prefetch = 10 ++ ++; Compatibility. Using On means oci_close() will not close ++; oci_connect() and oci_new_connect() connections. ++;oci8.old_oci_close_semantics = Off ++ ++[PostgresSQL] ++; Allow or prevent persistent links. ++pgsql.allow_persistent = On ++ ++; Detect broken persistent links always with pg_pconnect(). ++; Auto reset feature requires a little overheads. ++pgsql.auto_reset_persistent = Off ++ ++; Maximum number of persistent links. -1 means no limit. ++pgsql.max_persistent = -1 ++ ++; Maximum number of links (persistent+non persistent). -1 means no limit. ++pgsql.max_links = -1 ++ ++; Ignore PostgreSQL backends Notice message or not. ++; Notice message logging require a little overheads. ++pgsql.ignore_notice = 0 ++ ++; Log PostgreSQL backends Noitce message or not. ++; Unless pgsql.ignore_notice=0, module cannot log notice message. ++pgsql.log_notice = 0 ++ ++[Sybase] ++; Allow or prevent persistent links. ++sybase.allow_persistent = On ++ ++; Maximum number of persistent links. -1 means no limit. ++sybase.max_persistent = -1 ++ ++; Maximum number of links (persistent + non-persistent). -1 means no limit. ++sybase.max_links = -1 ++ ++;sybase.interface_file = "/usr/sybase/interfaces" ++ ++; Minimum error severity to display. ++sybase.min_error_severity = 10 ++ ++; Minimum message severity to display. ++sybase.min_message_severity = 10 ++ ++; Compatibility mode with old versions of PHP 3.0. ++; If on, this will cause PHP to automatically assign types to results according ++; to their Sybase type, instead of treating them all as strings. This ++; compatibility mode will probably not stay around forever, so try applying ++; whatever necessary changes to your code, and turn it off. ++sybase.compatability_mode = Off ++ ++[Sybase-CT] ++; Allow or prevent persistent links. ++sybct.allow_persistent = On ++ ++; Maximum number of persistent links. -1 means no limit. ++sybct.max_persistent = -1 ++ ++; Maximum number of links (persistent + non-persistent). -1 means no limit. ++sybct.max_links = -1 ++ ++; Minimum server message severity to display. ++sybct.min_server_severity = 10 ++ ++; Minimum client message severity to display. ++sybct.min_client_severity = 10 ++ ++[bcmath] ++; Number of decimal digits for all bcmath functions. ++bcmath.scale = 0 ++ ++[browscap] ++;browscap = extra/browscap.ini ++ ++[Informix] ++; Default host for ifx_connect() (doesn't apply in safe mode). ++ifx.default_host = ++ ++; Default user for ifx_connect() (doesn't apply in safe mode). ++ifx.default_user = ++ ++; Default password for ifx_connect() (doesn't apply in safe mode). ++ifx.default_password = ++ ++; Allow or prevent persistent links. ++ifx.allow_persistent = On ++ ++; Maximum number of persistent links. -1 means no limit. ++ifx.max_persistent = -1 ++ ++; Maximum number of links (persistent + non-persistent). -1 means no limit. ++ifx.max_links = -1 ++ ++; If on, select statements return the contents of a text blob instead of its id. ++ifx.textasvarchar = 0 ++ ++; If on, select statements return the contents of a byte blob instead of its id. ++ifx.byteasvarchar = 0 ++ ++; Trailing blanks are stripped from fixed-length char columns. May help the ++; life of Informix SE users. ++ifx.charasvarchar = 0 ++ ++; If on, the contents of text and byte blobs are dumped to a file instead of ++; keeping them in memory. ++ifx.blobinfile = 0 ++ ++; NULL's are returned as empty strings, unless this is set to 1. In that case, ++; NULL's are returned as string 'NULL'. ++ifx.nullformat = 0 ++ ++[Session] ++; Handler used to store/retrieve data. ++session.save_handler = files ++ ++; Argument passed to save_handler. In the case of files, this is the path ++; where data files are stored. Note: Windows users have to change this ++; variable in order to use PHP's session functions. ++; ++; As of PHP 4.0.1, you can define the path as: ++; ++; session.save_path = "N;/path" ++; ++; where N is an integer. Instead of storing all the session files in ++; /path, what this will do is use subdirectories N-levels deep, and ++; store the session data in those directories. This is useful if you ++; or your OS have problems with lots of files in one directory, and is ++; a more efficient layout for servers that handle lots of sessions. ++; ++; NOTE 1: PHP will not create this directory structure automatically. ++; You can use the script in the ext/session dir for that purpose. ++; NOTE 2: See the section on garbage collection below if you choose to ++; use subdirectories for session storage ++; ++; The file storage module creates files using mode 600 by default. ++; You can change that by using ++; ++; session.save_path = "N;MODE;/path" ++; ++; where MODE is the octal representation of the mode. Note that this ++; does not overwrite the process's umask. ++session.save_path = /var/lib/php5 ++ ++; Substring to check each HTTP Referer for. If the Referer was sent by the ++; client and the substring was not found, the embedded session id will be marked ++; as invalid. Defaults to the empty string. ++; Note (paranoid): to prevent some XSS attacks should be defined to the server's URI ++; session.referer_check = ++ ++ ++; Path to an external resource (file) which will be used as an additional ++; entropy source in the session id creation process. ++; Note (paranoid): /dev/urandom is not fully random but if /dev/random is used ++; the entropy pool could be exhaused by constantly asking for session ids and ++; would compromise other applications relying on randomness ++session.entropy_file = "/dev/urandom" ++ ++; Number of bytes which will be read from the file specified above. ++; Defaults to 0 (disabled). ++session.entropy_length = 6 ++ ++; Whether to use cookies. ++session.use_cookies = 1 ++ ++; If this option is enabled cookies are only sent through secure (SSL) ++; connections and, consequently, are more difficult to intercept. ++; (disabled by default) ++session.cookie_secure = 1 ++ ++; This option enables administrators to make their users invulnerable to ++; attacks which involve passing session ids in URLs; defaults to 1 (since PHP 6.0). ++session.use_only_cookies = 1 ++ ++; Name of the session (used as cookie name). ++session.name = PHPSESSID ++ ++; Initialize session on request startup. ++session.auto_start = 0 ++ ++; Lifetime in seconds of cookie or, if 0, until browser is restarted. ++session.cookie_lifetime = 0 ++ ++; The path for which the cookie is valid. ++; Note (paranoid): Applications should restrict the path where the cookie ++; is valid through use of session_set_cookie_params(). ++session.cookie_path = / ++ ++; The domain for which the cookie is valid. ++; Note (paranoid): Make sure you configure this for your site ++session.cookie_domain = ++ ++; Whether or not to add the httpOnly flag to the cookie, which makes it inaccessible to browser scripting languages such as JavaScript. ++session.cookie_httponly = 1 ++ ++; Handler used to serialize data. php is the standard serializer of PHP. ++session.serialize_handler = php ++ ++; Define the probability that the 'garbage collection' process is started ++; on every session initialization. ++; The probability is calculated by using gc_probability/gc_divisor, ++; e.g. 1/100 means there is a 1% chance that the GC process starts ++; on each request. ++ ++; This is disabled in the Debian packages, due to the strict permissions ++; on /var/lib/php5. Instead of setting this here, see the cronjob at ++; /etc/cron.d/php5, which uses the session.gc_maxlifetime setting below ++;session.gc_probability = 0 ++session.gc_divisor = 100 ++ ++; After this number of seconds, stored data will be seen as 'garbage' and ++; cleaned up by the garbage collection process. ++session.gc_maxlifetime = 1440 ++ ++; NOTE: If you are using the subdirectory option for storing session files ++; (see session.save_path above), then garbage collection does *not* ++; happen automatically. You will need to do your own garbage ++; collection through a shell script, cron entry, or some other method. ++; For example, the following script would is the equivalent of ++; setting session.gc_maxlifetime to 1440 (1440 seconds = 24 minutes): ++; cd /path/to/sessions; find -cmin +24 | xargs rm ++ ++; PHP 4.2 and less have an undocumented feature/bug that allows you to ++; to initialize a session variable in the global scope, albeit register_globals ++; is disabled. PHP 4.3 and later will warn you, if this feature is used. ++; You can disable the feature and the warning separately. At this time, ++; the warning is only displayed, if bug_compat_42 is enabled. ++ ++session.bug_compat_42 = 0 ++session.bug_compat_warn = 1 ++ ++; Check HTTP Referer to invalidate externally stored URLs containing ids. ++; HTTP_REFERER has to contain this substring for the session to be ++; considered as valid. ++session.referer_check = ++ ++; How many bytes to read from the file. ++session.entropy_length = 0 ++ ++; Specified here to create the session id. ++session.entropy_file = ++ ++;session.entropy_length = 16 ++ ++;session.entropy_file = /dev/urandom ++ ++; Set to {nocache,private,public,} to determine HTTP caching aspects ++; or leave this empty to avoid sending anti-caching headers. ++session.cache_limiter = nocache ++ ++; Document expires after n minutes. ++session.cache_expire = 180 ++ ++; trans sid support is disabled by default. ++; Use of trans sid may risk your users security. ++; Use this option with caution. ++; - User may send URL contains active session ID ++; to other person via. email/irc/etc. ++; - URL that contains active session ID may be stored ++; in publically accessible computer. ++; - User may access your site with the same session ID ++; always using URL stored in browser's history or bookmarks. ++session.use_trans_sid = 0 ++ ++; Select a hash function ++; 0: MD5 (128 bits) ++; 1: SHA-1 (160 bits) ++; Note (paranoic): Set to SHA-1 since there are known attacks against MD5 ++; although the algorithm is not yet broken) ++session.hash_function = 1 ++ ++; Define how many bits are stored in each character when converting ++; the binary hash data to something readable. ++; ++; 4 bits: 0-9, a-f ++; 5 bits: 0-9, a-v ++; 6 bits: 0-9, a-z, A-Z, "-", "," ++session.hash_bits_per_character = 4 ++ ++; The URL rewriter will look for URLs in a defined set of HTML tags. ++; form/fieldset are special; if you include them here, the rewriter will ++; add a hidden field with the info which is otherwise appended ++; to URLs. If you want XHTML conformity, remove the form entry. ++; Note that all valid entries require a "=", even if no value follows. ++url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=fakeentry,fieldset=" ++ ++[MSSQL] ++; Allow or prevent persistent links. ++mssql.allow_persistent = On ++ ++; Maximum number of persistent links. -1 means no limit. ++mssql.max_persistent = -1 ++ ++; Maximum number of links (persistent+non persistent). -1 means no limit. ++mssql.max_links = -1 ++ ++; Minimum error severity to display. ++mssql.min_error_severity = 10 ++ ++; Minimum message severity to display. ++mssql.min_message_severity = 10 ++ ++; Compatibility mode with old versions of PHP 3.0. ++mssql.compatability_mode = Off ++ ++; Connect timeout ++;mssql.connect_timeout = 5 ++ ++; Query timeout ++;mssql.timeout = 60 ++ ++; Valid range 0 - 2147483647. Default = 4096. ++;mssql.textlimit = 4096 ++ ++; Valid range 0 - 2147483647. Default = 4096. ++;mssql.textsize = 4096 ++ ++; Limits the number of records in each batch. 0 = all records in one batch. ++;mssql.batchsize = 0 ++ ++; Specify how datetime and datetim4 columns are returned ++; On => Returns data converted to SQL server settings ++; Off => Returns values as YYYY-MM-DD hh:mm:ss ++;mssql.datetimeconvert = On ++ ++; Use NT authentication when connecting to the server ++mssql.secure_connection = On ++ ++; Specify max number of processes. -1 = library default ++; msdlib defaults to 25 ++; FreeTDS defaults to 4096 ++;mssql.max_procs = -1 ++ ++; Specify client character set. ++; If empty or not set the client charset from freetds.comf is used ++; This is only used when compiled with FreeTDS ++;mssql.charset = "ISO-8859-1" ++ ++[Assertion] ++; Assert(expr); active by default. ++;assert.active = On ++ ++; Issue a PHP warning for each failed assertion. ++;assert.warning = On ++ ++; Don't bail out by default. ++;assert.bail = Off ++ ++; User-function to be called if an assertion fails. ++;assert.callback = 0 ++ ++; Eval the expression with current error_reporting(). Set to true if you want ++; error_reporting(0) around the eval(). ++;assert.quiet_eval = 0 ++ ++[COM] ++; path to a file containing GUIDs, IIDs or filenames of files with TypeLibs ++;com.typelib_file = ++; allow Distributed-COM calls ++;com.allow_dcom = true ++; autoregister constants of a components typlib on com_load() ++;com.autoregister_typelib = true ++; register constants casesensitive ++;com.autoregister_casesensitive = false ++; show warnings on duplicate constant registrations ++;com.autoregister_verbose = true ++ ++[mbstring] ++; language for internal character representation. ++;mbstring.language = Japanese ++ ++; internal/script encoding. ++; Some encoding cannot work as internal encoding. ++; (e.g. SJIS, BIG5, ISO-2022-*) ++;mbstring.internal_encoding = EUC-JP ++ ++; http input encoding. ++;mbstring.http_input = auto ++ ++; http output encoding. mb_output_handler must be ++; registered as output buffer to function ++;mbstring.http_output = SJIS ++ ++; enable automatic encoding translation according to ++; mbstring.internal_encoding setting. Input chars are ++; converted to internal encoding by setting this to On. ++; Note: Do _not_ use automatic encoding translation for ++; portable libs/applications. ++;mbstring.encoding_translation = Off ++ ++; automatic encoding detection order. ++; auto means ++;mbstring.detect_order = auto ++ ++; substitute_character used when character cannot be converted ++; one from another ++;mbstring.substitute_character = none; ++ ++; overload(replace) single byte functions by mbstring functions. ++; mail(), ereg(), etc are overloaded by mb_send_mail(), mb_ereg(), ++; etc. Possible values are 0,1,2,4 or combination of them. ++; For example, 7 for overload everything. ++; 0: No overload ++; 1: Overload mail() function ++; 2: Overload str*() functions ++; 4: Overload ereg*() functions ++;mbstring.func_overload = 0 ++ ++[FrontBase] ++;fbsql.allow_persistent = On ++;fbsql.autocommit = On ++;fbsql.show_timestamp_decimals = Off ++;fbsql.default_database = ++;fbsql.default_database_password = ++;fbsql.default_host = ++;fbsql.default_password = ++;fbsql.default_user = "_SYSTEM" ++;fbsql.generate_warnings = Off ++;fbsql.max_connections = 128 ++;fbsql.max_links = 128 ++;fbsql.max_persistent = -1 ++;fbsql.max_results = 128 ++ ++[gd] ++; Tell the jpeg decode to libjpeg warnings and try to create ++; a gd image. The warning will then be displayed as notices ++; disabled by default ++;gd.jpeg_ignore_warning = 0 ++ ++[exif] ++; Exif UNICODE user comments are handled as UCS-2BE/UCS-2LE and JIS as JIS. ++; With mbstring support this will automatically be converted into the encoding ++; given by corresponding encode setting. When empty mbstring.internal_encoding ++; is used. For the decode settings you can distinguish between motorola and ++; intel byte order. A decode setting cannot be empty. ++;exif.encode_unicode = ISO-8859-15 ++;exif.decode_unicode_motorola = UCS-2BE ++;exif.decode_unicode_intel = UCS-2LE ++;exif.encode_jis = ++;exif.decode_jis_motorola = JIS ++;exif.decode_jis_intel = JIS ++ ++[Tidy] ++; The path to a default tidy configuration file to use when using tidy ++;tidy.default_config = /usr/local/lib/php/default.tcfg ++ ++; Should tidy clean and repair output automatically? ++; WARNING: Do not use this option if you are generating non-html content ++; such as dynamic images ++tidy.clean_output = Off ++ ++[soap] ++; Enables or disables WSDL caching feature. ++soap.wsdl_cache_enabled=1 ++; Sets the directory name where SOAP extension will put cache files. ++soap.wsdl_cache_dir="/var/lib/php5/soap-cache" ++; (time to live) Sets the number of second while cached file will be used ++; instead of original one. ++soap.wsdl_cache_ttl=86400 ++ ++; Local Variables: ++; tab-width: 4 ++; End: --- php5-5.3.2.orig/debian/patches/php5-CVE-2010-4697.patch +++ php5-5.3.2/debian/patches/php5-CVE-2010-4697.patch @@ -0,0 +1,94 @@ +Subject: Fixed bug #52879 (Objects unreferenced in __get, __set, __isset or __unset can be freed too early). +Author: mail_ben_schmidt at yahoo dot com dot au +Origin: http://svn.php.net/viewvc?view=revision&revision=303913 +Bug: http://bugs.php.net/52879 + +CVE-2010-4697 + +Patch is modified from upstream commit to remove edits to the NEWS file, +to reduce conflicts when applying patches and backported to apply to +earlier releases of php. + +Index: Zend/zend_object_handlers.c +=================================================================== +--- Zend/zend_object_handlers.c (revision 303912) ++++ Zend/zend_object_handlers.c (revision 303913) +@@ -347,6 +347,9 @@ + !guard->in_get) { + /* have getter - try with it! */ + Z_ADDREF_P(object); ++ if (PZVAL_IS_REF(object)) { ++ SEPARATE_ZVAL(&object); ++ } + guard->in_get = 1; /* prevent circular getting */ + rv = zend_std_call_getter(object, member TSRMLS_CC); + guard->in_get = 0; +@@ -445,22 +448,22 @@ + } + } + } else { +- int setter_done = 0; +- zend_guard *guard; ++ zend_guard *guard = NULL; + + if (zobj->ce->__set && + zend_get_property_guard(zobj, property_info, member, &guard) == SUCCESS && + !guard->in_set) { + Z_ADDREF_P(object); ++ if (PZVAL_IS_REF(object)) { ++ SEPARATE_ZVAL(&object); ++ } + guard->in_set = 1; /* prevent circular setting */ + if (zend_std_call_setter(object, member, value TSRMLS_CC) != SUCCESS) { + /* for now, just ignore it - __set should take care of warnings, etc. */ + } +- setter_done = 1; + guard->in_set = 0; + zval_ptr_dtor(&object); +- } +- if (!setter_done && property_info) { ++ } else if (property_info) { + zval **foo; + + /* if we assign referenced variable, we should separate it */ +@@ -643,6 +646,9 @@ + !guard->in_unset) { + /* have unseter - try with it! */ + Z_ADDREF_P(object); ++ if (PZVAL_IS_REF(object)) { ++ SEPARATE_ZVAL(&object); ++ } + guard->in_unset = 1; /* prevent circular unsetting */ + zend_std_call_unsetter(object, member TSRMLS_CC); + guard->in_unset = 0; +@@ -1169,6 +1175,9 @@ + + /* have issetter - try with it! */ + Z_ADDREF_P(object); ++ if (PZVAL_IS_REF(object)) { ++ SEPARATE_ZVAL(&object); ++ } + guard->in_isset = 1; /* prevent circular getting */ + rv = zend_std_call_issetter(object, member TSRMLS_CC); + if (rv) { +Index: Zend/tests/bug52879.phpt +=================================================================== +--- Zend/tests/bug52879.phpt (revision 0) ++++ Zend/tests/bug52879.phpt (revision 303913) +@@ -0,0 +1,16 @@ ++--TEST-- ++Bug #52879 (Objects unreferenced in __get, __set, __isset or __unset can be freed too early) ++--FILE-- ++myRef = $value; ++ } ++} ++$myGlobal=new MyClass($myGlobal); ++$myGlobal->myRef=&$myGlobal; ++$myGlobal->myNonExistentProperty="ok\n"; ++echo $myGlobal; ++--EXPECT-- ++ok --- php5-5.3.2.orig/debian/patches/php5-CVE-2011-1469.patch +++ php5-5.3.2/debian/patches/php5-CVE-2011-1469.patch @@ -0,0 +1,123 @@ +Subject: Fixed bug #54092 (Segmentation fault when using HTTP proxy with the FTP wrapper). +Origin: http://svn.php.net/viewvc?view=revision&revision=308734 + +#php_stream->wrapperdata should hold an array zval (like its zval* type +#indicates...), it's not a place where the wrapper can drop an arbitrary +#pointer. For that, .wrapperthis should be used. +#Also, since the ftp dir wrapper defines its own stream type, it's more +#appropriate to use .abstract to store the stream instance specific data. + +CVE-2011-1469 + +Patch differs from upstream commit in that it drops the added NEWS file +entry to reduce patch conflicts, and adjusted for earlier versions of +php. + +Index: ext/standard/ftp_fopen_wrapper.c +=================================================================== +--- ext/standard/ftp_fopen_wrapper.c (revision 308733) ++++ ext/standard/ftp_fopen_wrapper.c (revision 308734) +@@ -72,6 +72,12 @@ + #define FTPS_ENCRYPT_DATA 1 + #define GET_FTP_RESULT(stream) get_ftp_result((stream), tmp_line, sizeof(tmp_line) TSRMLS_CC) + ++typedef struct _php_ftp_dirstream_data { ++ php_stream *datastream; ++ php_stream *controlstream; ++ php_stream *dirstream; ++} php_ftp_dirstream_data; ++ + /* {{{ get_ftp_result + */ + static inline int get_ftp_result(php_stream *stream, char *buffer, size_t buffer_size TSRMLS_DC) +@@ -97,12 +103,12 @@ + */ + static int php_stream_ftp_stream_close(php_stream_wrapper *wrapper, php_stream *stream TSRMLS_DC) + { +- php_stream *controlstream = (php_stream *)stream->wrapperdata; ++ php_stream *controlstream = stream->wrapperthis; + + if (controlstream) { + php_stream_write_string(controlstream, "QUIT\r\n"); + php_stream_close(controlstream); +- stream->wrapperdata = NULL; ++ stream->wrapperthis = NULL; + } + return 0; + } +@@ -584,7 +584,7 @@ + } + + /* remember control stream */ +- datastream->wrapperdata = (zval *)stream; ++ datastream->wrapperthis = stream; + + php_url_free(resource); + return datastream; +@@ -608,11 +608,13 @@ + static size_t php_ftp_dirstream_read(php_stream *stream, char *buf, size_t count TSRMLS_DC) + { + php_stream_dirent *ent = (php_stream_dirent *)buf; +- php_stream *innerstream = (php_stream *)stream->abstract; ++ php_stream *innerstream; + size_t tmp_len; + char *basename; + size_t basename_len; + ++ innerstream = ((php_ftp_dirstream_data *)stream->abstract)->datastream; ++ + if (count != sizeof(php_stream_dirent)) { + return 0; + } +@@ -656,13 +658,18 @@ + */ + static int php_ftp_dirstream_close(php_stream *stream, int close_handle TSRMLS_DC) + { +- php_stream *innerstream = (php_stream *)stream->abstract; ++ php_ftp_dirstream_data *data = stream->abstract; + +- if (innerstream->wrapperdata) { +- php_stream_close((php_stream *)innerstream->wrapperdata); +- innerstream->wrapperdata = NULL; ++ /* close control connection */ ++ if (data->controlstream) { ++ php_stream_close(data->controlstream); ++ data->controlstream = NULL; + } +- php_stream_close((php_stream *)stream->abstract); ++ /* close data connection */ ++ php_stream_close(data->datastream); ++ data->datastream = NULL; ++ ++ efree(data); + stream->abstract = NULL; + + return 0; +@@ -688,6 +695,7 @@ + php_stream * php_stream_ftp_opendir(php_stream_wrapper *wrapper, char *path, char *mode, int options, char **opened_path, php_stream_context *context STREAMS_DC TSRMLS_DC) + { + php_stream *stream, *reuseid, *datastream = NULL; ++ php_ftp_dirstream_data *dirsdata; + php_url *resource = NULL; + int result = 0, use_ssl, use_ssl_on_data = 0; + char *hoststart = NULL, tmp_line[512]; +@@ -747,12 +755,15 @@ + goto opendir_errexit; + } + +- /* remember control stream */ +- datastream->wrapperdata = (zval *)stream; +- + php_url_free(resource); +- return php_stream_alloc(&php_ftp_dirstream_ops, datastream, 0, mode); + ++ dirsdata = emalloc(sizeof *dirsdata); ++ dirsdata->datastream = datastream; ++ dirsdata->controlstream = stream; ++ dirsdata->dirstream = php_stream_alloc(&php_ftp_dirstream_ops, dirsdata, 0, mode); ++ ++ return dirsdata->dirstream; ++ + opendir_errexit: + if (resource) { + php_url_free(resource); --- php5-5.3.2.orig/debian/patches/max_file_uploads.patch +++ php5-5.3.2/debian/patches/max_file_uploads.patch @@ -0,0 +1,33 @@ +--- a/php.ini-dist ++++ b/php.ini-dist +@@ -571,7 +571,7 @@ upload_max_filesize = 2M + + + ; Maximum number of files that can be uploaded via a single request +-max_file_uploads = 20 ++max_file_uploads = 50 + + ;;;;;;;;;;;;;;;;;; + ; Fopen wrappers ; +--- a/php.ini-recommended ++++ b/php.ini-recommended +@@ -606,7 +606,7 @@ upload_max_filesize = 2M + + + ; Maximum number of files that can be uploaded via a single request +-max_file_uploads = 20 ++max_file_uploads = 50 + + ;;;;;;;;;;;;;;;;;; + ; Fopen wrappers ; +--- a/main/main.c ++++ b/main/main.c +@@ -456,7 +456,7 @@ PHP_INI_BEGIN() + PHP_INI_ENTRY("mail.force_extra_parameters",NULL, PHP_INI_SYSTEM|PHP_INI_PERDIR, OnChangeMailForceExtra) + PHP_INI_ENTRY("disable_functions", "", PHP_INI_SYSTEM, NULL) + PHP_INI_ENTRY("disable_classes", "", PHP_INI_SYSTEM, NULL) +- PHP_INI_ENTRY("max_file_uploads", "20", PHP_INI_SYSTEM, NULL) ++ PHP_INI_ENTRY("max_file_uploads", "50", PHP_INI_SYSTEM, NULL) + + STD_PHP_INI_BOOLEAN("allow_url_fopen", "1", PHP_INI_SYSTEM, OnUpdateBool, allow_url_fopen, php_core_globals, core_globals) + STD_PHP_INI_BOOLEAN("allow_url_include", "0", PHP_INI_SYSTEM, OnUpdateBool, allow_url_include, php_core_globals, core_globals) --- php5-5.3.2.orig/debian/patches/php5-CVE-2010-3436.patch +++ php5-5.3.2/debian/patches/php5-CVE-2010-3436.patch @@ -0,0 +1,29 @@ +Subject: Fixed possible flaw in open_basedir allowing basedir bypass +Origin: http://svn.php.net/viewvc?view=revision&revision=303824 + +CVE-2010-3436 + +--- + main/fopen_wrappers.c | 9 +++++++-- + 1 file changed, 7 insertions(+), 2 deletions(-) + +Index: b/main/fopen_wrappers.c +=================================================================== +--- a/main/fopen_wrappers.c ++++ b/main/fopen_wrappers.c +@@ -239,8 +239,13 @@ PHPAPI int php_check_specific_open_based + #else + if (strncmp(resolved_basedir, resolved_name, resolved_basedir_len) == 0) { + #endif +- /* File is in the right directory */ +- return 0; ++ if (resolved_name_len > resolved_basedir_len && ++ resolved_name[resolved_basedir_len] != PHP_DIR_SEPARATOR) { ++ return -1; ++ } else { ++ /* File is in the right directory */ ++ return 0; ++ } + } else { + /* /openbasedir/ and /openbasedir are the same directory */ + if (resolved_basedir_len == (resolved_name_len + 1) && resolved_basedir[resolved_basedir_len - 1] == PHP_DIR_SEPARATOR) { --- php5-5.3.2.orig/debian/patches/php5-CVE-2010-4645.patch +++ php5-5.3.2/debian/patches/php5-CVE-2010-4645.patch @@ -0,0 +1,25 @@ +Subject: Fixed Bug #53632 (infinite loop with x87 fpu). (Scott, Rasmus) +Origin: http://svn.php.net/viewvc?view=revision&revision=307095 +Bug: http://bugs.php.net/53632 +Bug-Ubuntu: https://bugs.launchpad.net/bugs/697181 + +[Ubuntu note: removed NEWS file change from commit diff to ease + application of patch. - sbeattie] + +--- + Zend/zend_strtod.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +Index: b/Zend/zend_strtod.c +=================================================================== +--- a/Zend/zend_strtod.c ++++ b/Zend/zend_strtod.c +@@ -2045,7 +2045,7 @@ ZEND_API double zend_strtod (CONST char + int bb2, bb5, bbe, bd2, bd5, bbbits, bs2, c, dsign, + e, e1, esign, i, j, k, nd, nd0, nf, nz, nz0, sign; + CONST char *s, *s0, *s1; +- double aadj, aadj1, adj; ++ volatile double aadj, aadj1, adj; + volatile _double rv, rv0; + Long L; + ULong y, z; --- php5-5.3.2.orig/debian/patches/sybase-alias.patch +++ php5-5.3.2/debian/patches/sybase-alias.patch @@ -0,0 +1,41 @@ +--- a/ext/mssql/php_mssql.c ++++ b/ext/mssql/php_mssql.c +@@ -178,6 +178,38 @@ const zend_function_entry mssql_function + PHP_FE(mssql_execute, arginfo_mssql_execute) + PHP_FE(mssql_free_statement, arginfo_mssql_free_statement) + PHP_FE(mssql_guid_string, arginfo_mssql_guid_string) ++#if !defined(PHP_WIN32) && !defined(HAVE_SYBASE_CT) ++ PHP_FALIAS(sybase_connect, mssql_connect, arginfo_mssql_connect) ++ PHP_FALIAS(sybase_pconnect, mssql_pconnect, arginfo_mssql_connect) ++ PHP_FALIAS(sybase_close, mssql_close, arginfo_mssql_close) ++ PHP_FALIAS(sybase_select_db, mssql_select_db, arginfo_mssql_select_db) ++ PHP_FALIAS(sybase_query, mssql_query, arginfo_mssql_query) ++ PHP_FALIAS(sybase_fetch_batch, mssql_fetch_batch, arginfo_mssql_fetch_batch) ++ PHP_FALIAS(sybase_affected_rows, mssql_rows_affected, arginfo_mssql_rows_affected) ++ PHP_FALIAS(sybase_free_result, mssql_free_result, arginfo_mssql_fetch_batch) ++ PHP_FALIAS(sybase_get_last_message, mssql_get_last_message, arginfo_mssql_get_last_message) ++ PHP_FALIAS(sybase_num_rows, mssql_num_rows, arginfo_mssql_fetch_batch) ++ PHP_FALIAS(sybase_num_fields, mssql_num_fields, arginfo_mssql_fetch_batch) ++ PHP_FALIAS(sybase_fetch_field, mssql_fetch_field, arginfo_mssql_fetch_field) ++ PHP_FALIAS(sybase_fetch_row, mssql_fetch_row, arginfo_mssql_fetch_batch) ++ PHP_FALIAS(sybase_fetch_array, mssql_fetch_array, arginfo_mssql_fetch_array) ++ PHP_FALIAS(sybase_fetch_assoc, mssql_fetch_assoc, arginfo_mssql_fetch_assoc) ++ PHP_FALIAS(sybase_fetch_object, mssql_fetch_object, arginfo_mssql_fetch_batch) ++ PHP_FALIAS(sybase_field_length, mssql_field_length, arginfo_mssql_field_length) ++ PHP_FALIAS(sybase_field_name, mssql_field_name, arginfo_mssql_field_length) ++ PHP_FALIAS(sybase_field_type, mssql_field_type, arginfo_mssql_field_length) ++ PHP_FALIAS(sybase_data_seek, mssql_data_seek, arginfo_mssql_data_seek) ++ PHP_FALIAS(sybase_field_seek, mssql_field_seek, arginfo_mssql_fetch_field) ++ PHP_FALIAS(sybase_result, mssql_result, arginfo_mssql_result) ++ PHP_FALIAS(sybase_next_result, mssql_next_result, arginfo_mssql_fetch_assoc) ++ PHP_FALIAS(sybase_min_error_severity, mssql_min_error_severity, arginfo_mssql_min_error_severity) ++ PHP_FALIAS(sybase_min_message_severity, mssql_min_message_severity, arginfo_mssql_min_error_severity) ++ PHP_FALIAS(sybase_init, mssql_init, arginfo_mssql_init) ++ PHP_FALIAS(sybase_bind, mssql_bind, arginfo_mssql_bind) ++ PHP_FALIAS(sybase_execute, mssql_execute, arginfo_mssql_execute) ++ PHP_FALIAS(sybase_free_statement, mssql_free_statement, arginfo_mssql_free_statement) ++ PHP_FALIAS(sybase_guid_string, mssql_guid_string, arginfo_mssql_guid_string) ++#endif + {NULL, NULL, NULL} + }; + /* }}} */ --- php5-5.3.2.orig/debian/patches/019-z_off_t_as_long.patch +++ php5-5.3.2/debian/patches/019-z_off_t_as_long.patch @@ -0,0 +1,1541 @@ +Description: Include some zlib headers to make sure z_off_t is a long on + the gzip file functions. Issue caused by LFS support. + . + Needs to be re-checked. +Origin: vendor +Bug-Debian: http://bugs.debian.org/208608 +Forwarded: no +Last-Update: 2010-01-18 + +--- /dev/null ++++ pkg-php/ext/zlib/zconf.h +@@ -0,0 +1,326 @@ ++/* zconf.h -- configuration of the zlib compression library ++ * Copyright (C) 1995-2003 Jean-loup Gailly. ++ * For conditions of distribution and use, see copyright notice in zlib.h ++ */ ++ ++/* @(#) $Id: 019-z_off_t_as_long.patch.disabled,v 1.3 2004/08/23 07:48:56 adconrad Exp $ */ ++ ++#ifndef ZCONF_H ++#define ZCONF_H ++ ++#warning Including local zconf.h instead of system zconf.h ++ ++/* ++ * If you *really* need a unique prefix for all types and library functions, ++ * compile with -DZ_PREFIX. The "standard" zlib should be compiled without it. ++ */ ++#ifdef Z_PREFIX ++# define deflateInit_ z_deflateInit_ ++# define deflate z_deflate ++# define deflateEnd z_deflateEnd ++# define inflateInit_ z_inflateInit_ ++# define inflate z_inflate ++# define inflateEnd z_inflateEnd ++# define deflateInit2_ z_deflateInit2_ ++# define deflateSetDictionary z_deflateSetDictionary ++# define deflateCopy z_deflateCopy ++# define deflateReset z_deflateReset ++# define deflatePrime z_deflatePrime ++# define deflateParams z_deflateParams ++# define deflateBound z_deflateBound ++# define inflateInit2_ z_inflateInit2_ ++# define inflateSetDictionary z_inflateSetDictionary ++# define inflateSync z_inflateSync ++# define inflateSyncPoint z_inflateSyncPoint ++# define inflateCopy z_inflateCopy ++# define inflateReset z_inflateReset ++# define compress z_compress ++# define compress2 z_compress2 ++# define compressBound z_compressBound ++# define uncompress z_uncompress ++# define adler32 z_adler32 ++# define crc32 z_crc32 ++# define get_crc_table z_get_crc_table ++ ++# define Byte z_Byte ++# define uInt z_uInt ++# define uLong z_uLong ++# define Bytef z_Bytef ++# define charf z_charf ++# define intf z_intf ++# define uIntf z_uIntf ++# define uLongf z_uLongf ++# define voidpf z_voidpf ++# define voidp z_voidp ++#endif ++ ++#if defined(__MSDOS__) && !defined(MSDOS) ++# define MSDOS ++#endif ++#if (defined(OS_2) || defined(__OS2__)) && !defined(OS2) ++# define OS2 ++#endif ++#if defined(_WINDOWS) && !defined(WINDOWS) ++# define WINDOWS ++#endif ++#if (defined(_WIN32) || defined(__WIN32__)) && !defined(WIN32) ++# define WIN32 ++#endif ++#if (defined(MSDOS) || defined(OS2) || defined(WINDOWS)) && !defined(WIN32) ++# if !defined(__GNUC__) && !defined(__FLAT__) && !defined(__386__) ++# ifndef SYS16BIT ++# define SYS16BIT ++# endif ++# endif ++#endif ++ ++/* ++ * Compile with -DMAXSEG_64K if the alloc function cannot allocate more ++ * than 64k bytes at a time (needed on systems with 16-bit int). ++ */ ++#ifdef SYS16BIT ++# define MAXSEG_64K ++#endif ++#ifdef MSDOS ++# define UNALIGNED_OK ++#endif ++ ++#ifdef __STDC_VERSION__ ++# ifndef STDC ++# define STDC ++# endif ++# if __STDC_VERSION__ >= 199901L ++# ifndef STDC99 ++# define STDC99 ++# endif ++# endif ++#endif ++#if !defined(STDC) && (defined(__STDC__) || defined(__cplusplus)) ++# define STDC ++#endif ++#if !defined(STDC) && (defined(__GNUC__) || defined(__BORLANDC__)) ++# define STDC ++#endif ++#if !defined(STDC) && (defined(MSDOS) || defined(WINDOWS) || defined(WIN32)) ++# define STDC ++#endif ++#if !defined(STDC) && (defined(OS2) || defined(__HOS_AIX__)) ++# define STDC ++#endif ++ ++#if defined(__OS400__) && !defined(STDC) /* iSeries (formerly AS/400). */ ++# define STDC ++#endif ++ ++#ifndef STDC ++# ifndef const /* cannot use !defined(STDC) && !defined(const) on Mac */ ++# define const /* note: need a more gentle solution here */ ++# endif ++#endif ++ ++/* Some Mac compilers merge all .h files incorrectly: */ ++#if defined(__MWERKS__)||defined(applec)||defined(THINK_C)||defined(__SC__) ++# define NO_DUMMY_DECL ++#endif ++ ++/* Maximum value for memLevel in deflateInit2 */ ++#ifndef MAX_MEM_LEVEL ++# ifdef MAXSEG_64K ++# define MAX_MEM_LEVEL 8 ++# else ++# define MAX_MEM_LEVEL 9 ++# endif ++#endif ++ ++/* Maximum value for windowBits in deflateInit2 and inflateInit2. ++ * WARNING: reducing MAX_WBITS makes minigzip unable to extract .gz files ++ * created by gzip. (Files created by minigzip can still be extracted by ++ * gzip.) ++ */ ++#ifndef MAX_WBITS ++# define MAX_WBITS 15 /* 32K LZ77 window */ ++#endif ++ ++/* The memory requirements for deflate are (in bytes): ++ (1 << (windowBits+2)) + (1 << (memLevel+9)) ++ that is: 128K for windowBits=15 + 128K for memLevel = 8 (default values) ++ plus a few kilobytes for small objects. For example, if you want to reduce ++ the default memory requirements from 256K to 128K, compile with ++ make CFLAGS="-O -DMAX_WBITS=14 -DMAX_MEM_LEVEL=7" ++ Of course this will generally degrade compression (there's no free lunch). ++ ++ The memory requirements for inflate are (in bytes) 1 << windowBits ++ that is, 32K for windowBits=15 (default value) plus a few kilobytes ++ for small objects. ++*/ ++ ++ /* Type declarations */ ++ ++#ifndef OF /* function prototypes */ ++# ifdef STDC ++# define OF(args) args ++# else ++# define OF(args) () ++# endif ++#endif ++ ++/* The following definitions for FAR are needed only for MSDOS mixed ++ * model programming (small or medium model with some far allocations). ++ * This was tested only with MSC; for other MSDOS compilers you may have ++ * to define NO_MEMCPY in zutil.h. If you don't need the mixed model, ++ * just define FAR to be empty. ++ */ ++#ifdef SYS16BIT ++# if defined(M_I86SM) || defined(M_I86MM) ++ /* MSC small or medium model */ ++# define SMALL_MEDIUM ++# ifdef _MSC_VER ++# define FAR _far ++# else ++# define FAR far ++# endif ++# endif ++# if (defined(__SMALL__) || defined(__MEDIUM__)) ++ /* Turbo C small or medium model */ ++# define SMALL_MEDIUM ++# ifdef __BORLANDC__ ++# define FAR _far ++# else ++# define FAR far ++# endif ++# endif ++#endif ++ ++#if defined(WINDOWS) || defined(WIN32) ++ /* If building or using zlib as a DLL, define ZLIB_DLL. ++ * This is not mandatory, but it offers a little performance increase. ++ */ ++# ifdef ZLIB_DLL ++# if defined(WIN32) && (!defined(__BORLANDC__) || (__BORLANDC__ >= 0x500)) ++# ifdef ZLIB_INTERNAL ++# define ZEXTERN extern __declspec(dllexport) ++# else ++# define ZEXTERN extern __declspec(dllimport) ++# endif ++# endif ++# endif /* ZLIB_DLL */ ++ /* If building or using zlib with the WINAPI/WINAPIV calling convention, ++ * define ZLIB_WINAPI. ++ * Caution: the standard ZLIB1.DLL is NOT compiled using ZLIB_WINAPI. ++ */ ++# ifdef ZLIB_WINAPI ++# ifdef FAR ++# undef FAR ++# endif ++# include ++ /* No need for _export, use ZLIB.DEF instead. */ ++ /* For complete Windows compatibility, use WINAPI, not __stdcall. */ ++# define ZEXPORT WINAPI ++# ifdef WIN32 ++# define ZEXPORTVA WINAPIV ++# else ++# define ZEXPORTVA FAR CDECL ++# endif ++# endif ++#endif ++ ++#if defined (__BEOS__) ++# ifdef ZLIB_DLL ++# ifdef ZLIB_INTERNAL ++# define ZEXPORT __declspec(dllexport) ++# define ZEXPORTVA __declspec(dllexport) ++# else ++# define ZEXPORT __declspec(dllimport) ++# define ZEXPORTVA __declspec(dllimport) ++# endif ++# endif ++#endif ++ ++#ifndef ZEXTERN ++# define ZEXTERN extern ++#endif ++#ifndef ZEXPORT ++# define ZEXPORT ++#endif ++#ifndef ZEXPORTVA ++# define ZEXPORTVA ++#endif ++ ++#ifndef FAR ++# define FAR ++#endif ++ ++#if !defined(__MACTYPES__) ++typedef unsigned char Byte; /* 8 bits */ ++#endif ++typedef unsigned int uInt; /* 16 bits or more */ ++typedef unsigned long uLong; /* 32 bits or more */ ++ ++#ifdef SMALL_MEDIUM ++ /* Borland C/C++ and some old MSC versions ignore FAR inside typedef */ ++# define Bytef Byte FAR ++#else ++ typedef Byte FAR Bytef; ++#endif ++typedef char FAR charf; ++typedef int FAR intf; ++typedef uInt FAR uIntf; ++typedef uLong FAR uLongf; ++ ++#ifdef STDC ++ typedef void const *voidpc; ++ typedef void FAR *voidpf; ++ typedef void *voidp; ++#else ++ typedef Byte const *voidpc; ++ typedef Byte FAR *voidpf; ++ typedef Byte *voidp; ++#endif ++ ++#if 1 /* HAVE_UNISTD_H -- this line is updated by ./configure */ ++# include /* for off_t */ ++# include /* for SEEK_* and off_t */ ++# ifdef VMS ++# include /* for off_t */ ++# endif ++/* # define z_off_t off_t */ ++#endif ++#ifndef SEEK_SET ++# define SEEK_SET 0 /* Seek from beginning of file. */ ++# define SEEK_CUR 1 /* Seek from current position. */ ++# define SEEK_END 2 /* Set file pointer to EOF plus "offset" */ ++#endif ++#ifndef z_off_t ++# warning Defining z_off_t as 'long' rather than 'off_t' ++# define z_off_t long ++#endif ++ ++#if defined(__OS400__) ++#define NO_vsnprintf ++#endif ++ ++#if defined(__MVS__) ++# define NO_vsnprintf ++# ifdef FAR ++# undef FAR ++# endif ++#endif ++ ++/* MVS linker does not support external names larger than 8 bytes */ ++#if defined(__MVS__) ++# pragma map(deflateInit_,"DEIN") ++# pragma map(deflateInit2_,"DEIN2") ++# pragma map(deflateEnd,"DEEND") ++# pragma map(deflateBound,"DEBND") ++# pragma map(inflateInit_,"ININ") ++# pragma map(inflateInit2_,"ININ2") ++# pragma map(inflateEnd,"INEND") ++# pragma map(inflateSync,"INSY") ++# pragma map(inflateSetDictionary,"INSEDI") ++# pragma map(compressBound,"CMBND") ++# pragma map(inflate_table,"INTABL") ++# pragma map(inflate_fast,"INFA") ++# pragma map(inflate_copyright,"INCOPY") ++#endif ++ ++#endif /* ZCONF_H */ +--- /dev/null ++++ pkg-php/ext/zlib/zlib.h +@@ -0,0 +1,1200 @@ ++/* zlib.h -- interface of the 'zlib' general purpose compression library ++ version 1.2.1.1, January 9th, 2004 ++ ++ Copyright (C) 1995-2004 Jean-loup Gailly and Mark Adler ++ ++ This software is provided 'as-is', without any express or implied ++ warranty. In no event will the authors be held liable for any damages ++ arising from the use of this software. ++ ++ Permission is granted to anyone to use this software for any purpose, ++ including commercial applications, and to alter it and redistribute it ++ freely, subject to the following restrictions: ++ ++ 1. The origin of this software must not be misrepresented; you must not ++ claim that you wrote the original software. If you use this software ++ in a product, an acknowledgment in the product documentation would be ++ appreciated but is not required. ++ 2. Altered source versions must be plainly marked as such, and must not be ++ misrepresented as being the original software. ++ 3. This notice may not be removed or altered from any source distribution. ++ ++ Jean-loup Gailly Mark Adler ++ jloup@gzip.org madler@alumni.caltech.edu ++ ++ ++ The data format used by the zlib library is described by RFCs (Request for ++ Comments) 1950 to 1952 in the files http://www.ietf.org/rfc/rfc1950.txt ++ (zlib format), rfc1951.txt (deflate format) and rfc1952.txt (gzip format). ++*/ ++ ++#ifndef ZLIB_H ++#define ZLIB_H ++ ++#include "zconf.h" ++ ++#ifdef __cplusplus ++extern "C" { ++#endif ++ ++#define ZLIB_VERSION "1.2.1.1" ++#define ZLIB_VERNUM 0x1211 ++ ++/* ++ The 'zlib' compression library provides in-memory compression and ++ decompression functions, including integrity checks of the uncompressed ++ data. This version of the library supports only one compression method ++ (deflation) but other algorithms will be added later and will have the same ++ stream interface. ++ ++ Compression can be done in a single step if the buffers are large ++ enough (for example if an input file is mmap'ed), or can be done by ++ repeated calls of the compression function. In the latter case, the ++ application must provide more input and/or consume the output ++ (providing more output space) before each call. ++ ++ The compressed data format used by the in-memory functions is the zlib ++ format, which is a zlib wrapper documented in RFC 1950, wrapped around a ++ deflate stream, which is itself documented in RFC 1951. ++ ++ The library also supports reading and writing files in gzip (.gz) format ++ with an interface similar to that of stdio using the functions that start ++ with "gz". The gzip format is different from the zlib format. gzip is a ++ gzip wrapper, documented in RFC 1952, wrapped around a deflate stream. ++ ++ The zlib format was designed to be compact and fast for use in memory ++ and on communications channels. The gzip format was designed for single- ++ file compression on file systems, has a larger header than zlib to maintain ++ directory information, and uses a different, slower check method than zlib. ++ ++ This library does not provide any functions to write gzip files in memory. ++ However such functions could be easily written using zlib's deflate function, ++ the documentation in the gzip RFC, and the examples in gzio.c. ++ ++ The library does not install any signal handler. The decoder checks ++ the consistency of the compressed data, so the library should never ++ crash even in case of corrupted input. ++*/ ++ ++typedef voidpf (*alloc_func) OF((voidpf opaque, uInt items, uInt size)); ++typedef void (*free_func) OF((voidpf opaque, voidpf address)); ++ ++struct internal_state; ++ ++typedef struct z_stream_s { ++ Bytef *next_in; /* next input byte */ ++ uInt avail_in; /* number of bytes available at next_in */ ++ uLong total_in; /* total nb of input bytes read so far */ ++ ++ Bytef *next_out; /* next output byte should be put there */ ++ uInt avail_out; /* remaining free space at next_out */ ++ uLong total_out; /* total nb of bytes output so far */ ++ ++ char *msg; /* last error message, NULL if no error */ ++ struct internal_state FAR *state; /* not visible by applications */ ++ ++ alloc_func zalloc; /* used to allocate the internal state */ ++ free_func zfree; /* used to free the internal state */ ++ voidpf opaque; /* private data object passed to zalloc and zfree */ ++ ++ int data_type; /* best guess about the data type: ascii or binary */ ++ uLong adler; /* adler32 value of the uncompressed data */ ++ uLong reserved; /* reserved for future use */ ++} z_stream; ++ ++typedef z_stream FAR *z_streamp; ++ ++/* ++ The application must update next_in and avail_in when avail_in has ++ dropped to zero. It must update next_out and avail_out when avail_out ++ has dropped to zero. The application must initialize zalloc, zfree and ++ opaque before calling the init function. All other fields are set by the ++ compression library and must not be updated by the application. ++ ++ The opaque value provided by the application will be passed as the first ++ parameter for calls of zalloc and zfree. This can be useful for custom ++ memory management. The compression library attaches no meaning to the ++ opaque value. ++ ++ zalloc must return Z_NULL if there is not enough memory for the object. ++ If zlib is used in a multi-threaded application, zalloc and zfree must be ++ thread safe. ++ ++ On 16-bit systems, the functions zalloc and zfree must be able to allocate ++ exactly 65536 bytes, but will not be required to allocate more than this ++ if the symbol MAXSEG_64K is defined (see zconf.h). WARNING: On MSDOS, ++ pointers returned by zalloc for objects of exactly 65536 bytes *must* ++ have their offset normalized to zero. The default allocation function ++ provided by this library ensures this (see zutil.c). To reduce memory ++ requirements and avoid any allocation of 64K objects, at the expense of ++ compression ratio, compile the library with -DMAX_WBITS=14 (see zconf.h). ++ ++ The fields total_in and total_out can be used for statistics or ++ progress reports. After compression, total_in holds the total size of ++ the uncompressed data and may be saved for use in the decompressor ++ (particularly if the decompressor wants to decompress everything in ++ a single step). ++*/ ++ ++ /* constants */ ++ ++#define Z_NO_FLUSH 0 ++#define Z_PARTIAL_FLUSH 1 /* will be removed, use Z_SYNC_FLUSH instead */ ++#define Z_SYNC_FLUSH 2 ++#define Z_FULL_FLUSH 3 ++#define Z_FINISH 4 ++#define Z_BLOCK 5 ++/* Allowed flush values; see deflate() and inflate() below for details */ ++ ++#define Z_OK 0 ++#define Z_STREAM_END 1 ++#define Z_NEED_DICT 2 ++#define Z_ERRNO (-1) ++#define Z_STREAM_ERROR (-2) ++#define Z_DATA_ERROR (-3) ++#define Z_MEM_ERROR (-4) ++#define Z_BUF_ERROR (-5) ++#define Z_VERSION_ERROR (-6) ++/* Return codes for the compression/decompression functions. Negative ++ * values are errors, positive values are used for special but normal events. ++ */ ++ ++#define Z_NO_COMPRESSION 0 ++#define Z_BEST_SPEED 1 ++#define Z_BEST_COMPRESSION 9 ++#define Z_DEFAULT_COMPRESSION (-1) ++/* compression levels */ ++ ++#define Z_FILTERED 1 ++#define Z_HUFFMAN_ONLY 2 ++#define Z_RLE 3 ++#define Z_DEFAULT_STRATEGY 0 ++/* compression strategy; see deflateInit2() below for details */ ++ ++#define Z_BINARY 0 ++#define Z_ASCII 1 ++#define Z_UNKNOWN 2 ++/* Possible values of the data_type field (though see inflate()) */ ++ ++#define Z_DEFLATED 8 ++/* The deflate compression method (the only one supported in this version) */ ++ ++#define Z_NULL 0 /* for initializing zalloc, zfree, opaque */ ++ ++#define zlib_version zlibVersion() ++/* for compatibility with versions < 1.0.2 */ ++ ++ /* basic functions */ ++ ++ZEXTERN const char * ZEXPORT zlibVersion OF((void)); ++/* The application can compare zlibVersion and ZLIB_VERSION for consistency. ++ If the first character differs, the library code actually used is ++ not compatible with the zlib.h header file used by the application. ++ This check is automatically made by deflateInit and inflateInit. ++ */ ++ ++/* ++ZEXTERN int ZEXPORT deflateInit OF((z_streamp strm, int level)); ++ ++ Initializes the internal stream state for compression. The fields ++ zalloc, zfree and opaque must be initialized before by the caller. ++ If zalloc and zfree are set to Z_NULL, deflateInit updates them to ++ use default allocation functions. ++ ++ The compression level must be Z_DEFAULT_COMPRESSION, or between 0 and 9: ++ 1 gives best speed, 9 gives best compression, 0 gives no compression at ++ all (the input data is simply copied a block at a time). ++ Z_DEFAULT_COMPRESSION requests a default compromise between speed and ++ compression (currently equivalent to level 6). ++ ++ deflateInit returns Z_OK if success, Z_MEM_ERROR if there was not ++ enough memory, Z_STREAM_ERROR if level is not a valid compression level, ++ Z_VERSION_ERROR if the zlib library version (zlib_version) is incompatible ++ with the version assumed by the caller (ZLIB_VERSION). ++ msg is set to null if there is no error message. deflateInit does not ++ perform any compression: this will be done by deflate(). ++*/ ++ ++ ++ZEXTERN int ZEXPORT deflate OF((z_streamp strm, int flush)); ++/* ++ deflate compresses as much data as possible, and stops when the input ++ buffer becomes empty or the output buffer becomes full. It may introduce some ++ output latency (reading input without producing any output) except when ++ forced to flush. ++ ++ The detailed semantics are as follows. deflate performs one or both of the ++ following actions: ++ ++ - Compress more input starting at next_in and update next_in and avail_in ++ accordingly. If not all input can be processed (because there is not ++ enough room in the output buffer), next_in and avail_in are updated and ++ processing will resume at this point for the next call of deflate(). ++ ++ - Provide more output starting at next_out and update next_out and avail_out ++ accordingly. This action is forced if the parameter flush is non zero. ++ Forcing flush frequently degrades the compression ratio, so this parameter ++ should be set only when necessary (in interactive applications). ++ Some output may be provided even if flush is not set. ++ ++ Before the call of deflate(), the application should ensure that at least ++ one of the actions is possible, by providing more input and/or consuming ++ more output, and updating avail_in or avail_out accordingly; avail_out ++ should never be zero before the call. The application can consume the ++ compressed output when it wants, for example when the output buffer is full ++ (avail_out == 0), or after each call of deflate(). If deflate returns Z_OK ++ and with zero avail_out, it must be called again after making room in the ++ output buffer because there might be more output pending. ++ ++ If the parameter flush is set to Z_SYNC_FLUSH, all pending output is ++ flushed to the output buffer and the output is aligned on a byte boundary, so ++ that the decompressor can get all input data available so far. (In particular ++ avail_in is zero after the call if enough output space has been provided ++ before the call.) Flushing may degrade compression for some compression ++ algorithms and so it should be used only when necessary. ++ ++ If flush is set to Z_FULL_FLUSH, all output is flushed as with ++ Z_SYNC_FLUSH, and the compression state is reset so that decompression can ++ restart from this point if previous compressed data has been damaged or if ++ random access is desired. Using Z_FULL_FLUSH too often can seriously degrade ++ the compression. ++ ++ If deflate returns with avail_out == 0, this function must be called again ++ with the same value of the flush parameter and more output space (updated ++ avail_out), until the flush is complete (deflate returns with non-zero ++ avail_out). In the case of a Z_FULL_FLUSH or Z_SYNC_FLUSH, make sure that ++ avail_out is greater than six to avoid repeated flush markers due to ++ avail_out == 0 on return. ++ ++ If the parameter flush is set to Z_FINISH, pending input is processed, ++ pending output is flushed and deflate returns with Z_STREAM_END if there ++ was enough output space; if deflate returns with Z_OK, this function must be ++ called again with Z_FINISH and more output space (updated avail_out) but no ++ more input data, until it returns with Z_STREAM_END or an error. After ++ deflate has returned Z_STREAM_END, the only possible operations on the ++ stream are deflateReset or deflateEnd. ++ ++ Z_FINISH can be used immediately after deflateInit if all the compression ++ is to be done in a single step. In this case, avail_out must be at least ++ the value returned by deflateBound (see below). If deflate does not return ++ Z_STREAM_END, then it must be called again as described above. ++ ++ deflate() sets strm->adler to the adler32 checksum of all input read ++ so far (that is, total_in bytes). ++ ++ deflate() may update data_type if it can make a good guess about ++ the input data type (Z_ASCII or Z_BINARY). In doubt, the data is considered ++ binary. This field is only for information purposes and does not affect ++ the compression algorithm in any manner. ++ ++ deflate() returns Z_OK if some progress has been made (more input ++ processed or more output produced), Z_STREAM_END if all input has been ++ consumed and all output has been produced (only when flush is set to ++ Z_FINISH), Z_STREAM_ERROR if the stream state was inconsistent (for example ++ if next_in or next_out was NULL), Z_BUF_ERROR if no progress is possible ++ (for example avail_in or avail_out was zero). Note that Z_BUF_ERROR is not ++ fatal, and deflate() can be called again with more input and more output ++ space to continue compressing. ++*/ ++ ++ ++ZEXTERN int ZEXPORT deflateEnd OF((z_streamp strm)); ++/* ++ All dynamically allocated data structures for this stream are freed. ++ This function discards any unprocessed input and does not flush any ++ pending output. ++ ++ deflateEnd returns Z_OK if success, Z_STREAM_ERROR if the ++ stream state was inconsistent, Z_DATA_ERROR if the stream was freed ++ prematurely (some input or output was discarded). In the error case, ++ msg may be set but then points to a static string (which must not be ++ deallocated). ++*/ ++ ++ ++/* ++ZEXTERN int ZEXPORT inflateInit OF((z_streamp strm)); ++ ++ Initializes the internal stream state for decompression. The fields ++ next_in, avail_in, zalloc, zfree and opaque must be initialized before by ++ the caller. If next_in is not Z_NULL and avail_in is large enough (the exact ++ value depends on the compression method), inflateInit determines the ++ compression method from the zlib header and allocates all data structures ++ accordingly; otherwise the allocation will be deferred to the first call of ++ inflate. If zalloc and zfree are set to Z_NULL, inflateInit updates them to ++ use default allocation functions. ++ ++ inflateInit returns Z_OK if success, Z_MEM_ERROR if there was not enough ++ memory, Z_VERSION_ERROR if the zlib library version is incompatible with the ++ version assumed by the caller. msg is set to null if there is no error ++ message. inflateInit does not perform any decompression apart from reading ++ the zlib header if present: this will be done by inflate(). (So next_in and ++ avail_in may be modified, but next_out and avail_out are unchanged.) ++*/ ++ ++ ++ZEXTERN int ZEXPORT inflate OF((z_streamp strm, int flush)); ++/* ++ inflate decompresses as much data as possible, and stops when the input ++ buffer becomes empty or the output buffer becomes full. It may introduce ++ some output latency (reading input without producing any output) except when ++ forced to flush. ++ ++ The detailed semantics are as follows. inflate performs one or both of the ++ following actions: ++ ++ - Decompress more input starting at next_in and update next_in and avail_in ++ accordingly. If not all input can be processed (because there is not ++ enough room in the output buffer), next_in is updated and processing ++ will resume at this point for the next call of inflate(). ++ ++ - Provide more output starting at next_out and update next_out and avail_out ++ accordingly. inflate() provides as much output as possible, until there ++ is no more input data or no more space in the output buffer (see below ++ about the flush parameter). ++ ++ Before the call of inflate(), the application should ensure that at least ++ one of the actions is possible, by providing more input and/or consuming ++ more output, and updating the next_* and avail_* values accordingly. ++ The application can consume the uncompressed output when it wants, for ++ example when the output buffer is full (avail_out == 0), or after each ++ call of inflate(). If inflate returns Z_OK and with zero avail_out, it ++ must be called again after making room in the output buffer because there ++ might be more output pending. ++ ++ The flush parameter of inflate() can be Z_NO_FLUSH, Z_SYNC_FLUSH, ++ Z_FINISH, or Z_BLOCK. Z_SYNC_FLUSH requests that inflate() flush as much ++ output as possible to the output buffer. Z_BLOCK requests that inflate() stop ++ if and when it get to the next deflate block boundary. When decoding the zlib ++ or gzip format, this will cause inflate() to return immediately after the ++ header and before the first block. When doing a raw inflate, inflate() will ++ go ahead and process the first block, and will return when it gets to the end ++ of that block, or when it runs out of data. ++ ++ The Z_BLOCK option assists in appending to or combining deflate streams. ++ Also to assist in this, on return inflate() will set strm->data_type to the ++ number of unused bits in the last byte taken from strm->next_in, plus 64 ++ if inflate() is currently decoding the last block in the deflate stream, ++ plus 128 if inflate() returned immediately after decoding an end-of-block ++ code or decoding the complete header up to just before the first byte of the ++ deflate stream. The end-of-block will not be indicated until all of the ++ uncompressed data from that block has been written to strm->next_out. The ++ number of unused bits may in general be greater than seven, except when ++ bit 7 of data_type is set, in which case the number of unused bits will be ++ less than eight. ++ ++ inflate() should normally be called until it returns Z_STREAM_END or an ++ error. However if all decompression is to be performed in a single step ++ (a single call of inflate), the parameter flush should be set to ++ Z_FINISH. In this case all pending input is processed and all pending ++ output is flushed; avail_out must be large enough to hold all the ++ uncompressed data. (The size of the uncompressed data may have been saved ++ by the compressor for this purpose.) The next operation on this stream must ++ be inflateEnd to deallocate the decompression state. The use of Z_FINISH ++ is never required, but can be used to inform inflate that a faster approach ++ may be used for the single inflate() call. ++ ++ In this implementation, inflate() always flushes as much output as ++ possible to the output buffer, and always uses the faster approach on the ++ first call. So the only effect of the flush parameter in this implementation ++ is on the return value of inflate(), as noted below, or when it returns early ++ because Z_BLOCK is used. ++ ++ If a preset dictionary is needed after this call (see inflateSetDictionary ++ below), inflate sets strm-adler to the adler32 checksum of the dictionary ++ chosen by the compressor and returns Z_NEED_DICT; otherwise it sets ++ strm->adler to the adler32 checksum of all output produced so far (that is, ++ total_out bytes) and returns Z_OK, Z_STREAM_END or an error code as described ++ below. At the end of the stream, inflate() checks that its computed adler32 ++ checksum is equal to that saved by the compressor and returns Z_STREAM_END ++ only if the checksum is correct. ++ ++ inflate() will decompress and check either zlib-wrapped or gzip-wrapped ++ deflate data. The header type is detected automatically. Any information ++ contained in the gzip header is not retained, so applications that need that ++ information should instead use raw inflate, see inflateInit2() below, or ++ inflateBack() and perform their own processing of the gzip header and ++ trailer. ++ ++ inflate() returns Z_OK if some progress has been made (more input processed ++ or more output produced), Z_STREAM_END if the end of the compressed data has ++ been reached and all uncompressed output has been produced, Z_NEED_DICT if a ++ preset dictionary is needed at this point, Z_DATA_ERROR if the input data was ++ corrupted (input stream not conforming to the zlib format or incorrect check ++ value), Z_STREAM_ERROR if the stream structure was inconsistent (for example ++ if next_in or next_out was NULL), Z_MEM_ERROR if there was not enough memory, ++ Z_BUF_ERROR if no progress is possible or if there was not enough room in the ++ output buffer when Z_FINISH is used. Note that Z_BUF_ERROR is not fatal, and ++ inflate() can be called again with more input and more output space to ++ continue decompressing. If Z_DATA_ERROR is returned, the application may then ++ call inflateSync() to look for a good compression block if a partial recovery ++ of the data is desired. ++*/ ++ ++ ++ZEXTERN int ZEXPORT inflateEnd OF((z_streamp strm)); ++/* ++ All dynamically allocated data structures for this stream are freed. ++ This function discards any unprocessed input and does not flush any ++ pending output. ++ ++ inflateEnd returns Z_OK if success, Z_STREAM_ERROR if the stream state ++ was inconsistent. In the error case, msg may be set but then points to a ++ static string (which must not be deallocated). ++*/ ++ ++ /* Advanced functions */ ++ ++/* ++ The following functions are needed only in some special applications. ++*/ ++ ++/* ++ZEXTERN int ZEXPORT deflateInit2 OF((z_streamp strm, ++ int level, ++ int method, ++ int windowBits, ++ int memLevel, ++ int strategy)); ++ ++ This is another version of deflateInit with more compression options. The ++ fields next_in, zalloc, zfree and opaque must be initialized before by ++ the caller. ++ ++ The method parameter is the compression method. It must be Z_DEFLATED in ++ this version of the library. ++ ++ The windowBits parameter is the base two logarithm of the window size ++ (the size of the history buffer). It should be in the range 8..15 for this ++ version of the library. Larger values of this parameter result in better ++ compression at the expense of memory usage. The default value is 15 if ++ deflateInit is used instead. ++ ++ windowBits can also be -8..-15 for raw deflate. In this case, -windowBits ++ determines the window size. deflate() will then generate raw deflate data ++ with no zlib header or trailer, and will not compute an adler32 check value. ++ ++ windowBits can also be greater than 15 for optional gzip encoding. Add ++ 16 to windowBits to write a simple gzip header and trailer around the ++ compressed data instead of a zlib wrapper. The gzip header will have no ++ file name, no extra data, no comment, no modification time (set to zero), ++ no header crc, and the operating system will be set to 255 (unknown). ++ ++ The memLevel parameter specifies how much memory should be allocated ++ for the internal compression state. memLevel=1 uses minimum memory but ++ is slow and reduces compression ratio; memLevel=9 uses maximum memory ++ for optimal speed. The default value is 8. See zconf.h for total memory ++ usage as a function of windowBits and memLevel. ++ ++ The strategy parameter is used to tune the compression algorithm. Use the ++ value Z_DEFAULT_STRATEGY for normal data, Z_FILTERED for data produced by a ++ filter (or predictor), Z_HUFFMAN_ONLY to force Huffman encoding only (no ++ string match), or Z_RLE to limit match distances to one (run-length ++ encoding). Filtered data consists mostly of small values with a somewhat ++ random distribution. In this case, the compression algorithm is tuned to ++ compress them better. The effect of Z_FILTERED is to force more Huffman ++ coding and less string matching; it is somewhat intermediate between ++ Z_DEFAULT and Z_HUFFMAN_ONLY. Z_RLE is designed to be almost as fast as ++ Z_HUFFMAN_ONLY, but give better compression for PNG image data. The strategy ++ parameter only affects the compression ratio but not the correctness of the ++ compressed output even if it is not set appropriately. ++ ++ deflateInit2 returns Z_OK if success, Z_MEM_ERROR if there was not enough ++ memory, Z_STREAM_ERROR if a parameter is invalid (such as an invalid ++ method). msg is set to null if there is no error message. deflateInit2 does ++ not perform any compression: this will be done by deflate(). ++*/ ++ ++ZEXTERN int ZEXPORT deflateSetDictionary OF((z_streamp strm, ++ const Bytef *dictionary, ++ uInt dictLength)); ++/* ++ Initializes the compression dictionary from the given byte sequence ++ without producing any compressed output. This function must be called ++ immediately after deflateInit, deflateInit2 or deflateReset, before any ++ call of deflate. The compressor and decompressor must use exactly the same ++ dictionary (see inflateSetDictionary). ++ ++ The dictionary should consist of strings (byte sequences) that are likely ++ to be encountered later in the data to be compressed, with the most commonly ++ used strings preferably put towards the end of the dictionary. Using a ++ dictionary is most useful when the data to be compressed is short and can be ++ predicted with good accuracy; the data can then be compressed better than ++ with the default empty dictionary. ++ ++ Depending on the size of the compression data structures selected by ++ deflateInit or deflateInit2, a part of the dictionary may in effect be ++ discarded, for example if the dictionary is larger than the window size in ++ deflate or deflate2. Thus the strings most likely to be useful should be ++ put at the end of the dictionary, not at the front. ++ ++ Upon return of this function, strm->adler is set to the adler32 value ++ of the dictionary; the decompressor may later use this value to determine ++ which dictionary has been used by the compressor. (The adler32 value ++ applies to the whole dictionary even if only a subset of the dictionary is ++ actually used by the compressor.) If a raw deflate was requested, then the ++ adler32 value is not computed and strm->adler is not set. ++ ++ deflateSetDictionary returns Z_OK if success, or Z_STREAM_ERROR if a ++ parameter is invalid (such as NULL dictionary) or the stream state is ++ inconsistent (for example if deflate has already been called for this stream ++ or if the compression method is bsort). deflateSetDictionary does not ++ perform any compression: this will be done by deflate(). ++*/ ++ ++ZEXTERN int ZEXPORT deflateCopy OF((z_streamp dest, ++ z_streamp source)); ++/* ++ Sets the destination stream as a complete copy of the source stream. ++ ++ This function can be useful when several compression strategies will be ++ tried, for example when there are several ways of pre-processing the input ++ data with a filter. The streams that will be discarded should then be freed ++ by calling deflateEnd. Note that deflateCopy duplicates the internal ++ compression state which can be quite large, so this strategy is slow and ++ can consume lots of memory. ++ ++ deflateCopy returns Z_OK if success, Z_MEM_ERROR if there was not ++ enough memory, Z_STREAM_ERROR if the source stream state was inconsistent ++ (such as zalloc being NULL). msg is left unchanged in both source and ++ destination. ++*/ ++ ++ZEXTERN int ZEXPORT deflateReset OF((z_streamp strm)); ++/* ++ This function is equivalent to deflateEnd followed by deflateInit, ++ but does not free and reallocate all the internal compression state. ++ The stream will keep the same compression level and any other attributes ++ that may have been set by deflateInit2. ++ ++ deflateReset returns Z_OK if success, or Z_STREAM_ERROR if the source ++ stream state was inconsistent (such as zalloc or state being NULL). ++*/ ++ ++ZEXTERN int ZEXPORT deflateParams OF((z_streamp strm, ++ int level, ++ int strategy)); ++/* ++ Dynamically update the compression level and compression strategy. The ++ interpretation of level and strategy is as in deflateInit2. This can be ++ used to switch between compression and straight copy of the input data, or ++ to switch to a different kind of input data requiring a different ++ strategy. If the compression level is changed, the input available so far ++ is compressed with the old level (and may be flushed); the new level will ++ take effect only at the next call of deflate(). ++ ++ Before the call of deflateParams, the stream state must be set as for ++ a call of deflate(), since the currently available input may have to ++ be compressed and flushed. In particular, strm->avail_out must be non-zero. ++ ++ deflateParams returns Z_OK if success, Z_STREAM_ERROR if the source ++ stream state was inconsistent or if a parameter was invalid, Z_BUF_ERROR ++ if strm->avail_out was zero. ++*/ ++ ++ZEXTERN uLong ZEXPORT deflateBound OF((z_streamp strm, ++ uLong sourceLen)); ++/* ++ deflateBound() returns an upper bound on the compressed size after ++ deflation of sourceLen bytes. It must be called after deflateInit() ++ or deflateInit2(). This would be used to allocate an output buffer ++ for deflation in a single pass, and so would be called before deflate(). ++*/ ++ ++ZEXTERN int ZEXPORT deflatePrime OF((z_streamp strm, ++ int bits, ++ int value)); ++/* ++ deflatePrime() inserts bits in the deflate output stream. The intent ++ is that this function is used to start off the deflate output with the ++ bits leftover from a previous deflate stream when appending to it. As such, ++ this function can only be used for raw deflate, and must be used before the ++ first deflate() call after a deflateInit2() or deflateReset(). bits must be ++ less than or equal to 16, and that many of the least significant bits of ++ value will be inserted in the output. ++ ++ deflatePrime returns Z_OK if success, or Z_STREAM_ERROR if the source ++ stream state was inconsistent. ++*/ ++ ++/* ++ZEXTERN int ZEXPORT inflateInit2 OF((z_streamp strm, ++ int windowBits)); ++ ++ This is another version of inflateInit with an extra parameter. The ++ fields next_in, avail_in, zalloc, zfree and opaque must be initialized ++ before by the caller. ++ ++ The windowBits parameter is the base two logarithm of the maximum window ++ size (the size of the history buffer). It should be in the range 8..15 for ++ this version of the library. The default value is 15 if inflateInit is used ++ instead. windowBits must be greater than or equal to the windowBits value ++ provided to deflateInit2() while compressing, or it must be equal to 15 if ++ deflateInit2() was not used. If a compressed stream with a larger window ++ size is given as input, inflate() will return with the error code ++ Z_DATA_ERROR instead of trying to allocate a larger window. ++ ++ windowBits can also be -8..-15 for raw inflate. In this case, -windowBits ++ determines the window size. inflate() will then process raw deflate data, ++ not looking for a zlib or gzip header, not generating a check value, and not ++ looking for any check values for comparison at the end of the stream. This ++ is for use with other formats that use the deflate compressed data format ++ such as zip. Those formats provide their own check values. If a custom ++ format is developed using the raw deflate format for compressed data, it is ++ recommended that a check value such as an adler32 or a crc32 be applied to ++ the uncompressed data as is done in the zlib, gzip, and zip formats. For ++ most applications, the zlib format should be used as is. Note that comments ++ above on the use in deflateInit2() applies to the magnitude of windowBits. ++ ++ windowBits can also be greater than 15 for optional gzip decoding. Add ++ 32 to windowBits to enable zlib and gzip decoding with automatic header ++ detection, or add 16 to decode only the gzip format (the zlib format will ++ return a Z_DATA_ERROR). ++ ++ inflateInit2 returns Z_OK if success, Z_MEM_ERROR if there was not enough ++ memory, Z_STREAM_ERROR if a parameter is invalid (such as a negative ++ memLevel). msg is set to null if there is no error message. inflateInit2 ++ does not perform any decompression apart from reading the zlib header if ++ present: this will be done by inflate(). (So next_in and avail_in may be ++ modified, but next_out and avail_out are unchanged.) ++*/ ++ ++ZEXTERN int ZEXPORT inflateSetDictionary OF((z_streamp strm, ++ const Bytef *dictionary, ++ uInt dictLength)); ++/* ++ Initializes the decompression dictionary from the given uncompressed byte ++ sequence. This function must be called immediately after a call of inflate ++ if this call returned Z_NEED_DICT. The dictionary chosen by the compressor ++ can be determined from the adler32 value returned by this call of ++ inflate. The compressor and decompressor must use exactly the same ++ dictionary (see deflateSetDictionary). ++ ++ inflateSetDictionary returns Z_OK if success, Z_STREAM_ERROR if a ++ parameter is invalid (such as NULL dictionary) or the stream state is ++ inconsistent, Z_DATA_ERROR if the given dictionary doesn't match the ++ expected one (incorrect adler32 value). inflateSetDictionary does not ++ perform any decompression: this will be done by subsequent calls of ++ inflate(). ++*/ ++ ++ZEXTERN int ZEXPORT inflateSync OF((z_streamp strm)); ++/* ++ Skips invalid compressed data until a full flush point (see above the ++ description of deflate with Z_FULL_FLUSH) can be found, or until all ++ available input is skipped. No output is provided. ++ ++ inflateSync returns Z_OK if a full flush point has been found, Z_BUF_ERROR ++ if no more input was provided, Z_DATA_ERROR if no flush point has been found, ++ or Z_STREAM_ERROR if the stream structure was inconsistent. In the success ++ case, the application may save the current current value of total_in which ++ indicates where valid compressed data was found. In the error case, the ++ application may repeatedly call inflateSync, providing more input each time, ++ until success or end of the input data. ++*/ ++ ++ZEXTERN int ZEXPORT inflateCopy OF((z_streamp dest, ++ z_streamp source)); ++/* ++ Sets the destination stream as a complete copy of the source stream. ++ ++ This function can be useful when randomly accessing a large stream. The ++ first pass through the stream can periodically record the inflate state, ++ allowing restarting inflate at those points when randomly accessing the ++ stream. ++ ++ inflateCopy returns Z_OK if success, Z_MEM_ERROR if there was not ++ enough memory, Z_STREAM_ERROR if the source stream state was inconsistent ++ (such as zalloc being NULL). msg is left unchanged in both source and ++ destination. ++*/ ++ ++ZEXTERN int ZEXPORT inflateReset OF((z_streamp strm)); ++/* ++ This function is equivalent to inflateEnd followed by inflateInit, ++ but does not free and reallocate all the internal decompression state. ++ The stream will keep attributes that may have been set by inflateInit2. ++ ++ inflateReset returns Z_OK if success, or Z_STREAM_ERROR if the source ++ stream state was inconsistent (such as zalloc or state being NULL). ++*/ ++ ++/* ++ZEXTERN int ZEXPORT inflateBackInit OF((z_stream FAR *strm, int windowBits, ++ unsigned char FAR *window)); ++ ++ Initialize the internal stream state for decompression using inflateBack() ++ calls. The fields zalloc, zfree and opaque in strm must be initialized ++ before the call. If zalloc and zfree are Z_NULL, then the default library- ++ derived memory allocation routines are used. windowBits is the base two ++ logarithm of the window size, in the range 8..15. window is a caller ++ supplied buffer of that size. Except for special applications where it is ++ assured that deflate was used with small window sizes, windowBits must be 15 ++ and a 32K byte window must be supplied to be able to decompress general ++ deflate streams. ++ ++ See inflateBack() for the usage of these routines. ++ ++ inflateBackInit will return Z_OK on success, Z_STREAM_ERROR if any of ++ the paramaters are invalid, Z_MEM_ERROR if the internal state could not ++ be allocated, or Z_VERSION_ERROR if the version of the library does not ++ match the version of the header file. ++*/ ++ ++typedef unsigned (*in_func) OF((void FAR *, unsigned char FAR * FAR *)); ++typedef int (*out_func) OF((void FAR *, unsigned char FAR *, unsigned)); ++ ++ZEXTERN int ZEXPORT inflateBack OF((z_stream FAR *strm, ++ in_func in, void FAR *in_desc, ++ out_func out, void FAR *out_desc)); ++/* ++ inflateBack() does a raw inflate with a single call using a call-back ++ interface for input and output. This is more efficient than inflate() for ++ file i/o applications in that it avoids copying between the output and the ++ sliding window by simply making the window itself the output buffer. This ++ function trusts the application to not change the output buffer passed by ++ the output function, at least until inflateBack() returns. ++ ++ inflateBackInit() must be called first to allocate the internal state ++ and to initialize the state with the user-provided window buffer. ++ inflateBack() may then be used multiple times to inflate a complete, raw ++ deflate stream with each call. inflateBackEnd() is then called to free ++ the allocated state. ++ ++ A raw deflate stream is one with no zlib or gzip header or trailer. ++ This routine would normally be used in a utility that reads zip or gzip ++ files and writes out uncompressed files. The utility would decode the ++ header and process the trailer on its own, hence this routine expects ++ only the raw deflate stream to decompress. This is different from the ++ normal behavior of inflate(), which expects either a zlib or gzip header and ++ trailer around the deflate stream. ++ ++ inflateBack() uses two subroutines supplied by the caller that are then ++ called by inflateBack() for input and output. inflateBack() calls those ++ routines until it reads a complete deflate stream and writes out all of the ++ uncompressed data, or until it encounters an error. The function's ++ parameters and return types are defined above in the in_func and out_func ++ typedefs. inflateBack() will call in(in_desc, &buf) which should return the ++ number of bytes of provided input, and a pointer to that input in buf. If ++ there is no input available, in() must return zero--buf is ignored in that ++ case--and inflateBack() will return a buffer error. inflateBack() will call ++ out(out_desc, buf, len) to write the uncompressed data buf[0..len-1]. out() ++ should return zero on success, or non-zero on failure. If out() returns ++ non-zero, inflateBack() will return with an error. Neither in() nor out() ++ are permitted to change the contents of the window provided to ++ inflateBackInit(), which is also the buffer that out() uses to write from. ++ The length written by out() will be at most the window size. Any non-zero ++ amount of input may be provided by in(). ++ ++ For convenience, inflateBack() can be provided input on the first call by ++ setting strm->next_in and strm->avail_in. If that input is exhausted, then ++ in() will be called. Therefore strm->next_in must be initialized before ++ calling inflateBack(). If strm->next_in is Z_NULL, then in() will be called ++ immediately for input. If strm->next_in is not Z_NULL, then strm->avail_in ++ must also be initialized, and then if strm->avail_in is not zero, input will ++ initially be taken from strm->next_in[0 .. strm->avail_in - 1]. ++ ++ The in_desc and out_desc parameters of inflateBack() is passed as the ++ first parameter of in() and out() respectively when they are called. These ++ descriptors can be optionally used to pass any information that the caller- ++ supplied in() and out() functions need to do their job. ++ ++ On return, inflateBack() will set strm->next_in and strm->avail_in to ++ pass back any unused input that was provided by the last in() call. The ++ return values of inflateBack() can be Z_STREAM_END on success, Z_BUF_ERROR ++ if in() or out() returned an error, Z_DATA_ERROR if there was a format ++ error in the deflate stream (in which case strm->msg is set to indicate the ++ nature of the error), or Z_STREAM_ERROR if the stream was not properly ++ initialized. In the case of Z_BUF_ERROR, an input or output error can be ++ distinguished using strm->next_in which will be Z_NULL only if in() returned ++ an error. If strm->next is not Z_NULL, then the Z_BUF_ERROR was due to ++ out() returning non-zero. (in() will always be called before out(), so ++ strm->next_in is assured to be defined if out() returns non-zero.) Note ++ that inflateBack() cannot return Z_OK. ++*/ ++ ++ZEXTERN int ZEXPORT inflateBackEnd OF((z_stream FAR *strm)); ++/* ++ All memory allocated by inflateBackInit() is freed. ++ ++ inflateBackEnd() returns Z_OK on success, or Z_STREAM_ERROR if the stream ++ state was inconsistent. ++*/ ++ ++ZEXTERN uLong ZEXPORT zlibCompileFlags OF((void)); ++/* Return flags indicating compile-time options. ++ ++ Type sizes, two bits each, 00 = 16 bits, 01 = 32, 10 = 64, 11 = other: ++ 1.0: size of uInt ++ 3.2: size of uLong ++ 5.4: size of voidpf (pointer) ++ 7.6: size of z_off_t ++ ++ Compiler, assembler, and debug options: ++ 8: DEBUG ++ 9: ASMV or ASMINF -- use ASM code ++ 10: ZLIB_WINAPI -- exported functions use the WINAPI calling convention ++ 11: 0 (reserved) ++ ++ One-time table building (smaller code, but not thread-safe if true): ++ 12: BUILDFIXED -- build static block decoding tables when needed ++ 13: DYNAMIC_CRC_TABLE -- build CRC calculation tables when needed ++ 14,15: 0 (reserved) ++ ++ Library content (indicates missing functionality): ++ 16: NO_GZCOMPRESS -- gz* functions cannot compress (to avoid linking ++ deflate code when not needed) ++ 17: NO_GZIP -- deflate can't write gzip streams, and inflate can't detect ++ and decode gzip streams (to avoid linking crc code) ++ 18-19: 0 (reserved) ++ ++ Operation variations (changes in library functionality): ++ 20: PKZIP_BUG_WORKAROUND -- slightly more permissive inflate ++ 21: FASTEST -- deflate algorithm with only one, lowest compression level ++ 22,23: 0 (reserved) ++ ++ The sprintf variant used by gzprintf (zero is best): ++ 24: 0 = vs*, 1 = s* -- 1 means limited to 20 arguments after the format ++ 25: 0 = *nprintf, 1 = *printf -- 1 means gzprintf() not secure! ++ 26: 0 = returns value, 1 = void -- 1 means inferred string length returned ++ ++ Remainder: ++ 27-31: 0 (reserved) ++ */ ++ ++ ++ /* utility functions */ ++ ++/* ++ The following utility functions are implemented on top of the ++ basic stream-oriented functions. To simplify the interface, some ++ default options are assumed (compression level and memory usage, ++ standard memory allocation functions). The source code of these ++ utility functions can easily be modified if you need special options. ++*/ ++ ++ZEXTERN int ZEXPORT compress OF((Bytef *dest, uLongf *destLen, ++ const Bytef *source, uLong sourceLen)); ++/* ++ Compresses the source buffer into the destination buffer. sourceLen is ++ the byte length of the source buffer. Upon entry, destLen is the total ++ size of the destination buffer, which must be at least the value returned ++ by compressBound(sourceLen). Upon exit, destLen is the actual size of the ++ compressed buffer. ++ This function can be used to compress a whole file at once if the ++ input file is mmap'ed. ++ compress returns Z_OK if success, Z_MEM_ERROR if there was not ++ enough memory, Z_BUF_ERROR if there was not enough room in the output ++ buffer. ++*/ ++ ++ZEXTERN int ZEXPORT compress2 OF((Bytef *dest, uLongf *destLen, ++ const Bytef *source, uLong sourceLen, ++ int level)); ++/* ++ Compresses the source buffer into the destination buffer. The level ++ parameter has the same meaning as in deflateInit. sourceLen is the byte ++ length of the source buffer. Upon entry, destLen is the total size of the ++ destination buffer, which must be at least the value returned by ++ compressBound(sourceLen). Upon exit, destLen is the actual size of the ++ compressed buffer. ++ ++ compress2 returns Z_OK if success, Z_MEM_ERROR if there was not enough ++ memory, Z_BUF_ERROR if there was not enough room in the output buffer, ++ Z_STREAM_ERROR if the level parameter is invalid. ++*/ ++ ++ZEXTERN uLong ZEXPORT compressBound OF((uLong sourceLen)); ++/* ++ compressBound() returns an upper bound on the compressed size after ++ compress() or compress2() on sourceLen bytes. It would be used before ++ a compress() or compress2() call to allocate the destination buffer. ++*/ ++ ++ZEXTERN int ZEXPORT uncompress OF((Bytef *dest, uLongf *destLen, ++ const Bytef *source, uLong sourceLen)); ++/* ++ Decompresses the source buffer into the destination buffer. sourceLen is ++ the byte length of the source buffer. Upon entry, destLen is the total ++ size of the destination buffer, which must be large enough to hold the ++ entire uncompressed data. (The size of the uncompressed data must have ++ been saved previously by the compressor and transmitted to the decompressor ++ by some mechanism outside the scope of this compression library.) ++ Upon exit, destLen is the actual size of the compressed buffer. ++ This function can be used to decompress a whole file at once if the ++ input file is mmap'ed. ++ ++ uncompress returns Z_OK if success, Z_MEM_ERROR if there was not ++ enough memory, Z_BUF_ERROR if there was not enough room in the output ++ buffer, or Z_DATA_ERROR if the input data was corrupted or incomplete. ++*/ ++ ++ ++typedef voidp gzFile; ++ ++ZEXTERN gzFile ZEXPORT gzopen OF((const char *path, const char *mode)); ++/* ++ Opens a gzip (.gz) file for reading or writing. The mode parameter ++ is as in fopen ("rb" or "wb") but can also include a compression level ++ ("wb9") or a strategy: 'f' for filtered data as in "wb6f", 'h' for ++ Huffman only compression as in "wb1h", or 'R' for run-length encoding ++ as in "wb1R". (See the description of deflateInit2 for more information ++ about the strategy parameter.) ++ ++ gzopen can be used to read a file which is not in gzip format; in this ++ case gzread will directly read from the file without decompression. ++ ++ gzopen returns NULL if the file could not be opened or if there was ++ insufficient memory to allocate the (de)compression state; errno ++ can be checked to distinguish the two cases (if errno is zero, the ++ zlib error is Z_MEM_ERROR). */ ++ ++ZEXTERN gzFile ZEXPORT gzdopen OF((int fd, const char *mode)); ++/* ++ gzdopen() associates a gzFile with the file descriptor fd. File ++ descriptors are obtained from calls like open, dup, creat, pipe or ++ fileno (in the file has been previously opened with fopen). ++ The mode parameter is as in gzopen. ++ The next call of gzclose on the returned gzFile will also close the ++ file descriptor fd, just like fclose(fdopen(fd), mode) closes the file ++ descriptor fd. If you want to keep fd open, use gzdopen(dup(fd), mode). ++ gzdopen returns NULL if there was insufficient memory to allocate ++ the (de)compression state. ++*/ ++ ++ZEXTERN int ZEXPORT gzsetparams OF((gzFile file, int level, int strategy)); ++/* ++ Dynamically update the compression level or strategy. See the description ++ of deflateInit2 for the meaning of these parameters. ++ gzsetparams returns Z_OK if success, or Z_STREAM_ERROR if the file was not ++ opened for writing. ++*/ ++ ++ZEXTERN int ZEXPORT gzread OF((gzFile file, voidp buf, unsigned len)); ++/* ++ Reads the given number of uncompressed bytes from the compressed file. ++ If the input file was not in gzip format, gzread copies the given number ++ of bytes into the buffer. ++ gzread returns the number of uncompressed bytes actually read (0 for ++ end of file, -1 for error). */ ++ ++ZEXTERN int ZEXPORT gzwrite OF((gzFile file, ++ voidpc buf, unsigned len)); ++/* ++ Writes the given number of uncompressed bytes into the compressed file. ++ gzwrite returns the number of uncompressed bytes actually written ++ (0 in case of error). ++*/ ++ ++ZEXTERN int ZEXPORTVA gzprintf OF((gzFile file, const char *format, ...)); ++/* ++ Converts, formats, and writes the args to the compressed file under ++ control of the format string, as in fprintf. gzprintf returns the number of ++ uncompressed bytes actually written (0 in case of error). The number of ++ uncompressed bytes written is limited to 4095. The caller should assure that ++ this limit is not exceeded. If it is exceeded, then gzprintf() will return ++ return an error (0) with nothing written. In this case, there may also be a ++ buffer overflow with unpredictable consequences, which is possible only if ++ zlib was compiled with the insecure functions sprintf() or vsprintf() ++ because the secure snprintf() or vsnprintf() functions were not available. ++*/ ++ ++ZEXTERN int ZEXPORT gzputs OF((gzFile file, const char *s)); ++/* ++ Writes the given null-terminated string to the compressed file, excluding ++ the terminating null character. ++ gzputs returns the number of characters written, or -1 in case of error. ++*/ ++ ++ZEXTERN char * ZEXPORT gzgets OF((gzFile file, char *buf, int len)); ++/* ++ Reads bytes from the compressed file until len-1 characters are read, or ++ a newline character is read and transferred to buf, or an end-of-file ++ condition is encountered. The string is then terminated with a null ++ character. ++ gzgets returns buf, or Z_NULL in case of error. ++*/ ++ ++ZEXTERN int ZEXPORT gzputc OF((gzFile file, int c)); ++/* ++ Writes c, converted to an unsigned char, into the compressed file. ++ gzputc returns the value that was written, or -1 in case of error. ++*/ ++ ++ZEXTERN int ZEXPORT gzgetc OF((gzFile file)); ++/* ++ Reads one byte from the compressed file. gzgetc returns this byte ++ or -1 in case of end of file or error. ++*/ ++ ++ZEXTERN int ZEXPORT gzungetc OF((int c, gzFile file)); ++/* ++ Push one character back onto the stream to be read again later. ++ Only one character of push-back is allowed. gzungetc() returns the ++ character pushed, or -1 on failure. gzungetc() will fail if a ++ character has been pushed but not read yet, or if c is -1. The pushed ++ character will be discarded if the stream is repositioned with gzseek() ++ or gzrewind(). ++*/ ++ ++ZEXTERN int ZEXPORT gzflush OF((gzFile file, int flush)); ++/* ++ Flushes all pending output into the compressed file. The parameter ++ flush is as in the deflate() function. The return value is the zlib ++ error number (see function gzerror below). gzflush returns Z_OK if ++ the flush parameter is Z_FINISH and all output could be flushed. ++ gzflush should be called only when strictly necessary because it can ++ degrade compression. ++*/ ++ ++ZEXTERN z_off_t ZEXPORT gzseek OF((gzFile file, ++ z_off_t offset, int whence)); ++/* ++ Sets the starting position for the next gzread or gzwrite on the ++ given compressed file. The offset represents a number of bytes in the ++ uncompressed data stream. The whence parameter is defined as in lseek(2); ++ the value SEEK_END is not supported. ++ If the file is opened for reading, this function is emulated but can be ++ extremely slow. If the file is opened for writing, only forward seeks are ++ supported; gzseek then compresses a sequence of zeroes up to the new ++ starting position. ++ ++ gzseek returns the resulting offset location as measured in bytes from ++ the beginning of the uncompressed stream, or -1 in case of error, in ++ particular if the file is opened for writing and the new starting position ++ would be before the current position. ++*/ ++ ++ZEXTERN int ZEXPORT gzrewind OF((gzFile file)); ++/* ++ Rewinds the given file. This function is supported only for reading. ++ ++ gzrewind(file) is equivalent to (int)gzseek(file, 0L, SEEK_SET) ++*/ ++ ++ZEXTERN z_off_t ZEXPORT gztell OF((gzFile file)); ++/* ++ Returns the starting position for the next gzread or gzwrite on the ++ given compressed file. This position represents a number of bytes in the ++ uncompressed data stream. ++ ++ gztell(file) is equivalent to gzseek(file, 0L, SEEK_CUR) ++*/ ++ ++ZEXTERN int ZEXPORT gzeof OF((gzFile file)); ++/* ++ Returns 1 when EOF has previously been detected reading the given ++ input stream, otherwise zero. ++*/ ++ ++ZEXTERN int ZEXPORT gzclose OF((gzFile file)); ++/* ++ Flushes all pending output if necessary, closes the compressed file ++ and deallocates all the (de)compression state. The return value is the zlib ++ error number (see function gzerror below). ++*/ ++ ++ZEXTERN const char * ZEXPORT gzerror OF((gzFile file, int *errnum)); ++/* ++ Returns the error message for the last error which occurred on the ++ given compressed file. errnum is set to zlib error number. If an ++ error occurred in the file system and not in the compression library, ++ errnum is set to Z_ERRNO and the application may consult errno ++ to get the exact error code. ++*/ ++ ++ZEXTERN void ZEXPORT gzclearerr OF((gzFile file)); ++/* ++ Clears the error and end-of-file flags for file. This is analogous to the ++ clearerr() function in stdio. This is useful for continuing to read a gzip ++ file that is being written concurrently. ++*/ ++ ++ /* checksum functions */ ++ ++/* ++ These functions are not related to compression but are exported ++ anyway because they might be useful in applications using the ++ compression library. ++*/ ++ ++ZEXTERN uLong ZEXPORT adler32 OF((uLong adler, const Bytef *buf, uInt len)); ++ ++/* ++ Update a running Adler-32 checksum with the bytes buf[0..len-1] and ++ return the updated checksum. If buf is NULL, this function returns ++ the required initial value for the checksum. ++ An Adler-32 checksum is almost as reliable as a CRC32 but can be computed ++ much faster. Usage example: ++ ++ uLong adler = adler32(0L, Z_NULL, 0); ++ ++ while (read_buffer(buffer, length) != EOF) { ++ adler = adler32(adler, buffer, length); ++ } ++ if (adler != original_adler) error(); ++*/ ++ ++ZEXTERN uLong ZEXPORT crc32 OF((uLong crc, const Bytef *buf, uInt len)); ++/* ++ Update a running crc with the bytes buf[0..len-1] and return the updated ++ crc. If buf is NULL, this function returns the required initial value ++ for the crc. Pre- and post-conditioning (one's complement) is performed ++ within this function so it shouldn't be done by the application. ++ Usage example: ++ ++ uLong crc = crc32(0L, Z_NULL, 0); ++ ++ while (read_buffer(buffer, length) != EOF) { ++ crc = crc32(crc, buffer, length); ++ } ++ if (crc != original_crc) error(); ++*/ ++ ++ ++ /* various hacks, don't look :) */ ++ ++/* deflateInit and inflateInit are macros to allow checking the zlib version ++ * and the compiler's view of z_stream: ++ */ ++ZEXTERN int ZEXPORT deflateInit_ OF((z_streamp strm, int level, ++ const char *version, int stream_size)); ++ZEXTERN int ZEXPORT inflateInit_ OF((z_streamp strm, ++ const char *version, int stream_size)); ++ZEXTERN int ZEXPORT deflateInit2_ OF((z_streamp strm, int level, int method, ++ int windowBits, int memLevel, ++ int strategy, const char *version, ++ int stream_size)); ++ZEXTERN int ZEXPORT inflateInit2_ OF((z_streamp strm, int windowBits, ++ const char *version, int stream_size)); ++ZEXTERN int ZEXPORT inflateBackInit_ OF((z_stream FAR *strm, int windowBits, ++ unsigned char FAR *window, ++ const char *version, ++ int stream_size)); ++#define deflateInit(strm, level) \ ++ deflateInit_((strm), (level), ZLIB_VERSION, sizeof(z_stream)) ++#define inflateInit(strm) \ ++ inflateInit_((strm), ZLIB_VERSION, sizeof(z_stream)) ++#define deflateInit2(strm, level, method, windowBits, memLevel, strategy) \ ++ deflateInit2_((strm),(level),(method),(windowBits),(memLevel),\ ++ (strategy), ZLIB_VERSION, sizeof(z_stream)) ++#define inflateInit2(strm, windowBits) \ ++ inflateInit2_((strm), (windowBits), ZLIB_VERSION, sizeof(z_stream)) ++#define inflateBackInit(strm, windowBits, window) \ ++ inflateBackInit_((strm), (windowBits), (window), \ ++ ZLIB_VERSION, sizeof(z_stream)) ++ ++ ++#if !defined(ZUTIL_H) && !defined(NO_DUMMY_DECL) ++ struct internal_state {int dummy;}; /* hack for buggy compilers */ ++#endif ++ ++ZEXTERN const char * ZEXPORT zError OF((int err)); ++ZEXTERN int ZEXPORT inflateSyncPoint OF((z_streamp z)); ++ZEXTERN const uLongf * ZEXPORT get_crc_table OF((void)); ++ ++#ifdef __cplusplus ++} ++#endif ++ ++#endif /* ZLIB_H */ --- php5-5.3.2.orig/debian/patches/php5-pear-CVE-2011-1144-regression.patch +++ php5-5.3.2/debian/patches/php5-pear-CVE-2011-1144-regression.patch @@ -0,0 +1,45 @@ +Subject: Bug #18340raiseErro typo +Origin: http://svn.php.net/viewvc?view=revision&revision=308983 + +Also includes http://svn.php.net/viewvc?view=revision&revision=309593 + + Fixed Bug #18388: Parenteses error in REST.php line 232 [dufuz] + +--- PEAR/REST.php.old 2011-03-18 16:33:00.000000000 -0300 ++++ PEAR/REST.php 2011-03-22 18:46:25.000000000 -0300 +@@ -102,7 +102,7 @@ + // reset the age of the cache if the server says it was unmodified + $result = $this->saveCache($url, $ret, null, true, $cacheId); + if (PEAR::isError($result)) { +- return PEAR::raiseErro($result->getMessage()); ++ return PEAR::raiseError($result->getMessage()); + } + } + +@@ -122,7 +122,7 @@ + if ($forcestring) { + $result = $this->saveCache($url, $content, $lastmodified, false, $cacheId); + if (PEAR::isError($result)) { +- return PEAR::raiseErro($result->getMessage()); ++ return PEAR::raiseError($result->getMessage()); + } + + return $content; +@@ -162,7 +162,7 @@ + + $result = $this->saveCache($url, $content, $lastmodified, false, $cacheId); + if (PEAR::isError($result)) { +- return PEAR::raiseErro($result->getMessage()); ++ return PEAR::raiseError($result->getMessage()); + } + + return $content; +@@ -229,7 +229,7 @@ + $cachefile = $d . 'rest.cachefile'; + + if (!is_dir($cache_dir)) { +- if (System::mkdir(array('-p', $cache_dir) === false)) { ++ if (System::mkdir(array('-p', $cache_dir)) === false) { + return PEAR::raiseError("The value of config option cache_dir ($cache_dir) is not a directory and attempts to create the directory failed."); + } + } --- php5-5.3.2.orig/debian/patches/mssql-null-exception.patch +++ php5-5.3.2/debian/patches/mssql-null-exception.patch @@ -0,0 +1,13 @@ +--- a/ext/pdo_dblib/dblib_driver.c ++++ b/ext/pdo_dblib/dblib_driver.c +@@ -230,8 +230,10 @@ static int pdo_dblib_handle_factory(pdo_ + goto cleanup; + } + ++#if PHP_DBLIB_IS_MSSQL + /* dblib do not return more than this length from text/image */ + DBSETOPT(H->link, DBTEXTLIMIT, "2147483647"); ++#endif + + /* limit text/image from network */ + DBSETOPT(H->link, DBTEXTSIZE, "2147483647"); --- php5-5.3.2.orig/debian/patches/enchant_unaligned_memory_access.patch +++ php5-5.3.2/debian/patches/enchant_unaligned_memory_access.patch @@ -0,0 +1,45 @@ +Description: Fix an unaligned memory access in enchant_dict_suggest() +Origin: vendor +Forwarded: http://bugs.php.net/51289 +Last-Update: 2010-03-12 + +Index: php/ext/enchant/enchant.c +=================================================================== +--- php.orig/ext/enchant/enchant.c ++++ php/ext/enchant/enchant.c +@@ -724,6 +724,7 @@ PHP_FUNCTION(enchant_dict_quick_check) + + if (enchant_dict_check(pdict->pdict, word, wordlen) > 0) { + int n_sugg; ++ size_t n_sugg_st; + char **suggs; + + if (!sugg && ZEND_NUM_ARGS() == 2) { +@@ -732,7 +733,8 @@ PHP_FUNCTION(enchant_dict_quick_check) + + array_init(sugg); + +- suggs = enchant_dict_suggest(pdict->pdict, word, wordlen, (size_t *) &n_sugg); ++ suggs = enchant_dict_suggest(pdict->pdict, word, wordlen, n_sugg_st); ++ memcpy(&n_sugg, &n_sugg_st, sizeof(n_sugg)); + if (suggs && n_sugg) { + int i; + for (i = 0; i < n_sugg; i++) { +@@ -777,6 +779,7 @@ PHP_FUNCTION(enchant_dict_suggest) + char **suggs; + enchant_dict *pdict; + int n_sugg; ++ size_t n_sugg_st; + + if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "rs", &dict, &word, &wordlen) == FAILURE) { + RETURN_FALSE; +@@ -784,7 +787,8 @@ PHP_FUNCTION(enchant_dict_suggest) + + PHP_ENCHANT_GET_DICT; + +- suggs = enchant_dict_suggest(pdict->pdict, word, wordlen, (size_t *)&n_sugg); ++ suggs = enchant_dict_suggest(pdict->pdict, word, wordlen, &n_sugg_st); ++ memcpy(&n_sugg, &n_sugg_st, sizeof(n_sugg)); + if (suggs && n_sugg) { + int i; + --- php5-5.3.2.orig/debian/patches/fix-mysql-badmem.patch +++ php5-5.3.2/debian/patches/fix-mysql-badmem.patch @@ -0,0 +1,49 @@ +diff -Naurp php-5.3.2.orig/ext/mysqli/mysqli_api.c php-5.3.2/ext/mysqli/mysqli_api.c +--- php-5.3.2.orig/ext/mysqli/mysqli_api.c 2010-02-04 15:28:55.000000000 -0500 ++++ php-5.3.2/ext/mysqli/mysqli_api.c 2010-04-26 08:20:20.735030470 -0400 +@@ -1665,13 +1665,13 @@ PHP_FUNCTION(mysqli_options) + { + MY_MYSQL *mysql; + zval *mysql_link = NULL; +- zval *mysql_value; ++ zval **mysql_value; + long mysql_option; + unsigned int l_value; + long ret; + int expected_type; + +- if (zend_parse_method_parameters(ZEND_NUM_ARGS() TSRMLS_CC, getThis(), "Olz", &mysql_link, mysqli_link_class_entry, &mysql_option, &mysql_value) == FAILURE) { ++ if (zend_parse_method_parameters(ZEND_NUM_ARGS() TSRMLS_CC, getThis(), "OlZ", &mysql_link, mysqli_link_class_entry, &mysql_option, &mysql_value) == FAILURE) { + return; + } + MYSQLI_FETCH_RESOURCE(mysql, MY_MYSQL *, &mysql_link, "mysqli_link", MYSQLI_STATUS_INITIALIZED); +@@ -1682,13 +1682,13 @@ PHP_FUNCTION(mysqli_options) + } + } + expected_type = mysqli_options_get_option_zval_type(mysql_option); +- if (expected_type != Z_TYPE_P(mysql_value)) { ++ if (expected_type != Z_TYPE_PP(mysql_value)) { + switch (expected_type) { + case IS_STRING: +- convert_to_string_ex(&mysql_value); ++ convert_to_string_ex(mysql_value); + break; + case IS_LONG: +- convert_to_long_ex(&mysql_value); ++ convert_to_long_ex(mysql_value); + break; + default: + break; +@@ -1696,10 +1696,10 @@ PHP_FUNCTION(mysqli_options) + } + switch (expected_type) { + case IS_STRING: +- ret = mysql_options(mysql->mysql, mysql_option, Z_STRVAL_PP(&mysql_value)); ++ ret = mysql_options(mysql->mysql, mysql_option, Z_STRVAL_PP(mysql_value)); + break; + case IS_LONG: +- l_value = Z_LVAL_PP(&mysql_value); ++ l_value = Z_LVAL_PP(mysql_value); + ret = mysql_options(mysql->mysql, mysql_option, (char *)&l_value); + break; + default: --- php5-5.3.2.orig/debian/patches/004-ldap_fix.patch +++ php5-5.3.2/debian/patches/004-ldap_fix.patch @@ -0,0 +1,27 @@ +Description: Prevent null dereferencing in ldap_explode_dn() +Origin: vendor +Bug-Debian: http://bugs.debian.org/205405 +Forwarded: no +Last-Update: 2010-01-18 + +--- a/ext/ldap/ldap.c ++++ b/ext/ldap/ldap.c +@@ -1211,7 +1211,7 @@ PHP_FUNCTION(ldap_explode_dn) + } + + i=0; +- while (ldap_value[i] != NULL) i++; ++ while (ldap_value && ldap_value[i] != NULL) i++; + count = i; + + array_init(return_value); +@@ -1221,7 +1221,8 @@ PHP_FUNCTION(ldap_explode_dn) + add_index_string(return_value, i, ldap_value[i], 1); + } + +- ldap_value_free(ldap_value); ++ if (ldap_value) ++ ldap_value_free(ldap_value); + } + /* }}} */ + --- php5-5.3.2.orig/debian/patches/php_crypt_revamped.patch +++ php5-5.3.2/debian/patches/php_crypt_revamped.patch @@ -0,0 +1,571 @@ +--- a/ext/standard/config.m4 ++++ b/ext/standard/config.m4 +@@ -60,6 +60,12 @@ if test "$ac_cv_func_crypt" = "no"; then + AC_DEFINE(HAVE_CRYPT, 1, [ ]) + ]) + fi ++ ++AC_CHECK_FUNCS(crypt_r, [ php_crypt_r="1" ], [ php_crypt_r="0" ]) ++if test "x$php_crypt_r" = "x1"; then ++ PHP_CRYPT_R_STYLE ++ AC_DEFINE(HAVE_CRYPT_R, 1, [ ]) ++fi + + AC_CACHE_CHECK(for standard DES crypt, ac_cv_crypt_des,[ + AC_TRY_RUN([ +@@ -231,11 +237,68 @@ main() { + ac_cv_crypt_SHA256=no + ])]) + ++dnl ++dnl Define PHP_*_CRYPT according to system ++dnl ++ ++if test "$ac_cv_crypt_des" = "yes"; then ++ ac_result=1 ++ ac_crypt_des=1 ++else ++ ac_result=0 ++ ac_crypt_des=0 ++fi ++AC_DEFINE_UNQUOTED(PHP_STD_DES_CRYPT, $ac_result, [Whether the system supports standard DES salt]) ++ ++if test "$ac_cv_crypt_md5" = "yes"; then ++ ac_result=1 ++ ac_crypt_md5=1 ++else ++ ac_result=0 ++ ac_crypt_md5=0 ++fi ++AC_DEFINE_UNQUOTED(PHP_MD5_CRYPT, $ac_result, [Whether the system supports MD5 salt]) ++ ++if test "$ac_cv_crypt_blowfish" = "yes"; then ++ ac_result=1 ++ ac_crypt_blowfish=1 ++else ++ ac_result=0 ++ ac_crypt_blowfish=0 ++fi ++AC_DEFINE_UNQUOTED(PHP_BLOWFISH_CRYPT, $ac_result, [Whether the system supports BlowFish salt]) ++ ++if test "$ac_cv_crypt_ext_des" = "yes"; then ++ ac_result=1 ++ ac_crypt_edes=1 ++else ++ ac_result=0 ++ ac_crypt_edes=0 ++fi ++AC_DEFINE_UNQUOTED(PHP_EXT_DES_CRYPT, $ac_result, [Whether the system supports extended DES salt]) ++ ++if test "$ac_cv_crypt_SHA512" = "yes"; then ++ ac_result=1 ++ ac_crypt_sha512=1 ++else ++ ac_result=0 ++ ac_crypt_sha512=0 ++fi ++AC_DEFINE_UNQUOTED(PHP_SHA512_CRYPT, $ac_result, [Whether the system supports SHA512 salt]) ++ ++if test "$ac_cv_crypt_SHA256" = "yes"; then ++ ac_result=1 ++ ac_crypt_sha256=1 ++else ++ ac_result=0 ++ ac_crypt_sha256=0 ++fi ++AC_DEFINE_UNQUOTED(PHP_SHA256_CRYPT, $ac_result, [Whether the system supports SHA256 salt]) + + dnl + dnl If one of them is missing, use our own implementation, portable code is then possible + dnl +-if test "$ac_cv_crypt_blowfish" = "no" || test "$ac_cv_crypt_des" = "no" || test "$ac_cv_crypt_ext_des" = "no" || test "x$php_crypt_r" = "x0"; then ++if test "$ac_cv_crypt_SHA512" = no || test "$ac_cv_crypt_SHA256" = "no" || test "$ac_cv_crypt_blowfish" = "no" || test "$ac_cv_crypt_des" = "no" || test "$ac_cv_crypt_md5" = "no" || test "$ac_cv_crypt_ext_des" = "no" || test "x$php_crypt_r" = "x0"; then + + dnl + dnl Check for __alignof__ support in the compiler +@@ -268,66 +331,16 @@ if test "$ac_cv_crypt_blowfish" = "no" | + if test "$ac_cv_attribute_aligned" = "yes"; then + AC_DEFINE([HAVE_ATTRIBUTE_ALIGNED], 1, [whether the compiler supports __attribute__ ((__aligned__))]) + fi +- + +- AC_DEFINE_UNQUOTED(PHP_USE_PHP_CRYPT_R, 1, [Whether PHP has to use its own crypt_r for blowfish, des, ext des and md5]) +- AC_DEFINE_UNQUOTED(PHP_STD_DES_CRYPT, 1, [Whether the system supports standard DES salt]) +- AC_DEFINE_UNQUOTED(PHP_BLOWFISH_CRYPT, 1, [Whether the system supports BlowFish salt]) +- AC_DEFINE_UNQUOTED(PHP_EXT_DES_CRYPT, 1, [Whether the system supports extended DES salt]) +- AC_DEFINE_UNQUOTED(PHP_MD5_CRYPT, 1, [Whether the system supports MD5 salt]) +- AC_DEFINE_UNQUOTED(PHP_SHA512_CRYPT, 1, [Whether the system supports SHA512 salt]) +- AC_DEFINE_UNQUOTED(PHP_SHA256_CRYPT, 1, [Whether the system supports SHA256 salt]) ++ ac_result=1 + + PHP_ADD_SOURCES(PHP_EXT_DIR(standard), crypt_freesec.c crypt_blowfish.c crypt_sha512.c crypt_sha256.c php_crypt_r.c) + else +- if test "$ac_cv_crypt_des" = "yes"; then +- ac_result=1 +- ac_crypt_des=1 +- else +- ac_result=0 +- ac_crypt_des=0 +- fi +- AC_DEFINE_UNQUOTED(PHP_STD_DES_CRYPT, $ac_result, [Whether the system supports standard DES salt]) +- +- if test "$ac_cv_crypt_blowfish" = "yes"; then +- ac_result=1 +- ac_crypt_blowfish=1 +- else +- ac_result=0 +- ac_crypt_blowfish=0 +- fi +- AC_DEFINE_UNQUOTED(PHP_BLOWFISH_CRYPT, $ac_result, [Whether the system supports BlowFish salt]) +- +- if test "$ac_cv_crypt_ext_des" = "yes"; then +- ac_result=1 +- ac_crypt_edes=1 +- else +- ac_result=0 +- ac_crypt_edes=0 +- fi +- AC_DEFINE_UNQUOTED(PHP_EXT_DES_CRYPT, $ac_result, [Whether the system supports extended DES salt]) +- +- if test "$ac_cv_crypt_sha512" = "yes"; then +- ac_result=1 +- ac_crypt_sha512=1 +- else +- ac_result=0 +- ac_crypt_sha512=0 +- fi +- AC_DEFINE_UNQUOTED(PHP_EXT_SHA512_CRYPT, $ac_result, [Whether the system supports SHA512 salt]) +- +- if test "$ac_cv_crypt_sha256" = "yes"; then +- ac_result=1 +- ac_crypt_sha256=1 +- else +- ac_result=0 +- ac_crypt_sha256=0 +- fi +- AC_DEFINE_UNQUOTED(PHP_EXT_SHA256_CRYPT, $ac_result, [Whether the system supports SHA256 salt]) +- +- AC_DEFINE_UNQUOTED(PHP_USE_PHP_CRYPT_R, 0, [Whether PHP has to use its own crypt_r for blowfish, des and ext des]) ++ ac_result=0 + fi + ++AC_DEFINE_UNQUOTED(PHP_USE_PHP_CRYPT_R, $ac_result, [Whether PHP has to use its own crypt_r for blowfish, des and ext des]) ++ + dnl + dnl Check for available functions + dnl +--- a/ext/standard/crypt.c ++++ b/ext/standard/crypt.c +@@ -32,13 +32,12 @@ + #ifdef PHP_USE_PHP_CRYPT_R + # include "php_crypt_r.h" + # include "crypt_freesec.h" +-#else +-# if HAVE_CRYPT_H +-# if defined(CRYPT_R_GNU_SOURCE) && !defined(_GNU_SOURCE) +-# define _GNU_SOURCE +-# endif +-# include ++#endif ++#if HAVE_CRYPT_H ++# if defined(CRYPT_R_GNU_SOURCE) && !defined(_GNU_SOURCE) ++# define _GNU_SOURCE + # endif ++# include + #endif + #if TM_IN_SYS_TIME + #include +@@ -64,51 +63,46 @@ + * PHP_EXT_DES_CRYPT, PHP_MD5_CRYPT and PHP_BLOWFISH_CRYPT as appropriate + * for the target platform. */ + +-#if PHP_STD_DES_CRYPT +-#define PHP_MAX_SALT_LEN 2 ++#if defined(HAVE_CRYPT_R) && (defined(_REENTRANT) || defined(_THREAD_SAFE)) ++# define PHP_USE_SYSTEM_CRYPT_R + #endif + +-#if PHP_EXT_DES_CRYPT +-#undef PHP_MAX_SALT_LEN +-#define PHP_MAX_SALT_LEN 9 +-#endif ++#define PHP_MAX_STD_DES_SALT_LEN 2 ++#define PHP_MAX_STD_DES_HASH_LEN 11 + +-#if PHP_MD5_CRYPT +-#undef PHP_MAX_SALT_LEN +-#define PHP_MAX_SALT_LEN 12 +-#endif ++#define PHP_MAX_EXT_DES_SALT_LEN 9 ++#define PHP_MAX_EXT_DES_HASH_LEN 11 + +-#if PHP_BLOWFISH_CRYPT +-#undef PHP_MAX_SALT_LEN +-#define PHP_MAX_SALT_LEN 60 +-#endif ++#define PHP_MAX_MD5_SALT_LEN 12 ++#define PHP_MAX_MD5_HASH_LEN 22 + +-#if PHP_SHA512_CRYPT +-#undef PHP_MAX_SALT_LEN +-#define PHP_MAX_SALT_LEN 123 +-#endif ++#define PHP_MAX_BLOWFISH_SALT_LEN 29 ++#define PHP_MAX_BLOWFISH_HASH_LEN 31 + ++#define PHP_MAX_SHA256_SALT_LEN 37 ++#define PHP_MAX_SHA256_HASH_LEN 43 + +-/* If the configure-time checks fail, we provide DES. +- * XXX: This is a hack. Fix the real problem! */ ++#define PHP_MAX_SHA512_SALT_LEN 37 ++#define PHP_MAX_SHA512_HASH_LEN 86 + +-#ifndef PHP_MAX_SALT_LEN +-#define PHP_MAX_SALT_LEN 2 +-#undef PHP_STD_DES_CRYPT +-#define PHP_STD_DES_CRYPT 1 +-#endif ++/* ++ * Maximum salt length is from Blowfish ++ * Maximum hash length is from SHA512 ++ */ ++#define PHP_MAX_SALT_LEN 37 ++#define PHP_MAX_HASH_LEN 86 + + #define PHP_CRYPT_RAND php_rand(TSRMLS_C) + + PHP_MINIT_FUNCTION(crypt) /* {{{ */ + { + REGISTER_LONG_CONSTANT("CRYPT_SALT_LENGTH", PHP_MAX_SALT_LEN, CONST_CS | CONST_PERSISTENT); +- REGISTER_LONG_CONSTANT("CRYPT_STD_DES", PHP_STD_DES_CRYPT, CONST_CS | CONST_PERSISTENT); +- REGISTER_LONG_CONSTANT("CRYPT_EXT_DES", PHP_EXT_DES_CRYPT, CONST_CS | CONST_PERSISTENT); +- REGISTER_LONG_CONSTANT("CRYPT_MD5", PHP_MD5_CRYPT, CONST_CS | CONST_PERSISTENT); +- REGISTER_LONG_CONSTANT("CRYPT_BLOWFISH", PHP_BLOWFISH_CRYPT, CONST_CS | CONST_PERSISTENT); +- REGISTER_LONG_CONSTANT("CRYPT_SHA256", PHP_SHA256_CRYPT, CONST_CS | CONST_PERSISTENT); +- REGISTER_LONG_CONSTANT("CRYPT_SHA512", PHP_SHA512_CRYPT, CONST_CS | CONST_PERSISTENT); ++ REGISTER_LONG_CONSTANT("CRYPT_STD_DES", PHP_STD_DES_CRYPT | PHP_USE_PHP_CRYPT_R, CONST_CS | CONST_PERSISTENT); ++ REGISTER_LONG_CONSTANT("CRYPT_EXT_DES", PHP_EXT_DES_CRYPT | PHP_USE_PHP_CRYPT_R, CONST_CS | CONST_PERSISTENT); ++ REGISTER_LONG_CONSTANT("CRYPT_MD5", PHP_MD5_CRYPT | PHP_USE_PHP_CRYPT_R, CONST_CS | CONST_PERSISTENT); ++ REGISTER_LONG_CONSTANT("CRYPT_BLOWFISH", PHP_BLOWFISH_CRYPT | PHP_USE_PHP_CRYPT_R, CONST_CS | CONST_PERSISTENT); ++ REGISTER_LONG_CONSTANT("CRYPT_SHA256", PHP_SHA256_CRYPT | PHP_USE_PHP_CRYPT_R, CONST_CS | CONST_PERSISTENT); ++ REGISTER_LONG_CONSTANT("CRYPT_SHA512", PHP_SHA512_CRYPT | PHP_USE_PHP_CRYPT_R, CONST_CS | CONST_PERSISTENT); + + + #ifdef PHP_USE_PHP_CRYPT_R +@@ -119,15 +113,15 @@ PHP_MINIT_FUNCTION(crypt) /* {{{ */ + } + /* }}} */ + ++#ifdef PHP_USE_PHP_CRYPT_R + PHP_MSHUTDOWN_FUNCTION(crypt) /* {{{ */ + { +-#ifdef PHP_USE_PHP_CRYPT_R + php_shutdown_crypt_r(); +-#endif + + return SUCCESS; + } + /* }}} */ ++#endif + + static unsigned char itoa64[] = "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"; + +@@ -145,158 +139,171 @@ static void php_to64(char *s, long v, in + PHP_FUNCTION(crypt) + { + char salt[PHP_MAX_SALT_LEN + 1]; ++ int salt_len = 0; ++ char output[PHP_MAX_SALT_LEN + PHP_MAX_HASH_LEN + 1]; + char *str, *salt_in = NULL; + int str_len, salt_in_len = 0; +- char *crypt_res; +- salt[0] = salt[PHP_MAX_SALT_LEN] = '\0'; ++ char *crypt_res = NULL; ++#if PHP_USE_PHP_CRYPT_R ++ struct php_crypt_extended_data extended_buffer; ++#endif ++#if PHP_USE_SYSTEM_CRYPT_R ++# if defined(CRYPT_R_STRUCT_CRYPT_DATA) ++ struct crypt_data buffer; ++# elif defined(CRYPT_R_CRYPTD) ++ CRYPTD buffer; ++# else ++# error Data struct used by crypt_r() is unknown. Please report. ++# endif ++#endif + +- /* This will produce suitable results if people depend on DES-encryption +- * available (passing always 2-character salt). At least for glibc6.1 */ +- memset(&salt[1], '$', PHP_MAX_SALT_LEN - 1); ++ salt[0] = salt[PHP_MAX_SALT_LEN] = '\0'; + + if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s|s", &str, &str_len, &salt_in, &salt_in_len) == FAILURE) { + return; + } + + if (salt_in) { +- memcpy(salt, salt_in, MIN(PHP_MAX_SALT_LEN, salt_in_len)); +- } +- +- /* The automatic salt generation covers standard DES, md5-crypt and Blowfish (simple) */ +- if (!*salt) { ++ salt_len = MIN(PHP_MAX_SALT_LEN, salt_in_len); ++ memcpy(salt, salt_in, salt_len); ++ salt[salt_len] = '\0'; ++ } else { + #if PHP_MD5_CRYPT +- strcpy(salt, "$1$"); ++ salt[0] = '$'; salt[1] = '1'; salt[2] = '$'; + php_to64(&salt[3], PHP_CRYPT_RAND, 4); + php_to64(&salt[7], PHP_CRYPT_RAND, 4); +- strcpy(&salt[11], "$"); ++ salt[11] = '$'; salt[12] = '\0'; ++ salt_len = PHP_MAX_MD5_SALT_LEN; + #elif PHP_STD_DES_CRYPT + php_to64(&salt[0], PHP_CRYPT_RAND, 2); + salt[2] = '\0'; ++ salt_len = PHP_MAX_STD_DES_SALT_LEN; + #endif +- salt_in_len = strlen(salt); + } + + /* Windows (win32/crypt) has a stripped down version of libxcrypt and + a CryptoApi md5_crypt implementation */ +-#if PHP_USE_PHP_CRYPT_R + { +- struct php_crypt_extended_data buffer; ++#if PHP_USE_PHP_CRYPT_R ++ memset(&extended_buffer, 0, sizeof(extended_buffer)); ++#endif ++#if PHP_USE_SYSTEM_CRYPT_R ++# if defined(CRYPT_R_STRUCT_CRYPT_DATA) ++ buffer->initialized = 0 ++# else ++ memset(&buffer, 0, sizeof(buffer)); ++# endif ++#endif + + if (salt[0]=='$' && salt[1]=='1' && salt[2]=='$') { +- char output[MD5_HASH_MAX_LEN]; +- +- RETURN_STRING(php_md5_crypt_r(str, salt, output), 1); ++ /* CRYPT_MD5 */ ++#if PHP_MD5_CRYPT ++# warning Using system MD5 crypt function, which is OK on Debian system ++# if PHP_USE_SYSTEM_CRYPT_R ++ crypt_res = crypt_r(str, salt, &buffer); ++# else ++ crypt_res = crypt(str, salt); ++# endif ++#elif PHP_USE_PHP_CRYPT_R ++# error Using PHP MD5 crypt function, should not happen on Debian system ++ crypt_res = php_md5_crypt_r(str, salt, output); ++#endif + } else if (salt[0]=='$' && salt[1]=='6' && salt[2]=='$') { +- const char sha512_salt_prefix[] = "$6$"; +- const char sha512_rounds_prefix[] = "rounds="; +- char *output; +- int needed = (sizeof(sha512_salt_prefix) - 1 +- + sizeof(sha512_rounds_prefix) + 9 + 1 +- + strlen(salt) + 1 + 43 + 1); +- output = emalloc(needed * sizeof(char *)); +- salt[salt_in_len] = '\0'; +- +- crypt_res = php_sha512_crypt_r(str, salt, output, needed); +- if (!crypt_res) { +- if (salt[0]=='*' && salt[1]=='0') { +- RETVAL_STRING("*1", 1); +- } else { +- RETVAL_STRING("*0", 1); +- } +- } else { +- RETVAL_STRING(output, 1); +- } +- +- memset(output, 0, PHP_MAX_SALT_LEN + 1); +- efree(output); ++ /* CRYPT_SHA512 */ ++#if PHP_SHA512_CRYPT ++# warning Using system SHA512 crypt function, which is OK on Debian system ++# if PHP_USE_SYSTEM_CRYPT_R ++ crypt_res = crypt_r(str, salt, &buffer); ++# else ++ crypt_res = crypt(str, salt); ++# endif ++#elif PHP_USE_PHP_CRYPT_R ++# error Using PHP SHA512 crypt function, should not happen on Debian system ++ crypt_res = php_sha512_crypt_r(str, salt, output, sizeof(output)); ++#endif + } else if (salt[0]=='$' && salt[1]=='5' && salt[2]=='$') { +- const char sha256_salt_prefix[] = "$5$"; +- const char sha256_rounds_prefix[] = "rounds="; +- char *output; +- int needed = (sizeof(sha256_salt_prefix) - 1 +- + sizeof(sha256_rounds_prefix) + 9 + 1 +- + strlen(salt) + 1 + 43 + 1); +- output = emalloc(needed * sizeof(char *)); +- salt[salt_in_len] = '\0'; +- +- crypt_res = php_sha256_crypt_r(str, salt, output, needed); +- if (!crypt_res) { +- if (salt[0]=='*' && salt[1]=='0') { +- RETVAL_STRING("*1", 1); +- } else { +- RETVAL_STRING("*0", 1); +- } +- } else { +- RETVAL_STRING(output, 1); +- } +- +- memset(output, 0, PHP_MAX_SALT_LEN + 1); +- efree(output); ++ /* CRYPT_SHA256 */ ++#if PHP_SHA256_CRYPT ++# warning Using system SHA256 crypt function, which is OK on Debian system ++# if PHP_USE_SYSTEM_CRYPT_R ++ crypt_res = crypt_r(str, salt, &buffer); ++# else ++ crypt_res = crypt(str, salt); ++# endif ++#elif PHP_USE_PHP_CRYPT_R ++# error Using PHP SHA256 crypt function, should not happen on Debian system ++ crypt_res = php_sha256_crypt_r(str, salt, output, sizeof(output)); ++#endif + } else if ( + salt[0] == '$' && + salt[1] == '2' && + salt[2] == 'a' && + salt[3] == '$' && +- salt[4] >= '0' && salt[4] <= '3' && +- salt[5] >= '0' && salt[5] <= '9' && +- salt[6] == '$') { +- char output[PHP_MAX_SALT_LEN + 1]; +- +- memset(output, 0, PHP_MAX_SALT_LEN + 1); +- ++ salt[6] == '$' && ++ ((salt[4] == '0' && ++ salt[5] >= '4' && salt[5] <= '9') || ++ (salt[4] >= '1' && salt[4] <= '2' && ++ salt[5] >= '0' && salt[5] <= '9') || ++ (salt[4] == '3' && ++ salt[5] >= '0' && salt[5] <= '1'))) { ++ /* CRYPT_BLOWFISH */ ++#if PHP_BLOWFISH_CRYPT ++# error Using system BlowFish crypt function, should not happen on Debian system ++# if PHP_USE_SYSTEM_CRYPT_R ++ crypt_res = crypt_r(str, salt, &buffer); ++# else ++ crypt_res = crypt(str, salt); ++# endif ++#elif PHP_USE_PHP_CRYPT_R ++# warning Using PHP BlowFish crypt function, which is OK on Debian system + crypt_res = php_crypt_blowfish_rn(str, salt, output, sizeof(output)); +- if (!crypt_res) { +- if (salt[0]=='*' && salt[1]=='0') { +- RETVAL_STRING("*1", 1); +- } else { +- RETVAL_STRING("*0", 1); +- } +- } else { +- RETVAL_STRING(output, 1); +- } +- +- memset(output, 0, PHP_MAX_SALT_LEN + 1); ++#endif ++ } else if (salt[0]=='_' && ++ salt_len == 9) { ++ /* CRYPT_EXT_DES */ ++#if PHP_EXT_DES_CRYPT ++# error Using system extended DES crypt function, should not happen on Debian system ++# if PHP_USE_SYSTEM_CRYPT_R ++ crypt_res = crypt_r(str, salt, &buffer); ++# else ++ crypt_res = crypt(str, salt); ++# endif ++#elif PHP_USE_PHP_CRYPT_R ++# warning Using PHP extended DES crypt function, which is OK on Debian system ++ _crypt_extended_init_r(); ++ crypt_res = _crypt_extended_r(str, salt, &extended_buffer); ++#endif + } else { +- memset(&buffer, 0, sizeof(buffer)); ++ /* CRYPT_STD_DES */ ++#if PHP_STD_DES_CRYPT ++# warning Using system standard DES crypt function, which is OK on Debian system ++# if PHP_USE_SYSTEM_CRYPT_R ++ crypt_res = crypt_r(str, salt, &buffer); ++# else ++ crypt_res = crypt(str, salt); ++# endif ++#elif PHP_USE_PHP_CRYPT_R ++# error Using PHP standard DES crypt function, should not happen on Debian system + _crypt_extended_init_r(); ++ crypt_res = _crypt_extended_r(str, salt, &extended_buffer); ++#endif ++ } + +- crypt_res = _crypt_extended_r(str, salt, &buffer); +- if (!crypt_res) { +- if (salt[0]=='*' && salt[1]=='0') { +- RETURN_STRING("*1", 1); +- } else { +- RETURN_STRING("*0", 1); +- } ++ if (!crypt_res) { ++ if (salt[0]=='*' && salt[1]=='0') { ++ RETVAL_STRING("*1", 1); + } else { +- RETURN_STRING(crypt_res, 1); ++ RETVAL_STRING("*0", 1); + } ++ } else { ++ RETVAL_STRING(crypt_res, 1); + } +- } +-#else + +-# if defined(HAVE_CRYPT_R) && (defined(_REENTRANT) || defined(_THREAD_SAFE)) +- { +-# if defined(CRYPT_R_STRUCT_CRYPT_DATA) +- struct crypt_data buffer; +- memset(&buffer, 0, sizeof(buffer)); +-# elif defined(CRYPT_R_CRYPTD) +- CRYPTD buffer; +-# else +-# error Data struct used by crypt_r() is unknown. Please report. +-# endif +- crypt_res = crypt_r(str, salt, &buffer); +- if (!crypt_res) { +- if (salt[0]=='*' && salt[1]=='0') { +- RETURN_STRING("*1", 1); +- } else { +- RETURN_STRING("*0", 1); +- } +- } else { +- RETURN_STRING(crypt_res, 1); ++ memset(salt, 0, sizeof(salt)); ++ if (output[0]!='\0') { ++ memset(output, 0, sizeof(output)); + } + } +-# endif +-#endif + } + /* }}} */ + #endif +--- a/configure.in ++++ b/configure.in +@@ -671,11 +671,6 @@ PHP_TIME_R_TYPE + PHP_READDIR_R_TYPE + PHP_CHECK_IN_ADDR_T + +-AC_CHECK_FUNCS(crypt_r, [ php_crypt_r="1" ], [ php_crypt_r="0" ]) +-if test "x$php_crypt_r" = "x1"; then +- PHP_CRYPT_R_STYLE +-fi +- + dnl divert(4) + + dnl ## In diversion 4 we check user-configurable general settings. --- php5-5.3.2.orig/debian/patches/101-sqlite_is_shared.patch +++ php5-5.3.2/debian/patches/101-sqlite_is_shared.patch @@ -0,0 +1,11 @@ +--- pkg-php.orig/ext/sqlite/config.m4 ++++ pkg-php/ext/sqlite/config.m4 +@@ -84,7 +84,7 @@ if test "$PHP_SQLITE" != "no"; then + ]) + SQLITE_MODULE_TYPE=external + PHP_SQLITE_CFLAGS=$pdo_inc_path +- sqlite_extra_sources="libsqlite/src/encode.c" ++ sqlite_extra_sources="" + else + # use bundled library + PHP_PROG_LEMON --- php5-5.3.2.orig/debian/patches/CVE-2010-1868.patch +++ php5-5.3.2/debian/patches/CVE-2010-1868.patch @@ -0,0 +1,24 @@ +Description: fix arbitrary code execution via empty SQL query +Origin: upstream, http://svn.php.net/viewvc?view=revision&revision=298697 + +diff -Nur php5-5.3.2/ext/sqlite/sqlite.c php5-5.3.2.new/ext/sqlite/sqlite.c +--- php5-5.3.2/ext/sqlite/sqlite.c 2010-01-03 04:23:27.000000000 -0500 ++++ php5-5.3.2.new/ext/sqlite/sqlite.c 2010-09-14 10:54:29.000000000 -0400 +@@ -2508,7 +2508,7 @@ + return; + } + +- rres = (struct php_sqlite_result *)emalloc(sizeof(*rres)); ++ rres = (struct php_sqlite_result *)ecalloc(1, sizeof(*rres)); + sqlite_query(NULL, db, sql, sql_len, (int)mode, 0, NULL, &rres, NULL TSRMLS_CC); + if (db->last_err_code != SQLITE_OK) { + if (rres) { +@@ -2624,7 +2624,7 @@ + return; + } + +- rres = (struct php_sqlite_result *)emalloc(sizeof(*rres)); ++ rres = (struct php_sqlite_result *)ecalloc(1, sizeof(*rres)); + sqlite_query(NULL, db, sql, sql_len, PHPSQLITE_NUM, 0, NULL, &rres, NULL TSRMLS_CC); + if (db->last_err_code != SQLITE_OK) { + if (rres) { --- php5-5.3.2.orig/debian/patches/php5-CVE-2006-7243.patch +++ php5-5.3.2/debian/patches/php5-CVE-2006-7243.patch @@ -0,0 +1,1994 @@ +Subject: fix #39863, do not accept paths with NULL in them. See + http://news.php.net/php.internals/50191, trunk will have the patch + later (adding a macro and/or changing (some) APIs. Patch by Rasmus +Origin: http://svn.php.net/viewvc?view=revision&revision=305507 +Bug: http://bugs.php.net/39863 + +Patch also includes http://svn.php.net/viewvc?view=revision&revision=305412 + + Protect against null bytes in LOB filenames (rasmus) + +and http://svn.php.net/viewvc?view=revision&revision=305635 + + Fix tests for \0 patch in PHP 5.3. + Fix constants_error_004.phpt (closes bug #51901) + +CVE-2006-7243 + +Patch differs from upstream in that it drops the adjustment to the +PHP_OCI8_VERSION macro definition as well as the meta information +update in the ext/oci8/package.xml to reduce patch conflicts. +It also has been adjusted to apply to prior versions of php. Patch also +drops edit to tests/classes/constants_error_004.phpt from commit 305635 +as it's not necessary. + +Index: ext/oci8/tests/null_byte_1.phpt +=================================================================== +--- ext/oci8/tests/null_byte_1.phpt (revision 0) ++++ ext/oci8/tests/null_byte_1.phpt (revision 305412) +@@ -0,0 +1,38 @@ ++--TEST-- ++Protect against null bytes in LOB filenames (http://news.php.net/php.internals/50202) ++--SKIPIF-- ++ ++--INI-- ++display_errors = On ++error_reporting = E_WARNING ++--FILE-- ++savefile("/tmp/abc\0def"); ++var_dump($r); ++ ++echo "Test 2: Export\n"; ++ ++$r = $lob->export("/tmp/abc\0def"); ++var_dump($r); ++ ++?> ++===DONE=== ++ ++--EXPECTF-- ++Test 1: Import ++ ++Warning: OCI-Lob::savefile(): Filename cannot contain null bytes in %snull_byte_1.php on line %d ++bool(false) ++Test 2: Export ++ ++Warning: OCI-Lob::export(): Filename cannot contain null bytes in %snull_byte_1.php on line %d ++bool(false) ++===DONE=== +Index: ext/oci8/tests/null_byte_2.phpt +=================================================================== +--- ext/oci8/tests/null_byte_2.phpt (revision 0) ++++ ext/oci8/tests/null_byte_2.phpt (revision 305412) +@@ -0,0 +1,69 @@ ++--TEST-- ++Null bytes in SQL statements ++--SKIPIF-- ++ ++--INI-- ++display_errors = On ++error_reporting = E_WARNING ++--FILE-- ++ ++===DONE=== ++ ++--EXPECTF-- ++Test 1: Valid use of a null byte ++array(1) { ++ ["DUMMY"]=> ++ array(1) { ++ [0]=> ++ string(1) "X" ++ } ++} ++Test 2: Invalid use of a null byte ++ ++Warning: oci_execute(): ORA-00942: %s in %snull_byte_2.php on line %d ++Test 3: Using a null byte in a bind variable name ++ ++Warning: oci_bind_by_name(): ORA-01036: %s in %snull_byte_2.php on line %d ++ ++Warning: oci_execute(): ORA-01008: %s in %snull_byte_2.php on line %d ++Test 4: Using a null byte in a bind variable value causing WHERE clause to fail ++array(1) { ++ ["DUMMY"]=> ++ array(0) { ++ } ++} ++===DONE=== +Index: ext/oci8/oci8_interface.c +=================================================================== +--- ext/oci8/oci8_interface.c (revision 305411) ++++ ext/oci8/oci8_interface.c (revision 305412) +@@ -242,7 +242,12 @@ + return; + } + } +- ++ ++ if (strlen(filename) != filename_len) { ++ php_error_docref(NULL TSRMLS_CC, E_WARNING, "Filename cannot contain null bytes"); ++ RETURN_FALSE; ++ } ++ + if (zend_hash_find(Z_OBJPROP_P(z_descriptor), "descriptor", sizeof("descriptor"), (void **)&tmp) == FAILURE) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to find descriptor property"); + RETURN_FALSE; +@@ -894,7 +899,12 @@ + RETURN_FALSE; + } + } +- ++ ++ if (strlen(filename) != filename_len) { ++ php_error_docref(NULL TSRMLS_CC, E_WARNING, "Filename cannot contain null bytes"); ++ RETURN_FALSE; ++ } ++ + if (zend_hash_find(Z_OBJPROP_P(z_descriptor), "descriptor", sizeof("descriptor"), (void **)&tmp) == FAILURE) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to find descriptor property"); + RETURN_FALSE; +@@ -1666,8 +1676,8 @@ + } + /* }}} */ + +-/* {{{ proto resource oci_parse(resource connection, string query) +- Parse a query and return a statement */ ++/* {{{ proto resource oci_parse(resource connection, string statement) ++ Parse a SQL or PL/SQL statement and return a statement resource */ + PHP_FUNCTION(oci_parse) + { + zval *z_connection; +Index: ext/oci8/package.xml +=================================================================== +--- ext/oci8/package.xml (revision 305411) ++++ ext/oci8/package.xml (revision 305412) +@@ -306,6 +305,8 @@ + + + ++ ++ + + + +Index: ext/standard/ftok.c +=================================================================== +--- ext/standard/ftok.c (revision 305506) ++++ ext/standard/ftok.c (revision 305507) +@@ -39,6 +39,10 @@ + return; + } + ++ if (strlen(pathname) != pathname_len) { ++ RETURN_FALSE; ++ } ++ + if (pathname_len == 0){ + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Pathname is invalid"); + RETURN_LONG(-1); +Index: ext/standard/basic_functions.c +=================================================================== +--- ext/standard/basic_functions.c (revision 305506) ++++ ext/standard/basic_functions.c (revision 305507) +@@ -4673,6 +4673,12 @@ + opt_err = erropt; + } + ++ if (opt_err == 3) { ++ if (strlen(opt) != opt_len) { ++ RETURN_FALSE; ++ } ++ } ++ + if (_php_error_log_ex(opt_err, message, message_len, opt, headers TSRMLS_CC) == FAILURE) { + RETURN_FALSE; + } +@@ -5161,6 +5167,10 @@ + RETURN_FALSE; + } + ++ if (strlen(filename) != filename_len) { ++ RETURN_FALSE; ++ } ++ + if (i) { + php_start_ob_buffer (NULL, 0, 1 TSRMLS_CC); + } +@@ -5207,6 +5217,10 @@ + RETURN_FALSE; + } + ++ if (strlen(filename) != filename_len) { ++ RETURN_FALSE; ++ } ++ + file_handle.type = ZEND_HANDLE_FILENAME; + file_handle.filename = filename; + file_handle.free_filename = 0; +@@ -5467,6 +5481,11 @@ + return; + } + ++ /* No nulls allowed in paths */ ++ if (strlen(new_value) != new_value_len) { ++ RETURN_FALSE; ++ } ++ + old_value = zend_ini_string("include_path", sizeof("include_path"), 0); + /* copy to return here, because alter might free it! */ + if (old_value) { +@@ -5777,6 +5796,10 @@ + return; + } + ++ if (strlen(path) != path_len) { ++ RETURN_FALSE; ++ } ++ + if (zend_hash_exists(SG(rfc1867_uploaded_files), path, path_len + 1)) { + RETURN_TRUE; + } else { +@@ -5817,6 +5840,14 @@ + RETURN_FALSE; + } + ++ if (strlen(path) != path_len) { ++ RETURN_FALSE; ++ } ++ ++ if (strlen(new_path) != new_path_len) { ++ RETURN_FALSE; ++ } ++ + VCWD_UNLINK(new_path); + if (VCWD_RENAME(path, new_path) == 0) { + successful = 1; +@@ -5960,6 +5991,10 @@ + RETURN_FALSE; + } + ++ if (strlen(filename) != filename_len) { ++ RETURN_FALSE; ++ } ++ + /* Set callback function */ + if (process_sections) { + BG(active_ini_file_section) = NULL; +Index: ext/standard/dir.c +=================================================================== +--- ext/standard/dir.c (revision 305506) ++++ ext/standard/dir.c (revision 305507) +@@ -325,6 +325,10 @@ + RETURN_FALSE; + } + ++ if (strlen(str) != str_len) { ++ RETURN_FALSE; ++ } ++ + if ((PG(safe_mode) && !php_checkuid(str, NULL, CHECKUID_CHECK_FILE_AND_DIR)) || php_check_open_basedir(str TSRMLS_CC)) { + RETURN_FALSE; + } +@@ -436,6 +440,10 @@ + return; + } + ++ if (strlen(pattern) != pattern_len) { ++ RETURN_FALSE; ++ } ++ + if (pattern_len >= MAXPATHLEN) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Pattern exceeds the maximum allowed length of %d characters", MAXPATHLEN); + RETURN_FALSE; +@@ -557,6 +565,10 @@ + return; + } + ++ if (strlen(dirn) != dirn_len) { ++ RETURN_FALSE; ++ } ++ + if (dirn_len < 1) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Directory name cannot be empty"); + RETURN_FALSE; +Index: ext/standard/iptc.c +=================================================================== +--- ext/standard/iptc.c (revision 305506) ++++ ext/standard/iptc.c (revision 305507) +@@ -190,6 +190,10 @@ + return; + } + ++ if (strlen(jpeg_file) != jpeg_file_len) { ++ RETURN_FALSE; ++ } ++ + if (PG(safe_mode) && (!php_checkuid(jpeg_file, NULL, CHECKUID_CHECK_FILE_AND_DIR))) { + RETURN_FALSE; + } +Index: ext/standard/filestat.c +=================================================================== +--- ext/standard/filestat.c (revision 305506) ++++ ext/standard/filestat.c (revision 305507) +@@ -379,6 +379,10 @@ + RETURN_FALSE; + } + ++ if (strlen(path) != path_len) { ++ RETURN_FALSE; ++ } ++ + if (php_disk_free_space(path, &bytesfree TSRMLS_CC) == SUCCESS) { + RETURN_DOUBLE(bytesfree); + } +@@ -399,6 +403,10 @@ + RETURN_FALSE; + } + ++ if (strlen(filename) != filename_len) { ++ RETURN_FALSE; ++ } ++ + if (Z_TYPE_P(group) == IS_LONG) { + gid = (gid_t)Z_LVAL_P(group); + } else if (Z_TYPE_P(group) == IS_STRING) { +@@ -500,6 +508,10 @@ + return; + } + ++ if (strlen(filename) != filename_len) { ++ RETURN_FALSE; ++ } ++ + if (Z_TYPE_P(user) == IS_LONG) { + uid = (uid_t)Z_LVAL_P(user); + } else if (Z_TYPE_P(user) == IS_STRING) { +@@ -607,6 +619,10 @@ + RETURN_FALSE; + } + ++ if (strlen(filename) != filename_len) { ++ RETURN_FALSE; ++ } ++ + /* Check the basedir */ + if (php_check_open_basedir(filename TSRMLS_CC)) { + RETURN_FALSE; +@@ -660,6 +676,10 @@ + return; + } + ++ if (strlen(filename) != filename_len) { ++ RETURN_FALSE; ++ } ++ + switch (argc) { + case 1: + #ifdef HAVE_UTIME_NULL +@@ -715,8 +735,9 @@ + PHPAPI void php_clear_stat_cache(zend_bool clear_realpath_cache, const char *filename, int filename_len TSRMLS_DC) + { + /* always clear CurrentStatFile and CurrentLStatFile even if filename is not NULL +- * as it may contains outdated data (e.g. "nlink" for a directory when deleting a file ++ * as it may contain outdated data (e.g. "nlink" for a directory when deleting a file + * in this directory, as shown by lstat_stat_variation9.phpt) */ ++ + if (BG(CurrentStatFile)) { + efree(BG(CurrentStatFile)); + BG(CurrentStatFile) = NULL; +@@ -777,6 +798,10 @@ + RETURN_FALSE; + } + ++ if (strlen(filename) != filename_length) { ++ RETURN_FALSE; ++ } ++ + if ((wrapper = php_stream_locate_url_wrapper(filename, &local, 0 TSRMLS_CC)) == &php_plain_files_wrapper) { + if (php_check_open_basedir(local TSRMLS_CC)) { + RETURN_FALSE; +Index: ext/standard/file.c +=================================================================== +--- ext/standard/file.c (revision 305506) ++++ ext/standard/file.c (revision 305507) +@@ -386,6 +386,10 @@ + return; + } + ++ if (strlen(filename) != filename_len) { ++ RETURN_FALSE; ++ } ++ + md.stream = php_stream_open_wrapper(filename, "rb", + (use_include_path ? USE_PATH : 0) | ENFORCE_SAFE_MODE | REPORT_ERRORS, + NULL); +@@ -539,6 +543,10 @@ + return; + } + ++ if (strlen(filename) != filename_len) { ++ RETURN_FALSE; ++ } ++ + if (ZEND_NUM_ARGS() == 5 && maxlen < 0) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "length must be greater than or equal to zero"); + RETURN_FALSE; +@@ -595,6 +603,10 @@ + return; + } + ++ if (strlen(filename) != filename_len) { ++ RETURN_FALSE; ++ } ++ + if (Z_TYPE_P(data) == IS_RESOURCE) { + php_stream_from_zval(srcstream, &data); + } +@@ -739,6 +751,11 @@ + if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s|lr!", &filename, &filename_len, &flags, &zcontext) == FAILURE) { + return; + } ++ ++ if (strlen(filename) != filename_len) { ++ RETURN_FALSE; ++ } ++ + if (flags < 0 || flags > (PHP_FILE_USE_INCLUDE_PATH | PHP_FILE_IGNORE_NEW_LINES | PHP_FILE_SKIP_EMPTY_LINES | PHP_FILE_NO_DEFAULT_CONTEXT)) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "'%ld' flag is not supported", flags); + RETURN_FALSE; +@@ -836,6 +853,14 @@ + return; + } + ++ if (strlen(dir) != dir_len) { ++ RETURN_FALSE; ++ } ++ ++ if (strlen(prefix) != prefix_len) { ++ RETURN_FALSE; ++ } ++ + if (PG(safe_mode) &&(!php_checkuid(dir, NULL, CHECKUID_CHECK_FILE_AND_DIR))) { + RETURN_FALSE; + } +@@ -894,6 +919,10 @@ + RETURN_FALSE; + } + ++ if (strlen(filename) != filename_len) { ++ RETURN_FALSE; ++ } ++ + context = php_stream_context_from_zval(zcontext, 0); + + stream = php_stream_open_wrapper_ex(filename, mode, (use_include_path ? USE_PATH : 0) | ENFORCE_SAFE_MODE | REPORT_ERRORS, NULL, context); +@@ -1397,6 +1426,10 @@ + RETURN_FALSE; + } + ++ if (strlen(dir) != dir_len) { ++ RETURN_FALSE; ++ } ++ + context = php_stream_context_from_zval(zcontext, 0); + + RETURN_BOOL(php_stream_mkdir(dir, mode, (recursive ? PHP_STREAM_MKDIR_RECURSIVE : 0) | REPORT_ERRORS, context)); +@@ -1416,6 +1449,10 @@ + RETURN_FALSE; + } + ++ if (strlen(dir) != dir_len) { ++ RETURN_FALSE; ++ } ++ + context = php_stream_context_from_zval(zcontext, 0); + + RETURN_BOOL(php_stream_rmdir(dir, REPORT_ERRORS, context)); +@@ -1438,6 +1475,10 @@ + RETURN_FALSE; + } + ++ if (strlen(filename) != filename_len) { ++ RETURN_FALSE; ++ } ++ + context = php_stream_context_from_zval(zcontext, 0); + + stream = php_stream_open_wrapper_ex(filename, "rb", (use_include_path ? USE_PATH : 0) | ENFORCE_SAFE_MODE | REPORT_ERRORS, NULL, context); +@@ -1511,6 +1552,14 @@ + RETURN_FALSE; + } + ++ if (strlen(old_name) != old_name_len) { ++ RETURN_FALSE; ++ } ++ ++ if (strlen(new_name) != new_name_len) { ++ RETURN_FALSE; ++ } ++ + wrapper = php_stream_locate_url_wrapper(old_name, NULL, 0 TSRMLS_CC); + + if (!wrapper || !wrapper->wops) { +@@ -1548,6 +1597,10 @@ + RETURN_FALSE; + } + ++ if (strlen(filename) != filename_len) { ++ RETURN_FALSE; ++ } ++ + context = php_stream_context_from_zval(zcontext, 0); + + wrapper = php_stream_locate_url_wrapper(filename, NULL, 0 TSRMLS_CC); +@@ -1684,6 +1737,14 @@ + return; + } + ++ if (strlen(source) != source_len) { ++ RETURN_FALSE; ++ } ++ ++ if (strlen(target) != target_len) { ++ RETURN_FALSE; ++ } ++ + if (PG(safe_mode) &&(!php_checkuid(source, NULL, CHECKUID_CHECK_FILE_AND_DIR))) { + RETURN_FALSE; + } +@@ -2385,6 +2446,10 @@ + return; + } + ++ if (strlen(filename) != filename_len) { ++ RETURN_FALSE; ++ } ++ + if (VCWD_REALPATH(filename, resolved_path_buff)) { + if (PG(safe_mode) && (!php_checkuid(resolved_path_buff, NULL, CHECKUID_CHECK_FILE_AND_DIR))) { + RETURN_FALSE; +@@ -2527,6 +2592,14 @@ + return; + } + ++ if (strlen(pattern) != pattern_len) { ++ RETURN_FALSE; ++ } ++ ++ if (strlen(filename) != filename_len) { ++ RETURN_FALSE; ++ } ++ + if (filename_len >= MAXPATHLEN) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Filename exceeds the maximum allowed length of %d characters", MAXPATHLEN); + RETURN_FALSE; +Index: ext/standard/link.c +=================================================================== +--- ext/standard/link.c (revision 305506) ++++ ext/standard/link.c (revision 305507) +@@ -64,6 +64,10 @@ + return; + } + ++ if (strlen(link) != link_len) { ++ RETURN_FALSE; ++ } ++ + if (PG(safe_mode) && !php_checkuid(link, NULL, CHECKUID_CHECK_FILE_AND_DIR)) { + RETURN_FALSE; + } +@@ -123,6 +127,14 @@ + if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "ss", &topath, &topath_len, &frompath, &frompath_len) == FAILURE) { + return; + } ++ ++ if (strlen(topath) != topath_len) { ++ RETURN_FALSE; ++ } ++ ++ if (strlen(frompath) != frompath_len) { ++ RETURN_FALSE; ++ } + + if (!expand_filepath(frompath, source_p TSRMLS_CC)) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "No such file or directory"); +@@ -188,6 +200,14 @@ + return; + } + ++ if (strlen(topath) != topath_len) { ++ RETURN_FALSE; ++ } ++ ++ if (strlen(frompath) != frompath_len) { ++ RETURN_FALSE; ++ } ++ + if (!expand_filepath(frompath, source_p TSRMLS_CC) || !expand_filepath(topath, dest_p TSRMLS_CC)) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "No such file or directory"); + RETURN_FALSE; +Index: ext/openssl/openssl.c +=================================================================== +--- ext/openssl/openssl.c (revision 305506) ++++ ext/openssl/openssl.c (revision 305507) +@@ -1771,6 +1771,10 @@ + return; + + RETVAL_FALSE; ++ ++ if (strlen(filename) != filename_len) { ++ return; ++ } + + cert = php_openssl_x509_from_zval(zcert, 0, &certresource TSRMLS_CC); + if (cert == NULL) { +@@ -2219,6 +2223,10 @@ + } + RETVAL_FALSE; + ++ if (strlen(filename) != filename_len) { ++ return; ++ } ++ + csr = php_openssl_csr_from_zval(&zcsr, 0, &csr_resource TSRMLS_CC); + if (csr == NULL) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "cannot get CSR from parameter 1"); +@@ -3003,6 +3011,10 @@ + } + RETVAL_FALSE; + ++ if (strlen(filename) != filename_len) { ++ return; ++ } ++ + key = php_openssl_evp_from_zval(zpkey, 0, passphrase, 0, &key_resource TSRMLS_CC); + + if (key == NULL) { +@@ -3395,7 +3407,14 @@ + &outfilename, &outfilename_len, &zrecipcerts, &zheaders, &flags, &cipherid) == FAILURE) + return; + +- ++ if (strlen(infilename) != infilename_len) { ++ return; ++ } ++ ++ if (strlen(outfilename) != outfilename_len) { ++ return; ++ } ++ + if (php_openssl_safe_mode_chk(infilename TSRMLS_CC) || php_openssl_safe_mode_chk(outfilename TSRMLS_CC)) { + return; + } +@@ -3527,15 +3546,23 @@ + char * outfilename; int outfilename_len; + char * extracertsfilename = NULL; int extracertsfilename_len; + ++ RETVAL_FALSE; ++ + if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "ssZZa!|ls", + &infilename, &infilename_len, &outfilename, &outfilename_len, + &zcert, &zprivkey, &zheaders, &flags, &extracertsfilename, + &extracertsfilename_len) == FAILURE) { + return; + } +- +- RETVAL_FALSE; + ++ if (strlen(infilename) != infilename_len) { ++ return; ++ } ++ ++ if (strlen(outfilename) != outfilename_len) { ++ return; ++ } ++ + if (extracertsfilename) { + others = load_all_certs_from_file(extracertsfilename); + if (others == NULL) { +@@ -3631,13 +3658,21 @@ + char * infilename; int infilename_len; + char * outfilename; int outfilename_len; + ++ RETVAL_FALSE; ++ + if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "ssZ|Z", &infilename, &infilename_len, + &outfilename, &outfilename_len, &recipcert, &recipkey) == FAILURE) { + return; + } + +- RETVAL_FALSE; ++ if (strlen(infilename) != infilename_len) { ++ return; ++ } + ++ if (strlen(outfilename) != outfilename_len) { ++ return; ++ } ++ + cert = php_openssl_x509_from_zval(recipcert, 0, &certresval TSRMLS_CC); + if (cert == NULL) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "unable to coerce parameter 3 to x509 cert"); +Index: ext/sqlite3/sqlite3.c +=================================================================== +--- ext/sqlite3/sqlite3.c (revision 305506) ++++ ext/sqlite3/sqlite3.c (revision 305507) +@@ -114,6 +114,9 @@ + zend_throw_exception(zend_exception_get_default(TSRMLS_C), "Already initialised DB Object", 0 TSRMLS_CC); + } + ++ if (strlen(filename) != filename_len) { ++ return; ++ } + if (strncmp(filename, ":memory:", 8) != 0) { + if (!(fullpath = expand_filepath(filename, NULL TSRMLS_CC))) { + zend_throw_exception(zend_exception_get_default(TSRMLS_C), "Unable to expand filepath", 0 TSRMLS_CC); +Index: ext/pgsql/pgsql.c +=================================================================== +--- ext/pgsql/pgsql.c (revision 305506) ++++ ext/pgsql/pgsql.c (revision 305507) +@@ -3339,6 +3339,10 @@ + WRONG_PARAM_COUNT; + } + ++ if (strlen(file_in) != name_len) { ++ RETURN_FALSE; ++ } ++ + if (PG(safe_mode) &&(!php_checkuid(file_in, NULL, CHECKUID_CHECK_FILE_AND_DIR))) { + RETURN_FALSE; + } +@@ -3476,6 +3480,10 @@ + RETURN_FALSE; + } + ++ if (strlen(file_out) != name_len) { ++ RETURN_FALSE; ++ } ++ + if (PG(safe_mode) &&(!php_checkuid(file_out, NULL, CHECKUID_CHECK_FILE_AND_DIR))) { + RETURN_FALSE; + } +Index: ext/gd/gd_ctx.c +=================================================================== +--- ext/gd/gd_ctx.c (revision 305506) ++++ ext/gd/gd_ctx.c (revision 305507) +@@ -91,6 +91,9 @@ + } + + if (argc > 1 && file_len) { ++ if (strlen(file) != file_len) { ++ RETURN_FALSE; ++ } + PHP_GD_CHECK_OPEN_BASEDIR(file, "Invalid filename"); + + fp = VCWD_FOPEN(file, "wb"); +Index: ext/gd/gd.c +=================================================================== +--- ext/gd/gd.c (revision 305506) ++++ ext/gd/gd.c (revision 305507) +@@ -2642,6 +2642,9 @@ + } + + if (argc >= 2 && file_len) { ++ if (strlen(file) != file_len) { ++ RETURN_FALSE; ++ } + PHP_GD_CHECK_OPEN_BASEDIR(fn, "Invalid filename"); + + fp = VCWD_FOPEN(fn, "wb"); +@@ -4552,6 +4555,14 @@ + dest_width = width; + int_threshold = threshold; + ++ if (strlen(f_org) != f_org_len) { ++ RETURN_FALSE; ++ } ++ ++ if (strlen(f_dest) != f_dest_len) { ++ RETURN_FALSE; ++ } ++ + /* Check threshold value */ + if (int_threshold < 0 || int_threshold > 8) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Invalid threshold value '%d'", int_threshold); +Index: ext/sqlite/sqlite.c +=================================================================== +--- ext/sqlite/sqlite.c (revision 305506) ++++ ext/sqlite/sqlite.c (revision 305507) +@@ -1560,6 +1560,9 @@ + ZVAL_NULL(errmsg); + } + ++ if (strlen(filename) != filename_len) { ++ RETURN_FALSE; ++ } + if (strncmp(filename, ":memory:", sizeof(":memory:") - 1)) { + /* resolve the fully-qualified path name to use as the hash key */ + if (!(fullpath = expand_filepath(filename, NULL TSRMLS_CC))) { +@@ -1637,6 +1640,9 @@ + ZVAL_NULL(errmsg); + } + ++ if (strlen(filename) != filename_len) { ++ RETURN_FALSE; ++ } + if (strncmp(filename, ":memory:", sizeof(":memory:") - 1)) { + /* resolve the fully-qualified path name to use as the hash key */ + if (!(fullpath = expand_filepath(filename, NULL TSRMLS_CC))) { +@@ -1690,6 +1696,10 @@ + ZVAL_NULL(errmsg); + } + ++ if (strlen(filename) != filename_len) { ++ RETURN_FALSE; ++ } ++ + if (strncmp(filename, ":memory:", sizeof(":memory:") - 1)) { + /* resolve the fully-qualified path name to use as the hash key */ + if (!(fullpath = expand_filepath(filename, NULL TSRMLS_CC))) { +Index: ext/posix/posix.c +=================================================================== +--- ext/posix/posix.c (revision 305506) ++++ ext/posix/posix.c (revision 305507) +@@ -842,6 +842,10 @@ + RETURN_FALSE; + } + ++ if (strlen(path) != path_len) { ++ RETURN_FALSE; ++ } ++ + if (php_check_open_basedir_ex(path, 0 TSRMLS_CC) || + (PG(safe_mode) && (!php_checkuid(path, NULL, CHECKUID_ALLOW_ONLY_DIR)))) { + RETURN_FALSE; +@@ -877,6 +881,10 @@ + RETURN_FALSE; + } + ++ if (strlen(path) != path_len) { ++ RETURN_FALSE; ++ } ++ + if (php_check_open_basedir_ex(path, 0 TSRMLS_CC) || + (PG(safe_mode) && (!php_checkuid(path, NULL, CHECKUID_ALLOW_ONLY_DIR)))) { + RETURN_FALSE; +@@ -957,6 +965,10 @@ + RETURN_FALSE; + } + ++ if (strlen(filename) != filename_len) { ++ RETURN_FALSE; ++ } ++ + path = expand_filepath(filename, NULL TSRMLS_CC); + if (!path) { + POSIX_G(last_error) = EIO; +Index: ext/xsl/xsltprocessor.c +=================================================================== +--- ext/xsl/xsltprocessor.c (revision 305506) ++++ ext/xsl/xsltprocessor.c (revision 305507) +@@ -642,6 +642,9 @@ + + ret = -1; + if (newdocp) { ++ if (strlen(uri) != uri_len) { ++ RETURN_FALSE; ++ } + ret = xsltSaveResultToFilename(uri, newdocp, sheetp, 0); + xmlFreeDoc(newdocp); + } +@@ -845,7 +848,7 @@ + if (intern->profiling) { + efree(intern->profiling); + } +- if (filename != NULL) { ++ if (filename != NULL && strlen(filename) == filename_len) { + intern->profiling = estrndup(filename,filename_len); + } else { + intern->profiling = NULL; +Index: ext/com_dotnet/com_persist.c +=================================================================== +--- ext/com_dotnet/com_persist.c (revision 305506) ++++ ext/com_dotnet/com_persist.c (revision 305507) +@@ -389,6 +389,9 @@ + } + + if (filename) { ++ if (strlen(filename) != filename_len) { ++ RETURN_FALSE; ++ } + fullpath = expand_filepath(filename, NULL TSRMLS_CC); + if (!fullpath) { + RETURN_FALSE; +@@ -453,6 +456,10 @@ + return; + } + ++ if (strlen(filename) != filename_len) { ++ RETURN_FALSE; ++ } ++ + if (!(fullpath = expand_filepath(filename, NULL TSRMLS_CC))) { + RETURN_FALSE; + } +Index: ext/bz2/bz2.c +=================================================================== +--- ext/bz2/bz2.c (revision 305506) ++++ ext/bz2/bz2.c (revision 305507) +@@ -387,6 +387,9 @@ + if (Z_TYPE_PP(file) == IS_STRING) { + convert_to_string_ex(file); + ++ if (strlen(Z_STRVAL_PP(file)) != Z_STRLEN_PP(file)) { ++ RETURN_FALSE; ++ } + if (Z_STRLEN_PP(file) == 0) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "filename cannot be empty"); + RETURN_FALSE; +Index: ext/pspell/pspell.c +=================================================================== +--- ext/pspell/pspell.c (revision 305506) ++++ ext/pspell/pspell.c (revision 305507) +@@ -402,6 +402,10 @@ + } + #endif + ++ if (strlen(personal) != personal_len) { ++ RETURN_FALSE; ++ } ++ + if (PG(safe_mode) && (!php_checkuid(personal, NULL, CHECKUID_CHECK_FILE_AND_DIR))) { + delete_pspell_config(config); + RETURN_FALSE; +@@ -834,6 +838,10 @@ + return; + } + ++ if (strlen(value) != value_len) { ++ RETURN_FALSE; ++ } ++ + PSPELL_FETCH_CONFIG; + + if (PG(safe_mode) && (!php_checkuid(value, NULL, CHECKUID_CHECK_FILE_AND_DIR))) { +@@ -891,6 +899,10 @@ + + pspell_config_replace(config, "save-repl", "true"); + ++ if (strlen(repl) != repl_len) { ++ RETURN_FALSE; ++ } ++ + if (PG(safe_mode) && (!php_checkuid(repl, NULL, CHECKUID_CHECK_FILE_AND_DIR))) { + RETURN_FALSE; + } +Index: ext/enchant/enchant.c +=================================================================== +--- ext/enchant/enchant.c (revision 305506) ++++ ext/enchant/enchant.c (revision 305507) +@@ -591,6 +591,10 @@ + RETURN_FALSE; + } + ++ if (strlen(pwl) != pwllen) { ++ RETURN_FALSE; ++ } ++ + if ((PG(safe_mode) && (!php_checkuid(pwl, NULL, CHECKUID_CHECK_FILE_AND_DIR))) || php_check_open_basedir(pwl TSRMLS_CC)) { + RETURN_FALSE; + } +Index: ext/imap/php_imap.c +=================================================================== +--- ext/imap/php_imap.c (revision 305506) ++++ ext/imap/php_imap.c (revision 305507) +@@ -1218,10 +1218,14 @@ + } + + /* local filename, need to perform open_basedir and safe_mode checks */ +- if (mailbox[0] != '{' && +- (php_check_open_basedir(mailbox TSRMLS_CC) || +- (PG(safe_mode) && !php_checkuid(mailbox, NULL, CHECKUID_CHECK_FILE_AND_DIR)))) { +- RETURN_FALSE; ++ if (mailbox[0] != '{') { ++ if (strlen(mailbox) != mailbox_len) { ++ RETURN_FALSE; ++ } ++ if (php_check_open_basedir(mailbox TSRMLS_CC) || ++ (PG(safe_mode) && !php_checkuid(mailbox, NULL, CHECKUID_CHECK_FILE_AND_DIR))) { ++ RETURN_FALSE; ++ } + } + + IMAPG(imap_user) = estrndup(user, user_len); +Index: ext/fileinfo/fileinfo.c +=================================================================== +--- ext/fileinfo/fileinfo.c (revision 305506) ++++ ext/fileinfo/fileinfo.c (revision 305507) +@@ -294,6 +294,9 @@ + } + + if (file && *file) { /* user specified file, perform open_basedir checks */ ++ if (strlen(file) != file_len) { ++ RETURN_FALSE; ++ } + if (!VCWD_REALPATH(file, resolved_path)) { + RETURN_FALSE; + } +Index: ext/oci8/oci8_interface.c +=================================================================== +--- ext/oci8/oci8_interface.c (revision 305506) ++++ ext/oci8/oci8_interface.c (revision 305507) +@@ -276,6 +276,10 @@ + return; + } + } ++ ++ if (strlen(filename) != filename_len) { ++ RETURN_FALSE; ++ } + + if (zend_hash_find(Z_OBJPROP_P(z_descriptor), "descriptor", sizeof("descriptor"), (void **)&tmp) == FAILURE) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to find descriptor property"); +@@ -667,7 +671,7 @@ + RETURN_FALSE; + } + } +- ++ + if (zend_hash_find(Z_OBJPROP_P(z_descriptor), "descriptor", sizeof("descriptor"), (void **)&tmp) == FAILURE) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to find descriptor property"); + RETURN_FALSE; +@@ -928,6 +932,10 @@ + /* nothing to write, fail silently */ + RETURN_FALSE; + } ++ ++ if (strlen(filename) != filename_len) { ++ RETURN_FALSE; ++ } + + if (PG(safe_mode) && (!php_checkuid(filename, NULL, CHECKUID_CHECK_FILE_AND_DIR))) { + RETURN_FALSE; +Index: ext/zip/php_zip.c +=================================================================== +--- ext/zip/php_zip.c (revision 305506) ++++ ext/zip/php_zip.c (revision 305507) +@@ -1148,6 +1148,10 @@ + RETURN_FALSE; + } + ++ if (strlen(filename) != filename_len) { ++ RETURN_FALSE; ++ } ++ + if (OPENBASEDIR_CHECKPATH(filename)) { + RETURN_FALSE; + } +@@ -1437,6 +1441,10 @@ + RETURN_FALSE; + } + ++ if (strlen(filename) != filename_len) { ++ RETURN_FALSE; ++ } ++ + if (OPENBASEDIR_CHECKPATH(filename)) { + RETURN_FALSE; + } +@@ -2363,6 +2371,10 @@ + RETURN_FALSE; + } + ++ if (strlen(pathto) != pathto_len) { ++ RETURN_FALSE; ++ } ++ + if (php_stream_stat_path(pathto, &ssb) < 0) { + ret = php_stream_mkdir(pathto, 0777, PHP_STREAM_MKDIR_RECURSIVE, NULL); + if (!ret) { +@@ -2449,6 +2461,9 @@ + if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s|ll", &filename, &filename_len, &len, &flags) == FAILURE) { + return; + } ++ if (strlen(filename) != filename_len) { ++ return; ++ } + PHP_ZIP_STAT_PATH(intern, filename, filename_len, flags, sb); + } else { + if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "l|ll", &index, &len, &flags) == FAILURE) { +Index: ext/odbc/php_odbc.c +=================================================================== +--- ext/odbc/php_odbc.c (revision 305506) ++++ ext/odbc/php_odbc.c (revision 305507) +@@ -1317,8 +1317,11 @@ + if (Z_STRLEN_PP(tmp) > 2 && + Z_STRVAL_PP(tmp)[0] == '\'' && + Z_STRVAL_PP(tmp)[Z_STRLEN_PP(tmp) - 1] == '\'') { ++ if (strlen(tmp) != Z_STRLEN_PP(tmp)) { ++ RETURN_FALSE; ++ } ++ + filename = estrndup(&Z_STRVAL_PP(tmp)[1], Z_STRLEN_PP(tmp) - 2); +- filename[strlen(filename)] = '\0'; + + /* Check for safe mode. */ + if (PG(safe_mode) && (!php_checkuid(filename, NULL, CHECKUID_CHECK_FILE_AND_DIR))) { +Index: ext/tidy/tidy.c +=================================================================== +--- ext/tidy/tidy.c (revision 305506) ++++ ext/tidy/tidy.c (revision 305507) +@@ -567,6 +567,9 @@ + } + + if (is_file) { ++ if (strlen(arg1) != arg1_len) { ++ RETURN_FALSE; ++ } + if (!(data = php_tidy_file_to_mem(arg1, use_include_path, &data_len TSRMLS_CC))) { + RETURN_FALSE; + } +@@ -1221,6 +1224,9 @@ + RETURN_FALSE; + } + ++ if (strlen(inputfile) != input_len) { ++ RETURN_FALSE; ++ } + tidy_instanciate(tidy_ce_doc, return_value TSRMLS_CC); + obj = (PHPTidyObj *) zend_object_store_get_object(return_value TSRMLS_CC); + +@@ -1534,10 +1540,13 @@ + &options, &enc, &enc_len, &use_include_path) == FAILURE) { + RETURN_FALSE; + } +- ++ + obj = (PHPTidyObj *)zend_object_store_get_object(object TSRMLS_CC); + + if (inputfile) { ++ if (strlen(inputfile) != input_len) { ++ RETURN_FALSE; ++ } + if (!(contents = php_tidy_file_to_mem(inputfile, use_include_path, &contents_len TSRMLS_CC))) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Cannot Load '%s' into memory %s", inputfile, (use_include_path) ? "(Using include path)" : ""); + return; +@@ -1568,7 +1577,10 @@ + &options, &enc, &enc_len, &use_include_path) == FAILURE) { + RETURN_FALSE; + } +- ++ ++ if (strlen(inputfile) != input_len) { ++ RETURN_FALSE; ++ } + if (!(contents = php_tidy_file_to_mem(inputfile, use_include_path, &contents_len TSRMLS_CC))) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Cannot Load '%s' into memory %s", inputfile, (use_include_path) ? "(Using include path)" : ""); + RETURN_FALSE; +Index: Zend/zend_vm_execute.h +=================================================================== +--- Zend/zend_vm_execute.h (revision 305506) ++++ Zend/zend_vm_execute.h (revision 305507) +@@ -1880,6 +1880,16 @@ + + return_value_used = RETURN_VALUE_USED(opline); + ++ if (Z_LVAL(opline->op2.u.constant) != ZEND_EVAL && strlen(Z_STRVAL_P(inc_filename)) != Z_STRLEN_P(inc_filename)) { ++ if (Z_LVAL(opline->op2.u.constant)==ZEND_INCLUDE_ONCE || ++ Z_LVAL(opline->op2.u.constant)==ZEND_INCLUDE) { ++ zend_message_dispatcher(ZMSG_FAILED_INCLUDE_FOPEN, Z_STRVAL_P(inc_filename) TSRMLS_CC); ++ } else { ++ zend_message_dispatcher(ZMSG_FAILED_REQUIRE_FOPEN, Z_STRVAL_P(inc_filename) TSRMLS_CC); ++ } ++ goto done; ++ } ++ + switch (Z_LVAL(opline->op2.u.constant)) { + case ZEND_INCLUDE_ONCE: + case ZEND_REQUIRE_ONCE: { +@@ -1933,6 +1943,7 @@ + break; + EMPTY_SWITCH_DEFAULT_CASE() + } ++done: + if (inc_filename==&tmp_inc_filename) { + zval_dtor(&tmp_inc_filename); + } +@@ -5154,6 +5165,16 @@ + + return_value_used = RETURN_VALUE_USED(opline); + ++ if (Z_LVAL(opline->op2.u.constant) != ZEND_EVAL && strlen(Z_STRVAL_P(inc_filename)) != Z_STRLEN_P(inc_filename)) { ++ if (Z_LVAL(opline->op2.u.constant)==ZEND_INCLUDE_ONCE || ++ Z_LVAL(opline->op2.u.constant)==ZEND_INCLUDE) { ++ zend_message_dispatcher(ZMSG_FAILED_INCLUDE_FOPEN, Z_STRVAL_P(inc_filename) TSRMLS_CC); ++ } else { ++ zend_message_dispatcher(ZMSG_FAILED_REQUIRE_FOPEN, Z_STRVAL_P(inc_filename) TSRMLS_CC); ++ } ++ goto done; ++ } ++ + switch (Z_LVAL(opline->op2.u.constant)) { + case ZEND_INCLUDE_ONCE: + case ZEND_REQUIRE_ONCE: { +@@ -5207,6 +5228,7 @@ + break; + EMPTY_SWITCH_DEFAULT_CASE() + } ++done: + if (inc_filename==&tmp_inc_filename) { + zval_dtor(&tmp_inc_filename); + } +@@ -8524,6 +8546,16 @@ + + return_value_used = RETURN_VALUE_USED(opline); + ++ if (Z_LVAL(opline->op2.u.constant) != ZEND_EVAL && strlen(Z_STRVAL_P(inc_filename)) != Z_STRLEN_P(inc_filename)) { ++ if (Z_LVAL(opline->op2.u.constant)==ZEND_INCLUDE_ONCE || ++ Z_LVAL(opline->op2.u.constant)==ZEND_INCLUDE) { ++ zend_message_dispatcher(ZMSG_FAILED_INCLUDE_FOPEN, Z_STRVAL_P(inc_filename) TSRMLS_CC); ++ } else { ++ zend_message_dispatcher(ZMSG_FAILED_REQUIRE_FOPEN, Z_STRVAL_P(inc_filename) TSRMLS_CC); ++ } ++ goto done; ++ } ++ + switch (Z_LVAL(opline->op2.u.constant)) { + case ZEND_INCLUDE_ONCE: + case ZEND_REQUIRE_ONCE: { +@@ -8577,6 +8609,7 @@ + break; + EMPTY_SWITCH_DEFAULT_CASE() + } ++done: + if (inc_filename==&tmp_inc_filename) { + zval_dtor(&tmp_inc_filename); + } +@@ -22387,6 +22420,16 @@ + + return_value_used = RETURN_VALUE_USED(opline); + ++ if (Z_LVAL(opline->op2.u.constant) != ZEND_EVAL && strlen(Z_STRVAL_P(inc_filename)) != Z_STRLEN_P(inc_filename)) { ++ if (Z_LVAL(opline->op2.u.constant)==ZEND_INCLUDE_ONCE || ++ Z_LVAL(opline->op2.u.constant)==ZEND_INCLUDE) { ++ zend_message_dispatcher(ZMSG_FAILED_INCLUDE_FOPEN, Z_STRVAL_P(inc_filename) TSRMLS_CC); ++ } else { ++ zend_message_dispatcher(ZMSG_FAILED_REQUIRE_FOPEN, Z_STRVAL_P(inc_filename) TSRMLS_CC); ++ } ++ goto done; ++ } ++ + switch (Z_LVAL(opline->op2.u.constant)) { + case ZEND_INCLUDE_ONCE: + case ZEND_REQUIRE_ONCE: { +@@ -22440,6 +22483,7 @@ + break; + EMPTY_SWITCH_DEFAULT_CASE() + } ++done: + if (inc_filename==&tmp_inc_filename) { + zval_dtor(&tmp_inc_filename); + } +Index: main/fopen_wrappers.c +=================================================================== +--- main/fopen_wrappers.c (revision 305506) ++++ main/fopen_wrappers.c (revision 305507) +@@ -538,6 +538,10 @@ + return NULL; + } + ++ if (strlen(filename) != filename_length) { ++ return NULL; ++ } ++ + /* Don't resolve paths which contain protocol (except of file://) */ + for (p = filename; isalnum((int)*p) || *p == '+' || *p == '-' || *p == '.'; p++); + if ((*p == ':') && (p - filename > 1) && (p[1] == '/') && (p[2] == '/')) { +Index: ext/standard/tests/file/file_put_contents_variation8.phpt +=================================================================== +--- ext/standard/tests/file/file_put_contents_variation8.phpt (revision 305634) ++++ ext/standard/tests/file/file_put_contents_variation8.phpt (revision 305635) +@@ -70,9 +70,7 @@ + -- Iteration 5 -- + 9 bytes written to: + -- Iteration 6 -- +- +-Warning: file_put_contents(): Filename cannot be empty in %s on line %d +-Failed to write data to: ++Failed to write data to: + -- Iteration 7 -- + + Warning: file_put_contents() expects parameter 1 to be string, array given in %s on line %d +Index: ext/standard/tests/file/glob_variation.phpt +=================================================================== +--- ext/standard/tests/file/glob_variation.phpt (revision 305634) ++++ ext/standard/tests/file/glob_variation.phpt (revision 305635) +@@ -325,20 +325,12 @@ + } + + -- Iteration 8 -- +-array(0) { +-} +-array(0) { +-} +-array(0) { +-} +-array(1) { +- [0]=> +- string(%d) "%s/glob_variation/WONDER5" +-} +-array(0) { +-} +-array(0) { +-} ++bool(false) ++bool(false) ++bool(false) ++bool(false) ++bool(false) ++bool(false) + + -- Iteration 9 -- + array(0) { +@@ -441,8 +433,7 @@ + array(0) { + } + -- Iteration 8 -- +-array(0) { +-} ++bool(false) + -- Iteration 9 -- + array(0) { + } +Index: ext/standard/tests/file/copy_variation4.phpt +=================================================================== +--- ext/standard/tests/file/copy_variation4.phpt (revision 305634) ++++ ext/standard/tests/file/copy_variation4.phpt (revision 305635) +@@ -2,9 +2,6 @@ + Test copy() function: usage variations - destination file names(empty string, nulls & bools) + --SKIPIF-- + +@@ -22,7 +19,7 @@ + echo "*** Test copy() function: destination file names with empty string, nulls & bools ***\n"; + $file_path = dirname(__FILE__); + $src_file_name = $file_path."/copy_variation4.tmp"; +-$file_handle = fopen($src_file_name, "w"); ++$file_handle = fopen($src_file_name, "wb"); + fwrite( $file_handle, str_repeat(b"Hello2World...\n", 100) ); + fclose($file_handle); + +@@ -114,17 +111,13 @@ + Warning: unlink(%s): %s + + -- Iteration 3 -- +-Existence of destination file before copy => bool(true) +-Copy operation => +-Warning: copy(): The second argument to copy() function cannot be a directory in %s on line %d +-bool(false) +-Existence of destination file => bool(true) +-Destination file name => %s/ ++Existence of destination file before copy => bool(false) ++Copy operation => bool(false) ++Existence of destination file => bool(false) ++Destination file name => %s/ + Size of source file => int(1500) +-Size of destination file => int(%d) ++Size of destination file => bool(false) + +-Warning: unlink(%s): %s +- + -- Iteration 4 -- + Existence of destination file before copy => bool(true) + Copy operation => +Index: ext/standard/tests/file/stream_rfc2397_006.phpt +=================================================================== +--- ext/standard/tests/file/stream_rfc2397_006.phpt (revision 305634) ++++ ext/standard/tests/file/stream_rfc2397_006.phpt (revision 305635) +@@ -21,8 +21,8 @@ + ===DONE=== + + --EXPECTF-- +-string(0) "" +-string(6) "foobar" ++bool(false) ++bool(false) + string(13) "foobar foobar" + + Warning: file_get_contents(data:;base64,#Zm9vYmFyIGZvb2Jhc=): failed to open stream: rfc2397: unable to decode in %sstream_rfc2397_006.php on line %d +Index: ext/standard/tests/file/file_get_contents_variation8-win32.phpt +=================================================================== +--- ext/standard/tests/file/file_get_contents_variation8-win32.phpt (revision 305634) ++++ ext/standard/tests/file/file_get_contents_variation8-win32.phpt (revision 305635) +@@ -76,8 +76,6 @@ + bool(false) + + -- Filename: \0 -- +- +-Warning: file_get_contents(): Filename cannot be empty in %s on line %d + bool(false) + + -- Filename: array() -- +Index: ext/standard/tests/file/readfile_variation10.phpt +=================================================================== +--- ext/standard/tests/file/readfile_variation10.phpt (revision 305634) ++++ ext/standard/tests/file/readfile_variation10.phpt (revision 305635) +@@ -39,7 +39,7 @@ + for( $i=0; $i 100600 + File created in => temp dir + -- Iteration 6 -- +-File name is => %s%etempnam_variation3.tmp%s +-File permissions are => 100600 +-File created in => temp dir ++-- File is not created -- ++ ++Warning: unlink(): %s in %s on line %d + -- Iteration 7 -- + + Warning: tempnam() expects parameter 1 to be string, array given in %s on line %d +Index: ext/standard/tests/file/fileperms_variation3.phpt +=================================================================== +--- ext/standard/tests/file/fileperms_variation3.phpt (revision 305634) ++++ ext/standard/tests/file/fileperms_variation3.phpt (revision 305635) +@@ -74,8 +74,8 @@ + Warning: fileperms(): stat failed for %s/fileperms_variation3/fileperms*.tmp in %s on line %d + bool(false) + - Iteration 7 - +-int(%d) ++bool(false) + - Iteration 8 - +-int(%d) ++bool(false) + + *** Done *** +Index: ext/standard/tests/file/is_dir_variation4.phpt +=================================================================== +--- ext/standard/tests/file/is_dir_variation4.phpt (revision 305634) ++++ ext/standard/tests/file/is_dir_variation4.phpt (revision 305635) +@@ -77,9 +77,9 @@ + bool(false) + + -- Iteration 9 -- +-bool(true) ++bool(false) + + -- Iteration 10 -- +-bool(true) ++bool(false) + + *** Done *** +Index: ext/standard/tests/file/disk_free_space_variation.phpt +=================================================================== +--- ext/standard/tests/file/disk_free_space_variation.phpt (revision 305634) ++++ ext/standard/tests/file/disk_free_space_variation.phpt (revision 305635) +@@ -105,19 +105,19 @@ + float(%d) + + -- Iteration 9 -- +-float(%d) +-float(%d) ++bool(false) ++bool(false) + + -- Iteration 10 -- +-float(%d) +-float(%d) ++bool(false) ++bool(false) + + -- Iteration 11 -- +-float(%d) +-float(%d) ++bool(false) ++bool(false) + + -- Iteration 12 -- +-float(%d) +-float(%d) ++bool(false) ++bool(false) + + --- Done --- +Index: ext/standard/tests/file/fileowner_variation3.phpt +=================================================================== +--- ext/standard/tests/file/fileowner_variation3.phpt (revision 305634) ++++ ext/standard/tests/file/fileowner_variation3.phpt (revision 305635) +@@ -75,8 +75,8 @@ + Warning: fileowner(): stat failed for %s/fileowner_variation3/fileowner*.tmp in %s on line %d + bool(false) + - Iteration 7 - +-int(%d) ++bool(false) + - Iteration 8 - +-int(%d) ++bool(false) + + *** Done *** +Index: ext/standard/tests/file/filegroup_variation3.phpt +=================================================================== +--- ext/standard/tests/file/filegroup_variation3.phpt (revision 305634) ++++ ext/standard/tests/file/filegroup_variation3.phpt (revision 305635) +@@ -74,8 +74,8 @@ + Warning: filegroup(): stat failed for %s/filegroup_variation3/filegroup*.tmp in %s on line %d + bool(false) + - Iteration 7 - +-int(%d) ++bool(false) + - Iteration 8 - +-int(%d) ++bool(false) + + *** Done *** +Index: ext/standard/tests/file/file_get_contents_variation8.phpt +=================================================================== +--- ext/standard/tests/file/file_get_contents_variation8.phpt (revision 305634) ++++ ext/standard/tests/file/file_get_contents_variation8.phpt (revision 305635) +@@ -68,8 +68,6 @@ + Warning: file_get_contents( ): failed to open stream: No such file or directory in %s on line %d + bool(false) + -- Iteration 6 -- +- +-Warning: file_get_contents(): Filename cannot be empty in %s on line %d + bool(false) + -- Iteration 7 -- + +Index: ext/standard/tests/file/is_writable_variation1.phpt +=================================================================== +--- ext/standard/tests/file/is_writable_variation1.phpt (revision 305634) ++++ ext/standard/tests/file/is_writable_variation1.phpt (revision 305635) +@@ -96,14 +96,14 @@ + bool(false) + bool(false) + -- Iteration 7 -- +-bool(true) +-bool(true) ++bool(false) ++bool(false) + -- Iteration 8 -- +-bool(true) +-bool(true) ++bool(false) ++bool(false) + -- Iteration 9 -- +-bool(true) +-bool(true) ++bool(false) ++bool(false) + -- Iteration 10 -- + bool(true) + bool(true) +Index: ext/standard/tests/file/fnmatch_variation.phpt +=================================================================== +--- ext/standard/tests/file/fnmatch_variation.phpt (revision 305634) ++++ ext/standard/tests/file/fnmatch_variation.phpt (revision 305635) +@@ -259,22 +259,22 @@ + --- With Strings --- + -- Iteration 0 -- + bool(true) ++bool(false) + bool(true) +-bool(true) + bool(false) + bool(false) + bool(true) + -- Iteration 1 -- +-bool(true) +-bool(true) +-bool(true) + bool(false) + bool(false) +-bool(true) ++bool(false) ++bool(false) ++bool(false) ++bool(false) + -- Iteration 2 -- + bool(true) ++bool(false) + bool(true) +-bool(true) + bool(false) + bool(false) + bool(true) +@@ -282,9 +282,9 @@ + bool(false) + bool(false) + bool(false) +-bool(true) + bool(false) + bool(false) ++bool(false) + -- Iteration 4 -- + bool(false) + bool(false) +@@ -294,8 +294,8 @@ + bool(false) + -- Iteration 5 -- + bool(true) ++bool(false) + bool(true) +-bool(true) + bool(false) + bool(false) + bool(true) +@@ -397,30 +397,30 @@ + bool(true) + bool(true) + bool(true) +-bool(true) + bool(false) + bool(false) ++bool(false) + -- Iteration 1 -- + bool(true) + bool(true) + bool(true) +-bool(true) + bool(false) + bool(false) ++bool(false) + -- Iteration 2 -- + bool(true) + bool(true) + bool(true) +-bool(true) + bool(false) + bool(false) ++bool(false) + -- Iteration 3 -- +-bool(true) +-bool(true) +-bool(true) +-bool(true) + bool(false) + bool(false) ++bool(false) ++bool(false) ++bool(false) ++bool(false) + -- Iteration 4 -- + bool(false) + bool(false) +Index: ext/standard/tests/file/tempnam_variation3-win32.phpt +=================================================================== +--- ext/standard/tests/file/tempnam_variation3-win32.phpt (revision 305634) ++++ ext/standard/tests/file/tempnam_variation3-win32.phpt (revision 305635) +@@ -31,8 +31,8 @@ + NULL, + "", + " ", ++ /* Invalid args */ + "\0", +- /* Invalid args */ + array(), + + /* Valid args*/ +@@ -102,7 +102,8 @@ + Failed, not created in the correct directory %s vs %s + 0 + -- Iteration 6 -- +-OK ++Failed, not created in the correct directory %s vs %s ++0 + -- Iteration 7 -- + + Warning: tempnam() expects parameter 2 to be string, array given in %s\ext\standard\tests\file\tempnam_variation3-win32.php on line %d +Index: ext/standard/tests/file/rename_variation13.phpt +=================================================================== +--- ext/standard/tests/file/rename_variation13.phpt (revision 305634) ++++ ext/standard/tests/file/rename_variation13.phpt (revision 305635) +@@ -98,11 +98,7 @@ + Warning: rename( ,%s/renameVar13/afile.tmp): No such file or directory in %s on line %d + bool(false) + -- testing '%s' -- +- +-Warning: rename(%s/renameVar13/afile.tmp,): %s in %s on line %d + bool(false) +- +-Warning: rename(,%s/renameVar13/afile.tmp): %s in %s on line %d + bool(false) + -- testing 'Array' -- + +Index: ext/standard/tests/file/readfile_variation10-win32.phpt +=================================================================== +--- ext/standard/tests/file/readfile_variation10-win32.phpt (revision 305634) ++++ ext/standard/tests/file/readfile_variation10-win32.phpt (revision 305635) +@@ -37,7 +37,7 @@ + + foreach($names_arr as $key => $value) { + echo "\n-- Filename: $key --\n"; +- readfile($value); ++ var_dump(readfile($value)); + }; + + ?> +@@ -48,40 +48,48 @@ + -- Filename: -1 -- + + Warning: readfile(-1): failed to open stream: No such file or directory in %s on line %d ++bool(false) + + -- Filename: TRUE -- + + Warning: readfile(1): failed to open stream: No such file or directory in %s on line %d ++bool(false) + + -- Filename: FALSE -- + + Warning: readfile(): Filename cannot be empty in %s on line %d ++bool(false) + + -- Filename: NULL -- + + Warning: readfile(): Filename cannot be empty in %s on line %d ++bool(false) + + -- Filename: "" -- + + Warning: readfile(): Filename cannot be empty in %s on line %d ++bool(false) + + -- Filename: " " -- + + Warning: readfile( ): failed to open stream: Permission denied in %s on line %d ++bool(false) + + -- Filename: \0 -- ++bool(false) + +-Warning: readfile(): Filename cannot be empty in %s on line %d +- + -- Filename: array() -- + + Warning: readfile() expects parameter 1 to be string, array given in %s on line %d ++bool(false) + + -- Filename: /no/such/file/dir -- + + Warning: readfile(/no/such/file/dir): failed to open stream: No such file or directory in %s on line %d ++bool(false) + + -- Filename: php/php -- + + Warning: readfile(php/php): failed to open stream: No such file or directory in %s on line %d ++bool(false) + ===Done=== +\ No newline at end of file +Index: ext/standard/tests/file/tempnam_variation3.phpt +=================================================================== +--- ext/standard/tests/file/tempnam_variation3.phpt (revision 305634) ++++ ext/standard/tests/file/tempnam_variation3.phpt (revision 305635) +@@ -100,9 +100,9 @@ + File permissions are => 100600 + File created in => directory specified + -- Iteration 6 -- +-File name is => %s/%s +-File permissions are => 100600 +-File created in => directory specified ++-- File is not created -- ++ ++Warning: unlink(): %s in %s on line %d + -- Iteration 7 -- + + Warning: tempnam() expects parameter 2 to be string, array given in %s on line %d +Index: ext/standard/tests/file/is_readable_variation1.phpt +=================================================================== +--- ext/standard/tests/file/is_readable_variation1.phpt (revision 305634) ++++ ext/standard/tests/file/is_readable_variation1.phpt (revision 305635) +@@ -87,11 +87,11 @@ + -- Iteration 6 -- + bool(false) + -- Iteration 7 -- +-bool(true) ++bool(false) + -- Iteration 8 -- +-bool(true) ++bool(false) + -- Iteration 9 -- +-bool(true) ++bool(false) + -- Iteration 10 -- + bool(true) + -- Iteration 11 -- +Index: ext/standard/tests/file/mkdir_rmdir_variation2.phpt +=================================================================== +--- ext/standard/tests/file/mkdir_rmdir_variation2.phpt (revision 305634) ++++ ext/standard/tests/file/mkdir_rmdir_variation2.phpt (revision 305635) +@@ -64,8 +64,8 @@ + bool(false) + + *** Testing mkdir() and rmdir() for binary safe functionality *** +-bool(true) +-bool(true) ++bool(false) ++bool(false) + + *** Testing mkdir() with miscelleneous input *** + bool(true) +Index: ext/standard/tests/file/rename_variation13-win32.phpt +=================================================================== +--- ext/standard/tests/file/rename_variation13-win32.phpt (revision 305634) ++++ ext/standard/tests/file/rename_variation13-win32.phpt (revision 305635) +@@ -106,12 +106,8 @@ + + Warning: rename( ,%s/renameVar13/afile.tmp): The filename, directory name, or volume label syntax is incorrect. (code: 123) in %s on line %d + bool(false) +--- 6 testing '' string -- +- +-Warning: rename(%s/renameVar13/afile.tmp,): %s in %s on line %d ++-- 6 testing ' + bool(false) +- +-Warning: rename(,%s/renameVar13/afile.tmp): %s in %s on line %d + bool(false) + -- 7 testing 'Array' array -- + +Index: ext/standard/tests/file/is_file_variation4.phpt +=================================================================== +--- ext/standard/tests/file/is_file_variation4.phpt (revision 305634) ++++ ext/standard/tests/file/is_file_variation4.phpt (revision 305635) +@@ -67,8 +67,8 @@ + - Iteration 6 - + bool(false) + - Iteration 7 - +-bool(true) ++bool(false) + - Iteration 8 - +-bool(true) ++bool(false) + + *** Done *** +Index: ext/standard/tests/file/fileinode_variation3.phpt +=================================================================== +--- ext/standard/tests/file/fileinode_variation3.phpt (revision 305634) ++++ ext/standard/tests/file/fileinode_variation3.phpt (revision 305635) +@@ -75,8 +75,8 @@ + Warning: fileinode(): stat failed for %s/fileinode_variation3/fileinode*.tmp in %s on line %d + bool(false) + - Iteration 7 - +-int(%d) ++bool(false) + - Iteration 8 - +-int(%d) ++bool(false) + + *** Done *** +Index: ext/standard/tests/file/tempnam_variation7-win32.phpt +=================================================================== +--- ext/standard/tests/file/tempnam_variation7-win32.phpt (revision 305634) ++++ ext/standard/tests/file/tempnam_variation7-win32.phpt (revision 305635) +@@ -89,9 +89,9 @@ + File permissions are => 100666 + File created in => temp dir + -- Iteration 6 -- +-File name is => %s%et%s +-File permissions are => 100666 +-File created in => temp dir ++-- File is not created -- ++ ++Warning: unlink(): %s in %s on line %d + -- Iteration 7 -- + + Warning: tempnam() expects parameter 1 to be string, array given in %s on line %d +Index: ext/standard/tests/file/is_executable_variation1.phpt +=================================================================== +--- ext/standard/tests/file/is_executable_variation1.phpt (revision 305634) ++++ ext/standard/tests/file/is_executable_variation1.phpt (revision 305635) +@@ -76,9 +76,9 @@ + -- Iteration 5 -- + bool(false) + -- Iteration 6 -- +-bool(true) ++bool(false) + -- Iteration 7 -- +-bool(true) ++bool(false) + -- Iteration 8 -- + bool(false) + -- Iteration 9 -- --- php5-5.3.2.orig/debian/patches/php5-CVE-2011-1470.patch +++ php5-5.3.2/debian/patches/php5-CVE-2011-1470.patch @@ -0,0 +1,70 @@ +Subject: Fixed bug#53579 (stream_get_contents() segfaults on ziparchive streams) + Also added the filename being access to the stream_get_meta_data() array +Origin: http://svn.php.net/viewvc?view=revision&revision=306493 + +CVE-2011-1470 + +Patch differs from upstream commit in that it drops the added entry to +the NEWS file to reduce patch conflicts. + +Index: ext/zip/tests/bug53579.phpt +=================================================================== +--- ext/zip/tests/bug53579.phpt (revision 0) ++++ ext/zip/tests/bug53579.phpt (revision 306493) +@@ -0,0 +1,44 @@ ++--TEST-- ++Bug #53579 (stream_get_contents() segfaults on ziparchive streams) ++--SKIPIF-- ++ ++--FILE-- ++open($file)) { ++ exit('failed'); ++} ++$fp = $zip->getStream('foo'); ++ ++var_dump($fp); ++if(!$fp) exit("\n"); ++$contents = stream_get_contents($fp); ++ ++fclose($fp); ++$zip->close(); ++var_dump($contents); ++ ++ ++$fp = fopen('zip://' . dirname(__FILE__) . '/test_with_comment.zip#foo', 'rb'); ++if (!$fp) { ++ exit("cannot open\n"); ++} ++$contents = stream_get_contents($fp); ++var_dump($contents); ++fclose($fp); ++ ++?> ++--EXPECTF-- ++resource(%d) of type (stream) ++string(5) "foo ++ ++" ++string(5) "foo ++ ++" +Index: ext/zip/zip_stream.c +=================================================================== +--- ext/zip/zip_stream.c (revision 306492) ++++ ext/zip/zip_stream.c (revision 306493) +@@ -216,6 +216,7 @@ + self->stream = NULL; + self->cursor = 0; + stream = php_stream_alloc(&php_stream_zipio_ops, self, NULL, mode); ++ stream->orig_path = estrdup(path); + } else { + zip_close(stream_za); + } --- php5-5.3.2.orig/debian/patches/php5-CVE-2011-1468.patch +++ php5-5.3.2/debian/patches/php5-CVE-2011-1468.patch @@ -0,0 +1,100 @@ +Subject: fix bug #54060, memory leak in openssl_encrypt +Origin: http://svn.php.net/viewvc?view=revision&revision=308531 + +Also includes http://svn.php.net/viewvc?view=revision&revision=308532 + + - fix test 025 + +http://svn.php.net/viewvc?view=revision&revision=308534 + + - fix bug #54061, memory leak in openssl_decrypt + +and http://svn.php.net/viewvc?view=revision&revision=308535 which adds a +testcase for #54061 + +CVE-2011-1468 + +Patch differs from upstream commits in that the addition to the NEWS +file was dropped to reduce patch conflicts. It was also modified to more +cleanly apply to older versions of php. + +Index: ext/openssl/tests/bug54061.phpt +=================================================================== +--- ext/openssl/tests/bug54061.phpt (revision 0) ++++ ext/openssl/tests/bug54061.phpt (revision 308535) +@@ -0,0 +1,17 @@ ++--TEST-- ++Bug #54061 (Memory leak in openssl_decrypt) ++--SKIPIF-- ++ ++--FILE-- ++ ++--EXPECT-- ++Done +Index: ext/openssl/tests/bug54060.phpt +=================================================================== +--- ext/openssl/tests/bug54060.phpt (revision 0) ++++ ext/openssl/tests/bug54060.phpt (revision 308535) +@@ -0,0 +1,17 @@ ++--TEST-- ++Bug #54060 (Memory leak in openssl_encrypt) ++--SKIPIF-- ++ ++--FILE-- ++ ++--EXPECT-- ++Done +Index: ext/openssl/openssl.c +=================================================================== +--- ext/openssl/openssl.c (revision 308530) ++++ ext/openssl/openssl.c (revision 308535) +@@ -3543,14 +3543,13 @@ + char * outfilename; int outfilename_len; + char * extracertsfilename = NULL; int extracertsfilename_len; + +- RETVAL_FALSE; +- + if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "ssZZa!|ls", + &infilename, &infilename_len, &outfilename, &outfilename_len, + &zcert, &zprivkey, &zheaders, &flags, &extracertsfilename, + &extracertsfilename_len) == FAILURE) { + return; + } ++ RETVAL_FALSE; + + if (strlen(infilename) != infilename_len) { + return; +@@ -4731,6 +4730,7 @@ + efree(key); + } + efree(iv); ++ EVP_CIPHER_CTX_cleanup(&cipher_ctx); + } + /* }}} */ + +@@ -4804,6 +4804,7 @@ + if (base64_str) { + efree(base64_str); + } ++ EVP_CIPHER_CTX_cleanup(&cipher_ctx); + } + /* }}} */ + --- php5-5.3.2.orig/debian/patches/check_ini_on_modify_status.patch +++ php5-5.3.2/debian/patches/check_ini_on_modify_status.patch @@ -0,0 +1,26 @@ +Index: php/Zend/zend_ini.c +=================================================================== +--- php.orig/Zend/zend_ini.c ++++ php/Zend/zend_ini.c +@@ -46,15 +46,20 @@ static int zend_remove_ini_entries(zend_ + + static int zend_restore_ini_entry_cb(zend_ini_entry *ini_entry, int stage TSRMLS_DC) /* {{{ */ + { ++ int result = FAILURE; + if (ini_entry->modified) { + if (ini_entry->on_modify) { + zend_try { + /* even if on_modify bails out, we have to continue on with restoring, + since there can be allocated variables that would be freed on MM shutdown + and would lead to memory corruption later ini entry is modified again */ +- ini_entry->on_modify(ini_entry, ini_entry->orig_value, ini_entry->orig_value_length, ini_entry->mh_arg1, ini_entry->mh_arg2, ini_entry->mh_arg3, stage TSRMLS_CC); ++ result = ini_entry->on_modify(ini_entry, ini_entry->orig_value, ini_entry->orig_value_length, ini_entry->mh_arg1, ini_entry->mh_arg2, ini_entry->mh_arg3, stage TSRMLS_CC); + } zend_end_try(); + } ++ if(stage == ZEND_INI_STAGE_RUNTIME && result == FAILURE) { ++ /* runtime failure is OK */ ++ return 1; ++ } + if (ini_entry->value != ini_entry->orig_value) { + efree(ini_entry->value); + } --- php5-5.3.2.orig/debian/patches/php5-CVE-2010-3870.patch +++ php5-5.3.2/debian/patches/php5-CVE-2010-3870.patch @@ -0,0 +1,204 @@ +Subject: utf8_decode vulnerabilities and deficiencies in the number + of reported malformed sequences. (Gustavo) +Origin: http://svn.php.net/viewvc/?view=revision&revision=304959 +Bug: http://bugs.php.net/bug.php?id=49687 + +[Ubuntu note: patch differs from above commit in that the NEWS entry has + been removed to reduce conflicts when applying - sbeattie] + +--- + ext/xml/tests/bug49687.phpt | 24 +++++++ + ext/xml/xml.c | 140 ++++++++++++++++++++++++++++++++++---------- + 2 files changed, 134 insertions(+), 30 deletions(-) + +Index: b/ext/xml/xml.c +=================================================================== +--- a/ext/xml/xml.c ++++ b/ext/xml/xml.c +@@ -659,10 +659,111 @@ PHPAPI char *xml_utf8_encode(const char + } + /* }}} */ + ++/* copied from trunk's implementation of get_next_char in ext/standard/html.c */ ++#define MB_FAILURE(pos, advance) do { \ ++ *cursor = pos + (advance); \ ++ *status = FAILURE; \ ++ return 0; \ ++} while (0) ++ ++#define CHECK_LEN(pos, chars_need) ((str_len - (pos)) >= (chars_need)) ++#define utf8_lead(c) ((c) < 0x80 || ((c) >= 0xC2 && (c) <= 0xF4)) ++#define utf8_trail(c) ((c) >= 0x80 && (c) <= 0xBF) ++ ++/* {{{ php_next_utf8_char ++ */ ++static inline unsigned int php_next_utf8_char( ++ const unsigned char *str, ++ size_t str_len, ++ size_t *cursor, ++ int *status) ++{ ++ size_t pos = *cursor; ++ unsigned int this_char = 0; ++ unsigned char c; ++ ++ *status = SUCCESS; ++ ++ if (!CHECK_LEN(pos, 1)) ++ MB_FAILURE(pos, 1); ++ ++ /* We'll follow strategy 2. from section 3.6.1 of UTR #36: ++ * "In a reported illegal byte sequence, do not include any ++ * non-initial byte that encodes a valid character or is a leading ++ * byte for a valid sequence.» */ ++ c = str[pos]; ++ if (c < 0x80) { ++ this_char = c; ++ pos++; ++ } else if (c < 0xc2) { ++ MB_FAILURE(pos, 1); ++ } else if (c < 0xe0) { ++ if (!CHECK_LEN(pos, 2)) ++ MB_FAILURE(pos, 1); ++ ++ if (!utf8_trail(str[pos + 1])) { ++ MB_FAILURE(pos, utf8_lead(str[pos + 1]) ? 1 : 2); ++ } ++ this_char = ((c & 0x1f) << 6) | (str[pos + 1] & 0x3f); ++ if (this_char < 0x80) { /* non-shortest form */ ++ MB_FAILURE(pos, 2); ++ } ++ pos += 2; ++ } else if (c < 0xf0) { ++ size_t avail = str_len - pos; ++ ++ if (avail < 3 || ++ !utf8_trail(str[pos + 1]) || !utf8_trail(str[pos + 2])) { ++ if (avail < 2 || utf8_lead(str[pos + 1])) ++ MB_FAILURE(pos, 1); ++ else if (avail < 3 || utf8_lead(str[pos + 2])) ++ MB_FAILURE(pos, 2); ++ else ++ MB_FAILURE(pos, 3); ++ } ++ ++ this_char = ((c & 0x0f) << 12) | ((str[pos + 1] & 0x3f) << 6) | (str[pos + 2] & 0x3f); ++ if (this_char < 0x800) { /* non-shortest form */ ++ MB_FAILURE(pos, 3); ++ } else if (this_char >= 0xd800 && this_char <= 0xdfff) { /* surrogate */ ++ MB_FAILURE(pos, 3); ++ } ++ pos += 3; ++ } else if (c < 0xf5) { ++ size_t avail = str_len - pos; ++ ++ if (avail < 4 || ++ !utf8_trail(str[pos + 1]) || !utf8_trail(str[pos + 2]) || ++ !utf8_trail(str[pos + 3])) { ++ if (avail < 2 || utf8_lead(str[pos + 1])) ++ MB_FAILURE(pos, 1); ++ else if (avail < 3 || utf8_lead(str[pos + 2])) ++ MB_FAILURE(pos, 2); ++ else if (avail < 4 || utf8_lead(str[pos + 3])) ++ MB_FAILURE(pos, 3); ++ else ++ MB_FAILURE(pos, 4); ++ } ++ ++ this_char = ((c & 0x07) << 18) | ((str[pos + 1] & 0x3f) << 12) | ((str[pos + 2] & 0x3f) << 6) | (str[pos + 3] & 0x3f); ++ if (this_char < 0x10000 || this_char > 0x10FFFF) { /* non-shortest form or outside range */ ++ MB_FAILURE(pos, 4); ++ } ++ pos += 4; ++ } else { ++ MB_FAILURE(pos, 1); ++ } ++ ++ *cursor = pos; ++ return this_char; ++} ++/* }}} */ ++ ++ + /* {{{ xml_utf8_decode */ + PHPAPI char *xml_utf8_decode(const XML_Char *s, int len, int *newlen, const XML_Char *encoding) + { +- int pos = len; ++ size_t pos = 0; + char *newbuf = emalloc(len + 1); + unsigned int c; + char (*decoder)(unsigned short) = NULL; +@@ -681,36 +782,15 @@ PHPAPI char *xml_utf8_decode(const XML_C + newbuf[*newlen] = '\0'; + return newbuf; + } +- while (pos > 0) { +- c = (unsigned char)(*s); +- if (c >= 0xf0) { /* four bytes encoded, 21 bits */ +- if(pos-4 >= 0) { +- c = ((s[0]&7)<<18) | ((s[1]&63)<<12) | ((s[2]&63)<<6) | (s[3]&63); +- } else { +- c = '?'; +- } +- s += 4; +- pos -= 4; +- } else if (c >= 0xe0) { /* three bytes encoded, 16 bits */ +- if(pos-3 >= 0) { +- c = ((s[0]&63)<<12) | ((s[1]&63)<<6) | (s[2]&63); +- } else { +- c = '?'; +- } +- s += 3; +- pos -= 3; +- } else if (c >= 0xc0) { /* two bytes encoded, 11 bits */ +- if(pos-2 >= 0) { +- c = ((s[0]&63)<<6) | (s[1]&63); +- } else { +- c = '?'; +- } +- s += 2; +- pos -= 2; +- } else { +- s++; +- pos--; ++ ++ while (pos < (size_t)len) { ++ int status = FAILURE; ++ c = php_next_utf8_char((const unsigned char*)s, (size_t) len, &pos, &status); ++ ++ if (status == FAILURE || c > 0xFFU) { ++ c = '?'; + } ++ + newbuf[*newlen] = decoder ? decoder(c) : c; + ++*newlen; + } +Index: b/ext/xml/tests/bug49687.phpt +=================================================================== +--- /dev/null ++++ b/ext/xml/tests/bug49687.phpt +@@ -0,0 +1,24 @@ ++--TEST-- ++Bug #49687 Several utf8_decode deficiencies and vulnerabilities ++--SKIPIF-- ++ ++--FILE-- ++ +Bug: http://bugs.php.net/bug.php?id=52102 +Ubuntu-Bug: https://bugs.edge.launchpad.net/ubuntu/+source/php5/+bug/564920 + +diff -Nur php5-5.3.2/main/streams/plain_wrapper.c php5-5.3.2.new/main/streams/plain_wrapper.c +--- php5-5.3.2/main/streams/plain_wrapper.c 2010-02-23 10:04:29.000000000 -0500 ++++ php5-5.3.2.new/main/streams/plain_wrapper.c 2010-07-14 18:24:13.000000000 -0400 +@@ -627,7 +627,13 @@ + + switch (value) { + case PHP_STREAM_MMAP_SUPPORTED: +- return fd == -1 ? PHP_STREAM_OPTION_RETURN_ERR : PHP_STREAM_OPTION_RETURN_OK; ++ if (fd == -1) ++ return PHP_STREAM_OPTION_RETURN_ERR; ++ /* Don't mmap large files */ ++ do_fstat(data, 1); ++ if (data->sb.st_size > 4 * 1024 * 1024) ++ return PHP_STREAM_OPTION_RETURN_ERR; ++ return PHP_STREAM_OPTION_RETURN_OK; + + case PHP_STREAM_MMAP_MAP_RANGE: + do_fstat(data, 1); --- php5-5.3.2.orig/debian/patches/broken_5.3_test-posix_uname.patch +++ php5-5.3.2/debian/patches/broken_5.3_test-posix_uname.patch @@ -0,0 +1,53 @@ +Author: Sean Finney +Description: Fix two failing tests + * ext/posix/tests/posix_uname.phpt: removed + * ext/posix/tests/posix_uname_basic.phpt: backported fix from upstream. +Bug: http://bugs.php.net/bug.php?id=50982 +Bug-Debian: http://bugs.debian.org/570286 +--- a/ext/posix/tests/posix_uname.phpt ++++ /dev/null +@@ -1,35 +0,0 @@ +---TEST-- +-Test posix_uname() +---DESCRIPTION-- +-Gets information about the system. +-Source code: ext/posix/posix.c +---CREDITS-- +-Falko Menge, mail at falko-menge dot de +-PHP Testfest Berlin 2009-05-10 +---SKIPIF-- +- +---FILE-- +- +-===DONE=== +---EXPECTF-- +-array(5) { +- ["sysname"]=> +- string(%d) "%s" +- ["nodename"]=> +- string(%d) "%s" +- ["release"]=> +- string(%d) "%s" +- ["version"]=> +- string(%d) "%s" +- ["machine"]=> +- string(%d) "%s" +-} +-===DONE=== +--- a/ext/posix/tests/posix_uname_basic.phpt ++++ b/ext/posix/tests/posix_uname_basic.phpt +@@ -25,4 +25,4 @@ Array + [machine] => %s + ) + ===DONE==== +- +\ No newline at end of file ++ --- php5-5.3.2.orig/debian/patches/013-force_getaddrinfo.patch +++ php5-5.3.2/debian/patches/013-force_getaddrinfo.patch @@ -0,0 +1,103 @@ +Description: Always use getaddrinfo + . + The patch should probably be dropped and the configure check verified. +Origin: vendor +Forwarded: no +Last-Update: 2010-01-18 + +--- a/configure.in ++++ b/configure.in +@@ -615,50 +615,50 @@ AC_CACHE_CHECK([for nanosleep], ac_cv_fu + + dnl Check for getaddrinfo, should be a better way, but... + dnl Also check for working getaddrinfo +-AC_CACHE_CHECK([for getaddrinfo], ac_cv_func_getaddrinfo, +-[AC_TRY_LINK([#include ], +- [struct addrinfo *g,h;g=&h;getaddrinfo("","",g,&g);], +- AC_TRY_RUN([ +-#include +-#include +-#ifndef AF_INET +-# include +-#endif +-int main(void) { +- struct addrinfo *ai, *pai, hints; +- +- memset(&hints, 0, sizeof(hints)); +- hints.ai_flags = AI_NUMERICHOST; +- +- if (getaddrinfo("127.0.0.1", 0, &hints, &ai) < 0) { +- exit(1); +- } +- +- if (ai == 0) { +- exit(1); +- } +- +- pai = ai; +- +- while (pai) { +- if (pai->ai_family != AF_INET) { +- /* 127.0.0.1/NUMERICHOST should only resolve ONE way */ +- exit(1); +- } +- if (pai->ai_addr->sa_family != AF_INET) { +- /* 127.0.0.1/NUMERICHOST should only resolve ONE way */ +- exit(1); +- } +- pai = pai->ai_next; +- } +- freeaddrinfo(ai); +- exit(0); +-} +- ],ac_cv_func_getaddrinfo=yes, ac_cv_func_getaddrinfo=no, ac_cv_func_getaddrinfo=no), +-ac_cv_func_getaddrinfo=no)]) +-if test "$ac_cv_func_getaddrinfo" = yes; then ++dnl AC_CACHE_CHECK([for getaddrinfo], ac_cv_func_getaddrinfo, ++dnl [AC_TRY_LINK([#include ], ++dnl [struct addrinfo *g,h;g=&h;getaddrinfo("","",g,&g);], ++dnl AC_TRY_RUN([ ++dnl #include ++dnl #include ++dnl #ifndef AF_INET ++dnl # include ++dnl #endif ++dnl int main(void) { ++dnl struct addrinfo *ai, *pai, hints; ++dnl ++dnl memset(&hints, 0, sizeof(hints)); ++dnl hints.ai_flags = AI_NUMERICHOST; ++dnl ++dnl if (getaddrinfo("127.0.0.1", 0, &hints, &ai) < 0) { ++dnl exit(1); ++dnl } ++dnl ++dnl if (ai == 0) { ++dnl exit(1); ++dnl } ++dnl ++dnl pai = ai; ++dnl ++dnl while (pai) { ++dnl if (pai->ai_family != AF_INET) { ++dnl /* 127.0.0.1/NUMERICHOST should only resolve ONE way */ ++dnl exit(1); ++dnl } ++dnl if (pai->ai_addr->sa_family != AF_INET) { ++dnl /* 127.0.0.1/NUMERICHOST should only resolve ONE way */ ++dnl exit(1); ++dnl } ++dnl pai = pai->ai_next; ++dnl } ++dnl freeaddrinfo(ai); ++dnl exit(0); ++dnl } ++dnl ],ac_cv_func_getaddrinfo=yes, ac_cv_func_getaddrinfo=no, ac_cv_func_getaddrinfo=no), ++dnl ac_cv_func_getaddrinfo=no)]) ++dnl if test "$ac_cv_func_getaddrinfo" = yes; then + AC_DEFINE(HAVE_GETADDRINFO,1,[Define if you have the getaddrinfo function]) +-fi ++dnl fi + + AC_REPLACE_FUNCS(strlcat strlcpy getopt) + AC_FUNC_UTIME_NULL --- php5-5.3.2.orig/debian/patches/deprecate_short_open_tag +++ php5-5.3.2/debian/patches/deprecate_short_open_tag @@ -0,0 +1,36 @@ +--- a/Zend/zend_language_scanner.l ++++ b/Zend/zend_language_scanner.l +@@ -1513,6 +1513,7 @@ NEWLINE ("\r"|"\n"|"\r\n") + + "value.str.val = yytext; /* no copying - intentional */ + zendlval->value.str.len = yyleng; + zendlval->type = IS_STRING; +@@ -1549,6 +1550,7 @@ NEWLINE ("\r"|"\n"|"\r\n") + + "value.str.val = yytext; /* no copying - intentional */ + zendlval->value.str.len = yyleng; + zendlval->type = IS_STRING; +--- a/Zend/zend_language_scanner.c ++++ b/Zend/zend_language_scanner.c +@@ -1019,6 +1019,7 @@ yy6: + #line 1550 "Zend/zend_language_scanner.l" + { + if (CG(short_tags)) { ++ zend_error(E_DEPRECATED, "Usage of short open tag value.str.val = yytext; /* no copying - intentional */ + zendlval->value.str.len = yyleng; + zendlval->type = IS_STRING; +@@ -1298,6 +1299,7 @@ yy45: + #line 1514 "Zend/zend_language_scanner.l" + { + if (CG(short_tags)) { ++ zend_error(E_DEPRECATED, "Usage of short open tag value.str.val = yytext; /* no copying - intentional */ + zendlval->value.str.len = yyleng; + zendlval->type = IS_STRING; --- php5-5.3.2.orig/debian/patches/php5-CVE-2010-3436-regression.patch +++ php5-5.3.2/debian/patches/php5-CVE-2010-3436-regression.patch @@ -0,0 +1,32 @@ +Subject: fix regression introduced by fix for CVE-2010-3436 +Origin: http://svn.php.net/viewvc?view=revision&revision=305698 +Bug: http://bugs.php.net/bug.php?id=53352 +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/701896 + +--- + main/fopen_wrappers.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +Index: b/main/fopen_wrappers.c +=================================================================== +--- a/main/fopen_wrappers.c ++++ b/main/fopen_wrappers.c +@@ -223,6 +223,9 @@ PHPAPI int php_check_specific_open_based + resolved_basedir[resolved_basedir_len] = PHP_DIR_SEPARATOR; + resolved_basedir[++resolved_basedir_len] = '\0'; + } ++ } else { ++ resolved_basedir[resolved_basedir_len++] = PHP_DIR_SEPARATOR; ++ resolved_basedir[resolved_basedir_len] = '\0'; + } + + resolved_name_len = strlen(resolved_name); +@@ -240,7 +243,7 @@ PHPAPI int php_check_specific_open_based + if (strncmp(resolved_basedir, resolved_name, resolved_basedir_len) == 0) { + #endif + if (resolved_name_len > resolved_basedir_len && +- resolved_name[resolved_basedir_len] != PHP_DIR_SEPARATOR) { ++ resolved_name[resolved_basedir_len - 1] != PHP_DIR_SEPARATOR) { + return -1; + } else { + /* File is in the right directory */ --- php5-5.3.2.orig/debian/patches/CVE-2010-1917.patch +++ php5-5.3.2/debian/patches/CVE-2010-1917.patch @@ -0,0 +1,17 @@ +Description: fix denial of service via fnmatch stack consumption +Origin: upstream, http://svn.php.net/viewvc?view=revision&revision=298881 + +diff -Nur php5-5.3.2/ext/standard/file.c php5-5.3.2.new/ext/standard/file.c +--- php5-5.3.2/ext/standard/file.c 2010-02-11 13:03:57.000000000 -0500 ++++ php5-5.3.2.new/ext/standard/file.c 2010-09-14 10:55:01.000000000 -0400 +@@ -2521,6 +2506,10 @@ + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Filename exceeds the maximum allowed length of %d characters", MAXPATHLEN); + RETURN_FALSE; + } ++ if (pattern_len >= MAXPATHLEN) { ++ php_error_docref(NULL TSRMLS_CC, E_WARNING, "Pattern exceeds the maximum allowed length of %d characters", MAXPATHLEN); ++ RETURN_FALSE; ++ } + + RETURN_BOOL( ! fnmatch( pattern, filename, flags )); + } --- php5-5.3.2.orig/debian/patches/044-strtod_arm_fix.patch +++ php5-5.3.2/debian/patches/044-strtod_arm_fix.patch @@ -0,0 +1,54 @@ +--- pkg-php.orig/Zend/zend_strtod.c ++++ pkg-php/Zend/zend_strtod.c +@@ -152,14 +152,25 @@ typedef unsigned long int uint32_t; + #define IEEE_LITTLE_ENDIAN + #endif + +-#if defined(__arm__) && !defined(__VFP_FP__) +-/* +- * * Although the CPU is little endian the FP has different +- * * byte and word endianness. The byte order is still little endian +- * * but the word order is big endian. +- * */ +-#define IEEE_BIG_ENDIAN ++#if defined(__arm__) || defined(__thumb__) ++/* ARM traditionally used big-endian words; and within those words the ++ byte ordering was big or little endian depending upon the target. ++ Modern floating-point formats are naturally ordered; in this case ++ __VFP_FP__ will be defined, even if soft-float. */ + #undef IEEE_LITTLE_ENDIAN ++#undef IEEE_BIG_ENDIAN ++#if defined(__VFP_FP__) || defined(__MAVERICK__) ++# ifdef __ARMEL__ ++# define IEEE_LITTLE_ENDIAN ++# else ++# define IEEE_BIG_ENDIAN ++# endif ++#else ++# define IEEE_BIG_ENDIAN ++# ifdef __ARMEL__ ++# define IEEE_BYTES_LITTLE_ENDIAN ++# endif ++#endif + #endif + + #ifdef __vax__ +@@ -266,8 +277,7 @@ BEGIN_EXTERN_C() + + #if defined(IEEE_LITTLE_ENDIAN) + defined(IEEE_BIG_ENDIAN) + defined(VAX) + \ + defined(IBM) != 1 +- Exactly one of IEEE_LITTLE_ENDIAN IEEE_BIG_ENDIAN, VAX, or +- IBM should be defined. ++#error "Exactly one of IEEE_LITTLE_ENDIAN IEEE_BIG_ENDIAN, VAX, or IBM should be defined." + #endif + + typedef union { +@@ -287,7 +297,7 @@ BEGIN_EXTERN_C() + * An alternative that might be better on some machines is + * #define Storeinc(a,b,c) (*a++ = b << 16 | c & 0xffff) + */ +-#if defined(IEEE_LITTLE_ENDIAN) + defined(VAX) + defined(__arm__) ++#if defined(IEEE_LITTLE_ENDIAN) + defined(VAX) + defined(IEEE_BYTES_LITTLE_ENDIAN) + #define Storeinc(a,b,c) (((unsigned short *)a)[1] = (unsigned short)b, \ + ((unsigned short *)a)[0] = (unsigned short)c, a++) + #else --- php5-5.3.2.orig/debian/patches/CVE-2010-2094.patch +++ php5-5.3.2/debian/patches/CVE-2010-2094.patch @@ -0,0 +1,92 @@ +Description: fix arbitrary memory disclosure and possible code + execution via phar extension +Origin: upstream, http://svn.php.net/viewvc?view=revision&revision=298667 +Origin: upstream, http://svn.php.net/viewvc?view=revision&revision=302565 + +diff -Nur php5-5.3.2/ext/phar/dirstream.c php5-5.3.2.new/ext/phar/dirstream.c +--- php5-5.3.2/ext/phar/dirstream.c 2009-07-24 19:53:24.000000000 -0400 ++++ php5-5.3.2.new/ext/phar/dirstream.c 2010-09-14 10:55:48.000000000 -0400 +@@ -360,7 +360,7 @@ + + if (FAILURE == phar_get_archive(&phar, resource->host, host_len, NULL, 0, &error TSRMLS_CC)) { + if (error) { +- php_stream_wrapper_log_error(wrapper, options TSRMLS_CC, error); ++ php_stream_wrapper_log_error(wrapper, options TSRMLS_CC, "%s", error); + efree(error); + } else { + php_stream_wrapper_log_error(wrapper, options TSRMLS_CC, "phar file \"%s\" is unknown", resource->host); +diff -Nur php5-5.3.2/ext/phar/stream.c php5-5.3.2.new/ext/phar/stream.c +--- php5-5.3.2/ext/phar/stream.c 2009-07-25 21:24:12.000000000 -0400 ++++ php5-5.3.2.new/ext/phar/stream.c 2010-09-14 10:55:53.000000000 -0400 +@@ -117,7 +117,7 @@ + { + if (error) { + if (!(options & PHP_STREAM_URL_STAT_QUIET)) { +- php_stream_wrapper_log_error(wrapper, options TSRMLS_CC, error); ++ php_stream_wrapper_log_error(wrapper, options TSRMLS_CC, "%s", error); + } + efree(error); + } +@@ -128,7 +128,7 @@ + if (error) { + spprintf(&error, 0, "Cannot open cached phar '%s' as writeable, copy on write failed", resource->host); + if (!(options & PHP_STREAM_URL_STAT_QUIET)) { +- php_stream_wrapper_log_error(wrapper, options TSRMLS_CC, error); ++ php_stream_wrapper_log_error(wrapper, options TSRMLS_CC, "%s", error); + } + efree(error); + } +@@ -140,7 +140,7 @@ + { + if (error) { + if (!(options & PHP_STREAM_URL_STAT_QUIET)) { +- php_stream_wrapper_log_error(wrapper, options TSRMLS_CC, error); ++ php_stream_wrapper_log_error(wrapper, options TSRMLS_CC, "%s", error); + } + efree(error); + } +@@ -192,7 +192,7 @@ + if (mode[0] == 'w' || (mode[0] == 'r' && mode[1] == '+')) { + if (NULL == (idata = phar_get_or_create_entry_data(resource->host, host_len, internal_file, strlen(internal_file), mode, 0, &error, 1 TSRMLS_CC))) { + if (error) { +- php_stream_wrapper_log_error(wrapper, options TSRMLS_CC, error); ++ php_stream_wrapper_log_error(wrapper, options TSRMLS_CC, "%s", error); + efree(error); + } else { + php_stream_wrapper_log_error(wrapper, options TSRMLS_CC, "phar error: file \"%s\" could not be created in phar \"%s\"", internal_file, resource->host); +@@ -297,7 +297,7 @@ + if ((FAILURE == phar_get_entry_data(&idata, resource->host, host_len, internal_file, strlen(internal_file), "r", 0, &error, 0 TSRMLS_CC)) || !idata) { + idata_error: + if (error) { +- php_stream_wrapper_log_error(wrapper, options TSRMLS_CC, error); ++ php_stream_wrapper_log_error(wrapper, options TSRMLS_CC, "%s", error); + efree(error); + } else { + php_stream_wrapper_log_error(wrapper, options TSRMLS_CC, "phar error: \"%s\" is not a file in phar \"%s\"", internal_file, resource->host); +@@ -320,7 +320,7 @@ + + /* check length, crc32 */ + if (!idata->internal_file->is_crc_checked && phar_postprocess_file(idata, idata->internal_file->crc32, &error, 2 TSRMLS_CC) != SUCCESS) { +- php_stream_wrapper_log_error(wrapper, options TSRMLS_CC, error); ++ php_stream_wrapper_log_error(wrapper, options TSRMLS_CC, "%s", error); + efree(error); + phar_entry_delref(idata TSRMLS_CC); + efree(internal_file); +@@ -470,7 +470,7 @@ + if (stream->mode[0] == 'w' || (stream->mode[0] == 'r' && stream->mode[1] == '+')) { + ret = phar_flush(((phar_entry_data *)stream->abstract)->phar, 0, 0, 0, &error TSRMLS_CC); + if (error) { +- php_stream_wrapper_log_error(stream->wrapper, REPORT_ERRORS TSRMLS_CC, error); ++ php_stream_wrapper_log_error(stream->wrapper, REPORT_ERRORS TSRMLS_CC, "%s", error); + efree(error); + } + return ret; +@@ -761,7 +761,7 @@ + efree(internal_file); + phar_entry_remove(idata, &error TSRMLS_CC); + if (error) { +- php_stream_wrapper_log_error(wrapper, options TSRMLS_CC, error); ++ php_stream_wrapper_log_error(wrapper, options TSRMLS_CC, "%s", error); + efree(error); + } + return 1; --- php5-5.3.2.orig/debian/patches/zend_int_overflow.patch +++ php5-5.3.2/debian/patches/zend_int_overflow.patch @@ -0,0 +1,110 @@ +Author: Sean Finney +Description: Another integer overflow/underflow logic fix. + Once again, don't rely on undefined behavior and instead detect + the overflow/underflow conditions intelligently. +Bug: http://bugs.php.net/bug.php?id=51008 +Bug-Debian: http://bugs.debian.org/570144 +--- php.orig/Zend/zend_hash.h ++++ php/Zend/zend_hash.h +@@ -306,9 +306,11 @@ END_EXTERN_C() + + #define ZEND_HANDLE_NUMERIC(key, length, func) do { \ + register const char *tmp = key; \ ++ int negative = 0; \ + \ + if (*tmp == '-') { \ + tmp++; \ ++ negative = 1; \ + } \ + if (*tmp >= '0' && *tmp <= '9') { /* possibly a numeric index */ \ + const char *end = key + length - 1; \ +@@ -322,19 +324,19 @@ END_EXTERN_C() + *tmp > '2')) { /* overflow */ \ + break; \ + } \ +- idx = (*tmp - '0'); \ ++ idx = ((negative)?-1:1) * (*tmp - '0'); \ + while (++tmp != end && *tmp >= '0' && *tmp <= '9') { \ +- idx = (idx * 10) + (*tmp - '0'); \ ++ int digit = (*tmp - '0'); \ ++ if ( (!negative) && idx <= (LONG_MAX-digit)/10 ) { \ ++ idx = (idx * 10) + digit; \ ++ } else if ( (negative) && idx >= (LONG_MIN+digit)/10 ) { \ ++ idx = (idx * 10) - digit; \ ++ } else { \ ++ --tmp; /* overflow or underflow, make sure tmp != end */ \ ++ break; \ ++ } \ + } \ + if (tmp == end) { \ +- if (*key == '-') { \ +- idx = -idx; \ +- if (idx > 0) { /* overflow */ \ +- break; \ +- } \ +- } else if (idx < 0) { /* overflow */ \ +- break; \ +- } \ + return func; \ + } \ + } \ +--- php.orig/Zend/tests/bug45877.phpt ++++ php/Zend/tests/bug45877.phpt +@@ -1,23 +1,40 @@ + --TEST-- + Bug #45877 (Array key '2147483647' left as string) +---INI-- +-precision=20 + --FILE-- + +---EXPECTF-- +-array(3) { +- [%d7]=> +- int(1) +- [-%d8]=> +- int(1) +- ["%d8"]=> +- int(1) ++function test_value($val, $msg) { ++ $a = array($val => 1); ++ $keys = array_keys($a); ++ if ($val == $keys[0]) $result = "ok"; ++ else $result = "failed ($val != $keys[0])"; ++ echo "$msg: $result\n"; + } ++ ++test_value($max, "max"); ++test_value($overflow, "overflow"); ++test_value($min, "min"); ++test_value($underflow, "underflow"); ++ ++?> ++--EXPECT-- ++max: ok ++overflow: ok ++min: ok ++underflow: ok --- php5-5.3.2.orig/debian/patches/php5-pear-CVE-2011-1072.patch +++ php5-5.3.2/debian/patches/php5-pear-CVE-2011-1072.patch @@ -0,0 +1,713 @@ +Subject: Fixed Bug #18056 [SECURITY]: Symlink attack in PEAR install [dufuz] +Origin: http://svn.php.net/viewvc?view=revision&revision=308687 + +This feature is implemented as a result of the above fix +* Implemented Request #16648: Use TMPDIR for builds instead of /var/tmp [dufuz] + +CVE-2011-1072 + +This patch differs from the upstream commit in that the packages.xml +and packages2.xml edits containing only information about the commits +were removed to reduce conflicts. + +Index: PEAR/PackageFile.php +=================================================================== +--- PEAR/PackageFile.php (revision 308686) ++++ PEAR/PackageFile.php (revision 308687) +@@ -46,11 +46,7 @@ + */ + var $_config; + var $_debug; +- /** +- * Temp directory for uncompressing tgz files. +- * @var string|false +- */ +- var $_tmpdir; ++ + var $_logger = false; + /** + * @var boolean +@@ -58,17 +54,23 @@ + var $_rawReturn = false; + + /** ++ * helper for extracting Archive_Tar errors ++ * @var array ++ * @access private ++ */ ++ var $_extractErrors = array(); ++ ++ /** + * + * @param PEAR_Config $config + * @param ? $debug + * @param string @tmpdir Optional temporary directory for uncompressing + * files + */ +- function PEAR_PackageFile(&$config, $debug = false, $tmpdir = false) ++ function PEAR_PackageFile(&$config, $debug = false) + { + $this->_config = $config; + $this->_debug = $debug; +- $this->_tmpdir = $tmpdir; + } + + /** +@@ -349,20 +351,17 @@ + } + } + +- if ($this->_tmpdir) { +- $tmpdir = $this->_tmpdir; +- } else { +- $tmpdir = System::mkTemp(array('-t', $this->_config->get('temp_dir'), '-d', 'pear')); +- if ($tmpdir === false) { +- $ret = PEAR::raiseError("there was a problem with getting the configured temp directory"); +- return $ret; +- } +- +- PEAR_PackageFile::addTempFile($tmpdir); ++ $tmpdir = System::mktemp('-t ' . $this->_config->get('temp_dir') . ' -d pear'); ++ if ($tmpdir === false) { ++ $ret = PEAR::raiseError("there was a problem with getting the configured temp directory"); ++ return $ret; + } + ++ PEAR_PackageFile::addTempFile($tmpdir); ++ + $this->_extractErrors(); + PEAR::staticPushErrorHandling(PEAR_ERROR_CALLBACK, array($this, '_extractErrors')); ++ + if (!$xml || !$tar->extractList(array($xml), $tmpdir)) { + $extra = implode("\n", $this->_extractErrors()); + if ($extra) { +@@ -381,13 +380,6 @@ + } + + /** +- * helper for extracting Archive_Tar errors +- * @var array +- * @access private +- */ +- var $_extractErrors = array(); +- +- /** + * helper callback for extracting Archive_Tar errors + * + * @param PEAR_Error|null $err +Index: PEAR/Installer.php +=================================================================== +--- PEAR/Installer.php (revision 308686) ++++ PEAR/Installer.php (revision 308687) +@@ -1036,25 +1036,10 @@ + // }}} + // {{{ _parsePackageXml() + +- function _parsePackageXml(&$descfile, &$tmpdir) ++ function _parsePackageXml(&$descfile) + { +- if (substr($descfile, -4) == '.xml') { +- $tmpdir = false; +- } else { +- // {{{ Decompress pack in tmp dir ------------------------------------- +- +- // To allow relative package file names +- $descfile = realpath($descfile); +- +- if (PEAR::isError($tmpdir = System::mktemp('-d'))) { +- return $tmpdir; +- } +- $this->log(3, '+ tmp dir created at ' . $tmpdir); +- // }}} +- } +- + // Parse xml file ----------------------------------------------- +- $pkg = new PEAR_PackageFile($this->config, $this->debug, $tmpdir); ++ $pkg = new PEAR_PackageFile($this->config, $this->debug); + PEAR::staticPushErrorHandling(PEAR_ERROR_RETURN); + $p = &$pkg->fromAnyFile($descfile, PEAR_VALIDATE_INSTALLING); + PEAR::staticPopErrorHandling(); +@@ -1135,17 +1120,20 @@ + $pkg = $pkgfile->getPackageFile(); + $pkgfile = $pkg->getArchiveFile(); + $descfile = $pkg->getPackageFile(); +- $tmpdir = dirname($descfile); + } else { + $descfile = $pkgfile; +- $tmpdir = ''; +- $pkg = $this->_parsePackageXml($descfile, $tmpdir); ++ $pkg = $this->_parsePackageXml($descfile); + if (PEAR::isError($pkg)) { + return $pkg; + } + } + ++ $tmpdir = dirname($descfile); + if (realpath($descfile) != realpath($pkgfile)) { ++ // Use the temp_dir since $descfile can contain the download dir path ++ $tmpdir = $this->config->get('temp_dir', null, 'pear.php.net'); ++ $tmpdir = System::mktemp("-d -t $tmpdir"); ++ + $tar = new Archive_Tar($pkgfile); + if (!$tar->extract($tmpdir)) { + return $this->raiseError("unable to unpack $pkgfile"); +@@ -1373,9 +1361,8 @@ + } + } + +- $tmp_path = dirname($descfile); + if (substr($pkgfile, -4) != '.xml') { +- $tmp_path .= DIRECTORY_SEPARATOR . $pkgname . '-' . $pkg->getVersion(); ++ $tmpdir .= DIRECTORY_SEPARATOR . $pkgname . '-' . $pkg->getVersion(); + } + + $this->configSet('default_channel', $channel); +@@ -1401,9 +1388,9 @@ + foreach ($filelist as $file => $atts) { + $this->expectError(PEAR_INSTALLER_FAILED); + if ($pkg->getPackagexmlVersion() == '1.0') { +- $res = $this->_installFile($file, $atts, $tmp_path, $options); ++ $res = $this->_installFile($file, $atts, $tmpdir, $options); + } else { +- $res = $this->_installFile2($pkg, $file, $atts, $tmp_path, $options); ++ $res = $this->_installFile2($pkg, $file, $atts, $tmpdir, $options); + } + $this->popExpect(); + +Index: PEAR/Downloader.php +=================================================================== +--- PEAR/Downloader.php (revision 308686) ++++ PEAR/Downloader.php (revision 308687) +@@ -189,7 +189,8 @@ + require_once 'System.php'; + } + +- $tmp = System::mktemp(array('-d')); ++ $tmpdir = $this->config->get('temp_dir'); ++ $tmp = System::mktemp("-d -t $tmpdir"); + $a = $this->downloadHttp('http://' . $channel . '/channel.xml', $this->ui, $tmp, $callback, false); + PEAR::popErrorHandling(); + if (PEAR::isError($a)) { +@@ -493,14 +494,13 @@ + */ + function analyzeDependencies(&$params, $force = false) + { +- $hasfailed = $failed = false; + if (isset($this->_options['downloadonly'])) { + return; + } + + PEAR::staticPushErrorHandling(PEAR_ERROR_RETURN); + $redo = true; +- $reset = false; ++ $reset = $hasfailed = $failed = false; + while ($redo) { + $redo = false; + foreach ($params as $i => $param) { +@@ -698,6 +698,7 @@ + } + } + } ++ + PEAR::staticPopErrorHandling(); + if ($hasfailed && (isset($this->_options['ignore-errors']) || + isset($this->_options['nodeps']))) { +@@ -718,6 +719,7 @@ + if (isset($this->_downloadDir)) { + return $this->_downloadDir; + } ++ + $downloaddir = $this->config->get('download_dir'); + if (empty($downloaddir) || (is_dir($downloaddir) && !is_writable($downloaddir))) { + if (is_dir($downloaddir) && !is_writable($downloaddir)) { +@@ -725,14 +727,17 @@ + '" is not writeable. Change download_dir config variable to ' . + 'a writeable dir to avoid this warning'); + } ++ + if (!class_exists('System')) { + require_once 'System.php'; + } ++ + if (PEAR::isError($downloaddir = System::mktemp('-d'))) { + return $downloaddir; + } + $this->log(3, '+ tmp dir created at ' . $downloaddir); + } ++ + if (!is_writable($downloaddir)) { + if (PEAR::isError(System::mkdir(array('-p', $downloaddir))) || + !is_writable($downloaddir)) { +@@ -741,6 +746,7 @@ + 'a writeable dir'); + } + } ++ + return $this->_downloadDir = $downloaddir; + } + +@@ -771,27 +777,11 @@ + $this->_options = $options; + } + +- // }}} +- // {{{ setOptions() + function getOptions() + { + return $this->_options; + } + +- /** +- * For simpler unit-testing +- * @param PEAR_Config +- * @param int +- * @param string +- */ +- function &getPackagefileObject(&$c, $d, $t = false) +- { +- if (!class_exists('PEAR_PackageFile')) { +- require_once 'PEAR/PackageFile.php'; +- } +- $a = &new PEAR_PackageFile($c, $d, $t); +- return $a; +- } + + /** + * @param array output of {@link parsePackageName()} +@@ -1000,9 +990,20 @@ + } + return $info; + } elseif ($chan->supportsREST($this->config->get('preferred_mirror')) +- && $base = $chan->getBaseURL('REST1.0', $this->config->get('preferred_mirror')) ++ && ++ ( ++ ($base2 = $chan->getBaseURL('REST1.3', $this->config->get('preferred_mirror'))) ++ || ++ ($base = $chan->getBaseURL('REST1.0', $this->config->get('preferred_mirror'))) ++ ) + ) { +- $rest = &$this->config->getREST('1.0', $this->_options); ++ if ($base2) { ++ $base = $base2; ++ $rest = &$this->config->getREST('1.3', $this->_options); ++ } else { ++ $rest = &$this->config->getREST('1.0', $this->_options); ++ } ++ + $url = $rest->getDepDownloadURL($base, $xsdversion, $dep, $parr, + $state, $version, $chan->getName()); + if (PEAR::isError($url)) { +@@ -1707,6 +1708,10 @@ + } + + $dest_file = $save_dir . DIRECTORY_SEPARATOR . $save_as; ++ if (is_link($dest_file)) { ++ return PEAR::raiseError('SECURITY ERROR: Will not write to ' . $dest_file . ' as it is symlinked to ' . readlink($dest_file) . ' - Possible symlink attack'); ++ } ++ + if (!$wp = @fopen($dest_file, 'wb')) { + fclose($fp); + if ($callback) { +@@ -1758,5 +1763,4 @@ + } + return $dest_file; + } +-} +-// }}} +\ No newline at end of file ++} +\ No newline at end of file +Index: PEAR/Downloader/Package.php +=================================================================== +--- PEAR/Downloader/Package.php (revision 308686) ++++ PEAR/Downloader/Package.php (revision 308687) +@@ -1376,6 +1376,8 @@ + continue; + } + ++ // FIXME do symlink check ++ + fwrite($fp, $filecontents, strlen($filecontents)); + fclose($fp); + if ($s = $params[$i]->explicitState()) { +@@ -1497,13 +1499,12 @@ + * @param int + * @param string + */ +- function &getPackagefileObject(&$c, $d, $t = false) ++ function &getPackagefileObject(&$c, $d) + { +- $a = &new PEAR_PackageFile($c, $d, $t); ++ $a = &new PEAR_PackageFile($c, $d); + return $a; + } + +- + /** + * This will retrieve from a local file if possible, and parse out + * a group name as well. The original parameter will be modified to reflect this. +@@ -1527,16 +1528,7 @@ + if (@is_file($param)) { + $this->_type = 'local'; + $options = $this->_downloader->getOptions(); +- if (isset($options['downloadonly'])) { +- $pkg = &$this->getPackagefileObject($this->_config, +- $this->_downloader->_debug); +- } else { +- if (PEAR::isError($dir = $this->_downloader->getDownloadDir())) { +- return $dir; +- } +- $pkg = &$this->getPackagefileObject($this->_config, +- $this->_downloader->_debug, $dir); +- } ++ $pkg = &$this->getPackagefileObject($this->_config, $this->_downloader->_debug); + PEAR::pushErrorHandling(PEAR_ERROR_RETURN); + $pf = &$pkg->fromAnyFile($param, PEAR_VALIDATE_INSTALLING); + PEAR::popErrorHandling(); +@@ -1608,15 +1600,7 @@ + } + + // whew, download worked! +- if (isset($options['downloadonly'])) { +- $pkg = &$this->getPackagefileObject($this->_config, $this->_downloader->debug); +- } else { +- $dir = $this->_downloader->getDownloadDir(); +- if (PEAR::isError($dir)) { +- return $dir; +- } +- $pkg = &$this->getPackagefileObject($this->_config, $this->_downloader->debug, $dir); +- } ++ $pkg = &$this->getPackagefileObject($this->_config, $this->_downloader->debug); + + PEAR::pushErrorHandling(PEAR_ERROR_RETURN); + $pf = &$pkg->fromAnyFile($file, PEAR_VALIDATE_INSTALLING); +Index: PEAR/REST.php +=================================================================== +--- PEAR/REST.php (revision 308686) ++++ PEAR/REST.php (revision 308687) +@@ -100,7 +100,10 @@ + $ret = $this->getCache($url); + if (!PEAR::isError($ret) && $trieddownload) { + // reset the age of the cache if the server says it was unmodified +- $this->saveCache($url, $ret, null, true, $cacheId); ++ $result = $this->saveCache($url, $ret, null, true, $cacheId); ++ if (PEAR::isError($result)) { ++ return PEAR::raiseErro($result->getMessage()); ++ } + } + + return $ret; +@@ -117,7 +120,11 @@ + } + + if ($forcestring) { +- $this->saveCache($url, $content, $lastmodified, false, $cacheId); ++ $result = $this->saveCache($url, $content, $lastmodified, false, $cacheId); ++ if (PEAR::isError($result)) { ++ return PEAR::raiseErro($result->getMessage()); ++ } ++ + return $content; + } + +@@ -153,7 +160,11 @@ + $content = $parser->getData(); + } + +- $this->saveCache($url, $content, $lastmodified, false, $cacheId); ++ $result = $this->saveCache($url, $content, $lastmodified, false, $cacheId); ++ if (PEAR::isError($result)) { ++ return PEAR::raiseErro($result->getMessage()); ++ } ++ + return $content; + } + +@@ -212,57 +223,65 @@ + */ + function saveCache($url, $contents, $lastmodified, $nochange = false, $cacheid = null) + { +- $cachedir = $this->config->get('cache_dir') . DIRECTORY_SEPARATOR . md5($url); +- $cacheidfile = $cachedir . 'rest.cacheid'; +- $cachefile = $cachedir . 'rest.cachefile'; ++ $cache_dir = $this->config->get('cache_dir'); ++ $d = $cache_dir . DIRECTORY_SEPARATOR . md5($url); ++ $cacheidfile = $d . 'rest.cacheid'; ++ $cachefile = $d . 'rest.cachefile'; + + if ($cacheid === null && $nochange) { + $cacheid = unserialize(implode('', file($cacheidfile))); + } + +- $fp = @fopen($cacheidfile, 'wb'); +- if (!$fp) { +- $cache_dir = $this->config->get('cache_dir'); ++ if (is_link($cacheidfile)) { ++ return PEAR::raiseError('SECURITY ERROR: Will not write to ' . $cacheidfile . ' as it is symlinked to ' . readlink($cacheidfile) . ' - Possible symlink attack'); ++ } ++ ++ if (is_link($cachefile)) { ++ return PEAR::raiseError('SECURITY ERROR: Will not write to ' . $cacheidfile . ' as it is symlinked to ' . readlink($cacheidfile) . ' - Possible symlink attack'); ++ } ++ ++ $cacheidfile_fp = @fopen($cacheidfile, 'wb'); ++ if (!$cacheidfile_fp) { + if (is_dir($cache_dir)) { +- return false; ++ return PEAR::raiseError("The value of config option cache_dir ($cache_dir) is not a directory. "); + } + + System::mkdir(array('-p', $cache_dir)); +- $fp = @fopen($cacheidfile, 'wb'); +- if (!$fp) { +- return false; ++ $cacheidfile_fp = @fopen($cacheidfile, 'wb'); ++ if (!$cacheidfile_fp) { ++ return PEAR::raiseError("Could not open $cacheidfile for writing."); + } + } + + if ($nochange) { +- fwrite($fp, serialize(array( ++ fwrite($cacheidfile_fp, serialize(array( + 'age' => time(), + 'lastChange' => $cacheid['lastChange'], + )) + ); + +- fclose($fp); ++ fclose($cacheidfile_fp); + return true; + } + +- fwrite($fp, serialize(array( ++ fwrite($cacheidfile_fp, serialize(array( + 'age' => time(), + 'lastChange' => $lastmodified, + )) + ); ++ fclose($cacheidfile_fp); + +- fclose($fp); +- $fp = @fopen($cachefile, 'wb'); +- if (!$fp) { ++ $cachefile_fp = @fopen($cachefile, 'wb'); ++ if (!$cachefile_fp) { + if (file_exists($cacheidfile)) { + @unlink($cacheidfile); + } + +- return false; ++ return PEAR::raiseError("Could not open $cacheidfile for writing."); + } + +- fwrite($fp, serialize($contents)); +- fclose($fp); ++ fwrite($cachefile_fp, serialize($contents)); ++ fclose($cachefile_fp); + return true; + } + +Index: PEAR/Builder.php +=================================================================== +--- PEAR/Builder.php (revision 308686) ++++ PEAR/Builder.php (revision 308687) +@@ -220,7 +220,7 @@ + /** + * Build an extension from source. Runs "phpize" in the source + * directory, but compiles in a temporary directory +- * (/var/tmp/pear-build-USER/PACKAGE-VERSION). ++ * (TMPDIR/pear-build-USER/PACKAGE-VERSION). + * + * @param string|PEAR_PackageFile_v* $descfile path to XML package description file, or + * a PEAR_PackageFile object +@@ -250,6 +250,7 @@ + ' appears to have a prefix ' . $matches[2] . ', but' . + ' config variable php_prefix does not match'); + } ++ + if (isset($matches[3]) && strlen($matches[3]) && + trim($matches[3]) != trim($this->config->get('php_suffix'))) { + $this->log(0, 'WARNING: php_bin ' . $this->config->get('php_bin') . +@@ -258,14 +259,15 @@ + } + } + +- + $this->current_callback = $callback; + if (PEAR_OS == "Windows") { + return $this->_build_win32($descfile, $callback); + } ++ + if (PEAR_OS != 'Unix') { + return $this->raiseError("building extensions not supported on this platform"); + } ++ + if (is_object($descfile)) { + $pkg = $descfile; + $descfile = $pkg->getPackageFile(); +@@ -284,14 +286,17 @@ + } + $dir = dirname($descfile); + } ++ + $old_cwd = getcwd(); + if (!file_exists($dir) || !is_dir($dir) || !chdir($dir)) { + return $this->raiseError("could not chdir to $dir"); + } ++ + $vdir = $pkg->getPackage() . '-' . $pkg->getVersion(); + if (is_dir($vdir)) { + chdir($vdir); + } ++ + $dir = getcwd(); + $this->log(2, "building in $dir"); + putenv('PATH=' . $this->config->get('bin_dir') . ':' . getenv('PATH')); +@@ -302,6 +307,7 @@ + if (PEAR::isError($err)) { + return $err; + } ++ + if (!$err) { + return $this->raiseError("`phpize' failed"); + } +@@ -327,30 +333,31 @@ + // }}} end of interactive part + + // FIXME make configurable +- if(!$user=getenv('USER')){ ++ if (!$user=getenv('USER')) { + $user='defaultuser'; + } +- $build_basedir = "/var/tmp/pear-build-$user"; ++ ++ $tmpdir = $this->config->get('temp_dir'); ++ $build_basedir = System::mktemp(" -t $tmpdir -d pear-build-$user"); + $build_dir = "$build_basedir/$vdir"; + $inst_dir = "$build_basedir/install-$vdir"; + $this->log(1, "building in $build_dir"); + if (is_dir($build_dir)) { + System::rm(array('-rf', $build_dir)); + } ++ + if (!System::mkDir(array('-p', $build_dir))) { + return $this->raiseError("could not create build dir: $build_dir"); + } ++ + $this->addTempFile($build_dir); + if (!System::mkDir(array('-p', $inst_dir))) { + return $this->raiseError("could not create temporary install dir: $inst_dir"); + } + $this->addTempFile($inst_dir); + +- if (getenv('MAKE')) { +- $make_command = getenv('MAKE'); +- } else { +- $make_command = 'make'; +- } ++ $make_command = getenv('MAKE') ? getenv('MAKE') : 'make'; ++ + $to_run = array( + $configure_command, + $make_command, +Index: PEAR/Command/Remote.php +=================================================================== +--- PEAR/Command/Remote.php (revision 308686) ++++ PEAR/Command/Remote.php (revision 308687) +@@ -144,7 +144,7 @@ + 'shortcut' => 'cc', + 'options' => array(), + 'doc' => ' +-Clear the XML-RPC/REST cache. See also the cache_ttl configuration ++Clear the REST cache. See also the cache_ttl configuration + parameter. + ', + ), +@@ -776,6 +776,7 @@ + if ($verbose >= 1) { + $output .= "reading directory $cache_dir\n"; + } ++ + $num = 0; + while ($ent = readdir($dp)) { + if (preg_match('/rest.cache(file|id)\\z/', $ent)) { +Index: PEAR/Command/Package.php +=================================================================== +--- PEAR/Command/Package.php (revision 308686) ++++ PEAR/Command/Package.php (revision 308687) +@@ -314,7 +314,7 @@ + return $a; + } + +- function &getPackageFile($config, $debug = false, $tmpdir = null) ++ function &getPackageFile($config, $debug = false) + { + if (!class_exists('PEAR_Common')) { + require_once 'PEAR/Common.php'; +@@ -322,7 +322,7 @@ + if (!class_exists('PEAR_PackageFile')) { + require_once 'PEAR/PackageFile.php'; + } +- $a = &new PEAR_PackageFile($config, $debug, $tmpdir); ++ $a = &new PEAR_PackageFile($config, $debug); + $common = new PEAR_Common; + $common->ui = $this->ui; + $a->setLogger($common); +@@ -969,7 +969,9 @@ + } + + $tar = new Archive_Tar($params[0]); +- $tmpdir = System::mktemp('-d pearsign'); ++ ++ $tmpdir = $this->config->get('temp_dir'); ++ $tmpdir = System::mktemp(" -t $tmpdir -d pearsign"); + if (!$tar->extractList('package2.xml package.xml package.sig', $tmpdir)) { + return $this->raiseError("failed to extract tar file"); + } +Index: PEAR/Command/Install.php +=================================================================== +--- PEAR/Command/Install.php (revision 308686) ++++ PEAR/Command/Install.php (revision 308687) +@@ -730,7 +730,8 @@ + if ($param->getPackageType() == 'extsrc' || + $param->getPackageType() == 'extbin' || + $param->getPackageType() == 'zendextsrc' || +- $param->getPackageType() == 'zendextbin') { ++ $param->getPackageType() == 'zendextbin' ++ ) { + $pkg = &$param->getPackageFile(); + if ($instbin = $pkg->getInstalledBinary()) { + $instpkg = &$instreg->getPackage($instbin, $pkg->getChannel()); +@@ -741,7 +742,8 @@ + foreach ($instpkg->getFilelist() as $name => $atts) { + $pinfo = pathinfo($atts['installed_as']); + if (!isset($pinfo['extension']) || +- in_array($pinfo['extension'], array('c', 'h'))) { ++ in_array($pinfo['extension'], array('c', 'h')) ++ ) { + continue; // make sure we don't match php_blah.h + } + +Index: PEAR/Command/Pickle.php +=================================================================== +--- PEAR/Command/Pickle.php (revision 308686) ++++ PEAR/Command/Pickle.php (revision 308687) +@@ -104,7 +104,7 @@ + * @param string|null $tmpdir + * @return PEAR_PackageFile + */ +- function &getPackageFile($config, $debug = false, $tmpdir = null) ++ function &getPackageFile($config, $debug = false) + { + if (!class_exists('PEAR_Common')) { + require_once 'PEAR/Common.php'; +@@ -114,7 +114,7 @@ + require_once 'PEAR/PackageFile.php'; + } + +- $a = &new PEAR_PackageFile($config, $debug, $tmpdir); ++ $a = &new PEAR_PackageFile($config, $debug); + $common = new PEAR_Common; + $common->ui = $this->ui; + $a->setLogger($common); --- php5-5.3.2.orig/debian/patches/CVE-2010-0397.patch +++ php5-5.3.2/debian/patches/CVE-2010-0397.patch @@ -0,0 +1,58 @@ +Description: Fix a null pointer dereference when processing invalid + XML-RPC requests. +Origin: vendor +Forwarded: http://bugs.php.net/51288 +Last-Update: 2010-03-12 + +Index: php/ext/xmlrpc/xmlrpc-epi-php.c +=================================================================== +--- php.orig/ext/xmlrpc/xmlrpc-epi-php.c ++++ php/ext/xmlrpc/xmlrpc-epi-php.c +@@ -778,6 +778,7 @@ zval* decode_request_worker(char *xml_in + zval* retval = NULL; + XMLRPC_REQUEST response; + STRUCT_XMLRPC_REQUEST_INPUT_OPTIONS opts = {{0}}; ++ const char *method_name; + opts.xml_elem_opts.encoding = encoding_in ? utf8_get_encoding_id_from_string(encoding_in) : ENCODING_DEFAULT; + + /* generate XMLRPC_REQUEST from raw xml */ +@@ -788,10 +789,16 @@ zval* decode_request_worker(char *xml_in + + if (XMLRPC_RequestGetRequestType(response) == xmlrpc_request_call) { + if (method_name_out) { +- zval_dtor(method_name_out); +- Z_TYPE_P(method_name_out) = IS_STRING; +- Z_STRVAL_P(method_name_out) = estrdup(XMLRPC_RequestGetMethodName(response)); +- Z_STRLEN_P(method_name_out) = strlen(Z_STRVAL_P(method_name_out)); ++ method_name = XMLRPC_RequestGetMethodName(response); ++ if (method_name) { ++ zval_dtor(method_name_out); ++ Z_TYPE_P(method_name_out) = IS_STRING; ++ Z_STRVAL_P(method_name_out) = estrdup(method_name); ++ Z_STRLEN_P(method_name_out) = strlen(Z_STRVAL_P(method_name_out)); ++ } else if (retval) { ++ zval_ptr_dtor(&retval); ++ retval = NULL; ++ } + } + } + +Index: php/ext/xmlrpc/tests/bug51288.phpt +=================================================================== +--- /dev/null ++++ php/ext/xmlrpc/tests/bug51288.phpt +@@ -0,0 +1,14 @@ ++--TEST-- ++Bug #51288 (CVE-2010-0397, NULL pointer deref when no in request) ++--FILE-- ++'; ++var_dump(xmlrpc_decode_request($req, $method)); ++var_dump($method); ++echo "Done\n"; ++?> ++--EXPECT-- ++NULL ++NULL ++Done --- php5-5.3.2.orig/debian/patches/116-posixness_fix.patch +++ php5-5.3.2/debian/patches/116-posixness_fix.patch @@ -0,0 +1,52 @@ +--- a/TSRM/tsrm_config_common.h ++++ b/TSRM/tsrm_config_common.h +@@ -1,6 +1,10 @@ + #ifndef TSRM_CONFIG_COMMON_H + #define TSRM_CONFIG_COMMON_H + ++#ifndef PATH_MAX ++#define PATH_MAX 4096 ++#endif ++ + #ifndef __CYGWIN__ + # if WINNT|WIN32 + # define TSRM_WIN32 +--- a/ext/date/lib/parse_tz.c ++++ b/ext/date/lib/parse_tz.c +@@ -18,6 +18,10 @@ + + /* $Id: parse_tz.c 293036 2010-01-03 09:23:27Z sebastian $ */ + ++#ifndef PATH_MAX ++#define PATH_MAX 4096 ++#endif ++ + #include "timelib.h" + + #include +--- a/ext/standard/proc_open.c ++++ b/ext/standard/proc_open.c +@@ -24,6 +24,10 @@ + # define __EXTENSIONS__ 1 /* Solaris: uint */ + #endif + ++#ifndef PATH_MAX ++#define PATH_MAX 4096 ++#endif ++ + #include "php.h" + #include + #include +--- a/main/php.h ++++ b/main/php.h +@@ -248,6 +248,10 @@ END_EXTERN_C() + /* macros */ + #define STR_PRINT(str) ((str)?(str):"") + ++#ifndef PATH_MAX ++#define PATH_MAX 4096 ++#endif ++ + #ifndef MAXPATHLEN + # ifdef PATH_MAX + # define MAXPATHLEN PATH_MAX --- php5-5.3.2.orig/debian/patches/php5-CVE-2010-4698.patch +++ php5-5.3.2/debian/patches/php5-CVE-2010-4698.patch @@ -0,0 +1,45 @@ +Subject: Fix #53492, fix crash if aa steps are invalid +Origin: http://svn.php.net/viewvc?view=revision&revision=306075 +Bug: http://bugs.php.net/53492 + +Patch also includes +http://svn.php.net/viewvc?view=revision&revision=306236 + + Merge from trunk: + * Fixed parameter check introduced with the recent fix for bug #53492. + * Improved the error message along the way. + +Patch is modified from upstream commits to remove edits to the NEWS +file, to reduce conflicts when patching. + +Index: ext/gd/gd.c +=================================================================== +--- ext/gd/gd.c (revision 306074) ++++ ext/gd/gd.c (revision 306075) +@@ -4228,6 +4228,11 @@ + return; + } + ++ if (aa_steps != 4 || aa_steps != 16) { ++ php_error_docref(NULL TSRMLS_CC, E_WARNING, "AA steps must be 4 or 16"); ++ RETURN_FALSE; ++ } ++ + ZEND_FETCH_RESOURCE(bg_img, gdImagePtr, &img, -1, "Image", le_gd); + ZEND_FETCH_RESOURCE(f_ind, int *, &fnt, -1, "Type 1 font", le_ps_font); + +Index: ext/gd/gd.c +=================================================================== +--- ext/gd/gd.c (revision 306235) ++++ ext/gd/gd.c (revision 306236) +@@ -4228,8 +4228,8 @@ + return; + } + +- if (aa_steps != 4 || aa_steps != 16) { +- php_error_docref(NULL TSRMLS_CC, E_WARNING, "AA steps must be 4 or 16"); ++ if (aa_steps != 4 && aa_steps != 16) { ++ php_error_docref(NULL TSRMLS_CC, E_WARNING, "Antialias steps must be 4 or 16"); + RETURN_FALSE; + } + --- php5-5.3.2.orig/debian/patches/use_embedded_timezonedb_fixes.patch +++ php5-5.3.2/debian/patches/use_embedded_timezonedb_fixes.patch @@ -0,0 +1,64 @@ +Author: Sean Finney +Forwarded: no (upstream doesn't want it) +Description: Silence warnings about using the default system timezone info + In vanilla upstream php, this is considered an error (i.e. the user must + set the timezone explicitly), though with our use of the system timezonedb + patch, we actually feel quite comfortable using the default timezone info. +Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=571762 +--- a/ext/date/php_date.c ++++ b/ext/date/php_date.c +@@ -879,7 +879,7 @@ static char* guess_timezone(const timeli + tzid = "UTC"; + } + +- php_error_docref(NULL TSRMLS_CC, E_WARNING, DATE_TZ_ERRMSG "We selected '%s' for '%s/%.1f/%s' instead", tzid, ta ? ta->tm_zone : "Unknown", ta ? (float) (ta->tm_gmtoff / 3600) : 0, ta ? (ta->tm_isdst ? "DST" : "no DST") : "Unknown"); ++ // php_error_docref(NULL TSRMLS_CC, E_WARNING, DATE_TZ_ERRMSG "We selected '%s' for '%s/%.1f/%s' instead", tzid, ta ? ta->tm_zone : "Unknown", ta ? (float) (ta->tm_gmtoff / 3600) : 0, ta ? (ta->tm_isdst ? "DST" : "no DST") : "Unknown"); + return tzid; + } + #endif +--- a/ext/date/tests/date_default_timezone_get-1.phpt ++++ /dev/null +@@ -1,16 +0,0 @@ +---TEST-- +-date_default_timezone_get() function [1] +---INI-- +-date.timezone= +---FILE-- +- +---EXPECTF-- +-Warning: date_default_timezone_get(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected 'UTC' for 'UTC/0.0/no DST' instead in %sdate_default_timezone_get-1.php on line 3 +-UTC +- +-Warning: date(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected 'UTC' for 'UTC/0.0/no DST' instead in %sdate_default_timezone_get-1.php on line 4 +-UTC +--- a/ext/date/tests/date_default_timezone_get-2.phpt ++++ /dev/null +@@ -1,12 +0,0 @@ +---TEST-- +-date_default_timezone_get() function [2] +---INI-- +-date.timezone= +---FILE-- +- +---EXPECTF-- +-Warning: date_default_timezone_get(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected 'UTC' for 'UTC/0.0/no DST' instead in %sdate_default_timezone_get-2.php on line 3 +-UTC +--- a/ext/date/tests/date_default_timezone_set-1.phpt ++++ b/ext/date/tests/date_default_timezone_set-1.phpt +@@ -18,9 +18,6 @@ date.timezone= + echo date(DATE_ISO8601, $date4), "\n"; + ?> + --EXPECTF-- +-Warning: strtotime(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected 'UTC' for 'UTC/0.0/no DST' instead in %sdate_default_timezone_set-1.php on line 3 +- +-Warning: strtotime(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected 'UTC' for 'UTC/0.0/no DST' instead in %sdate_default_timezone_set-1.php on line 4 + America/Indiana/Knox + 2005-01-12T03:00:00-0500 + 2005-07-12T03:00:00-0500 --- php5-5.3.2.orig/debian/patches/unaligned_memory_access.patch +++ php5-5.3.2/debian/patches/unaligned_memory_access.patch @@ -0,0 +1,27 @@ +Description: Fix unaligned memory access. +Origin: vendor +Forwarded: http://bugs.php.net/50987 +Last-Update: 2010-02-09 + +Index: php/ext/phar/phar.c +=================================================================== +--- php.orig/ext/phar/phar.c ++++ php/ext/phar/phar.c +@@ -512,7 +512,7 @@ void phar_entry_remove(phar_entry_data * + (buffer) += 2 + #else + # define PHAR_GET_32(buffer, var) \ +- var = *(php_uint32*)(buffer); \ ++ memcpy(&var, buffer, sizeof(var)); \ + buffer += 4 + # define PHAR_GET_16(buffer, var) \ + var = *(php_uint16*)(buffer); \ +@@ -2491,7 +2491,7 @@ static inline void phar_set_32(char *buf + *((buffer) + 1) = (unsigned char) (((var) >> 8) & 0xFF); + *((buffer) + 0) = (unsigned char) ((var) & 0xFF); + #else +- *(php_uint32 *)(buffer) = (php_uint32)(var); ++ memcpy(buffer, &var, sizeof(var)); + #endif + } /* }}} */ + --- php5-5.3.2.orig/debian/patches/php.ini-compatibility.patch +++ php5-5.3.2/debian/patches/php.ini-compatibility.patch @@ -0,0 +1,28 @@ +Description: Change the default php.ini settings to be more compatible + with older releases. +Origin: vendor +Forwarded: not-needed +Last-Update: 2010-01-19 + +Index: php/php.ini-production +=================================================================== +--- php.orig/php.ini-production ++++ php/php.ini-production +@@ -223,7 +223,7 @@ engine = On + ; Development Value: Off + ; Production Value: Off + ; http://php.net/short-open-tag +-short_open_tag = Off ++short_open_tag = On + + ; Allow ASP-style <% %> tags. + ; http://php.net/asp-tags +@@ -679,7 +679,7 @@ variables_order = "GPCS" + ; Development Value: "GP" + ; Production Value: "GP" + ; http://php.net/request-order +-request_order = "GP" ++request_order = "GPC" + + ; Whether or not to register the EGPCS variables as global variables. You may + ; want to turn this off if you don't want to clutter your scripts' global scope --- php5-5.3.2.orig/debian/patches/034-apache2_umask_fix.patch +++ php5-5.3.2/debian/patches/034-apache2_umask_fix.patch @@ -0,0 +1,50 @@ +Description: Save and restore umask across requests correctly. + . + Check if this is still an issue not addressed by upstream in some + other way already. +Origin: other +Bug-Debian: http://bugs.debian.org/286225 +Forwarded: no +Last-Update: 2010-01-18 + +--- a/sapi/apache2handler/sapi_apache2.c ++++ b/sapi/apache2handler/sapi_apache2.c +@@ -455,6 +455,19 @@ static apr_status_t php_server_context_c + return APR_SUCCESS; + } + ++static int saved_umask; ++ ++static void php_save_umask(void) ++{ ++ saved_umask = umask(077); ++ umask(saved_umask); ++} ++ ++static void php_restore_umask(void) ++{ ++ umask(saved_umask); ++} ++ + static int php_apache_request_ctor(request_rec *r, php_struct *ctx TSRMLS_DC) + { + char *content_length; +@@ -646,6 +659,8 @@ zend_first_try { + } else { + zend_file_handle zfd; + ++ php_save_umask(); ++ + zfd.type = ZEND_HANDLE_FILENAME; + zfd.filename = (char *) r->filename; + zfd.free_filename = 0; +@@ -657,6 +672,9 @@ zend_first_try { + zend_execute_scripts(ZEND_INCLUDE TSRMLS_CC, NULL, 1, &zfd); + } + ++ php_restore_umask(); ++ ++ + apr_table_set(r->notes, "mod_php_memory_usage", + apr_psprintf(ctx->r->pool, "%u", zend_memory_peak_usage(1 TSRMLS_CC))); + } --- php5-5.3.2.orig/debian/patches/053-extension_api.patch +++ php5-5.3.2/debian/patches/053-extension_api.patch @@ -0,0 +1,59 @@ +Description: Adds --phpapi argument to php-config(1) + . + TODO: make it more generic and add it to the man page. +Origin: vendor +Forwarded: no +Last-Update: 2010-01-18 + +--- a/configure.in ++++ b/configure.in +@@ -1114,8 +1114,13 @@ dnl Build extension directory path + + ZEND_MODULE_API_NO=`$EGREP '#define ZEND_MODULE_API_NO ' $srcdir/Zend/zend_modules.h|$SED 's/#define ZEND_MODULE_API_NO //'` + ++DEBIAN_PHP_API=`egrep -h '^#define ZEND_EXTENSION_API_NO|^#define ZEND_MODULE_API_NO|#define PHP_API_VERSION' $srcdir/Zend/zend_extensions.h $srcdir/Zend/zend_modules.h $srcdir/main/php.h | awk '{print $3}' | sed -e 's/^2200/200/' | sort -n | tail -n 1` ++if echo "$CPPFLAGS $CFLAGS" | grep -q -- -D_FILE_OFFSET_BITS=64; then ++ DEBIAN_PHP_API="${DEBIAN_PHP_API}+lfs" ++fi ++ + if test -z "$EXTENSION_DIR"; then +- extbasedir=$ZEND_MODULE_API_NO ++ extbasedir=$DEBIAN_PHP_API + if test "$oldstyleextdir" = "yes"; then + if test "$PHP_DEBUG" = "1"; then + part1=debug +@@ -1265,6 +1270,7 @@ PHP_SUBST(CXX) + PHP_SUBST(CXXFLAGS) + PHP_SUBST(CXXFLAGS_CLEAN) + PHP_SUBST_OLD(DEBUG_CFLAGS) ++PHP_SUBST_OLD(DEBIAN_PHP_API) + PHP_SUBST_OLD(EXTENSION_DIR) + PHP_SUBST_OLD(EXTRA_LDFLAGS) + PHP_SUBST_OLD(EXTRA_LDFLAGS_PROGRAM) +--- a/scripts/php-config.in ++++ b/scripts/php-config.in +@@ -17,6 +17,7 @@ php_cli_binary=NONE + php_cgi_binary=NONE + configure_options="@CONFIGURE_OPTIONS@" + php_sapis="@PHP_INSTALLED_SAPIS@" ++phpapi="@DEBIAN_PHP_API@" + + # Set php_cli_binary and php_cgi_binary if available + for sapi in $php_sapis; do +@@ -55,6 +56,8 @@ case "$1" in + echo $include_dir;; + --php-binary) + echo $php_binary;; ++--phpapi) ++ echo $phpapi;; + --php-sapis) + echo $php_sapis;; + --configure-options) +@@ -75,6 +78,7 @@ Options: + --include-dir [$include_dir] + --php-binary [$php_binary] + --php-sapis [$php_sapis] ++ --phpapi [$phpapi] + --configure-options [$configure_options] + --version [$version] + --vernum [$vernum] --- php5-5.3.2.orig/debian/patches/CVE-2010-3065.patch +++ php5-5.3.2/debian/patches/CVE-2010-3065.patch @@ -0,0 +1,16 @@ +Description: fix arbitrary session variable modification via crafted + session variable name +Origin: upstream, http://svn.php.net/viewvc?view=revision&revision=298608 + +diff -Nur php5-5.3.2/ext/session/session.c php5-5.3.2.new/ext/session/session.c +--- php5-5.3.2/ext/session/session.c 2010-09-14 11:01:08.000000000 -0400 ++++ php5-5.3.2.new/ext/session/session.c 2010-09-14 11:01:15.000000000 -0400 +@@ -895,7 +895,7 @@ + + PS_ENCODE_LOOP( + smart_str_appendl(&buf, key, key_length); +- if (memchr(key, PS_DELIMITER, key_length)) { ++ if (memchr(key, PS_DELIMITER, key_length) || memchr(key, PS_UNDEF_MARKER, key_length)) { + PHP_VAR_SERIALIZE_DESTROY(var_hash); + smart_str_free(&buf); + return FAILURE; --- php5-5.3.2.orig/debian/patches/047-zts_with_dl.patch +++ php5-5.3.2/debian/patches/047-zts_with_dl.patch @@ -0,0 +1,15 @@ +--- pkg-php.orig/ext/standard/dl.c ++++ pkg-php/ext/standard/dl.c +@@ -77,12 +77,7 @@ PHPAPI PHP_FUNCTION(dl) + (strcmp(sapi_module.name, "cli") != 0) && + (strncmp(sapi_module.name, "embed", 5) != 0) + ) { +-#ifdef ZTS +- php_error_docref(NULL TSRMLS_CC, E_WARNING, "Not supported in multithreaded Web servers - use extension=%s in your php.ini", filename); +- RETURN_FALSE; +-#else + php_error_docref(NULL TSRMLS_CC, E_DEPRECATED, "dl() is deprecated - use extension=%s in your php.ini", filename); +-#endif + } + + php_dl(filename, MODULE_TEMPORARY, return_value, 0 TSRMLS_CC); --- php5-5.3.2.orig/debian/patches/114-php_gd_segfault.patch +++ php5-5.3.2/debian/patches/114-php_gd_segfault.patch @@ -0,0 +1,22 @@ +--- pkg-php.orig/ext/gd/libgd/gd_compat.c ++++ pkg-php/ext/gd/libgd/gd_compat.c +@@ -14,7 +14,7 @@ int gdJpegGetVersionInt() + return JPEG_LIB_VERSION; + } + +-int gdJpegGetVersionString() ++const char * gdJpegGetVersionString() + { + switch(JPEG_LIB_VERSION) { + case 62: +--- pkg-php.orig/ext/gd/libgd/gd_compat.h ++++ pkg-php/ext/gd/libgd/gd_compat.h +@@ -8,7 +8,7 @@ + #endif + + const char * gdPngGetVersionString(); +-int gdJpegGetVersionString(); ++const char * gdJpegGetVersionString(); + int gdJpegGetVersionInt(); + int overflow2(int a, int b); + --- php5-5.3.2.orig/debian/patches/php5-CVE-2011-1467.patch +++ php5-5.3.2/debian/patches/php5-CVE-2011-1467.patch @@ -0,0 +1,59 @@ +Subject: Fixed bug #53512 (NumberFormatter::setSymbol crash on bogus $attr values) +Origin: http://svn.php.net/viewvc?view=revision&revision=306154 + +CVE-2011-1467 + +Also includes http://svn.php.net/viewvc?view=revision&revision=306157 + + - Added test for bug #53512 + +Patch differs from commits in that the NEWS file addition has been +removed to reduce patch conflicts. + +Index: ext/intl/tests/bug53512.phpt +=================================================================== +--- ext/intl/tests/bug53512.phpt (revision 0) ++++ ext/intl/tests/bug53512.phpt (revision 306157) +@@ -0,0 +1,25 @@ ++--TEST-- ++Bug #53512 (NumberFormatter::setSymbol crash on bogus $attr values) ++--SKIPIF-- ++ ++--FILE-- ++ ++--EXPECTF-- ++bool(false) ++string(65) "numfmt_set_symbol: invalid symbol value: U_ILLEGAL_ARGUMENT_ERROR" ++bool(false) ++string(65) "numfmt_set_symbol: invalid symbol value: U_ILLEGAL_ARGUMENT_ERROR" ++bool(false) ++string(65) "numfmt_set_symbol: invalid symbol value: U_ILLEGAL_ARGUMENT_ERROR" ++bool(false) ++string(65) "numfmt_set_symbol: invalid symbol value: U_ILLEGAL_ARGUMENT_ERROR" + +Index: ext/intl/formatter/formatter_attr.c +=================================================================== +--- ext/intl/formatter/formatter_attr.c (revision 306153) ++++ ext/intl/formatter/formatter_attr.c (revision 306157) +@@ -311,6 +311,11 @@ + + RETURN_FALSE; + } ++ ++ if (symbol >= UNUM_FORMAT_SYMBOL_COUNT || symbol < 0) { ++ intl_error_set( NULL, U_ILLEGAL_ARGUMENT_ERROR, "numfmt_set_symbol: invalid symbol value", 0 TSRMLS_CC ); ++ RETURN_FALSE; ++ } + + /* Fetch the object. */ + FORMATTER_METHOD_FETCH_OBJECT; --- php5-5.3.2.orig/debian/patches/page_size_fixes.patch +++ php5-5.3.2/debian/patches/page_size_fixes.patch @@ -0,0 +1,104 @@ +Description: Don't assume value of PAGE_SIZE if sys/mman.h does not + define it. Instead, use sysconf() at runtime if available. +Origin: vendor +Bug: http://bugs.php.net/bug.php?id=50982 +Last-Update: 2010-02-17 + +--- a/Zend/zend_stream.c ++++ b/Zend/zend_stream.c +@@ -27,10 +27,15 @@ + + #include + #include +-#if HAVE_SYS_MMAN_H +-# include +-# ifndef PAGE_SIZE +-# define PAGE_SIZE 4096 ++#if HAVE_UNISTD_H ++# include ++#endif ++#if !HAVE_UNISTD_H || (!defined(_SC_PAGESIZE) && !defined(_SC_PAGE_SIZE)) ++# if HAVE_SYS_MMAN_H ++# include ++# ifndef PAGE_SIZE ++# define PAGE_SIZE 4096 ++# endif + # endif + #endif + +@@ -215,9 +220,21 @@ ZEND_API int zend_stream_fixup(zend_file + + if (old_type == ZEND_HANDLE_FP && !file_handle->handle.stream.isatty && size) { + #if HAVE_MMAP ++ long page_size = 0; ++ ++# if HAVE_UNISTD_H ++# ifdef _SC_PAGESIZE ++ page_size = sysconf(_SC_PAGESIZE); ++# else ++ page_size = sysconf(_SC_PAGE_SIZE); ++# endif ++# else ++ page_size = PAGE_SIZE; ++# endif ++ + if (file_handle->handle.fp && + size != 0 && +- ((size - 1) % PAGE_SIZE) <= PAGE_SIZE - ZEND_MMAP_AHEAD) { ++ ((size - 1) % page_size) <= page_size - ZEND_MMAP_AHEAD) { + /* *buf[size] is zeroed automatically by the kernel */ + *buf = mmap(0, size + ZEND_MMAP_AHEAD, PROT_READ, MAP_PRIVATE, fileno(file_handle->handle.fp), 0); + if (*buf != MAP_FAILED) { +--- a/main/main.c ++++ b/main/main.c +@@ -91,15 +91,17 @@ + #include "SAPI.h" + #include "rfc1867.h" + +-#if HAVE_SYS_MMAN_H +-# include +-# ifndef PAGE_SIZE ++#if !HAVE_UNISTD_H || (!defined(_SC_PAGESIZE) && !defined(_SC_PAGE_SIZE)) ++# if HAVE_SYS_MMAN_H ++# include ++# ifndef PAGE_SIZE ++# define PAGE_SIZE 4096 ++# endif ++# endif ++# ifdef PHP_WIN32 + # define PAGE_SIZE 4096 + # endif + #endif +-#ifdef PHP_WIN32 +-# define PAGE_SIZE 4096 +-#endif + /* }}} */ + + PHPAPI int (*php_register_internal_extensions_func)(TSRMLS_D) = php_register_internal_extensions; +@@ -1192,6 +1194,17 @@ PHPAPI int php_stream_open_for_zend_ex(c + char *p; + size_t len, mapped_len; + php_stream *stream = php_stream_open_wrapper((char *)filename, "rb", mode, &handle->opened_path); ++ long page_size = 0; ++ ++#if HAVE_UNISTD_H ++# ifdef _SC_PAGESIZE ++ page_size = sysconf(_SC_PAGESIZE); ++# else ++ page_size = sysconf(_SC_PAGE_SIZE); ++# endif ++#else ++ page_size = PAGE_SIZE; ++#endif + + if (stream) { + handle->filename = (char*)filename; +@@ -1204,7 +1217,7 @@ PHPAPI int php_stream_open_for_zend_ex(c + memset(&handle->handle.stream.mmap, 0, sizeof(handle->handle.stream.mmap)); + len = php_zend_stream_fsizer(stream TSRMLS_CC); + if (len != 0 +- && ((len - 1) % PAGE_SIZE) <= PAGE_SIZE - ZEND_MMAP_AHEAD ++ && ((len - 1) % page_size) <= page_size - ZEND_MMAP_AHEAD + && php_stream_mmap_possible(stream) + && (p = php_stream_mmap_range(stream, 0, len, PHP_STREAM_MAP_MODE_SHARED_READONLY, &mapped_len)) != NULL) { + handle->handle.stream.closer = php_zend_stream_mmap_closer; --- php5-5.3.2.orig/debian/patches/libedit_is_editline.patch +++ php5-5.3.2/debian/patches/libedit_is_editline.patch @@ -0,0 +1,25 @@ +--- a/ext/readline/config.m4 ++++ b/ext/readline/config.m4 +@@ -65,7 +65,7 @@ if test "$PHP_READLINE" && test "$PHP_RE + elif test "$PHP_LIBEDIT" != "no"; then + + for i in $PHP_LIBEDIT /usr/local /usr; do +- test -f $i/include/readline/readline.h && LIBEDIT_DIR=$i && break ++ test -f $i/include/editline/readline.h && LIBEDIT_DIR=$i && break + done + + if test -z "$LIBEDIT_DIR"; then +--- a/ext/readline/readline.c ++++ b/ext/readline/readline.c +@@ -33,8 +33,10 @@ + #define rl_completion_matches completion_matches + #endif + ++#ifdef HAVE_LIBEDIT ++#include ++#else + #include +-#ifndef HAVE_LIBEDIT + #include + #endif + --- php5-5.3.2.orig/debian/patches/libtool2.2.patch +++ php5-5.3.2/debian/patches/libtool2.2.patch @@ -0,0 +1,31 @@ +--- pkg-php.orig/scripts/phpize.in ++++ pkg-php/scripts/phpize.in +@@ -5,10 +5,16 @@ prefix='@prefix@' + exec_prefix="`eval echo @exec_prefix@`" + phpdir="$prefix/lib/php5/build" + includedir="$prefix/include/php5" ++aclocaldir="$prefix/share/aclocal" + builddir="`pwd`" + SED="@SED@" + +-FILES_BUILD="mkdep.awk scan_makefile_in.awk shtool libtool.m4" ++FILES_BUILD="mkdep.awk scan_makefile_in.awk shtool" ++if [ -f "$aclocaldir/ltsugar.m4" ]; then ++ LIBTOOL_FILES="libtool.m4 ltoptions.m4 ltsugar.m4 ltversion.m4 lt~obsolete.m4" ++else ++ LIBTOOL_FILES="libtool.m4" ++fi + FILES="acinclude.m4 Makefile.global config.sub config.guess ltmain.sh run-tests*.php" + CLEAN_FILES="$FILES *.o *.lo *.la .deps .libs/ build/ include/ modules/ install-sh \ + mkinstalldirs missing config.nice config.sub config.guess configure configure.in \ +@@ -144,8 +150,9 @@ phpize_copy_files() + test -d build || mkdir build + + (cd "$phpdir" && cp $FILES_BUILD "$builddir"/build) ++ (cd "$aclocaldir" && cp $LIBTOOL_FILES "$builddir"/build) + (cd "$phpdir" && cp $FILES "$builddir") +- (cd "$builddir" && cat acinclude.m4 ./build/libtool.m4 > aclocal.m4) ++ (cd "$builddir/build" && cat ../acinclude.m4 $LIBTOOL_FILES > ../aclocal.m4) + } + + phpize_replace_prefix() --- php5-5.3.2.orig/debian/patches/manpage_spelling.patch +++ php5-5.3.2/debian/patches/manpage_spelling.patch @@ -0,0 +1,29 @@ +--- pkg-php.orig/sapi/cli/php.1.in ++++ pkg-php/sapi/cli/php.1.in +@@ -69,7 +69,7 @@ specified by \-F to be executed. + You can access the input line by \fB$argn\fP. While processing the input lines + .B $argi + contains the number of the actual line being processed. Further more +-the paramters \-B and \-E can be used to execute ++the parameters \-B and \-E can be used to execute + .IR code + (see \-r) before and + after all input lines have been processed respectively. Notice that the +@@ -316,7 +316,7 @@ The configuration file for the CGI versi + The configuration file for the version of PHP that apache2 uses. + .SH EXAMPLES + .TP 5 +-\fIphp -r 'echo "Hello World\\n";'\fP ++\fIphp \-r 'echo "Hello World\\n";'\fP + This command simply writes the text "Hello World" to standard out. + .TP + \fIphp \-r 'print_r(gd_info());'\fP +@@ -340,7 +340,7 @@ configuration information. If you then c + Using this PHP command you can count the lines being input. + .TP + \fIphp \-R '@$l+=count(file($argn));' \-E 'echo "Lines:$l\\n";'\fP +-In this example PHP expects each input line beeing a file. It counts all lines ++In this example PHP expects each input line being a file. It counts all lines + of the files specified by each input line and shows the summarized result. + You may combine this with tools like find and change the php scriptlet. + .TP --- php5-5.3.2.orig/debian/patches/php5-CVE-2011-0708.patch +++ php5-5.3.2/debian/patches/php5-CVE-2011-0708.patch @@ -0,0 +1,132 @@ +Subject: fix bug #54002, exif_read_data crashes on crafted tags +Origin: http://svn.php.net/viewvc?view=revision&revision=308316 +Bug: http://bugs.php.net/bug.php?id=54002 + +Patch also includes +http://svn.php.net/viewvc?view=revision&revision=308317 + + Bug #54002, fix windows build, use the relevant values in the + warnings + +and http://svn.php.net/viewvc?view=revision&revision=308362 + + fix the fix (Dmitry) and ensure that it builds everywhere, can + someone test on solaris&co pls? + +Patch is also modified to drop the added testcases as they contained +jpegs and not-representable in diffs. They have been added to the +lp:qa-regression-testing tree instead. + +Index: ext/exif/exif.c +=================================================================== +--- ext/exif/exif.c (revision 308315) ++++ ext/exif/exif.c (revision 308316) +@@ -40,6 +40,10 @@ + #include "php.h" + #include "ext/standard/file.h" + ++#ifdef PHP_WIN32 ++include "win32/php_stdint.h" ++#endif ++ + #if HAVE_EXIF + + /* When EXIF_DEBUG is defined the module generates a lot of debug messages +@@ -2821,6 +2825,7 @@ + int tag, format, components; + char *value_ptr, tagname[64], cbuf[32], *outside=NULL; + size_t byte_count, offset_val, fpos, fgot; ++ int64_t byte_count_signed; + xp_field_type *tmp_xp; + #ifdef EXIF_DEBUG + char *dump_data; +@@ -2845,13 +2850,20 @@ + /*return TRUE;*/ + } + +- byte_count = components * php_tiff_bytes_per_format[format]; ++ if (components < 0) { ++ exif_error_docref("exif_read_data#error_ifd" EXIFERR_CC, ImageInfo, E_WARNING, "Process tag(x%04X=%s): Illegal byte_count(%ld)", tag, exif_get_tagname(tag, tagname, -12, tag_table TSRMLS_CC), byte_count); ++ return FALSE; ++ } + +- if ((ssize_t)byte_count < 0) { ++ byte_count_signed = (int64_t)components * php_tiff_bytes_per_format[format]; ++ ++ if (byte_count_signed < 0 || (byte_count_signed > 2147483648)) { + exif_error_docref("exif_read_data#error_ifd" EXIFERR_CC, ImageInfo, E_WARNING, "Process tag(x%04X=%s): Illegal byte_count(%ld)", tag, exif_get_tagname(tag, tagname, -12, tag_table TSRMLS_CC), byte_count); + return FALSE; + } + ++ byte_count = (size_t)byte_count_signed; ++ + if (byte_count > 4) { + offset_val = php_ifd_get32u(dir_entry+8, ImageInfo->motorola_intel); + /* If its bigger than 4 bytes, the dir entry contains an offset. */ +@@ -2916,6 +2928,7 @@ + efree(dump_data); + } + #endif ++ + if (section_index==SECTION_THUMBNAIL) { + if (!ImageInfo->Thumbnail.data) { + switch(tag) { +Index: ext/exif/exif.c +=================================================================== +--- ext/exif/exif.c (revision 308316) ++++ ext/exif/exif.c (revision 308317) +@@ -41,7 +41,7 @@ + #include "ext/standard/file.h" + + #ifdef PHP_WIN32 +-include "win32/php_stdint.h" ++#include "win32/php_stdint.h" + #endif + + #if HAVE_EXIF +@@ -2851,14 +2851,14 @@ + } + + if (components < 0) { +- exif_error_docref("exif_read_data#error_ifd" EXIFERR_CC, ImageInfo, E_WARNING, "Process tag(x%04X=%s): Illegal byte_count(%ld)", tag, exif_get_tagname(tag, tagname, -12, tag_table TSRMLS_CC), byte_count); ++ exif_error_docref("exif_read_data#error_ifd" EXIFERR_CC, ImageInfo, E_WARNING, "Process tag(x%04X=%s): Illegal components(%ld)", tag, exif_get_tagname(tag, tagname, -12, tag_table TSRMLS_CC), components); + return FALSE; + } + + byte_count_signed = (int64_t)components * php_tiff_bytes_per_format[format]; + + if (byte_count_signed < 0 || (byte_count_signed > 2147483648)) { +- exif_error_docref("exif_read_data#error_ifd" EXIFERR_CC, ImageInfo, E_WARNING, "Process tag(x%04X=%s): Illegal byte_count(%ld)", tag, exif_get_tagname(tag, tagname, -12, tag_table TSRMLS_CC), byte_count); ++ exif_error_docref("exif_read_data#error_ifd" EXIFERR_CC, ImageInfo, E_WARNING, "Process tag(x%04X=%s): Illegal byte_count", tag, exif_get_tagname(tag, tagname, -12, tag_table TSRMLS_CC)); + return FALSE; + } + +Index: ext/exif/exif.c +=================================================================== +--- ext/exif/exif.c (revision 308361) ++++ ext/exif/exif.c (revision 308362) +@@ -40,8 +40,14 @@ + #include "php.h" + #include "ext/standard/file.h" + ++#ifdef HAVE_STDINT_H ++# include ++#endif ++#ifdef HAVE_INTTYPES_H ++# include ++#endif + #ifdef PHP_WIN32 +-#include "win32/php_stdint.h" ++# include "win32/php_stdint.h" + #endif + + #if HAVE_EXIF +@@ -2857,7 +2863,7 @@ + + byte_count_signed = (int64_t)components * php_tiff_bytes_per_format[format]; + +- if (byte_count_signed < 0 || (byte_count_signed > 2147483648)) { ++ if (byte_count_signed < 0 || (byte_count_signed > INT32_MAX)) { + exif_error_docref("exif_read_data#error_ifd" EXIFERR_CC, ImageInfo, E_WARNING, "Process tag(x%04X=%s): Illegal byte_count", tag, exif_get_tagname(tag, tagname, -12, tag_table TSRMLS_CC)); + return FALSE; + } --- php5-5.3.2.orig/debian/patches/036-fd_setsize_fix.patch +++ php5-5.3.2/debian/patches/036-fd_setsize_fix.patch @@ -0,0 +1,27 @@ +Description: Fixes misuse of FD_SET() +Origin: vendor +Forwarded: no +Last-Update: 2010-01-18 + +--- a/ext/sockets/sockets.c ++++ b/ext/sockets/sockets.c +@@ -720,6 +720,7 @@ static int php_sock_array_to_fd_set(zval + + php_sock = (php_socket*) zend_fetch_resource(element TSRMLS_CC, -1, le_socket_name, NULL, 1, le_socket); + if (!php_sock) continue; /* If element is not a resource, skip it */ ++ if (php_sock->bsd_socket > FD_SETSIZE) continue; /* must ignore it */ + + PHP_SAFE_FD_SET(php_sock->bsd_socket, fds); + if (php_sock->bsd_socket > *max_fd) { +--- a/ext/standard/streamsfuncs.c ++++ b/ext/standard/streamsfuncs.c +@@ -610,6 +610,9 @@ static int stream_array_to_fd_set(zval * + * is not displayed. + * */ + if (SUCCESS == php_stream_cast(stream, PHP_STREAM_AS_FD_FOR_SELECT | PHP_STREAM_CAST_INTERNAL, (void*)&this_fd, 1) && this_fd >= 0) { ++ if (this_fd > FD_SETSIZE) ++ continue; ++ + + PHP_SAFE_FD_SET(this_fd, fds); + --- php5-5.3.2.orig/debian/patches/use_embedded_timezonedb.patch +++ php5-5.3.2/debian/patches/use_embedded_timezonedb.patch @@ -0,0 +1,655 @@ + +Add support for use of the system timezone database, rather +than embedding a copy. Discussed upstream but was not desired. + +History: +r7: per Sean Finney's review: simpler lat/long rounding, + use stat() not access() to check existence of timezone, + improve comments throughout. +r6: fix fd leak in r5, fix country code/BC flag use in + timezone_identifiers_list() using system db, + fix use of PECL timezonedb to override system db, +r5: reverts addition of "System/Localtime" fake tzname. + updated for 5.3.0, parses zone.tab to pick up mapping between + timezone name, country code and long/lat coords +r4: added "System/Localtime" tzname which uses /etc/localtime +r3: fix a crash if /usr/share/zoneinfo doesn't exist (Raphael Geissert) +r2: add filesystem trawl to set up name alias index +r1: initial revision + +--- pkg-php.orig/ext/date/lib/parse_tz.c ++++ pkg-php/ext/date/lib/parse_tz.c +@@ -24,6 +24,16 @@ + + #include "timelib.h" + ++#ifdef HAVE_SYSTEM_TZDATA ++#include ++#include ++#include ++#include ++#include ++ ++#include "php_scandir.h" ++#endif ++ + #include + + #ifdef HAVE_LOCALE_H +@@ -35,7 +45,12 @@ + #else + #include + #endif ++ ++#ifndef HAVE_SYSTEM_TZDATA + #include "timezonedb.h" ++#endif ++ ++#include + + #if (defined(__APPLE__) || defined(__APPLE_CC__)) && (defined(__BIG_ENDIAN__) || defined(__LITTLE_ENDIAN__)) + # if defined(__LITTLE_ENDIAN__) +@@ -55,6 +70,11 @@ + + static void read_preamble(const unsigned char **tzf, timelib_tzinfo *tz) + { ++ if (memcmp(tzf, "TZif", 4) == 0) { ++ *tzf += 20; ++ return; ++ } ++ + /* skip ID */ + *tzf += 4; + +@@ -257,7 +277,435 @@ void timelib_dump_tzinfo(timelib_tzinfo + } + } + +-static int seek_to_tz_position(const unsigned char **tzf, char *timezone, const timelib_tzdb *tzdb) ++#ifdef HAVE_SYSTEM_TZDATA ++ ++#ifdef HAVE_SYSTEM_TZDATA_PREFIX ++#define ZONEINFO_PREFIX HAVE_SYSTEM_TZDATA_PREFIX ++#else ++#define ZONEINFO_PREFIX "/usr/share/zoneinfo" ++#endif ++ ++/* Hash table entry for the cache of the zone.tab mapping table. */ ++struct location_info { ++ char code[2]; /* Country code. */ ++ double latitude, longitude; ++ char name[64]; ++ char *comment; ++ struct location_info *next; ++}; ++ ++/* System timezone database pointer. */ ++static const timelib_tzdb *timezonedb_system = NULL; ++ ++/* Cache of zone.tab location data. */ ++static struct location_info **system_location_table; ++ ++/* Size of the zone.tab hash table; a random-ish prime big enough to ++ * prevent too many collisions. */ ++#define LOCINFO_HASH_SIZE (1021) ++ ++/* Hash function for indexing the location_info hash table. */ ++static uint32_t tz_hash(const char *str) ++{ ++ const unsigned char *p = (const unsigned char *)str; ++ uint32_t hash = 5381; ++ int c; ++ ++ while ((c = *p++) != '\0') { ++ hash = (hash << 5) ^ hash ^ c; ++ } ++ ++ return hash % LOCINFO_HASH_SIZE; ++} ++ ++/* Parse an ISO-6709 co-ordinate as used in zone.tab. Returns end of ++ * the parsed string on success, or NULL on parse error. On success, ++ * writes the parsed number to *result. */ ++static char *parse_iso6709(char *p, double *result) ++{ ++ double v, sign; ++ char *pend; ++ size_t len; ++ ++ if (*p == '+') ++ sign = 1.0; ++ else if (*p == '-') ++ sign = -1.0; ++ else ++ return NULL; ++ ++ p++; ++ for (pend = p; *pend >= '0' && *pend <= '9'; pend++) ++ ;; ++ ++ /* Annoying encoding used by zone.tab has no decimal point, so use ++ * the length to determine the format: ++ * ++ * 4 = DDMM ++ * 5 = DDDMM ++ * 6 = DDMMSS ++ * 7 = DDDMMSS ++ */ ++ len = pend - p; ++ if (len < 4 || len > 7) { ++ return NULL; ++ } ++ ++ /* p => [D]DD */ ++ v = (p[0] - '0') * 10.0 + (p[1] - '0'); ++ p += 2; ++ if (len == 5 || len == 7) ++ v = v * 10.0 + (*p++ - '0'); ++ /* p => MM[SS] */ ++ v += (10.0 * (p[0] - '0') ++ + p[1] - '0') / 60.0; ++ p += 2; ++ /* p => [SS] */ ++ if (len > 5) { ++ v += (10.0 * (p[0] - '0') ++ + p[1] - '0') / 3600.0; ++ p += 2; ++ } ++ ++ /* Round to five decimal place, not because it's a good idea, ++ * but, because the builtin data uses rounded data, so, match ++ * that. */ ++ *result = sign * (int)(v * 100000.0 + 0.5) / 100000.0; ++ ++ return p; ++} ++ ++/* This function parses the zone.tab file to build up the mapping of ++ * timezone to country code and geographic location, and returns a ++ * hash table. The hash table is indexed by the function: ++ * ++ * tz_hash(timezone-name) ++ */ ++static struct location_info **create_location_table(void) ++{ ++ struct location_info **li, *i; ++ char zone_tab[PATH_MAX]; ++ char line[512]; ++ FILE *fp; ++ ++ strncpy(zone_tab, ZONEINFO_PREFIX "/zone.tab", sizeof zone_tab); ++ ++ fp = fopen(zone_tab, "r"); ++ if (!fp) { ++ return NULL; ++ } ++ ++ li = calloc(LOCINFO_HASH_SIZE, sizeof *li); ++ ++ while (fgets(line, sizeof line, fp)) { ++ char *p = line, *code, *name, *comment; ++ uint32_t hash; ++ double latitude, longitude; ++ ++ while (isspace(*p)) ++ p++; ++ ++ if (*p == '#' || *p == '\0' || *p == '\n') ++ continue; ++ ++ if (!isalpha(p[0]) || !isalpha(p[1]) || p[2] != '\t') ++ continue; ++ ++ /* code => AA */ ++ code = p; ++ p[2] = 0; ++ p += 3; ++ ++ /* coords => [+-][D]DDMM[SS][+-][D]DDMM[SS] */ ++ p = parse_iso6709(p, &latitude); ++ if (!p) { ++ continue; ++ } ++ p = parse_iso6709(p, &longitude); ++ if (!p) { ++ continue; ++ } ++ ++ if (!p || *p != '\t') { ++ continue; ++ } ++ ++ /* name = string */ ++ name = ++p; ++ while (*p != '\t' && *p && *p != '\n') ++ p++; ++ ++ *p++ = '\0'; ++ ++ /* comment = string */ ++ comment = p; ++ while (*p != '\t' && *p && *p != '\n') ++ p++; ++ ++ if (*p == '\n' || *p == '\t') ++ *p = '\0'; ++ ++ hash = tz_hash(name); ++ i = malloc(sizeof *i); ++ memcpy(i->code, code, 2); ++ strncpy(i->name, name, sizeof i->name); ++ i->comment = strdup(comment); ++ i->longitude = longitude; ++ i->latitude = latitude; ++ i->next = li[hash]; ++ li[hash] = i; ++ /* printf("%s [%u, %f, %f]\n", name, hash, latitude, longitude); */ ++ } ++ ++ fclose(fp); ++ ++ return li; ++} ++ ++/* Return location info from hash table, using given timezone name. ++ * Returns NULL if the name could not be found. */ ++const struct location_info *find_zone_info(struct location_info **li, ++ const char *name) ++{ ++ uint32_t hash = tz_hash(name); ++ const struct location_info *l; ++ ++ if (!li) { ++ return NULL; ++ } ++ ++ for (l = li[hash]; l; l = l->next) { ++ if (strcasecmp(l->name, name) == 0) ++ return l; ++ } ++ ++ return NULL; ++} ++ ++/* Filter out some non-tzdata files and the posix/right databases, if ++ * present. */ ++static int index_filter(const struct dirent *ent) ++{ ++ return strcmp(ent->d_name, ".") != 0 ++ && strcmp(ent->d_name, "..") != 0 ++ && strcmp(ent->d_name, "posix") != 0 ++ && strcmp(ent->d_name, "posixrules") != 0 ++ && strcmp(ent->d_name, "right") != 0 ++ && strstr(ent->d_name, ".tab") == NULL; ++} ++ ++/* Comparison callback for qsort(), used to alpha-sort the index ++ * array by timezone name. */ ++static int sysdbcmp(const void *first, const void *second) ++{ ++ const timelib_tzdb_index_entry *alpha = first, *beta = second; ++ ++ return strcmp(alpha->id, beta->id); ++} ++ ++ ++/* Create the zone identifier index by trawling the filesystem. */ ++static void create_zone_index(timelib_tzdb *db) ++{ ++ size_t dirstack_size, dirstack_top; ++ size_t index_size, index_next; ++ timelib_tzdb_index_entry *db_index; ++ char **dirstack; ++ ++ /* LIFO stack to hold directory entries to scan; each slot is a ++ * directory name relative to the zoneinfo prefix. */ ++ dirstack_size = 32; ++ dirstack = malloc(dirstack_size * sizeof *dirstack); ++ dirstack_top = 1; ++ dirstack[0] = strdup(""); ++ ++ /* Index array. */ ++ index_size = 64; ++ db_index = malloc(index_size * sizeof *db_index); ++ index_next = 0; ++ ++ do { ++ struct dirent **ents; ++ char name[PATH_MAX], *top; ++ int count; ++ ++ /* Pop the top stack entry, and iterate through its contents. */ ++ top = dirstack[--dirstack_top]; ++ snprintf(name, sizeof name, ZONEINFO_PREFIX "/%s", top); ++ ++ count = php_scandir(name, &ents, index_filter, php_alphasort); ++ ++ while (count > 0) { ++ struct stat st; ++ const char *leaf = ents[count - 1]->d_name; ++ ++ snprintf(name, sizeof name, ZONEINFO_PREFIX "/%s/%s", ++ top, leaf); ++ ++ if (strlen(name) && stat(name, &st) == 0) { ++ /* Name, relative to the zoneinfo prefix. */ ++ const char *root = top; ++ ++ if (root[0] == '/') root++; ++ ++ snprintf(name, sizeof name, "%s%s%s", root, ++ *root ? "/": "", leaf); ++ ++ if (S_ISDIR(st.st_mode)) { ++ if (dirstack_top == dirstack_size) { ++ dirstack_size *= 2; ++ dirstack = realloc(dirstack, ++ dirstack_size * sizeof *dirstack); ++ } ++ dirstack[dirstack_top++] = strdup(name); ++ } ++ else { ++ if (index_next == index_size) { ++ index_size *= 2; ++ db_index = realloc(db_index, ++ index_size * sizeof *db_index); ++ } ++ ++ db_index[index_next++].id = strdup(name); ++ } ++ } ++ ++ free(ents[--count]); ++ } ++ ++ if (count != -1) free(ents); ++ free(top); ++ } while (dirstack_top); ++ ++ /* Alpha-sort the index array; shouldn't be technically necessary ++ * but some of the test cases rely on this, and, it matches the ++ * builtin database. */ ++ qsort(db_index, index_next, sizeof *db_index, sysdbcmp); ++ ++ db->index = db_index; ++ db->index_size = index_next; ++ ++ free(dirstack); ++} ++ ++#define FAKE_HEADER "1234\0??\1??" ++#define FAKE_BC_POS (0) ++#define FAKE_UTC_POS (7 - 4) ++ ++/* Create a fake data segment for database 'sysdb'. This mocks ++ * up a fake ->data segment for the given timezone database. ++ * php_date.c::timezone_identifiers_list() looks at data[pos + 4] ++ * through data[pos + 6] to compare the country code and BC flag, ++ * which are stored in the builtin data array like: ++ * ++ * (pos + 4) => BC flag ++ * (pos + 5, pos + 6) => Two chars of country code ++ * ++ * where pos is the index corresponding to the timezone name. ++ * ++ * Timezone names are classified here into three types: ++ * 1) UTC, which is special ++ * 2) "normal" zone names ++ * 3) "backwards-compat" zone names ++ * ++ * (boolean logic of the BC flag seems to be inverted, but hey) ++ * ++ * UTC is special since it has BC=\1, code = "??" ++ * "normal" zones exist in zone.tab and have the given c-code and BC=\1 ++ * "backwards-compat" zones don't exist in zone.tab and have BC=\0 ++ * ++ * Since UTC and the BC zones are constant, they are encoded in the ++ * FAKE_HEADER prefix, and pos pointers index into that. ++ * ++ * FAKE_HEADER is hence four random bytes, then the BC zone segment ++ * (three bytes), then the UTC zone segment (another three). ++ * ++ * For all "normal" zones, three bytes are appended to the data array; ++ * the BC flag, always 1, and the two bytes of country code. ++ */ ++static void fake_data_segment(timelib_tzdb *sysdb, ++ struct location_info **info) ++{ ++ size_t n; ++ char *data, *p; ++ ++ /* Worst case maximum is 3 bytes per zone, plus the header. */ ++ data = malloc((3 * sysdb->index_size) + sizeof(FAKE_HEADER) - 1); ++ ++ /* Append the fake header, p then = next byte */ ++ p = mempcpy(data, FAKE_HEADER, sizeof(FAKE_HEADER) - 1); ++ ++ for (n = 0; n < sysdb->index_size; n++) { ++ const struct location_info *li; ++ timelib_tzdb_index_entry *ent; ++ ++ /* Lost const'ness since we're modifying the pos pointer. */ ++ ent = (timelib_tzdb_index_entry *)&sysdb->index[n]; ++ ++ /* Lookup the timezone name in the hash table. */ ++ if (strcmp(ent->id, "UTC") == 0) { ++ ent->pos = FAKE_UTC_POS; ++ continue; ++ } ++ ++ li = find_zone_info(info, ent->id); ++ if (li) { ++ /* If found, append the BC byte and the country code; set ++ * the position index for the timezone to point to ++ * this. */ ++ ent->pos = (p - data) - 4; ++ *p++ = '\x01'; ++ *p++ = li->code[0]; ++ *p++ = li->code[1]; ++ } ++ else { ++ /* If not found, the timezone data can ++ * point at the header. */ ++ ent->pos = 0; ++ } ++ } ++ ++ /* Store the fake data array */ ++ sysdb->data = (unsigned char *)data; ++} ++ ++/* Evaluates to true if given timezone name is valid. */ ++#define is_valid_tz_name(tz_) (tz_[0] && strstr(tz_, "..") == NULL) ++ ++/* Return the mmap()ed tzfile if found, else NULL. On success, the ++ * length of the mapped data is placed in *length. */ ++static char *map_tzfile(const char *timezone, size_t *length) ++{ ++ char fname[PATH_MAX]; ++ struct stat st; ++ char *p; ++ int fd; ++ ++ if (!is_valid_tz_name(timezone)) { ++ return NULL; ++ } ++ ++ snprintf(fname, sizeof fname, ZONEINFO_PREFIX "/%s", timezone); ++ ++ fd = open(fname, O_RDONLY); ++ if (fd == -1) { ++ return NULL; ++ } else if (fstat(fd, &st) != 0 || st.st_size < 21) { ++ close(fd); ++ return NULL; ++ } ++ ++ *length = st.st_size; ++ p = mmap(NULL, st.st_size, PROT_READ, MAP_SHARED, fd, 0); ++ close(fd); ++ ++ return p != MAP_FAILED ? p : NULL; ++} ++#endif ++ ++/* seek_to_tz_position() for a builtin/external database. */ ++static int inmem_seek_to_tz_position(const unsigned char **tzf, ++ char *timezone, const timelib_tzdb *tzdb) + { + int left = 0, right = tzdb->index_size - 1; + #ifdef HAVE_SETLOCALE +@@ -296,36 +744,131 @@ static int seek_to_tz_position(const uns + return 0; + } + ++/* Modified seek_to_tz_position wrapper which handles the system ++ * database and the builtin/external databases in the same way. ++ * Returns zero on failure on non-zero on success. On success, (*map, ++ * *maplen) is an mmap'ed region if *map is non-NULL, and must be ++ * munmaped after use. */ ++static int seek_to_tz_position(const unsigned char **tzf, char *timezone, ++ char **map, size_t *maplen, ++ const timelib_tzdb *tzdb) ++{ ++#ifdef HAVE_SYSTEM_TZDATA ++ if (tzdb == timezonedb_system) { ++ char *orig; ++ ++ orig = map_tzfile(timezone, maplen); ++ if (orig == NULL) { ++ return 0; ++ } ++ ++ (*tzf) = (unsigned char *)orig ; ++ *map = orig; ++ ++ return 1; ++ } ++ else ++#endif ++ { ++ return inmem_seek_to_tz_position(tzf, timezone, tzdb); ++ } ++} ++ + const timelib_tzdb *timelib_builtin_db(void) + { ++#ifdef HAVE_SYSTEM_TZDATA ++ if (timezonedb_system == NULL) { ++ timelib_tzdb *tmp = malloc(sizeof *tmp); ++ ++ tmp->version = "0.system"; ++ tmp->data = NULL; ++ create_zone_index(tmp); ++ system_location_table = create_location_table(); ++ fake_data_segment(tmp, system_location_table); ++ timezonedb_system = tmp; ++ } ++ ++ return timezonedb_system; ++#else + return &timezonedb_builtin; ++#endif + } + + const timelib_tzdb_index_entry *timelib_timezone_builtin_identifiers_list(int *count) + { ++#ifdef HAVE_SYSTEM_TZDATA ++ *count = timezonedb_system->index_size; ++ return timezonedb_system->index; ++#else + *count = sizeof(timezonedb_idx_builtin) / sizeof(*timezonedb_idx_builtin); + return timezonedb_idx_builtin; ++#endif + } + + int timelib_timezone_id_is_valid(char *timezone, const timelib_tzdb *tzdb) + { + const unsigned char *tzf; +- return (seek_to_tz_position(&tzf, timezone, tzdb)); ++ ++#ifdef HAVE_SYSTEM_TZDATA ++ if (tzdb == timezonedb_system) { ++ char fname[PATH_MAX]; ++ struct stat st; ++ ++ if (!is_valid_tz_name(timezone)) { ++ return 0; ++ } ++ ++ snprintf(fname, sizeof fname, ZONEINFO_PREFIX "/%s", timezone); ++ ++ return stat(fname, &st) == 0 && S_ISREG(st.st_mode); ++ } ++#endif ++ ++ return (inmem_seek_to_tz_position(&tzf, timezone, tzdb)); + } + + timelib_tzinfo *timelib_parse_tzfile(char *timezone, const timelib_tzdb *tzdb) + { + const unsigned char *tzf; ++ char *memmap = NULL; ++ size_t maplen; + timelib_tzinfo *tmp; + +- if (seek_to_tz_position(&tzf, timezone, tzdb)) { ++ if (seek_to_tz_position(&tzf, timezone, &memmap, &maplen, tzdb)) { + tmp = timelib_tzinfo_ctor(timezone); + + read_preamble(&tzf, tmp); + read_header(&tzf, tmp); + read_transistions(&tzf, tmp); + read_types(&tzf, tmp); +- read_location(&tzf, tmp); ++ ++#ifdef HAVE_SYSTEM_TZDATA ++ if (memmap) { ++ const struct location_info *li; ++ ++ /* TZif-style - grok the location info from the system database, ++ * if possible. */ ++ if ((li = find_zone_info(system_location_table, timezone)) != NULL) { ++ tmp->location.comments = strdup(li->comment); ++ strncpy(tmp->location.country_code, li->code, 2); ++ tmp->location.longitude = li->longitude; ++ tmp->location.latitude = li->latitude; ++ tmp->bc = 1; ++ } ++ else { ++ strcpy(tmp->location.country_code, "??"); ++ tmp->bc = 0; ++ tmp->location.comments = strdup(""); ++ } ++ ++ /* Now done with the mmap segment - discard it. */ ++ munmap(memmap, maplen); ++#endif ++ } ++ else { ++ /* PHP-style - use the embedded info. */ ++ read_location(&tzf, tmp); ++ } + } else { + tmp = NULL; + } +--- pkg-php.orig/ext/date/lib/timelib.m4 ++++ pkg-php/ext/date/lib/timelib.m4 +@@ -78,3 +78,17 @@ stdlib.h + + dnl Check for strtoll, atoll + AC_CHECK_FUNCS(strtoll atoll strftime) ++ ++PHP_ARG_WITH(system-tzdata, for use of system timezone data, ++[ --with-system-tzdata[=DIR] to specify use of system timezone data], ++no, no) ++ ++if test "$PHP_SYSTEM_TZDATA" != "no"; then ++ AC_DEFINE(HAVE_SYSTEM_TZDATA, 1, [Define if system timezone data is used]) ++ ++ if test "$PHP_SYSTEM_TZDATA" != "yes"; then ++ AC_DEFINE_UNQUOTED(HAVE_SYSTEM_TZDATA_PREFIX, "$PHP_SYSTEM_TZDATA", ++ [Define for location of system timezone data]) ++ fi ++fi ++ --- php5-5.3.2.orig/debian/patches/session_save_path.patch +++ php5-5.3.2/debian/patches/session_save_path.patch @@ -0,0 +1,12 @@ +diff -Naurp php-5.3.2.orig/ext/session/session.c php-5.3.2/ext/session/session.c +--- php-5.3.2.orig/ext/session/session.c 2010-02-04 04:40:38.000000000 -0500 ++++ php-5.3.2/ext/session/session.c 2010-05-10 03:58:34.794405379 -0400 +@@ -765,7 +765,7 @@ static PHP_INI_MH(OnUpdateHashFunc) /* { + PHP_INI_BEGIN() + STD_PHP_INI_BOOLEAN("session.bug_compat_42", "1", PHP_INI_ALL, OnUpdateBool, bug_compat, php_ps_globals, ps_globals) + STD_PHP_INI_BOOLEAN("session.bug_compat_warn", "1", PHP_INI_ALL, OnUpdateBool, bug_compat_warn, php_ps_globals, ps_globals) +- STD_PHP_INI_ENTRY("session.save_path", "", PHP_INI_ALL, OnUpdateSaveDir,save_path, php_ps_globals, ps_globals) ++ STD_PHP_INI_ENTRY("session.save_path", "/var/lib/php5", PHP_INI_ALL, OnUpdateSaveDir,save_path, php_ps_globals, ps_globals) + STD_PHP_INI_ENTRY("session.name", "PHPSESSID", PHP_INI_ALL, OnUpdateString, session_name, php_ps_globals, ps_globals) + PHP_INI_ENTRY("session.save_handler", "files", PHP_INI_ALL, OnUpdateSaveHandler) + STD_PHP_INI_BOOLEAN("session.auto_start", "0", PHP_INI_ALL, OnUpdateBool, auto_start, php_ps_globals, ps_globals) --- php5-5.3.2.orig/debian/patches/108-64_bit_datetime.patch +++ php5-5.3.2/debian/patches/108-64_bit_datetime.patch @@ -0,0 +1,12 @@ +--- a/ext/standard/datetime.c ++++ b/ext/standard/datetime.c +@@ -20,6 +20,9 @@ + + /* $Id: datetime.c 293036 2010-01-03 09:23:27Z sebastian $ */ + ++#define _XOPEN_SOURCE /* needed to get strptime() declared */ ++#define _BSD_SOURCE /* needed to get ulong declared */ ++ + #include "php.h" + #include "zend_operators.h" + #include "datetime.h" --- php5-5.3.2.orig/debian/patches/suhosin.patch +++ php5-5.3.2/debian/patches/suhosin.patch @@ -0,0 +1,5671 @@ +suhosin hardening patch + +this patch was downloaded from: + + http://download.suhosin.org/suhosin-patch-5.3.2-0.9.9.1.patch.gz + +the following modifications have been made: + + * removed changes to ./configure & ./main/php_config.h.in since those + files are autogenerated + * "quilt refresh" has been run to clean up the offsets, etc +--- a/Zend/Makefile.am ++++ b/Zend/Makefile.am +@@ -17,7 +17,7 @@ libZend_la_SOURCES=\ + zend_objects_API.c zend_ts_hash.c zend_stream.c \ + zend_default_classes.c \ + zend_iterators.c zend_interfaces.c zend_exceptions.c \ +- zend_strtod.c zend_closures.c zend_float.c ++ zend_strtod.c zend_closures.c zend_float.c zend_canary.c zend_alloc_canary.c + + libZend_la_LDFLAGS = + libZend_la_LIBADD = @ZEND_EXTRA_LIBS@ +--- a/Zend/Zend.dsp ++++ b/Zend/Zend.dsp +@@ -247,6 +247,14 @@ SOURCE=.\zend_strtod.c + # End Source File + # Begin Source File + ++SOURCE=.\zend_canary.c ++# End Source File ++# Begin Source File ++ ++SOURCE=.\zend_alloc_canary.c ++# End Source File ++# Begin Source File ++ + SOURCE=.\zend_ts_hash.c + # End Source File + # Begin Source File +--- a/Zend/ZendTS.dsp ++++ b/Zend/ZendTS.dsp +@@ -277,6 +277,14 @@ SOURCE=.\zend_strtod.c + # End Source File + # Begin Source File + ++SOURCE=.\zend_canary.c ++# End Source File ++# Begin Source File ++ ++SOURCE=.\zend_alloc_canary.c ++# End Source File ++# Begin Source File ++ + SOURCE=.\zend_ts_hash.c + # End Source File + # Begin Source File +--- a/Zend/zend.c ++++ b/Zend/zend.c +@@ -60,6 +60,10 @@ int (*zend_vspprintf)(char **pbuf, size_ + ZEND_API char *(*zend_getenv)(char *name, size_t name_len TSRMLS_DC); + ZEND_API char *(*zend_resolve_path)(const char *filename, int filename_len TSRMLS_DC); + ++#if SUHOSIN_PATCH ++ZEND_API void (*zend_suhosin_log)(int loglevel, char *fmt, ...); ++#endif ++ + void (*zend_on_timeout)(int seconds TSRMLS_DC); + + static void (*zend_message_dispatcher_p)(long message, void *data TSRMLS_DC); +@@ -88,6 +92,74 @@ static ZEND_INI_MH(OnUpdateGCEnabled) /* + } + /* }}} */ + ++#if SUHOSIN_PATCH ++static ZEND_INI_MH(OnUpdateSuhosin_log_syslog) ++{ ++ if (!new_value) { ++ SPG(log_syslog) = S_ALL & ~S_SQL | S_MEMORY; ++ } else { ++ SPG(log_syslog) = atoi(new_value) | S_MEMORY; ++ } ++ return SUCCESS; ++} ++static ZEND_INI_MH(OnUpdateSuhosin_log_syslog_facility) ++{ ++ if (!new_value) { ++ SPG(log_syslog_facility) = LOG_USER; ++ } else { ++ SPG(log_syslog_facility) = atoi(new_value); ++ } ++ return SUCCESS; ++} ++static ZEND_INI_MH(OnUpdateSuhosin_log_syslog_priority) ++{ ++ if (!new_value) { ++ SPG(log_syslog_priority) = LOG_ALERT; ++ } else { ++ SPG(log_syslog_priority) = atoi(new_value); ++ } ++ return SUCCESS; ++} ++static ZEND_INI_MH(OnUpdateSuhosin_log_sapi) ++{ ++ if (!new_value) { ++ SPG(log_sapi) = S_ALL & ~S_SQL; ++ } else { ++ SPG(log_sapi) = atoi(new_value); ++ } ++ return SUCCESS; ++} ++static ZEND_INI_MH(OnUpdateSuhosin_log_script) ++{ ++ if (!new_value) { ++ SPG(log_script) = S_ALL & ~S_MEMORY; ++ } else { ++ SPG(log_script) = atoi(new_value) & (~S_MEMORY) & (~S_INTERNAL); ++ } ++ return SUCCESS; ++} ++static ZEND_INI_MH(OnUpdateSuhosin_log_scriptname) ++{ ++ if (SPG(log_scriptname)) { ++ pefree(SPG(log_scriptname),1); ++ } ++ SPG(log_scriptname) = NULL; ++ if (new_value) { ++ SPG(log_scriptname) = pestrdup(new_value,1); ++ } ++ return SUCCESS; ++} ++static ZEND_INI_MH(OnUpdateSuhosin_log_phpscript) ++{ ++ if (!new_value) { ++ SPG(log_phpscript) = S_ALL & ~S_MEMORY; ++ } else { ++ SPG(log_phpscript) = atoi(new_value) & (~S_MEMORY) & (~S_INTERNAL); ++ } ++ return SUCCESS; ++} ++#endif ++ + ZEND_INI_BEGIN() + ZEND_INI_ENTRY("error_reporting", NULL, ZEND_INI_ALL, OnUpdateErrorReporting) + STD_ZEND_INI_BOOLEAN("zend.enable_gc", "1", ZEND_INI_ALL, OnUpdateGCEnabled, gc_enabled, zend_gc_globals, gc_globals) +--- a/Zend/zend.h ++++ b/Zend/zend.h +@@ -627,6 +627,9 @@ extern ZEND_API int (*zend_stream_open_f + extern int (*zend_vspprintf)(char **pbuf, size_t max_len, const char *format, va_list ap); + extern ZEND_API char *(*zend_getenv)(char *name, size_t name_len TSRMLS_DC); + extern ZEND_API char *(*zend_resolve_path)(const char *filename, int filename_len TSRMLS_DC); ++#if SUHOSIN_PATCH ++extern ZEND_API void (*zend_suhosin_log)(int loglevel, char *fmt, ...); ++#endif + + ZEND_API void zend_error(int type, const char *format, ...) ZEND_ATTRIBUTE_FORMAT(printf, 2, 3); + +@@ -771,6 +774,16 @@ ZEND_API void zend_save_error_handling(z + ZEND_API void zend_replace_error_handling(zend_error_handling_t error_handling, zend_class_entry *exception_class, zend_error_handling *current TSRMLS_DC); + ZEND_API void zend_restore_error_handling(zend_error_handling *saved TSRMLS_DC); + ++#if SUHOSIN_PATCH ++#include "suhosin_globals.h" ++#include "suhosin_patch.h" ++#include "php_syslog.h" ++ ++ZEND_API void zend_canary(void *buf, int len); ++ZEND_API char suhosin_get_config(int element); ++ ++#endif ++ + #endif /* ZEND_H */ + + /* +--- a/Zend/zend_alloc.c ++++ b/Zend/zend_alloc.c +@@ -32,6 +32,10 @@ + # include + #endif + ++#if SUHOSIN_PATCH ++#include "suhosin_patch.h" ++#endif ++ + #ifdef ZEND_WIN32 + # include + # include +@@ -59,6 +63,7 @@ + # define PTR_FMT "0x%0.8lx" + #endif + ++#ifndef SUHOSIN_MM_CLONE_FILE + #if ZEND_DEBUG + void zend_debug_alloc_output(char *format, ...) + { +@@ -76,6 +81,7 @@ void zend_debug_alloc_output(char *forma + #endif + } + #endif ++#endif + + #if (defined (__GNUC__) && __GNUC__ > 2 ) && !defined(__INTEL_COMPILER) && !defined(DARWIN) && !defined(__hpux) && !defined(_AIX) + static void zend_mm_panic(const char *message) __attribute__ ((noreturn)); +@@ -134,6 +140,8 @@ static void zend_mm_panic(const char *me + # endif + #endif + ++static zend_intptr_t SUHOSIN_POINTER_GUARD = 0; ++ + static zend_mm_storage* zend_mm_mem_dummy_init(void *params) + { + return malloc(sizeof(zend_mm_storage)); +@@ -328,13 +336,28 @@ static const zend_mm_mem_handlers mem_ha + #define MEM_BLOCK_GUARD 0x2A8FCC84 + #define MEM_BLOCK_LEAK 0x6C5E8F2D + ++#if SUHOSIN_MM_WITH_CANARY_PROTECTION ++# define CANARY_SIZE sizeof(size_t) ++#else ++# define CANARY_SIZE 0 ++#endif ++ + /* mm block type */ + typedef struct _zend_mm_block_info { + #if ZEND_MM_COOKIES + size_t _cookie; + #endif +- size_t _size; +- size_t _prev; ++#if SUHOSIN_MM_WITH_CANARY_PROTECTION ++ size_t canary_1; ++#endif ++ size_t _size; ++ size_t _prev; ++#if SUHOSIN_PATCH ++ size_t size; ++#if SUHOSIN_MM_WITH_CANARY_PROTECTION ++ size_t canary_2; ++#endif ++#endif + } zend_mm_block_info; + + #if ZEND_DEBUG +@@ -408,7 +431,7 @@ typedef struct _zend_mm_free_block { + # define ZEND_MM_CACHE_STAT 0 + #endif + +-struct _zend_mm_heap { ++typedef struct _zend_mm_heap { + int use_zend_alloc; + void *(*_malloc)(size_t); + void (*_free)(void*); +@@ -443,6 +466,9 @@ struct _zend_mm_heap { + int miss; + } cache_stat[ZEND_MM_NUM_BUCKETS+1]; + #endif ++#if SUHOSIN_PATCH ++ size_t canary_1,canary_2,canary_3; ++#endif + }; + + #define ZEND_MM_SMALL_FREE_BUCKET(heap, index) \ +@@ -516,18 +542,31 @@ static unsigned int _zend_mm_cookie = 0; + /* optimized access */ + #define ZEND_MM_FREE_BLOCK_SIZE(b) (b)->info._size + ++#ifndef ZEND_MM_ALIGNMENT ++# define ZEND_MM_ALIGNMENT 8 ++# define ZEND_MM_ALIGNMENT_LOG2 3 ++#elif ZEND_MM_ALIGNMENT < 4 ++# undef ZEND_MM_ALIGNMENT ++# undef ZEND_MM_ALIGNMENT_LOG2 ++# define ZEND_MM_ALIGNMENT 4 ++# define ZEND_MM_ALIGNMENT_LOG2 2 ++#endif ++ ++#define ZEND_MM_ALIGNMENT_MASK ~(ZEND_MM_ALIGNMENT-1) ++ + /* Aligned header size */ ++#define ZEND_MM_ALIGNED_SIZE(size) ((size + ZEND_MM_ALIGNMENT - 1) & ZEND_MM_ALIGNMENT_MASK) + #define ZEND_MM_ALIGNED_HEADER_SIZE ZEND_MM_ALIGNED_SIZE(sizeof(zend_mm_block)) + #define ZEND_MM_ALIGNED_FREE_HEADER_SIZE ZEND_MM_ALIGNED_SIZE(sizeof(zend_mm_small_free_block)) +-#define ZEND_MM_MIN_ALLOC_BLOCK_SIZE ZEND_MM_ALIGNED_SIZE(ZEND_MM_ALIGNED_HEADER_SIZE + END_MAGIC_SIZE) ++#define ZEND_MM_MIN_ALLOC_BLOCK_SIZE ZEND_MM_ALIGNED_SIZE(ZEND_MM_ALIGNED_HEADER_SIZE + END_MAGIC_SIZE + CANARY_SIZE) + #define ZEND_MM_ALIGNED_MIN_HEADER_SIZE (ZEND_MM_MIN_ALLOC_BLOCK_SIZE>ZEND_MM_ALIGNED_FREE_HEADER_SIZE?ZEND_MM_MIN_ALLOC_BLOCK_SIZE:ZEND_MM_ALIGNED_FREE_HEADER_SIZE) + #define ZEND_MM_ALIGNED_SEGMENT_SIZE ZEND_MM_ALIGNED_SIZE(sizeof(zend_mm_segment)) + +-#define ZEND_MM_MIN_SIZE ((ZEND_MM_ALIGNED_MIN_HEADER_SIZE>(ZEND_MM_ALIGNED_HEADER_SIZE+END_MAGIC_SIZE))?(ZEND_MM_ALIGNED_MIN_HEADER_SIZE-(ZEND_MM_ALIGNED_HEADER_SIZE+END_MAGIC_SIZE)):0) ++#define ZEND_MM_MIN_SIZE ((ZEND_MM_ALIGNED_MIN_HEADER_SIZE>(ZEND_MM_ALIGNED_HEADER_SIZE+END_MAGIC_SIZE+CANARY_SIZE))?(ZEND_MM_ALIGNED_MIN_HEADER_SIZE-(ZEND_MM_ALIGNED_HEADER_SIZE+END_MAGIC_SIZE+CANARY_SIZE)):0) + + #define ZEND_MM_MAX_SMALL_SIZE ((ZEND_MM_NUM_BUCKETS<>ZEND_MM_ALIGNMENT_LOG2)-(ZEND_MM_ALIGNED_MIN_HEADER_SIZE>>ZEND_MM_ALIGNMENT_LOG2)) + +@@ -589,6 +628,44 @@ static unsigned int _zend_mm_cookie = 0; + + #endif + ++#if SUHOSIN_MM_WITH_CANARY_PROTECTION ++ ++# define SUHOSIN_MM_CHECK_CANARIES(block, MFUNCTION) do { \ ++ char *p = SUHOSIN_MM_END_CANARY_PTR(block); size_t check; \ ++ if (((block)->info.canary_1 != heap->canary_1) || ((block)->info.canary_2 != heap->canary_2)) { \ ++ canary_mismatch: \ ++ zend_suhosin_log(S_MEMORY, "canary mismatch on " MFUNCTION " - heap overflow detected at %p", (block)); \ ++ if (SUHOSIN_CONFIG(SUHOSIN_MM_IGNORE_CANARY_VIOLATION) == 0) { _exit(1); } else { (block)->info.canary_1 = heap->canary_1; (block)->info.canary_2 = heap->canary_2; }\ ++ } \ ++ memcpy(&check, p, CANARY_SIZE); \ ++ if (check != heap->canary_3) { \ ++ zend_suhosin_log(S_MEMORY, "end canary mismatch on " MFUNCTION " - heap overflow detected at %p", (block)); \ ++ if (SUHOSIN_CONFIG(SUHOSIN_MM_IGNORE_CANARY_VIOLATION) == 0) { _exit(1); } else { memcpy(p, heap->canary_3, CANARY_SIZE); } \ ++ } \ ++ } while (0) ++ ++# define SUHOSIN_MM_SET_CANARIES(block) do { \ ++ (block)->info.canary_1 = heap->canary_1; \ ++ (block)->info.canary_2 = heap->canary_2; \ ++ } while (0) ++ ++# define SUHOSIN_MM_END_CANARY_PTR(block) \ ++ (char *)(((char*)(ZEND_MM_DATA_OF(block))) + ((zend_mm_block*)(block))->info.size + END_MAGIC_SIZE) ++ ++# define SUHOSIN_MM_SET_END_CANARY(block) do { \ ++ char *p = SUHOSIN_MM_END_CANARY_PTR(block); \ ++ memcpy(p, &heap->canary_3, CANARY_SIZE); \ ++ } while (0) ++ ++#else ++ ++# define SUHOSIN_MM_CHECK_CANARIES(block, MFUNCTION) ++# define SUHOSIN_MM_SET_CANARIES(block) ++# define SUHOSIN_MM_END_CANARY_PTR(block) ++# define SUHOSIN_MM_SET_END_CANARY(block) ++ ++#endif ++ + + #if ZEND_MM_HEAP_PROTECTION + +@@ -711,7 +788,7 @@ static inline unsigned int zend_mm_low_b + #endif + } + +-static inline void zend_mm_add_to_rest_list(zend_mm_heap *heap, zend_mm_free_block *mm_block) ++static void zend_mm_add_to_rest_list(zend_mm_heap *heap, zend_mm_free_block *mm_block) + { + zend_mm_free_block *prev, *next; + +@@ -721,14 +798,14 @@ static inline void zend_mm_add_to_rest_l + mm_block->parent = NULL; + } + +- prev = heap->rest_buckets[0]; +- next = prev->next_free_block; +- mm_block->prev_free_block = prev; +- mm_block->next_free_block = next; +- prev->next_free_block = next->prev_free_block = mm_block; ++ prev = SUHOSIN_MANGLE_PTR(heap->rest_buckets[0]); ++ next = SUHOSIN_MANGLE_PTR(prev->next_free_block); ++ mm_block->prev_free_block = SUHOSIN_MANGLE_PTR(prev); ++ mm_block->next_free_block = SUHOSIN_MANGLE_PTR(next); ++ prev->next_free_block = next->prev_free_block = SUHOSIN_MANGLE_PTR(mm_block); + } + +-static inline void zend_mm_add_to_free_list(zend_mm_heap *heap, zend_mm_free_block *mm_block) ++static void zend_mm_add_to_free_list(zend_mm_heap *heap, zend_mm_free_block *mm_block) + { + size_t size; + size_t index; +@@ -745,7 +822,7 @@ static inline void zend_mm_add_to_free_l + if (!*p) { + *p = mm_block; + mm_block->parent = p; +- mm_block->prev_free_block = mm_block->next_free_block = mm_block; ++ mm_block->prev_free_block = mm_block->next_free_block = SUHOSIN_MANGLE_PTR(mm_block); + heap->large_free_bitmap |= (ZEND_MM_LONG_CONST(1) << index); + } else { + size_t m; +@@ -758,15 +835,15 @@ static inline void zend_mm_add_to_free_l + if (!*p) { + *p = mm_block; + mm_block->parent = p; +- mm_block->prev_free_block = mm_block->next_free_block = mm_block; ++ mm_block->prev_free_block = mm_block->next_free_block = SUHOSIN_MANGLE_PTR(mm_block); + break; + } + } else { +- zend_mm_free_block *next = prev->next_free_block; ++ zend_mm_free_block *next = SUHOSIN_MANGLE_PTR(prev->next_free_block); + +- prev->next_free_block = next->prev_free_block = mm_block; +- mm_block->next_free_block = next; +- mm_block->prev_free_block = prev; ++ prev->next_free_block = next->prev_free_block = SUHOSIN_MANGLE_PTR(mm_block); ++ mm_block->next_free_block = SUHOSIN_MANGLE_PTR(next); ++ mm_block->prev_free_block = SUHOSIN_MANGLE_PTR(prev); + mm_block->parent = NULL; + break; + } +@@ -778,27 +855,33 @@ static inline void zend_mm_add_to_free_l + index = ZEND_MM_BUCKET_INDEX(size); + + prev = ZEND_MM_SMALL_FREE_BUCKET(heap, index); +- if (prev->prev_free_block == prev) { ++ if (SUHOSIN_MANGLE_PTR(prev->prev_free_block) == prev) { + heap->free_bitmap |= (ZEND_MM_LONG_CONST(1) << index); + } +- next = prev->next_free_block; ++ next = SUHOSIN_MANGLE_PTR(prev->next_free_block); + +- mm_block->prev_free_block = prev; +- mm_block->next_free_block = next; +- prev->next_free_block = next->prev_free_block = mm_block; ++ mm_block->prev_free_block = SUHOSIN_MANGLE_PTR(prev); ++ mm_block->next_free_block = SUHOSIN_MANGLE_PTR(next); ++ prev->next_free_block = next->prev_free_block = SUHOSIN_MANGLE_PTR(mm_block); + } + } + +-static inline void zend_mm_remove_from_free_list(zend_mm_heap *heap, zend_mm_free_block *mm_block) ++static void zend_mm_remove_from_free_list(zend_mm_heap *heap, zend_mm_free_block *mm_block) + { +- zend_mm_free_block *prev = mm_block->prev_free_block; +- zend_mm_free_block *next = mm_block->next_free_block; ++ zend_mm_free_block *prev = SUHOSIN_MANGLE_PTR(mm_block->prev_free_block); ++ zend_mm_free_block *next = SUHOSIN_MANGLE_PTR(mm_block->next_free_block); + + ZEND_MM_CHECK_MAGIC(mm_block, MEM_BLOCK_FREED); + + if (EXPECTED(prev == mm_block)) { + zend_mm_free_block **rp, **cp; + ++#if SUHOSIN_PATCH ++ if (next != mm_block) { ++ zend_suhosin_log(S_MEMORY, "zend_mm_heap corrupted at %p", mm_block); ++ _exit(1); ++ } ++#endif + #if ZEND_MM_SAFE_UNLINKING + if (UNEXPECTED(next != mm_block)) { + zend_mm_panic("zend_mm_heap corrupted"); +@@ -837,14 +920,21 @@ subst_block: + } + } else { + ++#if SUHOSIN_PATCH ++ if (SUHOSIN_MANGLE_PTR(prev->next_free_block) != mm_block || SUHOSIN_MANGLE_PTR(next->prev_free_block) != mm_block) { ++ zend_suhosin_log(S_MEMORY, "zend_mm_head corrupted at %p", mm_block); ++ _exit(1); ++ } ++#endif ++ + #if ZEND_MM_SAFE_UNLINKING +- if (UNEXPECTED(prev->next_free_block != mm_block) || UNEXPECTED(next->prev_free_block != mm_block)) { ++ if (UNEXPECTED(SUHOSIN_MANGLE_PTR(prev->next_free_block) != mm_block) || UNEXPECTED(SUHOSIN_MANGLE_PTR(next->prev_free_block) != mm_block)) { + zend_mm_panic("zend_mm_heap corrupted"); + } + #endif + +- prev->next_free_block = next; +- next->prev_free_block = prev; ++ prev->next_free_block = SUHOSIN_MANGLE_PTR(next); ++ next->prev_free_block = SUHOSIN_MANGLE_PTR(prev); + + if (EXPECTED(ZEND_MM_SMALL_SIZE(ZEND_MM_FREE_BLOCK_SIZE(mm_block)))) { + if (EXPECTED(prev == next)) { +@@ -860,7 +950,7 @@ subst_block: + } + } + +-static inline void zend_mm_init(zend_mm_heap *heap) ++static void zend_mm_init(zend_mm_heap *heap) + { + zend_mm_free_block* p; + int i; +@@ -878,12 +968,19 @@ static inline void zend_mm_init(zend_mm_ + #endif + p = ZEND_MM_SMALL_FREE_BUCKET(heap, 0); + for (i = 0; i < ZEND_MM_NUM_BUCKETS; i++) { +- p->next_free_block = p; +- p->prev_free_block = p; ++ p->next_free_block = SUHOSIN_MANGLE_PTR(p); ++ p->prev_free_block = SUHOSIN_MANGLE_PTR(p); + p = (zend_mm_free_block*)((char*)p + sizeof(zend_mm_free_block*) * 2); + heap->large_free_buckets[i] = NULL; + } +- heap->rest_buckets[0] = heap->rest_buckets[1] = ZEND_MM_REST_BUCKET(heap); ++ heap->rest_buckets[0] = heap->rest_buckets[1] = SUHOSIN_MANGLE_PTR(ZEND_MM_REST_BUCKET(heap)); ++#if SUHOSIN_PATCH ++ if (SUHOSIN_CONFIG(SUHOSIN_MM_USE_CANARY_PROTECTION)) { ++ zend_canary(&heap->canary_1, sizeof(heap->canary_1)); ++ zend_canary(&heap->canary_2, sizeof(heap->canary_2)); ++ zend_canary(&heap->canary_3, sizeof(heap->canary_3)); ++ } ++#endif + } + + static void zend_mm_del_segment(zend_mm_heap *heap, zend_mm_segment *segment) +@@ -904,12 +1001,13 @@ static void zend_mm_free_cache(zend_mm_h + int i; + + for (i = 0; i < ZEND_MM_NUM_BUCKETS; i++) { ++ /* NULL means NULL even MANGLED */ + if (heap->cache[i]) { +- zend_mm_free_block *mm_block = heap->cache[i]; ++ zend_mm_free_block *mm_block = SUHOSIN_MANGLE_PTR(heap->cache[i]); + + while (mm_block) { + size_t size = ZEND_MM_BLOCK_SIZE(mm_block); +- zend_mm_free_block *q = mm_block->prev_free_block; ++ zend_mm_free_block *q = SUHOSIN_MANGLE_PTR(mm_block->prev_free_block); + zend_mm_block *next_block = ZEND_MM_NEXT_BLOCK(mm_block); + + heap->cached -= size; +@@ -1005,14 +1103,20 @@ static void zend_mm_random(unsigned char + /* }}} */ + #endif + ++ + /* Notes: + * - This function may alter the block_sizes values to match platform alignment + * - This function does *not* perform sanity checks on the arguments + */ +-ZEND_API zend_mm_heap *zend_mm_startup_ex(const zend_mm_mem_handlers *handlers, size_t block_size, size_t reserve_size, int internal, void *params) ++#if SUHOSIN_MM_WITH_CANARY_PROTECTION ++zend_mm_heap *__zend_mm_startup_canary_ex(const zend_mm_mem_handlers *handlers, size_t block_size, size_t reserve_size, int internal, void *params) ++#else ++static zend_mm_heap *__zend_mm_startup_ex(const zend_mm_mem_handlers *handlers, size_t block_size, size_t reserve_size, int internal, void *params) ++#endif + { + zend_mm_storage *storage; + zend_mm_heap *heap; ++ zend_mm_free_block *tmp; + + #if 0 + int i; +@@ -1046,6 +1150,12 @@ ZEND_API zend_mm_heap *zend_mm_startup_e + } + #endif + ++ /* get the pointer guardian and ensure low 3 bits are 1 */ ++ if (SUHOSIN_POINTER_GUARD == 0) { ++ zend_canary(&SUHOSIN_POINTER_GUARD, sizeof(SUHOSIN_POINTER_GUARD)); ++ SUHOSIN_POINTER_GUARD |= 7; ++ } ++ + if (zend_mm_low_bit(block_size) != zend_mm_high_bit(block_size)) { + fprintf(stderr, "'block_size' must be a power of two\n"); + /* See http://support.microsoft.com/kb/190351 */ +@@ -1087,12 +1197,12 @@ ZEND_API zend_mm_heap *zend_mm_startup_e + heap->reserve = NULL; + heap->reserve_size = reserve_size; + if (reserve_size > 0) { +- heap->reserve = _zend_mm_alloc_int(heap, reserve_size ZEND_FILE_LINE_CC ZEND_FILE_LINE_EMPTY_CC); ++ heap->reserve = _zend_mm_alloc(heap, reserve_size ZEND_FILE_LINE_CC ZEND_FILE_LINE_EMPTY_CC); + } + if (internal) { + int i; + zend_mm_free_block *p, *q, *orig; +- zend_mm_heap *mm_heap = _zend_mm_alloc_int(heap, sizeof(zend_mm_heap) ZEND_FILE_LINE_CC ZEND_FILE_LINE_EMPTY_CC); ++ zend_mm_heap *mm_heap = _zend_mm_alloc(heap, sizeof(zend_mm_heap) ZEND_FILE_LINE_CC ZEND_FILE_LINE_EMPTY_CC); + + *mm_heap = *heap; + +@@ -1100,22 +1210,25 @@ ZEND_API zend_mm_heap *zend_mm_startup_e + orig = ZEND_MM_SMALL_FREE_BUCKET(heap, 0); + for (i = 0; i < ZEND_MM_NUM_BUCKETS; i++) { + q = p; +- while (q->prev_free_block != orig) { +- q = q->prev_free_block; ++ while (SUHOSIN_MANGLE_PTR(q->prev_free_block) != orig) { ++ q = SUHOSIN_MANGLE_PTR(q->prev_free_block); + } +- q->prev_free_block = p; ++ q->prev_free_block = SUHOSIN_MANGLE_PTR(p); + q = p; +- while (q->next_free_block != orig) { +- q = q->next_free_block; ++ while (SUHOSIN_MANGLE_PTR(q->next_free_block) != orig) { ++ q = SUHOSIN_MANGLE_PTR(q->next_free_block); + } +- q->next_free_block = p; ++ q->next_free_block = SUHOSIN_MANGLE_PTR(p); + p = (zend_mm_free_block*)((char*)p + sizeof(zend_mm_free_block*) * 2); + orig = (zend_mm_free_block*)((char*)orig + sizeof(zend_mm_free_block*) * 2); + if (mm_heap->large_free_buckets[i]) { + mm_heap->large_free_buckets[i]->parent = &mm_heap->large_free_buckets[i]; + } + } +- mm_heap->rest_buckets[0]->next_free_block = mm_heap->rest_buckets[1]->prev_free_block = ZEND_MM_REST_BUCKET(mm_heap); ++ tmp = SUHOSIN_MANGLE_PTR(mm_heap->rest_buckets[0]); ++ tmp->next_free_block = SUHOSIN_MANGLE_PTR(ZEND_MM_REST_BUCKET(mm_heap)); ++ tmp = SUHOSIN_MANGLE_PTR(mm_heap->rest_buckets[1]); ++ tmp->prev_free_block = SUHOSIN_MANGLE_PTR(ZEND_MM_REST_BUCKET(mm_heap)); + + free(heap); + heap = mm_heap; +@@ -1123,7 +1236,11 @@ ZEND_API zend_mm_heap *zend_mm_startup_e + return heap; + } + +-ZEND_API zend_mm_heap *zend_mm_startup(void) ++#if SUHOSIN_MM_WITH_CANARY_PROTECTION ++zend_mm_heap *__zend_mm_startup_canary(void) ++#else ++static zend_mm_heap *__zend_mm_startup(void) ++#endif + { + int i; + size_t seg_size; +@@ -1193,6 +1310,27 @@ ZEND_API zend_mm_heap *zend_mm_startup(v + return heap; + } + ++#ifndef SUHOSIN_MM_CLONE_FILE ++zend_mm_heap_canary *__zend_mm_startup_canary_ex(const zend_mm_mem_handlers *handlers, size_t block_size, size_t reserve_size, int internal, void *params); ++zend_mm_heap_canary *__zend_mm_startup_canary(void); ++ ++ZEND_API zend_mm_heap *zend_mm_startup_ex(const zend_mm_mem_handlers *handlers, size_t block_size, size_t reserve_size, int internal, void *params) ++{ ++ if (SUHOSIN_CONFIG(SUHOSIN_MM_USE_CANARY_PROTECTION)) { ++ return (zend_mm_heap *)__zend_mm_startup_canary_ex(handlers, block_size, reserve_size, internal, params); ++ } ++ return __zend_mm_startup_ex(handlers, block_size, reserve_size, internal, params); ++} ++ZEND_API zend_mm_heap *zend_mm_startup(void) ++{ ++ if (SUHOSIN_CONFIG(SUHOSIN_MM_USE_CANARY_PROTECTION)) { ++ return (zend_mm_heap *)__zend_mm_startup_canary(); ++ } ++ return __zend_mm_startup(); ++} ++ ++#endif ++ + #if ZEND_DEBUG + static long zend_mm_find_leaks(zend_mm_segment *segment, zend_mm_block *b) + { +@@ -1561,7 +1699,11 @@ static int zend_mm_check_heap(zend_mm_he + } + #endif + +-ZEND_API void zend_mm_shutdown(zend_mm_heap *heap, int full_shutdown, int silent TSRMLS_DC) ++#if SUHOSIN_MM_WITH_CANARY_PROTECTION ++void __zend_mm_shutdown_canary(zend_mm_heap *heap, int full_shutdown, int silent TSRMLS_DC) ++#else ++static void __zend_mm_shutdown(zend_mm_heap *heap, int full_shutdown, int silent TSRMLS_DC) ++#endif + { + zend_mm_storage *storage; + zend_mm_segment *segment; +@@ -1571,7 +1713,7 @@ ZEND_API void zend_mm_shutdown(zend_mm_h + if (heap->reserve) { + #if ZEND_DEBUG + if (!silent) { +- _zend_mm_free_int(heap, heap->reserve ZEND_FILE_LINE_CC ZEND_FILE_LINE_EMPTY_CC); ++ _zend_mm_free(heap, heap->reserve ZEND_FILE_LINE_CC ZEND_FILE_LINE_EMPTY_CC); + } + #endif + heap->reserve = NULL; +@@ -1654,12 +1796,23 @@ ZEND_API void zend_mm_shutdown(zend_mm_h + heap->size = 0; + heap->peak = 0; + if (heap->reserve_size) { +- heap->reserve = _zend_mm_alloc_int(heap, heap->reserve_size ZEND_FILE_LINE_CC ZEND_FILE_LINE_EMPTY_CC); ++ heap->reserve = _zend_mm_alloc(heap, heap->reserve_size ZEND_FILE_LINE_CC ZEND_FILE_LINE_EMPTY_CC); + } + heap->overflow = 0; + } + } + ++#ifndef SUHOSIN_MM_CLONE_FILE ++ZEND_API void zend_mm_shutdown(zend_mm_heap *heap, int full_shutdown, int silent TSRMLS_DC) ++{ ++ if (SUHOSIN_CONFIG(SUHOSIN_MM_USE_CANARY_PROTECTION)) { ++ __zend_mm_shutdown_canary(heap, full_shutdown, silent TSRMLS_CC); ++ return; ++ } ++ __zend_mm_shutdown(heap, full_shutdown, silent TSRMLS_CC); ++} ++#endif ++ + static void zend_mm_safe_error(zend_mm_heap *heap, + const char *format, + size_t limit, +@@ -1670,7 +1823,11 @@ static void zend_mm_safe_error(zend_mm_h + size_t size) + { + if (heap->reserve) { ++#if SUHOSIN_MM_WITH_CANARY_PROTECTION ++ _zend_mm_free_canary_int(heap, heap->reserve ZEND_FILE_LINE_CC ZEND_FILE_LINE_EMPTY_CC); ++#else + _zend_mm_free_int(heap, heap->reserve ZEND_FILE_LINE_CC ZEND_FILE_LINE_EMPTY_CC); ++#endif + heap->reserve = NULL; + } + if (heap->overflow == 0) { +@@ -1745,7 +1902,7 @@ static zend_mm_free_block *zend_mm_searc + p = heap->large_free_buckets[index]; + for (m = true_size << (ZEND_MM_NUM_BUCKETS - index); ; m <<= 1) { + if (UNEXPECTED(ZEND_MM_FREE_BLOCK_SIZE(p) == true_size)) { +- return p->next_free_block; ++ return SUHOSIN_MANGLE_PTR(p->next_free_block); + } else if (ZEND_MM_FREE_BLOCK_SIZE(p) >= true_size && + ZEND_MM_FREE_BLOCK_SIZE(p) < best_size) { + best_size = ZEND_MM_FREE_BLOCK_SIZE(p); +@@ -1769,7 +1926,7 @@ static zend_mm_free_block *zend_mm_searc + + for (p = rst; p; p = p->child[p->child[0] != NULL]) { + if (UNEXPECTED(ZEND_MM_FREE_BLOCK_SIZE(p) == true_size)) { +- return p->next_free_block; ++ return SUHOSIN_MANGLE_PTR(p->next_free_block); + } else if (ZEND_MM_FREE_BLOCK_SIZE(p) > true_size && + ZEND_MM_FREE_BLOCK_SIZE(p) < best_size) { + best_size = ZEND_MM_FREE_BLOCK_SIZE(p); +@@ -1778,7 +1935,7 @@ static zend_mm_free_block *zend_mm_searc + } + + if (best_fit) { +- return best_fit->next_free_block; ++ return SUHOSIN_MANGLE_PTR(best_fit->next_free_block); + } + bitmap = bitmap >> 1; + if (!bitmap) { +@@ -1794,9 +1951,12 @@ static zend_mm_free_block *zend_mm_searc + best_fit = p; + } + } +- return best_fit->next_free_block; ++ return SUHOSIN_MANGLE_PTR(best_fit->next_free_block); + } + ++#if SUHOSIN_PATCH ++void *_zend_mm_alloc_canary_int(zend_mm_heap_canary *heap, size_t size ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC); ++#endif + static void *_zend_mm_alloc_int(zend_mm_heap *heap, size_t size ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC) + { + zend_mm_free_block *best_fit; +@@ -1806,7 +1966,7 @@ static void *_zend_mm_alloc_int(zend_mm_ + size_t segment_size; + zend_mm_segment *segment; + int keep_rest = 0; +- ++ + if (EXPECTED(ZEND_MM_SMALL_SIZE(true_size))) { + size_t index = ZEND_MM_BUCKET_INDEX(true_size); + size_t bitmap; +@@ -1821,9 +1981,14 @@ static void *_zend_mm_alloc_int(zend_mm_ + heap->cache_stat[index].count--; + heap->cache_stat[index].hit++; + #endif +- best_fit = heap->cache[index]; ++ best_fit = SUHOSIN_MANGLE_PTR(heap->cache[index]); + heap->cache[index] = best_fit->prev_free_block; + heap->cached -= true_size; ++#if SUHOSIN_PATCH ++ SUHOSIN_MM_SET_CANARIES(best_fit); ++ ((zend_mm_block*)best_fit)->info.size = size; ++ SUHOSIN_MM_SET_END_CANARY(best_fit); ++#endif + ZEND_MM_CHECK_MAGIC(best_fit, MEM_BLOCK_CACHED); + ZEND_MM_SET_DEBUG_INFO(best_fit, size, 1, 0); + return ZEND_MM_DATA_OF(best_fit); +@@ -1837,7 +2002,7 @@ static void *_zend_mm_alloc_int(zend_mm_ + if (bitmap) { + /* Found some "small" free block that can be used */ + index += zend_mm_low_bit(bitmap); +- best_fit = heap->free_buckets[index*2]; ++ best_fit = SUHOSIN_MANGLE_PTR(heap->free_buckets[index*2]); + #if ZEND_MM_CACHE_STAT + heap->cache_stat[ZEND_MM_NUM_BUCKETS].hit++; + #endif +@@ -1852,7 +2017,7 @@ static void *_zend_mm_alloc_int(zend_mm_ + best_fit = zend_mm_search_large_block(heap, true_size); + + if (!best_fit && heap->real_size >= heap->limit - heap->block_size) { +- zend_mm_free_block *p = heap->rest_buckets[0]; ++ zend_mm_free_block *p = SUHOSIN_MANGLE_PTR(heap->rest_buckets[0]); + size_t best_size = -1; + + while (p != ZEND_MM_REST_BUCKET(heap)) { +@@ -1864,7 +2029,7 @@ static void *_zend_mm_alloc_int(zend_mm_ + best_size = ZEND_MM_FREE_BLOCK_SIZE(p); + best_fit = p; + } +- p = p->prev_free_block; ++ p = SUHOSIN_MANGLE_PTR(p->prev_free_block); + } + } + +@@ -1963,13 +2128,19 @@ zend_mm_finished_searching_for_block: + + ZEND_MM_SET_DEBUG_INFO(best_fit, size, 1, 1); + ++#if SUHOSIN_PATCH ++ SUHOSIN_MM_SET_CANARIES(best_fit); ++ ((zend_mm_block*)best_fit)->info.size = size; ++ SUHOSIN_MM_SET_END_CANARY(best_fit); ++#endif ++ + heap->size += true_size; + if (heap->peak < heap->size) { + heap->peak = heap->size; + } + + HANDLE_UNBLOCK_INTERRUPTIONS(); +- ++ + return ZEND_MM_DATA_OF(best_fit); + } + +@@ -1986,19 +2157,26 @@ static void _zend_mm_free_int(zend_mm_he + + mm_block = ZEND_MM_HEADER_OF(p); + size = ZEND_MM_BLOCK_SIZE(mm_block); ++#if SUHOSIN_PATCH ++ SUHOSIN_MM_CHECK_CANARIES(mm_block, "efree()"); ++#endif + ZEND_MM_CHECK_PROTECTION(mm_block); + + #if ZEND_DEBUG || ZEND_MM_HEAP_PROTECTION + memset(ZEND_MM_DATA_OF(mm_block), 0x5a, mm_block->debug.size); + #endif +- ++#if SUHOSIN_PATCH ++ if (UNEXPECTED(SUHOSIN_CONFIG(SUHOSIN_MM_DESTROY_FREE_MEMORY))) { ++ memset(ZEND_MM_DATA_OF(mm_block), 0x5a, mm_block->info.size); ++ } ++#endif + #if ZEND_MM_CACHE + if (EXPECTED(ZEND_MM_SMALL_SIZE(size)) && EXPECTED(heap->cached < ZEND_MM_CACHE_SIZE)) { + size_t index = ZEND_MM_BUCKET_INDEX(size); + zend_mm_free_block **cache = &heap->cache[index]; + + ((zend_mm_free_block*)mm_block)->prev_free_block = *cache; +- *cache = (zend_mm_free_block*)mm_block; ++ *cache = (zend_mm_free_block*)SUHOSIN_MANGLE_PTR(mm_block); + heap->cached += size; + ZEND_MM_SET_MAGIC(mm_block, MEM_BLOCK_CACHED); + #if ZEND_MM_CACHE_STAT +@@ -2034,6 +2212,9 @@ static void _zend_mm_free_int(zend_mm_he + HANDLE_UNBLOCK_INTERRUPTIONS(); + } + ++#if SUHOSIN_PATCH ++void *_zend_mm_realloc_canary_int(zend_mm_heap_canary *heap, void *p, size_t size ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC); ++#endif + static void *_zend_mm_realloc_int(zend_mm_heap *heap, void *p, size_t size ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC) + { + zend_mm_block *mm_block = ZEND_MM_HEADER_OF(p); +@@ -2043,11 +2224,18 @@ static void *_zend_mm_realloc_int(zend_m + void *ptr; + + if (UNEXPECTED(!p) || !ZEND_MM_VALID_PTR(p)) { ++#ifdef SUHOSIN_MM_WITH_CANARY_PROTECTION ++ return _zend_mm_alloc_canary_int(heap, size ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC); ++#else + return _zend_mm_alloc_int(heap, size ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC); ++#endif + } + mm_block = ZEND_MM_HEADER_OF(p); + true_size = ZEND_MM_TRUE_SIZE(size); + orig_size = ZEND_MM_BLOCK_SIZE(mm_block); ++#if SUHOSIN_PATCH ++ SUHOSIN_MM_CHECK_CANARIES(mm_block, "erealloc()"); ++#endif + ZEND_MM_CHECK_PROTECTION(mm_block); + + if (UNEXPECTED(true_size < size)) { +@@ -2079,6 +2267,11 @@ static void *_zend_mm_realloc_int(zend_m + HANDLE_UNBLOCK_INTERRUPTIONS(); + } + ZEND_MM_SET_DEBUG_INFO(mm_block, size, 0, 0); ++#if SUHOSIN_PATCH ++ SUHOSIN_MM_SET_CANARIES(mm_block); ++ ((zend_mm_block*)mm_block)->info.size = size; ++ SUHOSIN_MM_SET_END_CANARY(mm_block); ++#endif + return p; + } + +@@ -2094,17 +2287,22 @@ static void *_zend_mm_realloc_int(zend_m + heap->cache_stat[index].count--; + heap->cache_stat[index].hit++; + #endif +- best_fit = heap->cache[index]; ++ best_fit = SUHOSIN_MANGLE_PTR(heap->cache[index]); + heap->cache[index] = best_fit->prev_free_block; + ZEND_MM_CHECK_MAGIC(best_fit, MEM_BLOCK_CACHED); +- ZEND_MM_SET_DEBUG_INFO(best_fit, size, 1, 0); +- ++ ZEND_MM_SET_DEBUG_INFO(best_fit, size, 1, 0); ++#if SUHOSIN_PATCH ++ SUHOSIN_MM_SET_CANARIES(best_fit); ++ ((zend_mm_block*)best_fit)->info.size = size; ++ SUHOSIN_MM_SET_END_CANARY(best_fit); ++#endif ++ + ptr = ZEND_MM_DATA_OF(best_fit); + + #if ZEND_DEBUG || ZEND_MM_HEAP_PROTECTION + memcpy(ptr, p, mm_block->debug.size); + #else +- memcpy(ptr, p, orig_size - ZEND_MM_ALIGNED_HEADER_SIZE); ++ memcpy(ptr, p, orig_size - ZEND_MM_ALIGNED_HEADER_SIZE - CANARY_SIZE); + #endif + + heap->cached -= true_size - orig_size; +@@ -2113,14 +2311,13 @@ static void *_zend_mm_realloc_int(zend_m + cache = &heap->cache[index]; + + ((zend_mm_free_block*)mm_block)->prev_free_block = *cache; +- *cache = (zend_mm_free_block*)mm_block; ++ *cache = (zend_mm_free_block*)SUHOSIN_MANGLE_PTR(mm_block); + ZEND_MM_SET_MAGIC(mm_block, MEM_BLOCK_CACHED); + #if ZEND_MM_CACHE_STAT + if (++heap->cache_stat[index].count > heap->cache_stat[index].max_count) { + heap->cache_stat[index].max_count = heap->cache_stat[index].count; + } + #endif +- + return ptr; + } + } +@@ -2163,6 +2360,11 @@ static void *_zend_mm_realloc_int(zend_m + heap->peak = heap->size; + } + HANDLE_UNBLOCK_INTERRUPTIONS(); ++#if SUHOSIN_PATCH ++ SUHOSIN_MM_SET_CANARIES(mm_block); ++ ((zend_mm_block*)mm_block)->info.size = size; ++ SUHOSIN_MM_SET_END_CANARY(mm_block); ++#endif + return p; + } else if (ZEND_MM_IS_FIRST_BLOCK(mm_block) && + ZEND_MM_IS_GUARD_BLOCK(ZEND_MM_BLOCK_AT(next_block, ZEND_MM_FREE_BLOCK_SIZE(next_block)))) { +@@ -2265,38 +2467,90 @@ out_of_memory: + } + + HANDLE_UNBLOCK_INTERRUPTIONS(); ++#if SUHOSIN_PATCH ++ SUHOSIN_MM_SET_CANARIES(mm_block); ++ ((zend_mm_block*)mm_block)->info.size = size; ++ SUHOSIN_MM_SET_END_CANARY(mm_block); ++#endif + return ZEND_MM_DATA_OF(mm_block); + } + ++#ifdef SUHOSIN_MM_WITH_CANARY_PROTECTION ++ ptr = _zend_mm_alloc_canary_int(heap, size ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC); ++#else + ptr = _zend_mm_alloc_int(heap, size ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC); ++#endif + #if ZEND_DEBUG || ZEND_MM_HEAP_PROTECTION + memcpy(ptr, p, mm_block->debug.size); + #else +- memcpy(ptr, p, orig_size - ZEND_MM_ALIGNED_HEADER_SIZE); ++ memcpy(ptr, p, orig_size - ZEND_MM_ALIGNED_HEADER_SIZE - CANARY_SIZE); + #endif ++#ifdef SUHOSIN_MM_WITH_CANARY_PROTECTION ++ _zend_mm_free_canary_int(heap, p ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC); ++#else + _zend_mm_free_int(heap, p ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC); ++#endif + return ptr; + } + ++#ifndef SUHOSIN_MM_CLONE_FILE + ZEND_API void *_zend_mm_alloc(zend_mm_heap *heap, size_t size ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC) + { +- return _zend_mm_alloc_int(heap, size ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC); ++#if SUHOSIN_PATCH ++ if (UNEXPECTED(SUHOSIN_CONFIG(SUHOSIN_MM_USE_CANARY_PROTECTION) == 0)) ++#endif ++ return _zend_mm_alloc_int(heap, size ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC); ++#if SUHOSIN_PATCH ++ return _zend_mm_alloc_canary_int((zend_mm_heap_canary *)heap, size ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC); ++#endif + } + + ZEND_API void _zend_mm_free(zend_mm_heap *heap, void *p ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC) + { +- _zend_mm_free_int(heap, p ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC); ++#if SUHOSIN_PATCH ++ if (UNEXPECTED(SUHOSIN_CONFIG(SUHOSIN_MM_USE_CANARY_PROTECTION) == 0)) ++#endif ++ { _zend_mm_free_int(heap, p ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC); return; } ++#if SUHOSIN_PATCH ++ _zend_mm_free_canary_int((zend_mm_heap_canary *)heap, p ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC); ++#endif + } + + ZEND_API void *_zend_mm_realloc(zend_mm_heap *heap, void *ptr, size_t size ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC) + { +- return _zend_mm_realloc_int(heap, ptr, size ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC); ++#if SUHOSIN_PATCH ++ if (UNEXPECTED(SUHOSIN_CONFIG(SUHOSIN_MM_USE_CANARY_PROTECTION) == 0)) ++#endif ++ return _zend_mm_realloc_int(heap, ptr, size ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC); ++#if SUHOSIN_PATCH ++ return _zend_mm_realloc_canary_int((zend_mm_heap_canary *)heap, ptr, size ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC); ++#endif + } + + ZEND_API size_t _zend_mm_block_size(zend_mm_heap *heap, void *p ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC) + { + zend_mm_block *mm_block; + ++ if (SUHOSIN_CONFIG(SUHOSIN_MM_USE_CANARY_PROTECTION) != 0) { ++ return _zend_mm_block_size_canary((zend_mm_heap_canary *)heap, p ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC); ++ } ++ ++ if (!ZEND_MM_VALID_PTR(p)) { ++ return 0; ++ } ++ mm_block = ZEND_MM_HEADER_OF(p); ++ ZEND_MM_CHECK_PROTECTION(mm_block); ++#if ZEND_DEBUG || ZEND_MM_HEAP_PROTECTION ++ return mm_block->debug.size; ++#else ++ return ZEND_MM_BLOCK_SIZE(mm_block); ++#endif ++} ++#else ++ZEND_API size_t _zend_mm_block_size_canary(zend_mm_heap *heap, void *p ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC) ++{ ++ zend_mm_block *mm_block; ++ + if (!ZEND_MM_VALID_PTR(p)) { + return 0; + } +@@ -2309,6 +2563,8 @@ ZEND_API size_t _zend_mm_block_size(zend + #endif + } + ++#endif ++ + /**********************/ + /* Allocation Manager */ + /**********************/ +@@ -2325,6 +2581,7 @@ static int alloc_globals_id; + static zend_alloc_globals alloc_globals; + #endif + ++#ifndef SUHOSIN_MM_CLONE_FILE + ZEND_API int is_zend_mm(TSRMLS_D) + { + return AG(mm_heap)->use_zend_alloc; +@@ -2337,7 +2594,13 @@ ZEND_API void *_emalloc(size_t size ZEND + if (UNEXPECTED(!AG(mm_heap)->use_zend_alloc)) { + return AG(mm_heap)->_malloc(size); + } ++#if SUHOSIN_PATCH ++ if (UNEXPECTED(SUHOSIN_CONFIG(SUHOSIN_MM_USE_CANARY_PROTECTION) == 0)) ++#endif + return _zend_mm_alloc_int(AG(mm_heap), size ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC); ++#if SUHOSIN_PATCH ++ return _zend_mm_alloc_canary_int((zend_mm_heap_canary *)AG(mm_heap), size ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC); ++#endif + } + + ZEND_API void _efree(void *ptr ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC) +@@ -2348,7 +2611,13 @@ ZEND_API void _efree(void *ptr ZEND_FILE + AG(mm_heap)->_free(ptr); + return; + } +- _zend_mm_free_int(AG(mm_heap), ptr ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC); ++#if SUHOSIN_PATCH ++ if (UNEXPECTED(SUHOSIN_CONFIG(SUHOSIN_MM_USE_CANARY_PROTECTION) == 0)) ++#endif ++ { _zend_mm_free_int(AG(mm_heap), ptr ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC); return; } ++#if SUHOSIN_PATCH ++ _zend_mm_free_canary_int((zend_mm_heap_canary *)AG(mm_heap), ptr ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC); ++#endif + } + + ZEND_API void *_erealloc(void *ptr, size_t size, int allow_failure ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC) +@@ -2358,7 +2627,13 @@ ZEND_API void *_erealloc(void *ptr, size + if (UNEXPECTED(!AG(mm_heap)->use_zend_alloc)) { + return AG(mm_heap)->_realloc(ptr, size); + } ++#if SUHOSIN_PATCH ++ if (UNEXPECTED(SUHOSIN_CONFIG(SUHOSIN_MM_USE_CANARY_PROTECTION) == 0)) ++#endif + return _zend_mm_realloc_int(AG(mm_heap), ptr, size ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC); ++#if SUHOSIN_PATCH ++ return _zend_mm_realloc_canary_int((zend_mm_heap_canary *)AG(mm_heap), ptr, size ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC); ++#endif + } + + ZEND_API size_t _zend_mem_block_size(void *ptr TSRMLS_DC ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC) +@@ -2366,8 +2641,15 @@ ZEND_API size_t _zend_mem_block_size(voi + if (UNEXPECTED(!AG(mm_heap)->use_zend_alloc)) { + return 0; + } +- return _zend_mm_block_size(AG(mm_heap), ptr ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC); ++#if SUHOSIN_PATCH ++ if (UNEXPECTED(SUHOSIN_CONFIG(SUHOSIN_MM_USE_CANARY_PROTECTION) == 0)) ++#endif ++ return _zend_mm_block_size(AG(mm_heap), ptr ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC); ++#if SUHOSIN_PATCH ++ return _zend_mm_block_size_canary((zend_mm_heap_canary *)AG(mm_heap), ptr ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC); ++#endif + } ++#endif + + #if defined(__GNUC__) && defined(i386) + +@@ -2438,7 +2720,7 @@ static inline size_t safe_address(size_t + } + #endif + +- ++#ifndef SUHOSIN_MM_CLONE_FILE + ZEND_API void *_safe_emalloc(size_t nmemb, size_t size, size_t offset ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC) + { + return emalloc_rel(safe_address(nmemb, size, offset)); +@@ -2551,6 +2833,7 @@ ZEND_API void shutdown_memory_manager(in + { + zend_mm_shutdown(AG(mm_heap), full_shutdown, silent TSRMLS_CC); + } ++#endif + + static void alloc_globals_ctor(zend_alloc_globals *alloc_globals TSRMLS_DC) + { +@@ -2575,6 +2858,7 @@ static void alloc_globals_dtor(zend_allo + } + #endif + ++#ifndef SUHOSIN_MM_CLONE_FILE + ZEND_API void start_memory_manager(TSRMLS_D) + { + #ifdef ZTS +@@ -2639,6 +2923,7 @@ ZEND_API void _full_mem_check(int silent + zend_debug_alloc_output("------------------------------------------------\n"); + } + #endif ++#endif + + /* + * Local variables: +--- a/Zend/zend_alloc.h ++++ b/Zend/zend_alloc.h +@@ -203,6 +203,8 @@ END_EXTERN_C() + + /* Heap functions */ + typedef struct _zend_mm_heap zend_mm_heap; ++typedef struct _zend_mm_heap_canary zend_mm_heap_canary; ++ + + ZEND_API zend_mm_heap *zend_mm_startup(void); + ZEND_API void zend_mm_shutdown(zend_mm_heap *heap, int full_shutdown, int silent TSRMLS_DC); +--- /dev/null ++++ b/Zend/zend_alloc_canary.c +@@ -0,0 +1,2502 @@ ++/* ++ +----------------------------------------------------------------------+ ++ | Suhosin-Patch for PHP | ++ +----------------------------------------------------------------------+ ++ | Copyright (c) 2004-2010 Stefan Esser | ++ +----------------------------------------------------------------------+ ++ | This source file is subject to version 2.02 of the PHP license, | ++ | that is bundled with this package in the file LICENSE, and is | ++ | available at through the world-wide-web at | ++ | http://www.php.net/license/2_02.txt. | ++ | If you did not receive a copy of the PHP license and are unable to | ++ | obtain it through the world-wide-web, please send a note to | ++ | license@php.net so we can mail you a copy immediately. | ++ +----------------------------------------------------------------------+ ++ | Author: Stefan Esser | ++ +----------------------------------------------------------------------+ ++ */ ++/* $Id: zend_alloc_canary.c, $ */ ++ ++#include "zend.h" ++#include "zend_alloc.h" ++#include "zend_globals.h" ++#include "zend_operators.h" ++ ++#ifdef HAVE_SIGNAL_H ++# include ++#endif ++#ifdef HAVE_UNISTD_H ++# include ++#endif ++ ++#if SUHOSIN_PATCH ++#include "suhosin_patch.h" ++#endif ++ ++#ifdef ZEND_WIN32 ++# include ++# include ++#endif ++ ++#ifndef ZEND_MM_HEAP_PROTECTION ++# define ZEND_MM_HEAP_PROTECTION ZEND_DEBUG ++#endif ++ ++#ifndef ZEND_MM_SAFE_UNLINKING ++# define ZEND_MM_SAFE_UNLINKING 1 ++#endif ++ ++#ifndef ZEND_MM_COOKIES ++# define ZEND_MM_COOKIES ZEND_DEBUG ++#endif ++ ++#ifdef _WIN64 ++# define PTR_FMT "0x%0.16I64x" ++/* ++#elif sizeof(long) == 8 ++# define PTR_FMT "0x%0.16lx" ++*/ ++#else ++# define PTR_FMT "0x%0.8lx" ++#endif ++ ++#define SUHOSIN_MM_WITH_CANARY_PROTECTION 1 ++ ++#if (defined (__GNUC__) && __GNUC__ > 2 ) && !defined(__INTEL_COMPILER) && !defined(DARWIN) && !defined(__hpux) && !defined(_AIX) ++static void zend_mm_panic(const char *message) __attribute__ ((noreturn)); ++#endif ++ ++static void zend_mm_panic(const char *message) ++{ ++ fprintf(stderr, "%s\n", message); ++/* See http://support.microsoft.com/kb/190351 */ ++#ifdef PHP_WIN32 ++ fflush(stderr); ++#endif ++#if ZEND_DEBUG && defined(HAVE_KILL) && defined(HAVE_GETPID) ++ kill(getpid(), SIGSEGV); ++#endif ++ exit(1); ++} ++ ++/*******************/ ++/* Storage Manager */ ++/*******************/ ++ ++#ifdef ZEND_WIN32 ++# define HAVE_MEM_WIN32 /* use VirtualAlloc() to allocate memory */ ++#endif ++#define HAVE_MEM_MALLOC /* use malloc() to allocate segments */ ++ ++#include ++#include ++#if HAVE_LIMITS_H ++#include ++#endif ++#include ++#include ++ ++#if defined(HAVE_MEM_MMAP_ANON) || defined(HAVE_MEM_MMAP_ZERO) ++# ifdef HAVE_MREMAP ++# ifndef _GNU_SOURCE ++# define _GNU_SOURCE ++# endif ++# ifndef __USE_GNU ++# define __USE_GNU ++# endif ++# endif ++# include ++# ifndef MAP_ANON ++# ifdef MAP_ANONYMOUS ++# define MAP_ANON MAP_ANONYMOUS ++# endif ++# endif ++# ifndef MREMAP_MAYMOVE ++# define MREMAP_MAYMOVE 0 ++# endif ++# ifndef MAP_FAILED ++# define MAP_FAILED ((void*)-1) ++# endif ++#endif ++ ++static zend_intptr_t SUHOSIN_POINTER_GUARD = 0; ++ ++static zend_mm_storage* zend_mm_mem_dummy_init(void *params) ++{ ++ return malloc(sizeof(zend_mm_storage)); ++} ++ ++static void zend_mm_mem_dummy_dtor(zend_mm_storage *storage) ++{ ++ free(storage); ++} ++ ++static void zend_mm_mem_dummy_compact(zend_mm_storage *storage) ++{ ++} ++ ++#if defined(HAVE_MEM_MMAP_ANON) || defined(HAVE_MEM_MMAP_ZERO) ++ ++static zend_mm_segment* zend_mm_mem_mmap_realloc(zend_mm_storage *storage, zend_mm_segment* segment, size_t size) ++{ ++ zend_mm_segment *ret; ++#ifdef HAVE_MREMAP ++#if defined(__NetBSD__) ++ /* NetBSD 5 supports mremap but takes an extra newp argument */ ++ ret = (zend_mm_segment*)mremap(segment, segment->size, segment, size, MREMAP_MAYMOVE); ++#else ++ ret = (zend_mm_segment*)mremap(segment, segment->size, size, MREMAP_MAYMOVE); ++#endif ++ if (ret == MAP_FAILED) { ++#endif ++ ret = storage->handlers->_alloc(storage, size); ++ if (ret) { ++ memcpy(ret, segment, size > segment->size ? segment->size : size); ++ storage->handlers->_free(storage, segment); ++ } ++#ifdef HAVE_MREMAP ++ } ++#endif ++ return ret; ++} ++ ++static void zend_mm_mem_mmap_free(zend_mm_storage *storage, zend_mm_segment* segment) ++{ ++ munmap((void*)segment, segment->size); ++} ++ ++#endif ++ ++#ifdef HAVE_MEM_MMAP_ANON ++ ++static zend_mm_segment* zend_mm_mem_mmap_anon_alloc(zend_mm_storage *storage, size_t size) ++{ ++ zend_mm_segment *ret = (zend_mm_segment*)mmap(NULL, size, PROT_READ | PROT_WRITE, MAP_PRIVATE | MAP_ANON, -1, 0); ++ if (ret == MAP_FAILED) { ++ ret = NULL; ++ } ++ return ret; ++} ++ ++# define ZEND_MM_MEM_MMAP_ANON_DSC {"mmap_anon", zend_mm_mem_dummy_init, zend_mm_mem_dummy_dtor, zend_mm_mem_dummy_compact, zend_mm_mem_mmap_anon_alloc, zend_mm_mem_mmap_realloc, zend_mm_mem_mmap_free} ++ ++#endif ++ ++#ifdef HAVE_MEM_MMAP_ZERO ++ ++static int zend_mm_dev_zero_fd = -1; ++ ++static zend_mm_storage* zend_mm_mem_mmap_zero_init(void *params) ++{ ++ if (zend_mm_dev_zero_fd != -1) { ++ zend_mm_dev_zero_fd = open("/dev/zero", O_RDWR, S_IRUSR | S_IWUSR); ++ } ++ if (zend_mm_dev_zero_fd >= 0) { ++ return malloc(sizeof(zend_mm_storage)); ++ } else { ++ return NULL; ++ } ++} ++ ++static void zend_mm_mem_mmap_zero_dtor(zend_mm_storage *storage) ++{ ++ close(zend_mm_dev_zero_fd); ++ free(storage); ++} ++ ++static zend_mm_segment* zend_mm_mem_mmap_zero_alloc(zend_mm_storage *storage, size_t size) ++{ ++ zend_mm_segment *ret = (zend_mm_segment*)mmap(NULL, size, PROT_READ | PROT_WRITE, MAP_PRIVATE, zend_mm_dev_zero_fd, 0); ++ if (ret == MAP_FAILED) { ++ ret = NULL; ++ } ++ return ret; ++} ++ ++# define ZEND_MM_MEM_MMAP_ZERO_DSC {"mmap_zero", zend_mm_mem_mmap_zero_init, zend_mm_mem_mmap_zero_dtor, zend_mm_mem_dummy_compact, zend_mm_mem_mmap_zero_alloc, zend_mm_mem_mmap_realloc, zend_mm_mem_mmap_free} ++ ++#endif ++ ++#ifdef HAVE_MEM_WIN32 ++ ++static zend_mm_storage* zend_mm_mem_win32_init(void *params) ++{ ++ HANDLE heap = HeapCreate(HEAP_NO_SERIALIZE, 0, 0); ++ zend_mm_storage* storage; ++ ++ if (heap == NULL) { ++ return NULL; ++ } ++ storage = (zend_mm_storage*)malloc(sizeof(zend_mm_storage)); ++ storage->data = (void*) heap; ++ return storage; ++} ++ ++static void zend_mm_mem_win32_dtor(zend_mm_storage *storage) ++{ ++ HeapDestroy((HANDLE)storage->data); ++ free(storage); ++} ++ ++static void zend_mm_mem_win32_compact(zend_mm_storage *storage) ++{ ++ HeapDestroy((HANDLE)storage->data); ++ storage->data = (void*)HeapCreate(HEAP_NO_SERIALIZE, 0, 0); ++} ++ ++static zend_mm_segment* zend_mm_mem_win32_alloc(zend_mm_storage *storage, size_t size) ++{ ++ return (zend_mm_segment*) HeapAlloc((HANDLE)storage->data, HEAP_NO_SERIALIZE, size); ++} ++ ++static void zend_mm_mem_win32_free(zend_mm_storage *storage, zend_mm_segment* segment) ++{ ++ HeapFree((HANDLE)storage->data, HEAP_NO_SERIALIZE, segment); ++} ++ ++static zend_mm_segment* zend_mm_mem_win32_realloc(zend_mm_storage *storage, zend_mm_segment* segment, size_t size) ++{ ++ return (zend_mm_segment*) HeapReAlloc((HANDLE)storage->data, HEAP_NO_SERIALIZE, segment, size); ++} ++ ++# define ZEND_MM_MEM_WIN32_DSC {"win32", zend_mm_mem_win32_init, zend_mm_mem_win32_dtor, zend_mm_mem_win32_compact, zend_mm_mem_win32_alloc, zend_mm_mem_win32_realloc, zend_mm_mem_win32_free} ++ ++#endif ++ ++#ifdef HAVE_MEM_MALLOC ++ ++static zend_mm_segment* zend_mm_mem_malloc_alloc(zend_mm_storage *storage, size_t size) ++{ ++ return (zend_mm_segment*)malloc(size); ++} ++ ++static zend_mm_segment* zend_mm_mem_malloc_realloc(zend_mm_storage *storage, zend_mm_segment *ptr, size_t size) ++{ ++ return (zend_mm_segment*)realloc(ptr, size); ++} ++ ++static void zend_mm_mem_malloc_free(zend_mm_storage *storage, zend_mm_segment *ptr) ++{ ++ free(ptr); ++} ++ ++# define ZEND_MM_MEM_MALLOC_DSC {"malloc", zend_mm_mem_dummy_init, zend_mm_mem_dummy_dtor, zend_mm_mem_dummy_compact, zend_mm_mem_malloc_alloc, zend_mm_mem_malloc_realloc, zend_mm_mem_malloc_free} ++ ++#endif ++ ++static const zend_mm_mem_handlers mem_handlers[] = { ++#ifdef HAVE_MEM_WIN32 ++ ZEND_MM_MEM_WIN32_DSC, ++#endif ++#ifdef HAVE_MEM_MALLOC ++ ZEND_MM_MEM_MALLOC_DSC, ++#endif ++#ifdef HAVE_MEM_MMAP_ANON ++ ZEND_MM_MEM_MMAP_ANON_DSC, ++#endif ++#ifdef HAVE_MEM_MMAP_ZERO ++ ZEND_MM_MEM_MMAP_ZERO_DSC, ++#endif ++ {NULL, NULL, NULL, NULL, NULL, NULL} ++}; ++ ++# define ZEND_MM_STORAGE_DTOR() heap->storage->handlers->dtor(heap->storage) ++# define ZEND_MM_STORAGE_ALLOC(size) heap->storage->handlers->_alloc(heap->storage, size) ++# define ZEND_MM_STORAGE_REALLOC(ptr, size) heap->storage->handlers->_realloc(heap->storage, ptr, size) ++# define ZEND_MM_STORAGE_FREE(ptr) heap->storage->handlers->_free(heap->storage, ptr) ++ ++/****************/ ++/* Heap Manager */ ++/****************/ ++ ++#define MEM_BLOCK_VALID 0x7312F8DC ++#define MEM_BLOCK_FREED 0x99954317 ++#define MEM_BLOCK_CACHED 0xFB8277DC ++#define MEM_BLOCK_GUARD 0x2A8FCC84 ++#define MEM_BLOCK_LEAK 0x6C5E8F2D ++ ++#if SUHOSIN_MM_WITH_CANARY_PROTECTION ++# define CANARY_SIZE sizeof(size_t) ++#else ++# define CANARY_SIZE 0 ++#endif ++ ++/* mm block type */ ++typedef struct _zend_mm_block_info_canary { ++#if ZEND_MM_COOKIES ++ size_t _cookie; ++#endif ++#if SUHOSIN_MM_WITH_CANARY_PROTECTION ++ size_t canary_1; ++#endif ++ size_t _size; ++ size_t _prev; ++#if SUHOSIN_PATCH ++ size_t size; ++#if SUHOSIN_MM_WITH_CANARY_PROTECTION ++ size_t canary_2; ++#endif ++#endif ++} zend_mm_block_info_canary; ++ ++#if ZEND_DEBUG ++ ++typedef struct _zend_mm_debug_info_canary { ++ char *filename; ++ uint lineno; ++ char *orig_filename; ++ uint orig_lineno; ++ size_t size; ++#if ZEND_MM_HEAP_PROTECTION ++ unsigned int start_magic; ++#endif ++} zend_mm_debug_info_canary; ++ ++#elif ZEND_MM_HEAP_PROTECTION ++ ++typedef struct _zend_mm_debug_info_canary { ++ size_t size; ++ unsigned int start_magic; ++} zend_mm_debug_info_canary; ++ ++#endif ++ ++typedef struct _zend_mm_block_canary { ++ zend_mm_block_info_canary info; ++#if ZEND_DEBUG ++ unsigned int magic; ++# ifdef ZTS ++ THREAD_T thread_id; ++# endif ++ zend_mm_debug_info_canary debug; ++#elif ZEND_MM_HEAP_PROTECTION ++ zend_mm_debug_info_canary debug; ++#endif ++} zend_mm_block_canary; ++ ++typedef struct _zend_mm_small_free_block_canary { ++ zend_mm_block_info_canary info; ++#if ZEND_DEBUG ++ unsigned int magic; ++# ifdef ZTS ++ THREAD_T thread_id; ++# endif ++#endif ++ struct _zend_mm_free_block_canary *prev_free_block; ++ struct _zend_mm_free_block_canary *next_free_block; ++} zend_mm_small_free_block_canary; ++ ++typedef struct _zend_mm_free_block_canary { ++ zend_mm_block_info_canary info; ++#if ZEND_DEBUG ++ unsigned int magic; ++# ifdef ZTS ++ THREAD_T thread_id; ++# endif ++#endif ++ struct _zend_mm_free_block_canary *prev_free_block; ++ struct _zend_mm_free_block_canary *next_free_block; ++ ++ struct _zend_mm_free_block_canary **parent; ++ struct _zend_mm_free_block_canary *child[2]; ++} zend_mm_free_block_canary; ++ ++#define ZEND_MM_NUM_BUCKETS (sizeof(size_t) << 3) ++ ++#define ZEND_MM_CACHE 1 ++#define ZEND_MM_CACHE_SIZE (ZEND_MM_NUM_BUCKETS * 4 * 1024) ++ ++#ifndef ZEND_MM_CACHE_STAT ++# define ZEND_MM_CACHE_STAT 0 ++#endif ++ ++typedef struct _zend_mm_heap_canary { ++ int use_zend_alloc; ++ void *(*_malloc)(size_t); ++ void (*_free)(void*); ++ void *(*_realloc)(void*, size_t); ++ size_t free_bitmap; ++ size_t large_free_bitmap; ++ size_t block_size; ++ size_t compact_size; ++ zend_mm_segment *segments_list; ++ zend_mm_storage *storage; ++ size_t real_size; ++ size_t real_peak; ++ size_t limit; ++ size_t size; ++ size_t peak; ++ size_t reserve_size; ++ void *reserve; ++ int overflow; ++ int internal; ++#if ZEND_MM_CACHE ++ unsigned int cached; ++ zend_mm_free_block_canary *cache[ZEND_MM_NUM_BUCKETS]; ++#endif ++ zend_mm_free_block_canary *free_buckets[ZEND_MM_NUM_BUCKETS*2]; ++ zend_mm_free_block_canary *large_free_buckets[ZEND_MM_NUM_BUCKETS]; ++ zend_mm_free_block_canary *rest_buckets[2]; ++#if ZEND_MM_CACHE_STAT ++ struct { ++ int count; ++ int max_count; ++ int hit; ++ int miss; ++ } cache_stat[ZEND_MM_NUM_BUCKETS+1]; ++#endif ++#if SUHOSIN_PATCH ++ size_t canary_1,canary_2,canary_3; ++#endif ++}; ++ ++#define ZEND_MM_SMALL_FREE_BUCKET(heap, index) \ ++ (zend_mm_free_block_canary*) ((char*)&heap->free_buckets[index * 2] + \ ++ sizeof(zend_mm_free_block_canary*) * 2 - \ ++ sizeof(zend_mm_small_free_block_canary)) ++ ++#define ZEND_MM_REST_BUCKET(heap) \ ++ (zend_mm_free_block_canary*)((char*)&heap->rest_buckets[0] + \ ++ sizeof(zend_mm_free_block_canary*) * 2 - \ ++ sizeof(zend_mm_small_free_block_canary)) ++ ++#if ZEND_MM_COOKIES ++ ++static unsigned int _zend_mm_cookie = 0; ++ ++# define ZEND_MM_COOKIE(block) \ ++ (((size_t)(block)) ^ _zend_mm_cookie) ++# define ZEND_MM_SET_COOKIE(block) \ ++ (block)->info._cookie = ZEND_MM_COOKIE(block) ++# define ZEND_MM_CHECK_COOKIE(block) \ ++ if (UNEXPECTED((block)->info._cookie != ZEND_MM_COOKIE(block))) { \ ++ zend_mm_panic("zend_mm_heap corrupted"); \ ++ } ++#else ++# define ZEND_MM_SET_COOKIE(block) ++# define ZEND_MM_CHECK_COOKIE(block) ++#endif ++ ++/* Default memory segment size */ ++#define ZEND_MM_SEG_SIZE (256 * 1024) ++ ++/* Reserved space for error reporting in case of memory overflow */ ++#define ZEND_MM_RESERVE_SIZE (8*1024) ++ ++#ifdef _WIN64 ++# define ZEND_MM_LONG_CONST(x) (x##i64) ++#else ++# define ZEND_MM_LONG_CONST(x) (x##L) ++#endif ++ ++#define ZEND_MM_TYPE_MASK ZEND_MM_LONG_CONST(0x3) ++ ++#define ZEND_MM_FREE_BLOCK ZEND_MM_LONG_CONST(0x0) ++#define ZEND_MM_USED_BLOCK ZEND_MM_LONG_CONST(0x1) ++#define ZEND_MM_GUARD_BLOCK ZEND_MM_LONG_CONST(0x3) ++ ++#define ZEND_MM_BLOCK(b, type, size) do { \ ++ size_t _size = (size); \ ++ (b)->info._size = (type) | _size; \ ++ ZEND_MM_BLOCK_AT(b, _size)->info._prev = (type) | _size; \ ++ ZEND_MM_SET_COOKIE(b); \ ++ } while (0); ++#define ZEND_MM_LAST_BLOCK(b) do { \ ++ (b)->info._size = ZEND_MM_GUARD_BLOCK | ZEND_MM_ALIGNED_HEADER_SIZE; \ ++ ZEND_MM_SET_MAGIC(b, MEM_BLOCK_GUARD); \ ++ } while (0); ++#define ZEND_MM_BLOCK_SIZE(b) ((b)->info._size & ~ZEND_MM_TYPE_MASK) ++#define ZEND_MM_IS_FREE_BLOCK(b) (!((b)->info._size & ZEND_MM_USED_BLOCK)) ++#define ZEND_MM_IS_USED_BLOCK(b) ((b)->info._size & ZEND_MM_USED_BLOCK) ++#define ZEND_MM_IS_GUARD_BLOCK(b) (((b)->info._size & ZEND_MM_TYPE_MASK) == ZEND_MM_GUARD_BLOCK) ++ ++#define ZEND_MM_NEXT_BLOCK(b) ZEND_MM_BLOCK_AT(b, ZEND_MM_BLOCK_SIZE(b)) ++#define ZEND_MM_PREV_BLOCK(b) ZEND_MM_BLOCK_AT(b, -(int)((b)->info._prev & ~ZEND_MM_TYPE_MASK)) ++ ++#define ZEND_MM_PREV_BLOCK_IS_FREE(b) (!((b)->info._prev & ZEND_MM_USED_BLOCK)) ++ ++#define ZEND_MM_MARK_FIRST_BLOCK(b) ((b)->info._prev = ZEND_MM_GUARD_BLOCK) ++#define ZEND_MM_IS_FIRST_BLOCK(b) ((b)->info._prev == ZEND_MM_GUARD_BLOCK) ++ ++/* optimized access */ ++#define ZEND_MM_FREE_BLOCK_SIZE(b) (b)->info._size ++ ++#ifndef ZEND_MM_ALIGNMENT ++# define ZEND_MM_ALIGNMENT 8 ++# define ZEND_MM_ALIGNMENT_LOG2 3 ++#elif ZEND_MM_ALIGNMENT < 4 ++# undef ZEND_MM_ALIGNMENT ++# undef ZEND_MM_ALIGNMENT_LOG2 ++# define ZEND_MM_ALIGNMENT 4 ++# define ZEND_MM_ALIGNMENT_LOG2 2 ++#endif ++ ++#define ZEND_MM_ALIGNMENT_MASK ~(ZEND_MM_ALIGNMENT-1) ++ ++/* Aligned header size */ ++#define ZEND_MM_ALIGNED_SIZE(size) ((size + ZEND_MM_ALIGNMENT - 1) & ZEND_MM_ALIGNMENT_MASK) ++#define ZEND_MM_ALIGNED_HEADER_SIZE ZEND_MM_ALIGNED_SIZE(sizeof(zend_mm_block_canary)) ++#define ZEND_MM_ALIGNED_FREE_HEADER_SIZE ZEND_MM_ALIGNED_SIZE(sizeof(zend_mm_small_free_block_canary)) ++#define ZEND_MM_MIN_ALLOC_BLOCK_SIZE ZEND_MM_ALIGNED_SIZE(ZEND_MM_ALIGNED_HEADER_SIZE + END_MAGIC_SIZE + CANARY_SIZE) ++#define ZEND_MM_ALIGNED_MIN_HEADER_SIZE (ZEND_MM_MIN_ALLOC_BLOCK_SIZE>ZEND_MM_ALIGNED_FREE_HEADER_SIZE?ZEND_MM_MIN_ALLOC_BLOCK_SIZE:ZEND_MM_ALIGNED_FREE_HEADER_SIZE) ++#define ZEND_MM_ALIGNED_SEGMENT_SIZE ZEND_MM_ALIGNED_SIZE(sizeof(zend_mm_segment)) ++ ++#define ZEND_MM_MIN_SIZE ((ZEND_MM_ALIGNED_MIN_HEADER_SIZE>(ZEND_MM_ALIGNED_HEADER_SIZE+END_MAGIC_SIZE+CANARY_SIZE))?(ZEND_MM_ALIGNED_MIN_HEADER_SIZE-(ZEND_MM_ALIGNED_HEADER_SIZE+END_MAGIC_SIZE+CANARY_SIZE)):0) ++ ++#define ZEND_MM_MAX_SMALL_SIZE ((ZEND_MM_NUM_BUCKETS<>ZEND_MM_ALIGNMENT_LOG2)-(ZEND_MM_ALIGNED_MIN_HEADER_SIZE>>ZEND_MM_ALIGNMENT_LOG2)) ++ ++#define ZEND_MM_SMALL_SIZE(true_size) (true_size < ZEND_MM_MAX_SMALL_SIZE) ++ ++/* Memory calculations */ ++#define ZEND_MM_BLOCK_AT(blk, offset) ((zend_mm_block_canary *) (((char *) (blk))+(offset))) ++#define ZEND_MM_DATA_OF(p) ((void *) (((char *) (p))+ZEND_MM_ALIGNED_HEADER_SIZE)) ++#define ZEND_MM_HEADER_OF(blk) ZEND_MM_BLOCK_AT(blk, -(int)ZEND_MM_ALIGNED_HEADER_SIZE) ++ ++/* Debug output */ ++#if ZEND_DEBUG ++ ++# ifdef ZTS ++# define ZEND_MM_SET_THREAD_ID(block) \ ++ ((zend_mm_block_canary*)(block))->thread_id = tsrm_thread_id() ++# define ZEND_MM_BAD_THREAD_ID(block) ((block)->thread_id != tsrm_thread_id()) ++# else ++# define ZEND_MM_SET_THREAD_ID(block) ++# define ZEND_MM_BAD_THREAD_ID(block) 0 ++# endif ++ ++# define ZEND_MM_VALID_PTR(block) \ ++ zend_mm_check_ptr(heap, block, 1 ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC) ++ ++# define ZEND_MM_SET_MAGIC(block, val) do { \ ++ (block)->magic = (val); \ ++ } while (0) ++ ++# define ZEND_MM_CHECK_MAGIC(block, val) do { \ ++ if ((block)->magic != (val)) { \ ++ zend_mm_panic("zend_mm_heap corrupted"); \ ++ } \ ++ } while (0) ++ ++# define ZEND_MM_SET_DEBUG_INFO(block, __size, set_valid, set_thread) do { \ ++ ((zend_mm_block_canary*)(block))->debug.filename = __zend_filename; \ ++ ((zend_mm_block_canary*)(block))->debug.lineno = __zend_lineno; \ ++ ((zend_mm_block_canary*)(block))->debug.orig_filename = __zend_orig_filename; \ ++ ((zend_mm_block_canary*)(block))->debug.orig_lineno = __zend_orig_lineno; \ ++ ZEND_MM_SET_BLOCK_SIZE(block, __size); \ ++ if (set_valid) { \ ++ ZEND_MM_SET_MAGIC(block, MEM_BLOCK_VALID); \ ++ } \ ++ if (set_thread) { \ ++ ZEND_MM_SET_THREAD_ID(block); \ ++ } \ ++ } while (0) ++ ++#else ++ ++# define ZEND_MM_VALID_PTR(ptr) EXPECTED(ptr != NULL) ++ ++# define ZEND_MM_SET_MAGIC(block, val) ++ ++# define ZEND_MM_CHECK_MAGIC(block, val) ++ ++# define ZEND_MM_SET_DEBUG_INFO(block, __size, set_valid, set_thread) ZEND_MM_SET_BLOCK_SIZE(block, __size) ++ ++#endif ++ ++#if SUHOSIN_MM_WITH_CANARY_PROTECTION ++ ++# define SUHOSIN_MM_CHECK_CANARIES(block, MFUNCTION) do { \ ++ char *p = SUHOSIN_MM_END_CANARY_PTR(block); size_t check; \ ++ if (((block)->info.canary_1 != heap->canary_1) || ((block)->info.canary_2 != heap->canary_2)) { \ ++ canary_mismatch: \ ++ zend_suhosin_log(S_MEMORY, "canary mismatch on " MFUNCTION " - heap overflow detected at %p", (block)); \ ++ if (SUHOSIN_CONFIG(SUHOSIN_MM_IGNORE_CANARY_VIOLATION) == 0) { _exit(1); } else { (block)->info.canary_1 = heap->canary_1; (block)->info.canary_2 = heap->canary_2; }\ ++ } \ ++ memcpy(&check, p, CANARY_SIZE); \ ++ if (check != heap->canary_3) { \ ++ zend_suhosin_log(S_MEMORY, "end canary mismatch on " MFUNCTION " - heap overflow detected at %p", (block)); \ ++ if (SUHOSIN_CONFIG(SUHOSIN_MM_IGNORE_CANARY_VIOLATION) == 0) { _exit(1); } else { memcpy(p, heap->canary_3, CANARY_SIZE); } \ ++ } \ ++ } while (0) ++ ++# define SUHOSIN_MM_SET_CANARIES(block) do { \ ++ (block)->info.canary_1 = heap->canary_1; \ ++ (block)->info.canary_2 = heap->canary_2; \ ++ } while (0) ++ ++# define SUHOSIN_MM_END_CANARY_PTR(block) \ ++ (char *)(((char*)(ZEND_MM_DATA_OF(block))) + ((zend_mm_block_canary*)(block))->info.size + END_MAGIC_SIZE) ++ ++# define SUHOSIN_MM_SET_END_CANARY(block) do { \ ++ char *p = SUHOSIN_MM_END_CANARY_PTR(block); \ ++ memcpy(p, &heap->canary_3, CANARY_SIZE); \ ++ } while (0) ++ ++#else ++ ++# define SUHOSIN_MM_CHECK_CANARIES(block, MFUNCTION) ++# define SUHOSIN_MM_SET_CANARIES(block) ++# define SUHOSIN_MM_END_CANARY_PTR(block) ++# define SUHOSIN_MM_SET_END_CANARY(block) ++ ++#endif ++ ++ ++#if ZEND_MM_HEAP_PROTECTION ++ ++# define ZEND_MM_CHECK_PROTECTION(block) \ ++ do { \ ++ if ((block)->debug.start_magic != _mem_block_start_magic || \ ++ memcmp(ZEND_MM_END_MAGIC_PTR(block), &_mem_block_end_magic, END_MAGIC_SIZE) != 0) { \ ++ zend_mm_panic("zend_mm_heap corrupted"); \ ++ } \ ++ } while (0) ++ ++# define ZEND_MM_END_MAGIC_PTR(block) \ ++ (((char*)(ZEND_MM_DATA_OF(block))) + ((zend_mm_block_canary*)(block))->debug.size) ++ ++# define END_MAGIC_SIZE sizeof(unsigned int) ++ ++# define ZEND_MM_SET_BLOCK_SIZE(block, __size) do { \ ++ char *p; \ ++ ((zend_mm_block_canary*)(block))->debug.size = (__size); \ ++ p = ZEND_MM_END_MAGIC_PTR(block); \ ++ ((zend_mm_block_canary*)(block))->debug.start_magic = _mem_block_start_magic; \ ++ memcpy(p, &_mem_block_end_magic, END_MAGIC_SIZE); \ ++ } while (0) ++ ++static unsigned int _mem_block_start_magic = 0; ++static unsigned int _mem_block_end_magic = 0; ++ ++#else ++ ++# if ZEND_DEBUG ++# define ZEND_MM_SET_BLOCK_SIZE(block, _size) \ ++ ((zend_mm_block_canary*)(block))->debug.size = (_size) ++# else ++# define ZEND_MM_SET_BLOCK_SIZE(block, _size) ++# endif ++ ++# define ZEND_MM_CHECK_PROTECTION(block) ++ ++# define END_MAGIC_SIZE 0 ++ ++#endif ++ ++#if ZEND_MM_SAFE_UNLINKING ++# define ZEND_MM_CHECK_BLOCK_LINKAGE(block) \ ++ if (UNEXPECTED((block)->info._size != ZEND_MM_BLOCK_AT(block, ZEND_MM_FREE_BLOCK_SIZE(block))->info._prev) || \ ++ UNEXPECTED(!UNEXPECTED(ZEND_MM_IS_FIRST_BLOCK(block)) && \ ++ UNEXPECTED(ZEND_MM_PREV_BLOCK(block)->info._size != (block)->info._prev))) { \ ++ zend_mm_panic("zend_mm_heap corrupted"); \ ++ } ++#define ZEND_MM_CHECK_TREE(block) \ ++ if (UNEXPECTED(*((block)->parent) != (block))) { \ ++ zend_mm_panic("zend_mm_heap corrupted"); \ ++ } ++#else ++# define ZEND_MM_CHECK_BLOCK_LINKAGE(block) ++# define ZEND_MM_CHECK_TREE(block) ++#endif ++ ++#define ZEND_MM_LARGE_BUCKET_INDEX(S) zend_mm_high_bit(S) ++ ++void *_zend_mm_alloc_canary_int(zend_mm_heap_canary *heap, size_t size ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC) ZEND_ATTRIBUTE_MALLOC; ++void _zend_mm_free_canary_int(zend_mm_heap_canary *heap, void *p ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC); ++void *_zend_mm_realloc_canary_int(zend_mm_heap_canary *heap, void *p, size_t size ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC); ++ ++ ++static inline unsigned int zend_mm_high_bit(size_t _size) ++{ ++#if defined(__GNUC__) && defined(i386) ++ unsigned int n; ++ ++ __asm__("bsrl %1,%0\n\t" : "=r" (n) : "rm" (_size)); ++ return n; ++#elif defined(__GNUC__) && defined(__x86_64__) ++ unsigned long n; ++ ++ __asm__("bsrq %1,%0\n\t" : "=r" (n) : "rm" (_size)); ++ return (unsigned int)n; ++#elif defined(_MSC_VER) && defined(_M_IX86) ++ __asm { ++ bsr eax, _size ++ } ++#else ++ unsigned int n = 0; ++ while (_size != 0) { ++ _size = _size >> 1; ++ n++; ++ } ++ return n-1; ++#endif ++} ++ ++static inline unsigned int zend_mm_low_bit(size_t _size) ++{ ++#if defined(__GNUC__) && defined(i386) ++ unsigned int n; ++ ++ __asm__("bsfl %1,%0\n\t" : "=r" (n) : "rm" (_size)); ++ return n; ++#elif defined(__GNUC__) && defined(__x86_64__) ++ unsigned long n; ++ ++ __asm__("bsfq %1,%0\n\t" : "=r" (n) : "rm" (_size)); ++ return (unsigned int)n; ++#elif defined(_MSC_VER) && defined(_M_IX86) ++ __asm { ++ bsf eax, _size ++ } ++#else ++ static const int offset[16] = {4,0,1,0,2,0,1,0,3,0,1,0,2,0,1,0}; ++ unsigned int n; ++ unsigned int index = 0; ++ ++ n = offset[_size & 15]; ++ while (n == 4) { ++ _size >>= 4; ++ index += n; ++ n = offset[_size & 15]; ++ } ++ ++ return index + n; ++#endif ++} ++ ++static void zend_mm_add_to_rest_list(zend_mm_heap_canary *heap, zend_mm_free_block_canary *mm_block) ++{ ++ zend_mm_free_block_canary *prev, *next; ++ ++ ZEND_MM_SET_MAGIC(mm_block, MEM_BLOCK_FREED); ++ ++ if (!ZEND_MM_SMALL_SIZE(ZEND_MM_FREE_BLOCK_SIZE(mm_block))) { ++ mm_block->parent = NULL; ++ } ++ ++ prev = SUHOSIN_MANGLE_PTR(heap->rest_buckets[0]); ++ next = SUHOSIN_MANGLE_PTR(prev->next_free_block); ++ mm_block->prev_free_block = SUHOSIN_MANGLE_PTR(prev); ++ mm_block->next_free_block = SUHOSIN_MANGLE_PTR(next); ++ prev->next_free_block = next->prev_free_block = SUHOSIN_MANGLE_PTR(mm_block); ++} ++ ++static void zend_mm_add_to_free_list(zend_mm_heap_canary *heap, zend_mm_free_block_canary *mm_block) ++{ ++ size_t size; ++ size_t index; ++ ++ ZEND_MM_SET_MAGIC(mm_block, MEM_BLOCK_FREED); ++ ++ size = ZEND_MM_FREE_BLOCK_SIZE(mm_block); ++ if (EXPECTED(!ZEND_MM_SMALL_SIZE(size))) { ++ zend_mm_free_block_canary **p; ++ ++ index = ZEND_MM_LARGE_BUCKET_INDEX(size); ++ p = &heap->large_free_buckets[index]; ++ mm_block->child[0] = mm_block->child[1] = NULL; ++ if (!*p) { ++ *p = mm_block; ++ mm_block->parent = p; ++ mm_block->prev_free_block = mm_block->next_free_block = SUHOSIN_MANGLE_PTR(mm_block); ++ heap->large_free_bitmap |= (ZEND_MM_LONG_CONST(1) << index); ++ } else { ++ size_t m; ++ ++ for (m = size << (ZEND_MM_NUM_BUCKETS - index); ; m <<= 1) { ++ zend_mm_free_block_canary *prev = *p; ++ ++ if (ZEND_MM_FREE_BLOCK_SIZE(prev) != size) { ++ p = &prev->child[(m >> (ZEND_MM_NUM_BUCKETS-1)) & 1]; ++ if (!*p) { ++ *p = mm_block; ++ mm_block->parent = p; ++ mm_block->prev_free_block = mm_block->next_free_block = SUHOSIN_MANGLE_PTR(mm_block); ++ break; ++ } ++ } else { ++ zend_mm_free_block_canary *next = SUHOSIN_MANGLE_PTR(prev->next_free_block); ++ ++ prev->next_free_block = next->prev_free_block = SUHOSIN_MANGLE_PTR(mm_block); ++ mm_block->next_free_block = SUHOSIN_MANGLE_PTR(next); ++ mm_block->prev_free_block = SUHOSIN_MANGLE_PTR(prev); ++ mm_block->parent = NULL; ++ break; ++ } ++ } ++ } ++ } else { ++ zend_mm_free_block_canary *prev, *next; ++ ++ index = ZEND_MM_BUCKET_INDEX(size); ++ ++ prev = ZEND_MM_SMALL_FREE_BUCKET(heap, index); ++ if (SUHOSIN_MANGLE_PTR(prev->prev_free_block) == prev) { ++ heap->free_bitmap |= (ZEND_MM_LONG_CONST(1) << index); ++ } ++ next = SUHOSIN_MANGLE_PTR(prev->next_free_block); ++ ++ mm_block->prev_free_block = SUHOSIN_MANGLE_PTR(prev); ++ mm_block->next_free_block = SUHOSIN_MANGLE_PTR(next); ++ prev->next_free_block = next->prev_free_block = SUHOSIN_MANGLE_PTR(mm_block); ++ } ++} ++ ++static void zend_mm_remove_from_free_list(zend_mm_heap_canary *heap, zend_mm_free_block_canary *mm_block) ++{ ++ zend_mm_free_block_canary *prev = SUHOSIN_MANGLE_PTR(mm_block->prev_free_block); ++ zend_mm_free_block_canary *next = SUHOSIN_MANGLE_PTR(mm_block->next_free_block); ++ ++ ZEND_MM_CHECK_MAGIC(mm_block, MEM_BLOCK_FREED); ++ ++ if (EXPECTED(prev == mm_block)) { ++ zend_mm_free_block_canary **rp, **cp; ++ ++#if SUHOSIN_PATCH ++ if (next != mm_block) { ++ zend_suhosin_log(S_MEMORY, "zend_mm_heap corrupted at %p", mm_block); ++ _exit(1); ++ } ++#endif ++#if ZEND_MM_SAFE_UNLINKING ++ if (UNEXPECTED(next != mm_block)) { ++ zend_mm_panic("zend_mm_heap corrupted"); ++ } ++#endif ++ ++ rp = &mm_block->child[mm_block->child[1] != NULL]; ++ prev = *rp; ++ if (EXPECTED(prev == NULL)) { ++ size_t index = ZEND_MM_LARGE_BUCKET_INDEX(ZEND_MM_FREE_BLOCK_SIZE(mm_block)); ++ ++ ZEND_MM_CHECK_TREE(mm_block); ++ *mm_block->parent = NULL; ++ if (mm_block->parent == &heap->large_free_buckets[index]) { ++ heap->large_free_bitmap &= ~(ZEND_MM_LONG_CONST(1) << index); ++ } ++ } else { ++ while (*(cp = &(prev->child[prev->child[1] != NULL])) != NULL) { ++ prev = *cp; ++ rp = cp; ++ } ++ *rp = NULL; ++ ++subst_block: ++ ZEND_MM_CHECK_TREE(mm_block); ++ *mm_block->parent = prev; ++ prev->parent = mm_block->parent; ++ if ((prev->child[0] = mm_block->child[0])) { ++ ZEND_MM_CHECK_TREE(prev->child[0]); ++ prev->child[0]->parent = &prev->child[0]; ++ } ++ if ((prev->child[1] = mm_block->child[1])) { ++ ZEND_MM_CHECK_TREE(prev->child[1]); ++ prev->child[1]->parent = &prev->child[1]; ++ } ++ } ++ } else { ++ ++#if SUHOSIN_PATCH ++ if (SUHOSIN_MANGLE_PTR(prev->next_free_block) != mm_block || SUHOSIN_MANGLE_PTR(next->prev_free_block) != mm_block) { ++ zend_suhosin_log(S_MEMORY, "zend_mm_head corrupted at %p", mm_block); ++ _exit(1); ++ } ++#endif ++ ++#if ZEND_MM_SAFE_UNLINKING ++ if (UNEXPECTED(SUHOSIN_MANGLE_PTR(prev->next_free_block) != mm_block) || UNEXPECTED(SUHOSIN_MANGLE_PTR(next->prev_free_block) != mm_block)) { ++ zend_mm_panic("zend_mm_heap corrupted"); ++ } ++#endif ++ ++ prev->next_free_block = SUHOSIN_MANGLE_PTR(next); ++ next->prev_free_block = SUHOSIN_MANGLE_PTR(prev); ++ ++ if (EXPECTED(ZEND_MM_SMALL_SIZE(ZEND_MM_FREE_BLOCK_SIZE(mm_block)))) { ++ if (EXPECTED(prev == next)) { ++ size_t index = ZEND_MM_BUCKET_INDEX(ZEND_MM_FREE_BLOCK_SIZE(mm_block)); ++ ++ if (EXPECTED(heap->free_buckets[index*2] == heap->free_buckets[index*2+1])) { ++ heap->free_bitmap &= ~(ZEND_MM_LONG_CONST(1) << index); ++ } ++ } ++ } else if (UNEXPECTED(mm_block->parent != NULL)) { ++ goto subst_block; ++ } ++ } ++} ++ ++static void zend_mm_init(zend_mm_heap_canary *heap) ++{ ++ zend_mm_free_block_canary* p; ++ int i; ++ ++ heap->free_bitmap = 0; ++ heap->large_free_bitmap = 0; ++#if ZEND_MM_CACHE ++ heap->cached = 0; ++ memset(heap->cache, 0, sizeof(heap->cache)); ++#endif ++#if ZEND_MM_CACHE_STAT ++ for (i = 0; i < ZEND_MM_NUM_BUCKETS; i++) { ++ heap->cache_stat[i].count = 0; ++ } ++#endif ++ p = ZEND_MM_SMALL_FREE_BUCKET(heap, 0); ++ for (i = 0; i < ZEND_MM_NUM_BUCKETS; i++) { ++ p->next_free_block = SUHOSIN_MANGLE_PTR(p); ++ p->prev_free_block = SUHOSIN_MANGLE_PTR(p); ++ p = (zend_mm_free_block_canary*)((char*)p + sizeof(zend_mm_free_block_canary*) * 2); ++ heap->large_free_buckets[i] = NULL; ++ } ++ heap->rest_buckets[0] = heap->rest_buckets[1] = SUHOSIN_MANGLE_PTR(ZEND_MM_REST_BUCKET(heap)); ++#if SUHOSIN_PATCH ++ if (SUHOSIN_CONFIG(SUHOSIN_MM_USE_CANARY_PROTECTION)) { ++ zend_canary(&heap->canary_1, sizeof(heap->canary_1)); ++ zend_canary(&heap->canary_2, sizeof(heap->canary_2)); ++ zend_canary(&heap->canary_3, sizeof(heap->canary_3)); ++ } ++#endif ++} ++ ++static void zend_mm_del_segment(zend_mm_heap_canary *heap, zend_mm_segment *segment) ++{ ++ zend_mm_segment **p = &heap->segments_list; ++ ++ while (*p != segment) { ++ p = &(*p)->next_segment; ++ } ++ *p = segment->next_segment; ++ heap->real_size -= segment->size; ++ ZEND_MM_STORAGE_FREE(segment); ++} ++ ++#if ZEND_MM_CACHE ++static void zend_mm_free_cache(zend_mm_heap_canary *heap) ++{ ++ int i; ++ ++ for (i = 0; i < ZEND_MM_NUM_BUCKETS; i++) { ++ /* SUHOSIN_MANGLE_PTR should NOT affect NULL pointers */ ++ if (heap->cache[i]) { ++ zend_mm_free_block_canary *mm_block = SUHOSIN_MANGLE_PTR(heap->cache[i]); ++ ++ while (mm_block) { ++ size_t size = ZEND_MM_BLOCK_SIZE(mm_block); ++ zend_mm_free_block_canary *q = SUHOSIN_MANGLE_PTR(mm_block->prev_free_block); ++ zend_mm_block_canary *next_block = ZEND_MM_NEXT_BLOCK(mm_block); ++ ++ heap->cached -= size; ++ ++ if (ZEND_MM_PREV_BLOCK_IS_FREE(mm_block)) { ++ mm_block = (zend_mm_free_block_canary*)ZEND_MM_PREV_BLOCK(mm_block); ++ size += ZEND_MM_FREE_BLOCK_SIZE(mm_block); ++ zend_mm_remove_from_free_list(heap, (zend_mm_free_block_canary *) mm_block); ++ } ++ if (ZEND_MM_IS_FREE_BLOCK(next_block)) { ++ size += ZEND_MM_FREE_BLOCK_SIZE(next_block); ++ zend_mm_remove_from_free_list(heap, (zend_mm_free_block_canary *) next_block); ++ } ++ ZEND_MM_BLOCK(mm_block, ZEND_MM_FREE_BLOCK, size); ++ ++ if (ZEND_MM_IS_FIRST_BLOCK(mm_block) && ++ ZEND_MM_IS_GUARD_BLOCK(ZEND_MM_NEXT_BLOCK(mm_block))) { ++ zend_mm_del_segment(heap, (zend_mm_segment *) ((char *)mm_block - ZEND_MM_ALIGNED_SEGMENT_SIZE)); ++ } else { ++ zend_mm_add_to_free_list(heap, (zend_mm_free_block_canary *) mm_block); ++ } ++ ++ mm_block = q; ++ } ++ heap->cache[i] = NULL; ++#if ZEND_MM_CACHE_STAT ++ heap->cache_stat[i].count = 0; ++#endif ++ } ++ } ++} ++#endif ++ ++#if ZEND_MM_HEAP_PROTECTION || ZEND_MM_COOKIES ++static void zend_mm_random(unsigned char *buf, size_t size) /* {{{ */ ++{ ++ size_t i = 0; ++ unsigned char t; ++ ++#ifdef ZEND_WIN32 ++ HCRYPTPROV hCryptProv; ++ int has_context = 0; ++ ++ if (!CryptAcquireContext(&hCryptProv, NULL, NULL, PROV_RSA_FULL, 0)) { ++ /* Could mean that the key container does not exist, let try ++ again by asking for a new one */ ++ if (GetLastError() == NTE_BAD_KEYSET) { ++ if (CryptAcquireContext(&hCryptProv, NULL, NULL, PROV_RSA_FULL, CRYPT_NEWKEYSET)) { ++ has_context = 1; ++ } ++ } ++ } else { ++ has_context = 1; ++ } ++ if (has_context) { ++ do { ++ BOOL ret = CryptGenRandom(hCryptProv, size, buf); ++ CryptReleaseContext(hCryptProv, 0); ++ if (ret) { ++ while (i < size && buf[i] != 0) { ++ i++; ++ } ++ if (i == size) { ++ return; ++ } ++ } ++ } while (0); ++ } ++#elif defined(HAVE_DEV_URANDOM) ++ int fd = open("/dev/urandom", 0); ++ ++ if (fd >= 0) { ++ if (read(fd, buf, size) == size) { ++ while (i < size && buf[i] != 0) { ++ i++; ++ } ++ if (i == size) { ++ close(fd); ++ return; ++ } ++ } ++ close(fd); ++ } ++#endif ++ t = (unsigned char)getpid(); ++ while (i < size) { ++ do { ++ buf[i] = ((unsigned char)rand()) ^ t; ++ } while (buf[i] == 0); ++ t = buf[i++] << 1; ++ } ++} ++/* }}} */ ++#endif ++ ++ ++/* Notes: ++ * - This function may alter the block_sizes values to match platform alignment ++ * - This function does *not* perform sanity checks on the arguments ++ */ ++zend_mm_heap_canary *__zend_mm_startup_canary_ex(const zend_mm_mem_handlers *handlers, size_t block_size, size_t reserve_size, int internal, void *params) ++{ ++ zend_mm_storage *storage; ++ zend_mm_heap_canary *heap; ++ zend_mm_free_block_canary *tmp; ++ ++#if 0 ++ int i; ++ ++ printf("ZEND_MM_ALIGNMENT=%d\n", ZEND_MM_ALIGNMENT); ++ printf("ZEND_MM_ALIGNMENT_LOG2=%d\n", ZEND_MM_ALIGNMENT_LOG2); ++ printf("ZEND_MM_MIN_SIZE=%d\n", ZEND_MM_MIN_SIZE); ++ printf("ZEND_MM_MAX_SMALL_SIZE=%d\n", ZEND_MM_MAX_SMALL_SIZE); ++ printf("ZEND_MM_ALIGNED_HEADER_SIZE=%d\n", ZEND_MM_ALIGNED_HEADER_SIZE); ++ printf("ZEND_MM_ALIGNED_FREE_HEADER_SIZE=%d\n", ZEND_MM_ALIGNED_FREE_HEADER_SIZE); ++ printf("ZEND_MM_MIN_ALLOC_BLOCK_SIZE=%d\n", ZEND_MM_MIN_ALLOC_BLOCK_SIZE); ++ printf("ZEND_MM_ALIGNED_MIN_HEADER_SIZE=%d\n", ZEND_MM_ALIGNED_MIN_HEADER_SIZE); ++ printf("ZEND_MM_ALIGNED_SEGMENT_SIZE=%d\n", ZEND_MM_ALIGNED_SEGMENT_SIZE); ++ for (i = 0; i < ZEND_MM_MAX_SMALL_SIZE; i++) { ++ printf("%3d%c: %3ld %d %2ld\n", i, (i == ZEND_MM_MIN_SIZE?'*':' '), (long)ZEND_MM_TRUE_SIZE(i), ZEND_MM_SMALL_SIZE(ZEND_MM_TRUE_SIZE(i)), (long)ZEND_MM_BUCKET_INDEX(ZEND_MM_TRUE_SIZE(i))); ++ } ++ exit(0); ++#endif ++ ++#if ZEND_MM_HEAP_PROTECTION ++ if (_mem_block_start_magic == 0) { ++ zend_mm_random((unsigned char*)&_mem_block_start_magic, sizeof(_mem_block_start_magic)); ++ } ++ if (_mem_block_end_magic == 0) { ++ zend_mm_random((unsigned char*)&_mem_block_end_magic, sizeof(_mem_block_end_magic)); ++ } ++#endif ++#if ZEND_MM_COOKIES ++ if (_zend_mm_cookie == 0) { ++ zend_mm_random((unsigned char*)&_zend_mm_cookie, sizeof(_zend_mm_cookie)); ++ } ++#endif ++ ++ /* get the pointer guardian and ensure low 3 bits are 1 */ ++ if (SUHOSIN_POINTER_GUARD == 0) { ++ zend_canary(&SUHOSIN_POINTER_GUARD, sizeof(SUHOSIN_POINTER_GUARD)); ++ SUHOSIN_POINTER_GUARD |= 7; ++ } ++ ++ if (zend_mm_low_bit(block_size) != zend_mm_high_bit(block_size)) { ++ fprintf(stderr, "'block_size' must be a power of two\n"); ++/* See http://support.microsoft.com/kb/190351 */ ++#ifdef PHP_WIN32 ++ fflush(stderr); ++#endif ++ exit(255); ++ } ++ storage = handlers->init(params); ++ if (!storage) { ++ fprintf(stderr, "Cannot initialize zend_mm storage [%s]\n", handlers->name); ++/* See http://support.microsoft.com/kb/190351 */ ++#ifdef PHP_WIN32 ++ fflush(stderr); ++#endif ++ exit(255); ++ } ++ storage->handlers = handlers; ++ ++ heap = malloc(sizeof(struct _zend_mm_heap_canary)); ++ ++ heap->storage = storage; ++ heap->block_size = block_size; ++ heap->compact_size = 0; ++ heap->segments_list = NULL; ++ zend_mm_init(heap); ++# if ZEND_MM_CACHE_STAT ++ memset(heap->cache_stat, 0, sizeof(heap->cache_stat)); ++# endif ++ ++ heap->use_zend_alloc = 1; ++ heap->real_size = 0; ++ heap->overflow = 0; ++ heap->real_peak = 0; ++ heap->limit = ZEND_MM_LONG_CONST(1)<<(ZEND_MM_NUM_BUCKETS-2); ++ heap->size = 0; ++ heap->peak = 0; ++ heap->internal = internal; ++ heap->reserve = NULL; ++ heap->reserve_size = reserve_size; ++ if (reserve_size > 0) { ++ heap->reserve = _zend_mm_alloc((zend_mm_heap *)heap, reserve_size ZEND_FILE_LINE_CC ZEND_FILE_LINE_EMPTY_CC); ++ } ++ if (internal) { ++ int i; ++ zend_mm_free_block_canary *p, *q, *orig; ++ zend_mm_heap_canary *mm_heap = _zend_mm_alloc((zend_mm_heap *)heap, sizeof(zend_mm_heap_canary) ZEND_FILE_LINE_CC ZEND_FILE_LINE_EMPTY_CC); ++ ++ *mm_heap = *heap; ++ ++ p = ZEND_MM_SMALL_FREE_BUCKET(mm_heap, 0); ++ orig = ZEND_MM_SMALL_FREE_BUCKET(heap, 0); ++ for (i = 0; i < ZEND_MM_NUM_BUCKETS; i++) { ++ q = p; ++ while (SUHOSIN_MANGLE_PTR(q->prev_free_block) != orig) { ++ q = SUHOSIN_MANGLE_PTR(q->prev_free_block); ++ } ++ q->prev_free_block = SUHOSIN_MANGLE_PTR(p); ++ q = p; ++ while (SUHOSIN_MANGLE_PTR(q->next_free_block) != orig) { ++ q = SUHOSIN_MANGLE_PTR(q->next_free_block); ++ } ++ q->next_free_block = SUHOSIN_MANGLE_PTR(p); ++ p = (zend_mm_free_block_canary*)((char*)p + sizeof(zend_mm_free_block_canary*) * 2); ++ orig = (zend_mm_free_block_canary*)((char*)orig + sizeof(zend_mm_free_block_canary*) * 2); ++ if (mm_heap->large_free_buckets[i]) { ++ mm_heap->large_free_buckets[i]->parent = &mm_heap->large_free_buckets[i]; ++ } ++ } ++ ++ tmp = SUHOSIN_MANGLE_PTR(mm_heap->rest_buckets[0]); ++ tmp->next_free_block = SUHOSIN_MANGLE_PTR(ZEND_MM_REST_BUCKET(mm_heap)); ++ tmp = SUHOSIN_MANGLE_PTR(mm_heap->rest_buckets[1]); ++ tmp->prev_free_block = SUHOSIN_MANGLE_PTR(ZEND_MM_REST_BUCKET(mm_heap)); ++ ++ free(heap); ++ heap = mm_heap; ++ } ++ return heap; ++} ++ ++zend_mm_heap_canary *__zend_mm_startup_canary(void) ++{ ++ int i; ++ size_t seg_size; ++ char *mem_type = getenv("ZEND_MM_MEM_TYPE"); ++ char *tmp; ++ const zend_mm_mem_handlers *handlers; ++ zend_mm_heap_canary *heap; ++ ++ if (mem_type == NULL) { ++ i = 0; ++ } else { ++ for (i = 0; mem_handlers[i].name; i++) { ++ if (strcmp(mem_handlers[i].name, mem_type) == 0) { ++ break; ++ } ++ } ++ if (!mem_handlers[i].name) { ++ fprintf(stderr, "Wrong or unsupported zend_mm storage type '%s'\n", mem_type); ++ fprintf(stderr, " supported types:\n"); ++/* See http://support.microsoft.com/kb/190351 */ ++#ifdef PHP_WIN32 ++ fflush(stderr); ++#endif ++ for (i = 0; mem_handlers[i].name; i++) { ++ fprintf(stderr, " '%s'\n", mem_handlers[i].name); ++ } ++/* See http://support.microsoft.com/kb/190351 */ ++#ifdef PHP_WIN32 ++ fflush(stderr); ++#endif ++ exit(255); ++ } ++ } ++ handlers = &mem_handlers[i]; ++ ++ tmp = getenv("ZEND_MM_SEG_SIZE"); ++ if (tmp) { ++ seg_size = zend_atoi(tmp, 0); ++ if (zend_mm_low_bit(seg_size) != zend_mm_high_bit(seg_size)) { ++ fprintf(stderr, "ZEND_MM_SEG_SIZE must be a power of two\n"); ++/* See http://support.microsoft.com/kb/190351 */ ++#ifdef PHP_WIN32 ++ fflush(stderr); ++#endif ++ exit(255); ++ } else if (seg_size < ZEND_MM_ALIGNED_SEGMENT_SIZE + ZEND_MM_ALIGNED_HEADER_SIZE) { ++ fprintf(stderr, "ZEND_MM_SEG_SIZE is too small\n"); ++/* See http://support.microsoft.com/kb/190351 */ ++#ifdef PHP_WIN32 ++ fflush(stderr); ++#endif ++ exit(255); ++ } ++ } else { ++ seg_size = ZEND_MM_SEG_SIZE; ++ } ++ ++ heap = __zend_mm_startup_canary_ex(handlers, seg_size, ZEND_MM_RESERVE_SIZE, 0, NULL); ++ if (heap) { ++ tmp = getenv("ZEND_MM_COMPACT"); ++ if (tmp) { ++ heap->compact_size = zend_atoi(tmp, 0); ++ } else { ++ heap->compact_size = 2 * 1024 * 1024; ++ } ++ } ++ return heap; ++} ++ ++#if ZEND_DEBUG ++static long zend_mm_find_leaks(zend_mm_segment *segment, zend_mm_block_canary *b) ++{ ++ long leaks = 0; ++ zend_mm_block_canary *p, *q; ++ ++ p = ZEND_MM_NEXT_BLOCK(b); ++ while (1) { ++ if (ZEND_MM_IS_GUARD_BLOCK(p)) { ++ ZEND_MM_CHECK_MAGIC(p, MEM_BLOCK_GUARD); ++ segment = segment->next_segment; ++ if (!segment) { ++ break; ++ } ++ p = (zend_mm_block_canary *) ((char *) segment + ZEND_MM_ALIGNED_SEGMENT_SIZE); ++ continue; ++ } ++ q = ZEND_MM_NEXT_BLOCK(p); ++ if (q <= p || ++ (char*)q > (char*)segment + segment->size || ++ p->info._size != q->info._prev) { ++ zend_mm_panic("zend_mm_heap corrupted"); ++ } ++ if (!ZEND_MM_IS_FREE_BLOCK(p)) { ++ if (p->magic == MEM_BLOCK_VALID) { ++ if (p->debug.filename==b->debug.filename && p->debug.lineno==b->debug.lineno) { ++ ZEND_MM_SET_MAGIC(p, MEM_BLOCK_LEAK); ++ leaks++; ++ } ++#if ZEND_MM_CACHE ++ } else if (p->magic == MEM_BLOCK_CACHED) { ++ /* skip it */ ++#endif ++ } else if (p->magic != MEM_BLOCK_LEAK) { ++ zend_mm_panic("zend_mm_heap corrupted"); ++ } ++ } ++ p = q; ++ } ++ return leaks; ++} ++ ++static void zend_mm_check_leaks(zend_mm_heap_canary *heap TSRMLS_DC) ++{ ++ zend_mm_segment *segment = heap->segments_list; ++ zend_mm_block_canary *p, *q; ++ zend_uint total = 0; ++ ++ if (!segment) { ++ return; ++ } ++ p = (zend_mm_block_canary *) ((char *) segment + ZEND_MM_ALIGNED_SEGMENT_SIZE); ++ while (1) { ++ q = ZEND_MM_NEXT_BLOCK(p); ++ if (q <= p || ++ (char*)q > (char*)segment + segment->size || ++ p->info._size != q->info._prev) { ++ zend_mm_panic("zend_mm_heap corrupted"); ++ } ++ if (!ZEND_MM_IS_FREE_BLOCK(p)) { ++ if (p->magic == MEM_BLOCK_VALID) { ++ long repeated; ++ zend_leak_info leak; ++ ++ ZEND_MM_SET_MAGIC(p, MEM_BLOCK_LEAK); ++ ++ leak.addr = ZEND_MM_DATA_OF(p); ++ leak.size = p->debug.size; ++ leak.filename = p->debug.filename; ++ leak.lineno = p->debug.lineno; ++ leak.orig_filename = p->debug.orig_filename; ++ leak.orig_lineno = p->debug.orig_lineno; ++ ++ zend_message_dispatcher(ZMSG_LOG_SCRIPT_NAME, NULL TSRMLS_CC); ++ zend_message_dispatcher(ZMSG_MEMORY_LEAK_DETECTED, &leak TSRMLS_CC); ++ repeated = zend_mm_find_leaks(segment, p); ++ total += 1 + repeated; ++ if (repeated) { ++ zend_message_dispatcher(ZMSG_MEMORY_LEAK_REPEATED, (void *)(zend_uintptr_t)repeated TSRMLS_CC); ++ } ++#if ZEND_MM_CACHE ++ } else if (p->magic == MEM_BLOCK_CACHED) { ++ /* skip it */ ++#endif ++ } else if (p->magic != MEM_BLOCK_LEAK) { ++ zend_mm_panic("zend_mm_heap corrupted"); ++ } ++ } ++ if (ZEND_MM_IS_GUARD_BLOCK(q)) { ++ segment = segment->next_segment; ++ if (!segment) { ++ break; ++ } ++ q = (zend_mm_block_canary *) ((char *) segment + ZEND_MM_ALIGNED_SEGMENT_SIZE); ++ } ++ p = q; ++ } ++ if (total) { ++ zend_message_dispatcher(ZMSG_MEMORY_LEAKS_GRAND_TOTAL, &total TSRMLS_CC); ++ } ++} ++ ++static int zend_mm_check_ptr(zend_mm_heap_canary *heap, void *ptr, int silent ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC) ++{ ++ zend_mm_block_canary *p; ++ int no_cache_notice = 0; ++ int had_problems = 0; ++ int valid_beginning = 1; ++ ++ if (silent==2) { ++ silent = 1; ++ no_cache_notice = 1; ++ } else if (silent==3) { ++ silent = 0; ++ no_cache_notice = 1; ++ } ++ if (!silent) { ++ TSRMLS_FETCH(); ++ ++ zend_message_dispatcher(ZMSG_LOG_SCRIPT_NAME, NULL TSRMLS_CC); ++ zend_debug_alloc_output("---------------------------------------\n"); ++ zend_debug_alloc_output("%s(%d) : Block "PTR_FMT" status:\n" ZEND_FILE_LINE_RELAY_CC, ptr); ++ if (__zend_orig_filename) { ++ zend_debug_alloc_output("%s(%d) : Actual location (location was relayed)\n" ZEND_FILE_LINE_ORIG_RELAY_CC); ++ } ++ if (!ptr) { ++ zend_debug_alloc_output("NULL\n"); ++ zend_debug_alloc_output("---------------------------------------\n"); ++ return 0; ++ } ++ } ++ ++ if (!ptr) { ++ if (silent) { ++ return zend_mm_check_ptr(heap, ptr, 0 ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC); ++ } ++ } ++ ++ p = ZEND_MM_HEADER_OF(ptr); ++ ++#ifdef ZTS ++ if (ZEND_MM_BAD_THREAD_ID(p)) { ++ if (!silent) { ++ zend_debug_alloc_output("Invalid pointer: ((thread_id=0x%0.8X) != (expected=0x%0.8X))\n", (long)p->thread_id, (long)tsrm_thread_id()); ++ had_problems = 1; ++ } else { ++ return zend_mm_check_ptr(heap, ptr, 0 ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC); ++ } ++ } ++#endif ++ ++ if (p->info._size != ZEND_MM_NEXT_BLOCK(p)->info._prev) { ++ if (!silent) { ++ zend_debug_alloc_output("Invalid pointer: ((size="PTR_FMT") != (next.prev="PTR_FMT"))\n", p->info._size, ZEND_MM_NEXT_BLOCK(p)->info._prev); ++ had_problems = 1; ++ } else { ++ return zend_mm_check_ptr(heap, ptr, 0 ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC); ++ } ++ } ++ if (p->info._prev != ZEND_MM_GUARD_BLOCK && ++ ZEND_MM_PREV_BLOCK(p)->info._size != p->info._prev) { ++ if (!silent) { ++ zend_debug_alloc_output("Invalid pointer: ((prev="PTR_FMT") != (prev.size="PTR_FMT"))\n", p->info._prev, ZEND_MM_PREV_BLOCK(p)->info._size); ++ had_problems = 1; ++ } else { ++ return zend_mm_check_ptr(heap, ptr, 0 ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC); ++ } ++ } ++ ++ if (had_problems) { ++ zend_debug_alloc_output("---------------------------------------\n"); ++ return 0; ++ } ++ ++ if (!silent) { ++ zend_debug_alloc_output("%10s\t","Beginning: "); ++ } ++ ++ if (!ZEND_MM_IS_USED_BLOCK(p)) { ++ if (!silent) { ++ if (p->magic != MEM_BLOCK_FREED) { ++ zend_debug_alloc_output("Freed (magic=0x%0.8X, expected=0x%0.8X)\n", p->magic, MEM_BLOCK_FREED); ++ } else { ++ zend_debug_alloc_output("Freed\n"); ++ } ++ had_problems = 1; ++ } else { ++ return zend_mm_check_ptr(heap, ptr, 0 ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC); ++ } ++ } else if (ZEND_MM_IS_GUARD_BLOCK(p)) { ++ if (!silent) { ++ if (p->magic != MEM_BLOCK_FREED) { ++ zend_debug_alloc_output("Guard (magic=0x%0.8X, expected=0x%0.8X)\n", p->magic, MEM_BLOCK_FREED); ++ } else { ++ zend_debug_alloc_output("Guard\n"); ++ } ++ had_problems = 1; ++ } else { ++ return zend_mm_check_ptr(heap, ptr, 0 ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC); ++ } ++ } else { ++ switch (p->magic) { ++ case MEM_BLOCK_VALID: ++ case MEM_BLOCK_LEAK: ++ if (!silent) { ++ zend_debug_alloc_output("OK (allocated on %s:%d, %d bytes)\n", p->debug.filename, p->debug.lineno, (int)p->debug.size); ++ } ++ break; /* ok */ ++ case MEM_BLOCK_CACHED: ++ if (!no_cache_notice) { ++ if (!silent) { ++ zend_debug_alloc_output("Cached\n"); ++ had_problems = 1; ++ } else { ++ return zend_mm_check_ptr(heap, ptr, 0 ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC); ++ } ++ } ++ case MEM_BLOCK_FREED: ++ if (!silent) { ++ zend_debug_alloc_output("Freed (invalid)\n"); ++ had_problems = 1; ++ } else { ++ return zend_mm_check_ptr(heap, ptr, 0 ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC); ++ } ++ break; ++ case MEM_BLOCK_GUARD: ++ if (!silent) { ++ zend_debug_alloc_output("Guard (invalid)\n"); ++ had_problems = 1; ++ } else { ++ return zend_mm_check_ptr(heap, ptr, 0 ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC); ++ } ++ break; ++ default: ++ if (!silent) { ++ zend_debug_alloc_output("Unknown (magic=0x%0.8X, expected=0x%0.8X)\n", p->magic, MEM_BLOCK_VALID); ++ had_problems = 1; ++ valid_beginning = 0; ++ } else { ++ return zend_mm_check_ptr(heap, ptr, 0 ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC); ++ } ++ break; ++ } ++ } ++ ++#if ZEND_MM_HEAP_PROTECTION ++ if (!valid_beginning) { ++ if (!silent) { ++ zend_debug_alloc_output("%10s\t", "Start:"); ++ zend_debug_alloc_output("Unknown\n"); ++ zend_debug_alloc_output("%10s\t", "End:"); ++ zend_debug_alloc_output("Unknown\n"); ++ } ++ } else { ++ char *end_magic = ZEND_MM_END_MAGIC_PTR(p); ++ ++ if (p->debug.start_magic == _mem_block_start_magic) { ++ if (!silent) { ++ zend_debug_alloc_output("%10s\t", "Start:"); ++ zend_debug_alloc_output("OK\n"); ++ } ++ } else { ++ char *overflow_ptr, *magic_ptr=(char *) &_mem_block_start_magic; ++ int overflows=0; ++ int i; ++ ++ if (silent) { ++ return _mem_block_check(ptr, 0 ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC); ++ } ++ had_problems = 1; ++ overflow_ptr = (char *) &p->debug.start_magic; ++ i = END_MAGIC_SIZE; ++ while (--i >= 0) { ++ if (overflow_ptr[i]!=magic_ptr[i]) { ++ overflows++; ++ } ++ } ++ zend_debug_alloc_output("%10s\t", "Start:"); ++ zend_debug_alloc_output("Overflown (magic=0x%0.8X instead of 0x%0.8X)\n", p->debug.start_magic, _mem_block_start_magic); ++ zend_debug_alloc_output("%10s\t",""); ++ if (overflows >= END_MAGIC_SIZE) { ++ zend_debug_alloc_output("At least %d bytes overflown\n", END_MAGIC_SIZE); ++ } else { ++ zend_debug_alloc_output("%d byte(s) overflown\n", overflows); ++ } ++ } ++ if (memcmp(end_magic, &_mem_block_end_magic, END_MAGIC_SIZE)==0) { ++ if (!silent) { ++ zend_debug_alloc_output("%10s\t", "End:"); ++ zend_debug_alloc_output("OK\n"); ++ } ++ } else { ++ char *overflow_ptr, *magic_ptr=(char *) &_mem_block_end_magic; ++ int overflows=0; ++ int i; ++ ++ if (silent) { ++ return _mem_block_check(ptr, 0 ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC); ++ } ++ had_problems = 1; ++ overflow_ptr = (char *) end_magic; ++ ++ for (i=0; i < END_MAGIC_SIZE; i++) { ++ if (overflow_ptr[i]!=magic_ptr[i]) { ++ overflows++; ++ } ++ } ++ ++ zend_debug_alloc_output("%10s\t", "End:"); ++ zend_debug_alloc_output("Overflown (magic=0x%0.8X instead of 0x%0.8X)\n", *end_magic, _mem_block_end_magic); ++ zend_debug_alloc_output("%10s\t",""); ++ if (overflows >= END_MAGIC_SIZE) { ++ zend_debug_alloc_output("At least %d bytes overflown\n", END_MAGIC_SIZE); ++ } else { ++ zend_debug_alloc_output("%d byte(s) overflown\n", overflows); ++ } ++ } ++ } ++#endif ++ ++ if (!silent) { ++ zend_debug_alloc_output("---------------------------------------\n"); ++ } ++ return ((!had_problems) ? 1 : 0); ++} ++ ++static int zend_mm_check_heap(zend_mm_heap_canary *heap, int silent ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC) ++{ ++ zend_mm_segment *segment = heap->segments_list; ++ zend_mm_block_canary *p, *q; ++ int errors = 0; ++ ++ if (!segment) { ++ return 0; ++ } ++ p = (zend_mm_block_canary *) ((char *) segment + ZEND_MM_ALIGNED_SEGMENT_SIZE); ++ while (1) { ++ q = ZEND_MM_NEXT_BLOCK(p); ++ if (q <= p || ++ (char*)q > (char*)segment + segment->size || ++ p->info._size != q->info._prev) { ++ zend_mm_panic("zend_mm_heap corrupted"); ++ } ++ if (!ZEND_MM_IS_FREE_BLOCK(p)) { ++ if (p->magic == MEM_BLOCK_VALID || p->magic == MEM_BLOCK_LEAK) { ++ if (!zend_mm_check_ptr(heap, ZEND_MM_DATA_OF(p), (silent?2:3) ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC)) { ++ errors++; ++ } ++#if ZEND_MM_CACHE ++ } else if (p->magic == MEM_BLOCK_CACHED) { ++ /* skip it */ ++#endif ++ } else if (p->magic != MEM_BLOCK_LEAK) { ++ zend_mm_panic("zend_mm_heap corrupted"); ++ } ++ } ++ if (ZEND_MM_IS_GUARD_BLOCK(q)) { ++ segment = segment->next_segment; ++ if (!segment) { ++ return errors; ++ } ++ q = (zend_mm_block_canary *) ((char *) segment + ZEND_MM_ALIGNED_SEGMENT_SIZE); ++ } ++ p = q; ++ } ++} ++#endif ++ ++void __zend_mm_shutdown_canary(zend_mm_heap_canary *heap, int full_shutdown, int silent TSRMLS_DC) ++{ ++ zend_mm_storage *storage; ++ zend_mm_segment *segment; ++ zend_mm_segment *prev; ++ int internal; ++ ++ if (heap->reserve) { ++#if ZEND_DEBUG ++ if (!silent) { ++ _zend_mm_free(heap, heap->reserve ZEND_FILE_LINE_CC ZEND_FILE_LINE_EMPTY_CC); ++ } ++#endif ++ heap->reserve = NULL; ++ } ++ ++#if ZEND_MM_CACHE_STAT ++ if (full_shutdown) { ++ FILE *f; ++ ++ f = fopen("zend_mm.log", "w"); ++ if (f) { ++ int i,j; ++ size_t size, true_size, min_size, max_size; ++ int hit = 0, miss = 0; ++ ++ fprintf(f, "\nidx min_size max_size true_size max_len hits misses\n"); ++ size = 0; ++ while (1) { ++ true_size = ZEND_MM_TRUE_SIZE(size); ++ if (ZEND_MM_SMALL_SIZE(true_size)) { ++ min_size = size; ++ i = ZEND_MM_BUCKET_INDEX(true_size); ++ size++; ++ while (1) { ++ true_size = ZEND_MM_TRUE_SIZE(size); ++ if (ZEND_MM_SMALL_SIZE(true_size)) { ++ j = ZEND_MM_BUCKET_INDEX(true_size); ++ if (j > i) { ++ max_size = size-1; ++ break; ++ } ++ } else { ++ max_size = size-1; ++ break; ++ } ++ size++; ++ } ++ hit += heap->cache_stat[i].hit; ++ miss += heap->cache_stat[i].miss; ++ fprintf(f, "%2d %8d %8d %9d %8d %8d %8d\n", i, (int)min_size, (int)max_size, ZEND_MM_TRUE_SIZE(max_size), heap->cache_stat[i].max_count, heap->cache_stat[i].hit, heap->cache_stat[i].miss); ++ } else { ++ break; ++ } ++ } ++ fprintf(f, " %8d %8d\n", hit, miss); ++ fprintf(f, " %8d %8d\n", heap->cache_stat[ZEND_MM_NUM_BUCKETS].hit, heap->cache_stat[ZEND_MM_NUM_BUCKETS].miss); ++ fclose(f); ++ } ++ } ++#endif ++ ++#if ZEND_DEBUG ++ if (!silent) { ++ zend_mm_check_leaks(heap TSRMLS_CC); ++ } ++#endif ++ ++ internal = heap->internal; ++ storage = heap->storage; ++ segment = heap->segments_list; ++ while (segment) { ++ prev = segment; ++ segment = segment->next_segment; ++ ZEND_MM_STORAGE_FREE(prev); ++ } ++ if (full_shutdown) { ++ storage->handlers->dtor(storage); ++ if (!internal) { ++ free(heap); ++ } ++ } else { ++ if (heap->compact_size && ++ heap->real_peak > heap->compact_size) { ++ storage->handlers->compact(storage); ++ } ++ heap->segments_list = NULL; ++ zend_mm_init(heap); ++ heap->real_size = 0; ++ heap->real_peak = 0; ++ heap->size = 0; ++ heap->peak = 0; ++ if (heap->reserve_size) { ++ heap->reserve = _zend_mm_alloc((zend_mm_heap *)heap, heap->reserve_size ZEND_FILE_LINE_CC ZEND_FILE_LINE_EMPTY_CC); ++ } ++ heap->overflow = 0; ++ } ++} ++ ++static void zend_mm_safe_error(zend_mm_heap_canary *heap, ++ const char *format, ++ size_t limit, ++#if ZEND_DEBUG ++ const char *filename, ++ uint lineno, ++#endif ++ size_t size) ++{ ++ if (heap->reserve) { ++ _zend_mm_free_canary_int(heap, heap->reserve ZEND_FILE_LINE_CC ZEND_FILE_LINE_EMPTY_CC); ++ heap->reserve = NULL; ++ } ++ if (heap->overflow == 0) { ++ char *error_filename; ++ uint error_lineno; ++ TSRMLS_FETCH(); ++ if (zend_is_compiling(TSRMLS_C)) { ++ error_filename = zend_get_compiled_filename(TSRMLS_C); ++ error_lineno = zend_get_compiled_lineno(TSRMLS_C); ++ } else if (EG(in_execution)) { ++ error_filename = EG(active_op_array)?EG(active_op_array)->filename:NULL; ++ error_lineno = EG(opline_ptr)?(*EG(opline_ptr))->lineno:0; ++ } else { ++ error_filename = NULL; ++ error_lineno = 0; ++ } ++ if (!error_filename) { ++ error_filename = "Unknown"; ++ } ++ heap->overflow = 1; ++ zend_try { ++ zend_error_noreturn(E_ERROR, ++ format, ++ limit, ++#if ZEND_DEBUG ++ filename, ++ lineno, ++#endif ++ size); ++ } zend_catch { ++ if (heap->overflow == 2) { ++ fprintf(stderr, "\nFatal error: "); ++ fprintf(stderr, ++ format, ++ limit, ++#if ZEND_DEBUG ++ filename, ++ lineno, ++#endif ++ size); ++ fprintf(stderr, " in %s on line %d\n", error_filename, error_lineno); ++ } ++/* See http://support.microsoft.com/kb/190351 */ ++#ifdef PHP_WIN32 ++ fflush(stderr); ++#endif ++ } zend_end_try(); ++ } else { ++ heap->overflow = 2; ++ } ++ zend_bailout(); ++} ++ ++static zend_mm_free_block_canary *zend_mm_search_large_block(zend_mm_heap_canary *heap, size_t true_size) ++{ ++ zend_mm_free_block_canary *best_fit; ++ size_t index = ZEND_MM_LARGE_BUCKET_INDEX(true_size); ++ size_t bitmap = heap->large_free_bitmap >> index; ++ zend_mm_free_block_canary *p; ++ ++ if (bitmap == 0) { ++ return NULL; ++ } ++ ++ if (UNEXPECTED((bitmap & 1) != 0)) { ++ /* Search for best "large" free block */ ++ zend_mm_free_block_canary *rst = NULL; ++ size_t m; ++ size_t best_size = -1; ++ ++ best_fit = NULL; ++ p = heap->large_free_buckets[index]; ++ for (m = true_size << (ZEND_MM_NUM_BUCKETS - index); ; m <<= 1) { ++ if (UNEXPECTED(ZEND_MM_FREE_BLOCK_SIZE(p) == true_size)) { ++ return SUHOSIN_MANGLE_PTR(p->next_free_block); ++ } else if (ZEND_MM_FREE_BLOCK_SIZE(p) >= true_size && ++ ZEND_MM_FREE_BLOCK_SIZE(p) < best_size) { ++ best_size = ZEND_MM_FREE_BLOCK_SIZE(p); ++ best_fit = p; ++ } ++ if ((m & (ZEND_MM_LONG_CONST(1) << (ZEND_MM_NUM_BUCKETS-1))) == 0) { ++ if (p->child[1]) { ++ rst = p->child[1]; ++ } ++ if (p->child[0]) { ++ p = p->child[0]; ++ } else { ++ break; ++ } ++ } else if (p->child[1]) { ++ p = p->child[1]; ++ } else { ++ break; ++ } ++ } ++ ++ for (p = rst; p; p = p->child[p->child[0] != NULL]) { ++ if (UNEXPECTED(ZEND_MM_FREE_BLOCK_SIZE(p) == true_size)) { ++ return SUHOSIN_MANGLE_PTR(p->next_free_block); ++ } else if (ZEND_MM_FREE_BLOCK_SIZE(p) > true_size && ++ ZEND_MM_FREE_BLOCK_SIZE(p) < best_size) { ++ best_size = ZEND_MM_FREE_BLOCK_SIZE(p); ++ best_fit = p; ++ } ++ } ++ ++ if (best_fit) { ++ return SUHOSIN_MANGLE_PTR(best_fit->next_free_block); ++ } ++ bitmap = bitmap >> 1; ++ if (!bitmap) { ++ return NULL; ++ } ++ index++; ++ } ++ ++ /* Search for smallest "large" free block */ ++ best_fit = p = heap->large_free_buckets[index + zend_mm_low_bit(bitmap)]; ++ while ((p = p->child[p->child[0] != NULL])) { ++ if (ZEND_MM_FREE_BLOCK_SIZE(p) < ZEND_MM_FREE_BLOCK_SIZE(best_fit)) { ++ best_fit = p; ++ } ++ } ++ return SUHOSIN_MANGLE_PTR(best_fit->next_free_block); ++} ++ ++void *_zend_mm_alloc_canary_int(zend_mm_heap_canary *heap, size_t size ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC) ++{ ++ zend_mm_free_block_canary *best_fit; ++ size_t true_size = ZEND_MM_TRUE_SIZE(size); ++ size_t block_size; ++ size_t remaining_size; ++ size_t segment_size; ++ zend_mm_segment *segment; ++ int keep_rest = 0; ++ ++ if (EXPECTED(ZEND_MM_SMALL_SIZE(true_size))) { ++ size_t index = ZEND_MM_BUCKET_INDEX(true_size); ++ size_t bitmap; ++ ++ if (UNEXPECTED(true_size < size)) { ++ goto out_of_memory; ++ } ++#if ZEND_MM_CACHE ++ if (EXPECTED(heap->cache[index] != NULL)) { ++ /* Get block from cache */ ++#if ZEND_MM_CACHE_STAT ++ heap->cache_stat[index].count--; ++ heap->cache_stat[index].hit++; ++#endif ++ best_fit = SUHOSIN_MANGLE_PTR(heap->cache[index]); ++ heap->cache[index] = best_fit->prev_free_block; ++ heap->cached -= true_size; ++#if SUHOSIN_PATCH ++ SUHOSIN_MM_SET_CANARIES(best_fit); ++ ((zend_mm_block_canary*)best_fit)->info.size = size; ++ SUHOSIN_MM_SET_END_CANARY(best_fit); ++#endif ++ ZEND_MM_CHECK_MAGIC(best_fit, MEM_BLOCK_CACHED); ++ ZEND_MM_SET_DEBUG_INFO(best_fit, size, 1, 0); ++ return ZEND_MM_DATA_OF(best_fit); ++ } ++#if ZEND_MM_CACHE_STAT ++ heap->cache_stat[index].miss++; ++#endif ++#endif ++ ++ bitmap = heap->free_bitmap >> index; ++ if (bitmap) { ++ /* Found some "small" free block that can be used */ ++ index += zend_mm_low_bit(bitmap); ++ best_fit = SUHOSIN_MANGLE_PTR(heap->free_buckets[index*2]); ++#if ZEND_MM_CACHE_STAT ++ heap->cache_stat[ZEND_MM_NUM_BUCKETS].hit++; ++#endif ++ goto zend_mm_finished_searching_for_block; ++ } ++ } ++ ++#if ZEND_MM_CACHE_STAT ++ heap->cache_stat[ZEND_MM_NUM_BUCKETS].miss++; ++#endif ++ ++ best_fit = zend_mm_search_large_block(heap, true_size); ++ ++ if (!best_fit && heap->real_size >= heap->limit - heap->block_size) { ++ zend_mm_free_block_canary *p = SUHOSIN_MANGLE_PTR(heap->rest_buckets[0]); ++ size_t best_size = -1; ++ ++ while (p != ZEND_MM_REST_BUCKET(heap)) { ++ if (UNEXPECTED(ZEND_MM_FREE_BLOCK_SIZE(p) == true_size)) { ++ best_fit = p; ++ goto zend_mm_finished_searching_for_block; ++ } else if (ZEND_MM_FREE_BLOCK_SIZE(p) > true_size && ++ ZEND_MM_FREE_BLOCK_SIZE(p) < best_size) { ++ best_size = ZEND_MM_FREE_BLOCK_SIZE(p); ++ best_fit = p; ++ } ++ p = SUHOSIN_MANGLE_PTR(p->prev_free_block); ++ } ++ } ++ ++ if (!best_fit) { ++ if (true_size > heap->block_size - (ZEND_MM_ALIGNED_SEGMENT_SIZE + ZEND_MM_ALIGNED_HEADER_SIZE)) { ++ /* Make sure we add a memory block which is big enough, ++ segment must have header "size" and trailer "guard" block */ ++ segment_size = true_size + ZEND_MM_ALIGNED_SEGMENT_SIZE + ZEND_MM_ALIGNED_HEADER_SIZE; ++ segment_size = (segment_size + (heap->block_size-1)) & ~(heap->block_size-1); ++ keep_rest = 1; ++ } else { ++ segment_size = heap->block_size; ++ } ++ ++ HANDLE_BLOCK_INTERRUPTIONS(); ++ ++ if (segment_size < true_size || ++ heap->real_size + segment_size > heap->limit) { ++ /* Memory limit overflow */ ++#if ZEND_MM_CACHE ++ zend_mm_free_cache(heap); ++#endif ++ HANDLE_UNBLOCK_INTERRUPTIONS(); ++#if ZEND_DEBUG ++ zend_mm_safe_error(heap, "Allowed memory size of %ld bytes exhausted at %s:%d (tried to allocate %lu bytes)", heap->limit, __zend_filename, __zend_lineno, size); ++#else ++ zend_mm_safe_error(heap, "Allowed memory size of %ld bytes exhausted (tried to allocate %lu bytes)", heap->limit, size); ++#endif ++ } ++ ++ segment = (zend_mm_segment *) ZEND_MM_STORAGE_ALLOC(segment_size); ++ ++ if (!segment) { ++ /* Storage manager cannot allocate memory */ ++#if ZEND_MM_CACHE ++ zend_mm_free_cache(heap); ++#endif ++ HANDLE_UNBLOCK_INTERRUPTIONS(); ++out_of_memory: ++#if ZEND_DEBUG ++ zend_mm_safe_error(heap, "Out of memory (allocated %ld) at %s:%d (tried to allocate %lu bytes)", heap->real_size, __zend_filename, __zend_lineno, size); ++#else ++ zend_mm_safe_error(heap, "Out of memory (allocated %ld) (tried to allocate %lu bytes)", heap->real_size, size); ++#endif ++ return NULL; ++ } ++ ++ heap->real_size += segment_size; ++ if (heap->real_size > heap->real_peak) { ++ heap->real_peak = heap->real_size; ++ } ++ ++ segment->size = segment_size; ++ segment->next_segment = heap->segments_list; ++ heap->segments_list = segment; ++ ++ best_fit = (zend_mm_free_block_canary *) ((char *) segment + ZEND_MM_ALIGNED_SEGMENT_SIZE); ++ ZEND_MM_MARK_FIRST_BLOCK(best_fit); ++ ++ block_size = segment_size - ZEND_MM_ALIGNED_SEGMENT_SIZE - ZEND_MM_ALIGNED_HEADER_SIZE; ++ ++ ZEND_MM_LAST_BLOCK(ZEND_MM_BLOCK_AT(best_fit, block_size)); ++ ++ } else { ++zend_mm_finished_searching_for_block: ++ /* remove from free list */ ++ HANDLE_BLOCK_INTERRUPTIONS(); ++ ZEND_MM_CHECK_MAGIC(best_fit, MEM_BLOCK_FREED); ++ ZEND_MM_CHECK_COOKIE(best_fit); ++ ZEND_MM_CHECK_BLOCK_LINKAGE(best_fit); ++ zend_mm_remove_from_free_list(heap, best_fit); ++ ++ block_size = ZEND_MM_FREE_BLOCK_SIZE(best_fit); ++ } ++ ++ remaining_size = block_size - true_size; ++ ++ if (remaining_size < ZEND_MM_ALIGNED_MIN_HEADER_SIZE) { ++ true_size = block_size; ++ ZEND_MM_BLOCK(best_fit, ZEND_MM_USED_BLOCK, true_size); ++ } else { ++ zend_mm_free_block_canary *new_free_block; ++ ++ /* prepare new free block */ ++ ZEND_MM_BLOCK(best_fit, ZEND_MM_USED_BLOCK, true_size); ++ new_free_block = (zend_mm_free_block_canary *) ZEND_MM_BLOCK_AT(best_fit, true_size); ++ ZEND_MM_BLOCK(new_free_block, ZEND_MM_FREE_BLOCK, remaining_size); ++ ++ /* add the new free block to the free list */ ++ if (EXPECTED(!keep_rest)) { ++ zend_mm_add_to_free_list(heap, new_free_block); ++ } else { ++ zend_mm_add_to_rest_list(heap, new_free_block); ++ } ++ } ++ ++ ZEND_MM_SET_DEBUG_INFO(best_fit, size, 1, 1); ++ ++#if SUHOSIN_PATCH ++ SUHOSIN_MM_SET_CANARIES(best_fit); ++ ((zend_mm_block_canary*)best_fit)->info.size = size; ++ SUHOSIN_MM_SET_END_CANARY(best_fit); ++#endif ++ ++ heap->size += true_size; ++ if (heap->peak < heap->size) { ++ heap->peak = heap->size; ++ } ++ ++ HANDLE_UNBLOCK_INTERRUPTIONS(); ++ return ZEND_MM_DATA_OF(best_fit); ++} ++ ++ ++void _zend_mm_free_canary_int(zend_mm_heap_canary *heap, void *p ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC) ++{ ++ zend_mm_block_canary *mm_block; ++ zend_mm_block_canary *next_block; ++ size_t size; ++ ++ if (!ZEND_MM_VALID_PTR(p)) { ++ return; ++ } ++ ++ mm_block = ZEND_MM_HEADER_OF(p); ++ size = ZEND_MM_BLOCK_SIZE(mm_block); ++#if SUHOSIN_PATCH ++ SUHOSIN_MM_CHECK_CANARIES(mm_block, "efree()"); ++#endif ++ ZEND_MM_CHECK_PROTECTION(mm_block); ++ ++#if ZEND_DEBUG || ZEND_MM_HEAP_PROTECTION ++ memset(ZEND_MM_DATA_OF(mm_block), 0x5a, mm_block->debug.size); ++#endif ++#if SUHOSIN_PATCH ++ if (UNEXPECTED(SUHOSIN_CONFIG(SUHOSIN_MM_DESTROY_FREE_MEMORY))) { ++ memset(ZEND_MM_DATA_OF(mm_block), 0x5a, mm_block->info.size); ++ } ++#endif ++#if ZEND_MM_CACHE ++ if (EXPECTED(ZEND_MM_SMALL_SIZE(size)) && EXPECTED(heap->cached < ZEND_MM_CACHE_SIZE)) { ++ size_t index = ZEND_MM_BUCKET_INDEX(size); ++ zend_mm_free_block_canary **cache = &heap->cache[index]; ++ ++ ((zend_mm_free_block_canary*)mm_block)->prev_free_block = *cache; ++ *cache = (zend_mm_free_block_canary*)SUHOSIN_MANGLE_PTR(mm_block); ++ heap->cached += size; ++ ZEND_MM_SET_MAGIC(mm_block, MEM_BLOCK_CACHED); ++#if ZEND_MM_CACHE_STAT ++ if (++heap->cache_stat[index].count > heap->cache_stat[index].max_count) { ++ heap->cache_stat[index].max_count = heap->cache_stat[index].count; ++ } ++#endif ++ return; ++ } ++#endif ++ ++ HANDLE_BLOCK_INTERRUPTIONS(); ++ ++ heap->size -= size; ++ ++ next_block = ZEND_MM_BLOCK_AT(mm_block, size); ++ if (ZEND_MM_IS_FREE_BLOCK(next_block)) { ++ zend_mm_remove_from_free_list(heap, (zend_mm_free_block_canary *) next_block); ++ size += ZEND_MM_FREE_BLOCK_SIZE(next_block); ++ } ++ if (ZEND_MM_PREV_BLOCK_IS_FREE(mm_block)) { ++ mm_block = ZEND_MM_PREV_BLOCK(mm_block); ++ zend_mm_remove_from_free_list(heap, (zend_mm_free_block_canary *) mm_block); ++ size += ZEND_MM_FREE_BLOCK_SIZE(mm_block); ++ } ++ if (ZEND_MM_IS_FIRST_BLOCK(mm_block) && ++ ZEND_MM_IS_GUARD_BLOCK(ZEND_MM_BLOCK_AT(mm_block, size))) { ++ zend_mm_del_segment(heap, (zend_mm_segment *) ((char *)mm_block - ZEND_MM_ALIGNED_SEGMENT_SIZE)); ++ } else { ++ ZEND_MM_BLOCK(mm_block, ZEND_MM_FREE_BLOCK, size); ++ zend_mm_add_to_free_list(heap, (zend_mm_free_block_canary *) mm_block); ++ } ++ HANDLE_UNBLOCK_INTERRUPTIONS(); ++} ++ ++void *_zend_mm_realloc_canary_int(zend_mm_heap_canary *heap, void *p, size_t size ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC) ++{ ++ zend_mm_block_canary *mm_block = ZEND_MM_HEADER_OF(p); ++ zend_mm_block_canary *next_block; ++ size_t true_size; ++ size_t orig_size; ++ void *ptr; ++ ++ if (UNEXPECTED(!p) || !ZEND_MM_VALID_PTR(p)) { ++ return _zend_mm_alloc_canary_int(heap, size ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC); ++ } ++ mm_block = ZEND_MM_HEADER_OF(p); ++ true_size = ZEND_MM_TRUE_SIZE(size); ++ orig_size = ZEND_MM_BLOCK_SIZE(mm_block); ++#if SUHOSIN_PATCH ++ SUHOSIN_MM_CHECK_CANARIES(mm_block, "erealloc()"); ++#endif ++ ZEND_MM_CHECK_PROTECTION(mm_block); ++ ++ if (UNEXPECTED(true_size < size)) { ++ goto out_of_memory; ++ } ++ ++ if (true_size <= orig_size) { ++ size_t remaining_size = orig_size - true_size; ++ ++ if (remaining_size >= ZEND_MM_ALIGNED_MIN_HEADER_SIZE) { ++ zend_mm_free_block_canary *new_free_block; ++ ++ HANDLE_BLOCK_INTERRUPTIONS(); ++ next_block = ZEND_MM_BLOCK_AT(mm_block, orig_size); ++ if (ZEND_MM_IS_FREE_BLOCK(next_block)) { ++ remaining_size += ZEND_MM_FREE_BLOCK_SIZE(next_block); ++ zend_mm_remove_from_free_list(heap, (zend_mm_free_block_canary *) next_block); ++ } ++ ++ /* prepare new free block */ ++ ZEND_MM_BLOCK(mm_block, ZEND_MM_USED_BLOCK, true_size); ++ new_free_block = (zend_mm_free_block_canary *) ZEND_MM_BLOCK_AT(mm_block, true_size); ++ ++ ZEND_MM_BLOCK(new_free_block, ZEND_MM_FREE_BLOCK, remaining_size); ++ ++ /* add the new free block to the free list */ ++ zend_mm_add_to_free_list(heap, new_free_block); ++ heap->size += (true_size - orig_size); ++ HANDLE_UNBLOCK_INTERRUPTIONS(); ++ } ++ ZEND_MM_SET_DEBUG_INFO(mm_block, size, 0, 0); ++#if SUHOSIN_PATCH ++ SUHOSIN_MM_SET_CANARIES(mm_block); ++ ((zend_mm_block_canary*)mm_block)->info.size = size; ++ SUHOSIN_MM_SET_END_CANARY(mm_block); ++#endif ++ return p; ++ } ++ ++#if ZEND_MM_CACHE ++ if (ZEND_MM_SMALL_SIZE(true_size)) { ++ size_t index = ZEND_MM_BUCKET_INDEX(true_size); ++ ++ if (heap->cache[index] != NULL) { ++ zend_mm_free_block_canary *best_fit; ++ zend_mm_free_block_canary **cache; ++ ++#if ZEND_MM_CACHE_STAT ++ heap->cache_stat[index].count--; ++ heap->cache_stat[index].hit++; ++#endif ++ best_fit = SUHOSIN_MANGLE_PTR(heap->cache[index]); ++ heap->cache[index] = best_fit->prev_free_block; ++ ZEND_MM_CHECK_MAGIC(best_fit, MEM_BLOCK_CACHED); ++ ZEND_MM_SET_DEBUG_INFO(best_fit, size, 1, 0); ++#if SUHOSIN_PATCH ++ SUHOSIN_MM_SET_CANARIES(best_fit); ++ ((zend_mm_block_canary*)best_fit)->info.size = size; ++ SUHOSIN_MM_SET_END_CANARY(best_fit); ++#endif ++ ++ ptr = ZEND_MM_DATA_OF(best_fit); ++ ++#if ZEND_DEBUG || ZEND_MM_HEAP_PROTECTION ++ memcpy(ptr, p, mm_block->debug.size); ++#else ++ memcpy(ptr, p, orig_size - ZEND_MM_ALIGNED_HEADER_SIZE - CANARY_SIZE); ++#endif ++ ++ heap->cached -= true_size - orig_size; ++ ++ index = ZEND_MM_BUCKET_INDEX(orig_size); ++ cache = &heap->cache[index]; ++ ++ ((zend_mm_free_block_canary*)mm_block)->prev_free_block = *cache; ++ *cache = (zend_mm_free_block_canary*)SUHOSIN_MANGLE_PTR(mm_block); ++ ZEND_MM_SET_MAGIC(mm_block, MEM_BLOCK_CACHED); ++#if ZEND_MM_CACHE_STAT ++ if (++heap->cache_stat[index].count > heap->cache_stat[index].max_count) { ++ heap->cache_stat[index].max_count = heap->cache_stat[index].count; ++ } ++#endif ++ return ptr; ++ } ++ } ++#endif ++ ++ next_block = ZEND_MM_BLOCK_AT(mm_block, orig_size); ++ ++ if (ZEND_MM_IS_FREE_BLOCK(next_block)) { ++ ZEND_MM_CHECK_COOKIE(next_block); ++ ZEND_MM_CHECK_BLOCK_LINKAGE(next_block); ++ if (orig_size + ZEND_MM_FREE_BLOCK_SIZE(next_block) >= true_size) { ++ size_t block_size = orig_size + ZEND_MM_FREE_BLOCK_SIZE(next_block); ++ size_t remaining_size = block_size - true_size; ++ ++ HANDLE_BLOCK_INTERRUPTIONS(); ++ zend_mm_remove_from_free_list(heap, (zend_mm_free_block_canary *) next_block); ++ ++ if (remaining_size < ZEND_MM_ALIGNED_MIN_HEADER_SIZE) { ++ true_size = block_size; ++ ZEND_MM_BLOCK(mm_block, ZEND_MM_USED_BLOCK, true_size); ++ } else { ++ zend_mm_free_block_canary *new_free_block; ++ ++ /* prepare new free block */ ++ ZEND_MM_BLOCK(mm_block, ZEND_MM_USED_BLOCK, true_size); ++ new_free_block = (zend_mm_free_block_canary *) ZEND_MM_BLOCK_AT(mm_block, true_size); ++ ZEND_MM_BLOCK(new_free_block, ZEND_MM_FREE_BLOCK, remaining_size); ++ ++ /* add the new free block to the free list */ ++ if (ZEND_MM_IS_FIRST_BLOCK(mm_block) && ++ ZEND_MM_IS_GUARD_BLOCK(ZEND_MM_BLOCK_AT(new_free_block, remaining_size))) { ++ zend_mm_add_to_rest_list(heap, new_free_block); ++ } else { ++ zend_mm_add_to_free_list(heap, new_free_block); ++ } ++ } ++ ZEND_MM_SET_DEBUG_INFO(mm_block, size, 0, 0); ++ heap->size = heap->size + true_size - orig_size; ++ if (heap->peak < heap->size) { ++ heap->peak = heap->size; ++ } ++ HANDLE_UNBLOCK_INTERRUPTIONS(); ++#if SUHOSIN_PATCH ++ SUHOSIN_MM_SET_CANARIES(mm_block); ++ ((zend_mm_block_canary*)mm_block)->info.size = size; ++ SUHOSIN_MM_SET_END_CANARY(mm_block); ++#endif ++ return p; ++ } else if (ZEND_MM_IS_FIRST_BLOCK(mm_block) && ++ ZEND_MM_IS_GUARD_BLOCK(ZEND_MM_BLOCK_AT(next_block, ZEND_MM_FREE_BLOCK_SIZE(next_block)))) { ++ HANDLE_BLOCK_INTERRUPTIONS(); ++ zend_mm_remove_from_free_list(heap, (zend_mm_free_block_canary *) next_block); ++ goto realloc_segment; ++ } ++ } else if (ZEND_MM_IS_FIRST_BLOCK(mm_block) && ZEND_MM_IS_GUARD_BLOCK(next_block)) { ++ zend_mm_segment *segment; ++ zend_mm_segment *segment_copy; ++ size_t segment_size; ++ size_t block_size; ++ size_t remaining_size; ++ ++ HANDLE_BLOCK_INTERRUPTIONS(); ++realloc_segment: ++ /* segment size, size of block and size of guard block */ ++ if (true_size > heap->block_size - (ZEND_MM_ALIGNED_SEGMENT_SIZE + ZEND_MM_ALIGNED_HEADER_SIZE)) { ++ segment_size = true_size+ZEND_MM_ALIGNED_SEGMENT_SIZE+ZEND_MM_ALIGNED_HEADER_SIZE; ++ segment_size = (segment_size + (heap->block_size-1)) & ~(heap->block_size-1); ++ } else { ++ segment_size = heap->block_size; ++ } ++ ++ segment_copy = (zend_mm_segment *) ((char *)mm_block - ZEND_MM_ALIGNED_SEGMENT_SIZE); ++ if (segment_size < true_size || ++ heap->real_size + segment_size - segment_copy->size > heap->limit) { ++ if (ZEND_MM_IS_FREE_BLOCK(next_block)) { ++ zend_mm_add_to_free_list(heap, (zend_mm_free_block_canary *) next_block); ++ } ++#if ZEND_MM_CACHE ++ zend_mm_free_cache(heap); ++#endif ++ HANDLE_UNBLOCK_INTERRUPTIONS(); ++#if ZEND_DEBUG ++ zend_mm_safe_error(heap, "Allowed memory size of %ld bytes exhausted at %s:%d (tried to allocate %ld bytes)", heap->limit, __zend_filename, __zend_lineno, size); ++#else ++ zend_mm_safe_error(heap, "Allowed memory size of %ld bytes exhausted (tried to allocate %ld bytes)", heap->limit, size); ++#endif ++ return NULL; ++ } ++ ++ segment = ZEND_MM_STORAGE_REALLOC(segment_copy, segment_size); ++ if (!segment) { ++#if ZEND_MM_CACHE ++ zend_mm_free_cache(heap); ++#endif ++ HANDLE_UNBLOCK_INTERRUPTIONS(); ++out_of_memory: ++#if ZEND_DEBUG ++ zend_mm_safe_error(heap, "Out of memory (allocated %ld) at %s:%d (tried to allocate %ld bytes)", heap->real_size, __zend_filename, __zend_lineno, size); ++#else ++ zend_mm_safe_error(heap, "Out of memory (allocated %ld) (tried to allocate %ld bytes)", heap->real_size, size); ++#endif ++ return NULL; ++ } ++ heap->real_size += segment_size - segment->size; ++ if (heap->real_size > heap->real_peak) { ++ heap->real_peak = heap->real_size; ++ } ++ ++ segment->size = segment_size; ++ ++ if (segment != segment_copy) { ++ zend_mm_segment **seg = &heap->segments_list; ++ while (*seg != segment_copy) { ++ seg = &(*seg)->next_segment; ++ } ++ *seg = segment; ++ mm_block = (zend_mm_block_canary *) ((char *) segment + ZEND_MM_ALIGNED_SEGMENT_SIZE); ++ ZEND_MM_MARK_FIRST_BLOCK(mm_block); ++ } ++ ++ block_size = segment_size - ZEND_MM_ALIGNED_SEGMENT_SIZE - ZEND_MM_ALIGNED_HEADER_SIZE; ++ remaining_size = block_size - true_size; ++ ++ /* setup guard block */ ++ ZEND_MM_LAST_BLOCK(ZEND_MM_BLOCK_AT(mm_block, block_size)); ++ ++ if (remaining_size < ZEND_MM_ALIGNED_MIN_HEADER_SIZE) { ++ true_size = block_size; ++ ZEND_MM_BLOCK(mm_block, ZEND_MM_USED_BLOCK, true_size); ++ } else { ++ zend_mm_free_block_canary *new_free_block; ++ ++ /* prepare new free block */ ++ ZEND_MM_BLOCK(mm_block, ZEND_MM_USED_BLOCK, true_size); ++ new_free_block = (zend_mm_free_block_canary *) ZEND_MM_BLOCK_AT(mm_block, true_size); ++ ZEND_MM_BLOCK(new_free_block, ZEND_MM_FREE_BLOCK, remaining_size); ++ ++ /* add the new free block to the free list */ ++ zend_mm_add_to_rest_list(heap, new_free_block); ++ } ++ ++ ZEND_MM_SET_DEBUG_INFO(mm_block, size, 1, 1); ++ ++ heap->size = heap->size + true_size - orig_size; ++ if (heap->peak < heap->size) { ++ heap->peak = heap->size; ++ } ++ ++ HANDLE_UNBLOCK_INTERRUPTIONS(); ++#if SUHOSIN_PATCH ++ SUHOSIN_MM_SET_CANARIES(mm_block); ++ ((zend_mm_block_canary*)mm_block)->info.size = size; ++ SUHOSIN_MM_SET_END_CANARY(mm_block); ++#endif ++ return ZEND_MM_DATA_OF(mm_block); ++ } ++ ++ ptr = _zend_mm_alloc_canary_int(heap, size ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC); ++#if ZEND_DEBUG || ZEND_MM_HEAP_PROTECTION ++ memcpy(ptr, p, mm_block->debug.size); ++#else ++ memcpy(ptr, p, orig_size - ZEND_MM_ALIGNED_HEADER_SIZE - CANARY_SIZE); ++#endif ++ _zend_mm_free_canary_int(heap, p ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC); ++ return ptr; ++} ++ ++ZEND_API size_t _zend_mm_block_size_canary(zend_mm_heap_canary *heap, void *p ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC) ++{ ++ zend_mm_block_canary *mm_block; ++ ++ if (!ZEND_MM_VALID_PTR(p)) { ++ return 0; ++ } ++ mm_block = ZEND_MM_HEADER_OF(p); ++ ZEND_MM_CHECK_PROTECTION(mm_block); ++#if ZEND_DEBUG || ZEND_MM_HEAP_PROTECTION ++ return mm_block->debug.size; ++#else ++ return ZEND_MM_BLOCK_SIZE(mm_block); ++#endif ++} ++ ++#if defined(__GNUC__) && defined(i386) ++ ++static inline size_t safe_address(size_t nmemb, size_t size, size_t offset) ++{ ++ size_t res = nmemb; ++ unsigned long overflow = 0; ++ ++ __asm__ ("mull %3\n\taddl %4,%0\n\tadcl %1,%1" ++ : "=&a"(res), "=&d" (overflow) ++ : "%0"(res), ++ "rm"(size), ++ "rm"(offset)); ++ ++ if (UNEXPECTED(overflow)) { ++ zend_error_noreturn(E_ERROR, "Possible integer overflow in memory allocation (%zu * %zu + %zu)", nmemb, size, offset); ++ return 0; ++ } ++ return res; ++} ++ ++#elif defined(__GNUC__) && defined(__x86_64__) ++ ++static inline size_t safe_address(size_t nmemb, size_t size, size_t offset) ++{ ++ size_t res = nmemb; ++ unsigned long overflow = 0; ++ ++ __asm__ ("mulq %3\n\taddq %4,%0\n\tadcq %1,%1" ++ : "=&a"(res), "=&d" (overflow) ++ : "%0"(res), ++ "rm"(size), ++ "rm"(offset)); ++ ++ if (UNEXPECTED(overflow)) { ++ zend_error_noreturn(E_ERROR, "Possible integer overflow in memory allocation (%zu * %zu + %zu)", nmemb, size, offset); ++ return 0; ++ } ++ return res; ++} ++ ++#elif SIZEOF_SIZE_T == 4 && defined(HAVE_ZEND_LONG64) ++ ++static inline size_t safe_address(size_t nmemb, size_t size, size_t offset) ++{ ++ zend_ulong64 res = (zend_ulong64)nmemb * (zend_ulong64)size + (zend_ulong64)offset; ++ ++ if (UNEXPECTED(res > (zend_ulong64)0xFFFFFFFFL)) { ++ zend_error_noreturn(E_ERROR, "Possible integer overflow in memory allocation (%zu * %zu + %zu)", nmemb, size, offset); ++ return 0; ++ } ++ return (size_t) res; ++} ++ ++#else ++ ++static inline size_t safe_address(size_t nmemb, size_t size, size_t offset) ++{ ++ size_t res = nmemb * size + offset; ++ double _d = (double)nmemb * (double)size + (double)offset; ++ double _delta = (double)res - _d; ++ ++ if (UNEXPECTED((_d + _delta ) != _d)) { ++ zend_error_noreturn(E_ERROR, "Possible integer overflow in memory allocation (%zu * %zu + %zu)", nmemb, size, offset); ++ return 0; ++ } ++ return res; ++} ++#endif ++ ++/* ++ * Local variables: ++ * tab-width: 4 ++ * c-basic-offset: 4 ++ * indent-tabs-mode: t ++ * End: ++ */ ++ +--- /dev/null ++++ b/Zend/zend_canary.c +@@ -0,0 +1,66 @@ ++/* ++ +----------------------------------------------------------------------+ ++ | Suhosin-Patch for PHP | ++ +----------------------------------------------------------------------+ ++ | Copyright (c) 2004-2009 Stefan Esser | ++ +----------------------------------------------------------------------+ ++ | This source file is subject to version 2.02 of the PHP license, | ++ | that is bundled with this package in the file LICENSE, and is | ++ | available at through the world-wide-web at | ++ | http://www.php.net/license/2_02.txt. | ++ | If you did not receive a copy of the PHP license and are unable to | ++ | obtain it through the world-wide-web, please send a note to | ++ | license@php.net so we can mail you a copy immediately. | ++ +----------------------------------------------------------------------+ ++ | Author: Stefan Esser | ++ +----------------------------------------------------------------------+ ++ */ ++/* $Id: zend_canary.c,v 1.1 2004/11/26 12:45:41 ionic Exp $ */ ++ ++#include "zend.h" ++ ++#include ++#include ++ ++ ++#if SUHOSIN_PATCH ++ ++static size_t last_canary = 0x73625123; ++ ++/* will be replaced later with more compatible method */ ++ZEND_API void zend_canary(void *buf, int len) ++{ ++ time_t t; ++ size_t canary; ++ int fd; ++ ++#ifndef PHP_WIN32 ++ fd = open("/dev/urandom", 0); ++ if (fd != -1) { ++ int r = read(fd, buf, len); ++ close(fd); ++ if (r == len) { ++ return; ++ } ++ } ++#endif ++ /* not good but we never want to do this */ ++ time(&t); ++ canary = *(unsigned int *)&t + getpid() << 16 + last_canary; ++ last_canary ^= (canary << 5) | (canary >> (32-5)); ++ /* When we ensure full win32 compatibility in next version ++ we will replace this with the random number code from zend_alloc.c */ ++ memcpy(buf, &canary, len); ++} ++ ++#endif ++ ++ ++/* ++ * Local variables: ++ * tab-width: 4 ++ * c-basic-offset: 4 ++ * End: ++ * vim600: sw=4 ts=4 fdm=marker ++ * vim<600: sw=4 ts=4 ++ */ +--- a/Zend/zend_compile.c ++++ b/Zend/zend_compile.c +@@ -73,6 +73,11 @@ static void zend_destroy_property_info_i + } + /* }}} */ + ++#if SUHOSIN_PATCH ++void *suhosin_zend_destroy_property_info_internal = zend_destroy_property_info_internal; ++void *suhosin_zend_destroy_property_info = zend_destroy_property_info; ++#endif ++ + static void build_runtime_defined_function_key(zval *result, const char *name, int name_length TSRMLS_DC) /* {{{ */ + { + char char_pos_buf[32]; +--- a/Zend/zend_compile.h ++++ b/Zend/zend_compile.h +@@ -606,6 +606,11 @@ ZEND_API zend_bool zend_is_auto_global(c + ZEND_API int zend_auto_global_disable_jit(const char *varname, zend_uint varname_length TSRMLS_DC); + ZEND_API size_t zend_dirname(char *path, size_t len); + ++#if SUHOSIN_PATCH ++extern void *suhosin_zend_destroy_property_info_internal; ++extern void *suhosin_zend_destroy_property_info; ++#endif ++ + int zendlex(znode *zendlval TSRMLS_DC); + + /* BEGIN: OPCODES */ +--- a/Zend/zend_constants.c ++++ b/Zend/zend_constants.c +@@ -113,6 +113,76 @@ void zend_register_standard_constants(TS + + REGISTER_MAIN_LONG_CONSTANT("E_ALL", E_ALL, CONST_PERSISTENT | CONST_CS); + ++#if SUHOSIN_PATCH ++ REGISTER_MAIN_LONG_CONSTANT("S_MEMORY", S_MEMORY, CONST_PERSISTENT | CONST_CS); ++ REGISTER_MAIN_LONG_CONSTANT("S_VARS", S_VARS, CONST_PERSISTENT | CONST_CS); ++ REGISTER_MAIN_LONG_CONSTANT("S_FILES", S_FILES, CONST_PERSISTENT | CONST_CS); ++ REGISTER_MAIN_LONG_CONSTANT("S_INCLUDE", S_INCLUDE, CONST_PERSISTENT | CONST_CS); ++ REGISTER_MAIN_LONG_CONSTANT("S_SQL", S_SQL, CONST_PERSISTENT | CONST_CS); ++ REGISTER_MAIN_LONG_CONSTANT("S_EXECUTOR", S_EXECUTOR, CONST_PERSISTENT | CONST_CS); ++ REGISTER_MAIN_LONG_CONSTANT("S_MAIL", S_MAIL, CONST_PERSISTENT | CONST_CS); ++ REGISTER_MAIN_LONG_CONSTANT("S_SESSION", S_SESSION, CONST_PERSISTENT | CONST_CS); ++ REGISTER_MAIN_LONG_CONSTANT("S_MISC", S_MISC, CONST_PERSISTENT | CONST_CS); ++ REGISTER_MAIN_LONG_CONSTANT("S_INTERNAL", S_INTERNAL, CONST_PERSISTENT | CONST_CS); ++ REGISTER_MAIN_LONG_CONSTANT("S_ALL", S_ALL, CONST_PERSISTENT | CONST_CS); ++ ++ /* error levels */ ++ REGISTER_MAIN_LONG_CONSTANT("LOG_EMERG", LOG_EMERG, CONST_CS | CONST_PERSISTENT); /* system unusable */ ++ REGISTER_MAIN_LONG_CONSTANT("LOG_ALERT", LOG_ALERT, CONST_CS | CONST_PERSISTENT); /* immediate action required */ ++ REGISTER_MAIN_LONG_CONSTANT("LOG_CRIT", LOG_CRIT, CONST_CS | CONST_PERSISTENT); /* critical conditions */ ++ REGISTER_MAIN_LONG_CONSTANT("LOG_ERR", LOG_ERR, CONST_CS | CONST_PERSISTENT); ++ REGISTER_MAIN_LONG_CONSTANT("LOG_WARNING", LOG_WARNING, CONST_CS | CONST_PERSISTENT); ++ REGISTER_MAIN_LONG_CONSTANT("LOG_NOTICE", LOG_NOTICE, CONST_CS | CONST_PERSISTENT); ++ REGISTER_MAIN_LONG_CONSTANT("LOG_INFO", LOG_INFO, CONST_CS | CONST_PERSISTENT); ++ REGISTER_MAIN_LONG_CONSTANT("LOG_DEBUG", LOG_DEBUG, CONST_CS | CONST_PERSISTENT); ++ /* facility: type of program logging the message */ ++ REGISTER_MAIN_LONG_CONSTANT("LOG_KERN", LOG_KERN, CONST_CS | CONST_PERSISTENT); ++ REGISTER_MAIN_LONG_CONSTANT("LOG_USER", LOG_USER, CONST_CS | CONST_PERSISTENT); /* generic user level */ ++ REGISTER_MAIN_LONG_CONSTANT("LOG_MAIL", LOG_MAIL, CONST_CS | CONST_PERSISTENT); /* log to email */ ++ REGISTER_MAIN_LONG_CONSTANT("LOG_DAEMON", LOG_DAEMON, CONST_CS | CONST_PERSISTENT); /* other system daemons */ ++ REGISTER_MAIN_LONG_CONSTANT("LOG_AUTH", LOG_AUTH, CONST_CS | CONST_PERSISTENT); ++ REGISTER_MAIN_LONG_CONSTANT("LOG_SYSLOG", LOG_SYSLOG, CONST_CS | CONST_PERSISTENT); ++ REGISTER_MAIN_LONG_CONSTANT("LOG_LPR", LOG_LPR, CONST_CS | CONST_PERSISTENT); ++#ifdef LOG_NEWS ++ /* No LOG_NEWS on HP-UX */ ++ REGISTER_MAIN_LONG_CONSTANT("LOG_NEWS", LOG_NEWS, CONST_CS | CONST_PERSISTENT); /* usenet new */ ++#endif ++#ifdef LOG_UUCP ++ /* No LOG_UUCP on HP-UX */ ++ REGISTER_MAIN_LONG_CONSTANT("LOG_UUCP", LOG_UUCP, CONST_CS | CONST_PERSISTENT); ++#endif ++#ifdef LOG_CRON ++ /* apparently some systems don't have this one */ ++ REGISTER_MAIN_LONG_CONSTANT("LOG_CRON", LOG_CRON, CONST_CS | CONST_PERSISTENT); ++#endif ++#ifdef LOG_AUTHPRIV ++ /* AIX doesn't have LOG_AUTHPRIV */ ++ REGISTER_MAIN_LONG_CONSTANT("LOG_AUTHPRIV", LOG_AUTHPRIV, CONST_CS | CONST_PERSISTENT); ++#endif ++#ifndef PHP_WIN32 ++ REGISTER_MAIN_LONG_CONSTANT("LOG_LOCAL0", LOG_LOCAL0, CONST_CS | CONST_PERSISTENT); ++ REGISTER_MAIN_LONG_CONSTANT("LOG_LOCAL1", LOG_LOCAL1, CONST_CS | CONST_PERSISTENT); ++ REGISTER_MAIN_LONG_CONSTANT("LOG_LOCAL2", LOG_LOCAL2, CONST_CS | CONST_PERSISTENT); ++ REGISTER_MAIN_LONG_CONSTANT("LOG_LOCAL3", LOG_LOCAL3, CONST_CS | CONST_PERSISTENT); ++ REGISTER_MAIN_LONG_CONSTANT("LOG_LOCAL4", LOG_LOCAL4, CONST_CS | CONST_PERSISTENT); ++ REGISTER_MAIN_LONG_CONSTANT("LOG_LOCAL5", LOG_LOCAL5, CONST_CS | CONST_PERSISTENT); ++ REGISTER_MAIN_LONG_CONSTANT("LOG_LOCAL6", LOG_LOCAL6, CONST_CS | CONST_PERSISTENT); ++ REGISTER_MAIN_LONG_CONSTANT("LOG_LOCAL7", LOG_LOCAL7, CONST_CS | CONST_PERSISTENT); ++#endif ++ /* options */ ++ REGISTER_MAIN_LONG_CONSTANT("LOG_PID", LOG_PID, CONST_CS | CONST_PERSISTENT); ++ REGISTER_MAIN_LONG_CONSTANT("LOG_CONS", LOG_CONS, CONST_CS | CONST_PERSISTENT); ++ REGISTER_MAIN_LONG_CONSTANT("LOG_ODELAY", LOG_ODELAY, CONST_CS | CONST_PERSISTENT); ++ REGISTER_MAIN_LONG_CONSTANT("LOG_NDELAY", LOG_NDELAY, CONST_CS | CONST_PERSISTENT); ++#ifdef LOG_NOWAIT ++ REGISTER_MAIN_LONG_CONSTANT("LOG_NOWAIT", LOG_NOWAIT, CONST_CS | CONST_PERSISTENT); ++#endif ++#ifdef LOG_PERROR ++ /* AIX doesn't have LOG_PERROR */ ++ REGISTER_MAIN_LONG_CONSTANT("LOG_PERROR", LOG_PERROR, CONST_CS | CONST_PERSISTENT); /*log to stderr*/ ++#endif ++#endif ++ + /* true/false constants */ + { + zend_constant c; +--- a/Zend/zend_errors.h ++++ b/Zend/zend_errors.h +@@ -41,6 +41,20 @@ + #define E_ALL (E_ERROR | E_WARNING | E_PARSE | E_NOTICE | E_CORE_ERROR | E_CORE_WARNING | E_COMPILE_ERROR | E_COMPILE_WARNING | E_USER_ERROR | E_USER_WARNING | E_USER_NOTICE | E_RECOVERABLE_ERROR | E_DEPRECATED | E_USER_DEPRECATED) + #define E_CORE (E_CORE_ERROR | E_CORE_WARNING) + ++#if SUHOSIN_PATCH ++#define S_MEMORY (1<<0L) ++#define S_MISC (1<<1L) ++#define S_VARS (1<<2L) ++#define S_FILES (1<<3L) ++#define S_INCLUDE (1<<4L) ++#define S_SQL (1<<5L) ++#define S_EXECUTOR (1<<6L) ++#define S_MAIL (1<<7L) ++#define S_SESSION (1<<8L) ++#define S_INTERNAL (1<<29L) ++#define S_ALL (S_MEMORY | S_VARS | S_INCLUDE | S_FILES | S_MAIL | S_SESSION | S_MISC | S_SQL | S_EXECUTOR) ++#endif ++ + #endif /* ZEND_ERRORS_H */ + + /* +--- a/Zend/zend_hash.c ++++ b/Zend/zend_hash.c +@@ -20,6 +20,7 @@ + /* $Id: zend_hash.c 293155 2010-01-05 20:46:53Z sebastian $ */ + + #include "zend.h" ++#include "zend_compile.h" + + #define CONNECT_TO_BUCKET_DLLIST(element, list_head) \ + (element)->pNext = (list_head); \ +@@ -133,6 +134,199 @@ ZEND_API ulong zend_hash_func(const char + } + + ++#if SUHOSIN_PATCH ++#ifdef ZTS ++static MUTEX_T zend_hash_dprot_mx_reader; ++static MUTEX_T zend_hash_dprot_mx_writer; ++static unsigned int zend_hash_dprot_reader; ++#endif ++static unsigned int zend_hash_dprot_counter; ++static unsigned int zend_hash_dprot_curmax; ++static dtor_func_t *zend_hash_dprot_table = NULL; ++ ++static void zend_hash_dprot_begin_read() ++{ ++#ifdef ZTS ++ tsrm_mutex_lock(zend_hash_dprot_mx_reader); ++ if ((++(zend_hash_dprot_reader)) == 1) { ++ tsrm_mutex_lock(zend_hash_dprot_mx_writer); ++ } ++ tsrm_mutex_unlock(zend_hash_dprot_mx_reader); ++#endif ++} ++ ++static void zend_hash_dprot_end_read() ++{ ++#ifdef ZTS ++ tsrm_mutex_lock(zend_hash_dprot_mx_reader); ++ if ((--(zend_hash_dprot_reader)) == 0) { ++ tsrm_mutex_unlock(zend_hash_dprot_mx_writer); ++ } ++ tsrm_mutex_unlock(zend_hash_dprot_mx_reader); ++#endif ++} ++ ++static void zend_hash_dprot_begin_write() ++{ ++#ifdef ZTS ++ tsrm_mutex_lock(zend_hash_dprot_mx_writer); ++#endif ++} ++ ++static void zend_hash_dprot_end_write() ++{ ++#ifdef ZTS ++ tsrm_mutex_unlock(zend_hash_dprot_mx_writer); ++#endif ++} ++ ++/*ZEND_API void zend_hash_dprot_dtor() ++{ ++#ifdef ZTS ++ tsrm_mutex_free(zend_hash_dprot_mx_reader); ++ tsrm_mutex_free(zend_hash_dprot_mx_writer); ++#endif ++ free(zend_hash_dprot_table); ++}*/ ++ ++static void zend_hash_add_destructor(dtor_func_t pDestructor) ++{ ++ int left, right, mid; ++ zend_bool found = 0; ++ unsigned long value; ++ ++ if (pDestructor == NULL || pDestructor == ZVAL_PTR_DTOR || pDestructor == ZVAL_INTERNAL_PTR_DTOR ++ || pDestructor == ZEND_FUNCTION_DTOR || pDestructor == ZEND_CLASS_DTOR) { ++ return; ++ } ++ ++ if (zend_hash_dprot_table == NULL) { ++#ifdef ZTS ++ zend_hash_dprot_mx_reader = tsrm_mutex_alloc(); ++ zend_hash_dprot_mx_writer = tsrm_mutex_alloc(); ++ zend_hash_dprot_reader = 0; ++#endif ++ zend_hash_dprot_counter = 0; ++ zend_hash_dprot_curmax = 256; ++ zend_hash_dprot_table = (dtor_func_t *) malloc(256 * sizeof(dtor_func_t)); ++ } ++ ++ zend_hash_dprot_begin_write(); ++ ++ if (zend_hash_dprot_counter == 0) { ++ zend_hash_dprot_counter++; ++ zend_hash_dprot_table[0] = pDestructor; ++ } else { ++ value = (unsigned long) pDestructor; ++ left = 0; ++ right = zend_hash_dprot_counter-1; ++ mid = 0; ++ ++ while (left < right) { ++ mid = (right - left) >> 1; ++ mid += left; ++ if ((unsigned long)zend_hash_dprot_table[mid] == value) { ++ found = 1; ++ break; ++ } ++ if (value < (unsigned long)zend_hash_dprot_table[mid]) { ++ right = mid-1; ++ } else { ++ left = mid+1; ++ } ++ } ++ if ((unsigned long)zend_hash_dprot_table[left] == value) { ++ found = 1; ++ } ++ ++ if (!found) { ++ ++ if (zend_hash_dprot_counter >= zend_hash_dprot_curmax) { ++ zend_hash_dprot_curmax += 256; ++ zend_hash_dprot_table = (dtor_func_t *) realloc(zend_hash_dprot_table, zend_hash_dprot_curmax * sizeof(dtor_func_t)); ++ } ++ ++ if ((unsigned long)zend_hash_dprot_table[left] < value) { ++ memmove(zend_hash_dprot_table+left+2, zend_hash_dprot_table+left+1, (zend_hash_dprot_counter-left-1)*sizeof(dtor_func_t)); ++ zend_hash_dprot_table[left+1] = pDestructor; ++ } else { ++ memmove(zend_hash_dprot_table+left+1, zend_hash_dprot_table+left, (zend_hash_dprot_counter-left)*sizeof(dtor_func_t)); ++ zend_hash_dprot_table[left] = pDestructor; ++ } ++ ++ zend_hash_dprot_counter++; ++ } ++ } ++ ++ zend_hash_dprot_end_write(); ++} ++ ++static void zend_hash_check_destructor(dtor_func_t pDestructor) ++{ ++ unsigned long value; ++ ++ if (pDestructor == NULL || pDestructor == ZVAL_PTR_DTOR || pDestructor == ZVAL_INTERNAL_PTR_DTOR ++#ifdef ZEND_ENGINE_2 ++ || pDestructor == suhosin_zend_destroy_property_info_internal || pDestructor == suhosin_zend_destroy_property_info ++#endif ++ || pDestructor == ZEND_FUNCTION_DTOR || pDestructor == ZEND_CLASS_DTOR) { ++ return; ++ } ++ ++ zend_hash_dprot_begin_read(); ++ ++ if (zend_hash_dprot_counter > 0) { ++ int left, right, mid; ++ zend_bool found = 0; ++ ++ value = (unsigned long) pDestructor; ++ left = 0; ++ right = zend_hash_dprot_counter-1; ++ ++ while (left < right) { ++ mid = (right - left) >> 1; ++ mid += left; ++ if ((unsigned long)zend_hash_dprot_table[mid] == value) { ++ found = 1; ++ break; ++ } ++ if (value < (unsigned long)zend_hash_dprot_table[mid]) { ++ right = mid-1; ++ } else { ++ left = mid+1; ++ } ++ } ++ if ((unsigned long)zend_hash_dprot_table[left] == value) { ++ found = 1; ++ } ++ ++ if (!found) { ++ zend_hash_dprot_end_read(); ++ ++ zend_suhosin_log(S_MEMORY, "possible memory corruption detected - unknown Hashtable destructor"); ++ if (SUHOSIN_CONFIG(SUHOSIN_HT_IGNORE_INVALID_DESTRUCTOR) == 0) { ++ _exit(1); ++ } ++ return; ++ } ++ ++ } else { ++ zend_hash_dprot_end_read(); ++ ++ zend_suhosin_log(S_MEMORY, "possible memory corruption detected - unknown Hashtable destructor"); ++ if (SUHOSIN_CONFIG(SUHOSIN_HT_IGNORE_INVALID_DESTRUCTOR) == 0) { ++ _exit(1); ++ } ++ return; ++ } ++ ++ zend_hash_dprot_end_read(); ++} ++ ++#else ++#define zend_hash_add_destructor(pDestructor) do {} while(0) ++#define zend_hash_check_destructor(pDestructor) do {} while(0) ++#endif + + ZEND_API int _zend_hash_init(HashTable *ht, uint nSize, hash_func_t pHashFunction, dtor_func_t pDestructor, zend_bool persistent ZEND_FILE_LINE_DC) + { +@@ -153,6 +347,7 @@ ZEND_API int _zend_hash_init(HashTable * + + ht->nTableMask = ht->nTableSize - 1; + ht->pDestructor = pDestructor; ++ zend_hash_add_destructor(pDestructor); + ht->arBuckets = NULL; + ht->pListHead = NULL; + ht->pListTail = NULL; +@@ -230,6 +425,7 @@ ZEND_API int _zend_hash_add_or_update(Ha + return FAILURE; + } + #endif ++ zend_hash_check_destructor(ht->pDestructor); + if (ht->pDestructor) { + ht->pDestructor(p->pData); + } +@@ -295,6 +491,7 @@ ZEND_API int _zend_hash_quick_add_or_upd + return FAILURE; + } + #endif ++ zend_hash_check_destructor(ht->pDestructor); + if (ht->pDestructor) { + ht->pDestructor(p->pData); + } +@@ -370,6 +567,7 @@ ZEND_API int _zend_hash_index_update_or_ + return FAILURE; + } + #endif ++ zend_hash_check_destructor(ht->pDestructor); + if (ht->pDestructor) { + ht->pDestructor(p->pData); + } +@@ -493,6 +691,7 @@ ZEND_API int zend_hash_del_key_or_index( + if (ht->pInternalPointer == p) { + ht->pInternalPointer = p->pListNext; + } ++ zend_hash_check_destructor(ht->pDestructor); + if (ht->pDestructor) { + ht->pDestructor(p->pData); + } +@@ -519,6 +718,7 @@ ZEND_API void zend_hash_destroy(HashTabl + SET_INCONSISTENT(HT_IS_DESTROYING); + + p = ht->pListHead; ++ zend_hash_check_destructor(ht->pDestructor); + while (p != NULL) { + q = p; + p = p->pListNext; +@@ -545,6 +745,7 @@ ZEND_API void zend_hash_clean(HashTable + SET_INCONSISTENT(HT_CLEANING); + + p = ht->pListHead; ++ zend_hash_check_destructor(ht->pDestructor); + while (p != NULL) { + q = p; + p = p->pListNext; +@@ -607,6 +808,7 @@ static Bucket *zend_hash_apply_deleter(H + ht->nNumOfElements--; + HANDLE_UNBLOCK_INTERRUPTIONS(); + ++ zend_hash_check_destructor(ht->pDestructor); + if (ht->pDestructor) { + ht->pDestructor(p->pData); + } +--- a/Zend/zend_llist.c ++++ b/Zend/zend_llist.c +@@ -23,6 +23,194 @@ + #include "zend_llist.h" + #include "zend_qsort.h" + ++#if SUHOSIN_PATCH ++#ifdef ZTS ++static MUTEX_T zend_llist_dprot_mx_reader; ++static MUTEX_T zend_llist_dprot_mx_writer; ++static unsigned int zend_llist_dprot_reader; ++#endif ++static unsigned int zend_llist_dprot_counter; ++static unsigned int zend_llist_dprot_curmax; ++static llist_dtor_func_t *zend_llist_dprot_table = NULL; ++ ++static void zend_llist_dprot_begin_read() ++{ ++#ifdef ZTS ++ tsrm_mutex_lock(zend_llist_dprot_mx_reader); ++ if ((++(zend_llist_dprot_reader)) == 1) { ++ tsrm_mutex_lock(zend_llist_dprot_mx_writer); ++ } ++ tsrm_mutex_unlock(zend_llist_dprot_mx_reader); ++#endif ++} ++ ++static void zend_llist_dprot_end_read() ++{ ++#ifdef ZTS ++ tsrm_mutex_lock(zend_llist_dprot_mx_reader); ++ if ((--(zend_llist_dprot_reader)) == 0) { ++ tsrm_mutex_unlock(zend_llist_dprot_mx_writer); ++ } ++ tsrm_mutex_unlock(zend_llist_dprot_mx_reader); ++#endif ++} ++ ++static void zend_llist_dprot_begin_write() ++{ ++#ifdef ZTS ++ tsrm_mutex_lock(zend_llist_dprot_mx_writer); ++#endif ++} ++ ++static void zend_llist_dprot_end_write() ++{ ++#ifdef ZTS ++ tsrm_mutex_unlock(zend_llist_dprot_mx_writer); ++#endif ++} ++ ++/*ZEND_API void zend_llist_dprot_dtor() ++{ ++#ifdef ZTS ++ tsrm_mutex_free(zend_llist_dprot_mx_reader); ++ tsrm_mutex_free(zend_llist_dprot_mx_writer); ++#endif ++ free(zend_llist_dprot_table); ++}*/ ++ ++static void zend_llist_add_destructor(llist_dtor_func_t pDestructor) ++{ ++ int left, right, mid; ++ zend_bool found = 0; ++ unsigned long value; ++ ++ if (pDestructor == NULL || pDestructor == ZVAL_PTR_DTOR) { ++ return; ++ } ++ ++ if (zend_llist_dprot_table == NULL) { ++#ifdef ZTS ++ zend_llist_dprot_mx_reader = tsrm_mutex_alloc(); ++ zend_llist_dprot_mx_writer = tsrm_mutex_alloc(); ++ zend_llist_dprot_reader = 0; ++#endif ++ zend_llist_dprot_counter = 0; ++ zend_llist_dprot_curmax = 256; ++ zend_llist_dprot_table = (llist_dtor_func_t *) malloc(256 * sizeof(llist_dtor_func_t)); ++ } ++ ++ zend_llist_dprot_begin_write(); ++ ++ if (zend_llist_dprot_counter == 0) { ++ zend_llist_dprot_counter++; ++ zend_llist_dprot_table[0] = pDestructor; ++ } else { ++ value = (unsigned long) pDestructor; ++ left = 0; ++ right = zend_llist_dprot_counter-1; ++ mid = 0; ++ ++ while (left < right) { ++ mid = (right - left) >> 1; ++ mid += left; ++ if ((unsigned long)zend_llist_dprot_table[mid] == value) { ++ found = 1; ++ break; ++ } ++ if (value < (unsigned long)zend_llist_dprot_table[mid]) { ++ right = mid-1; ++ } else { ++ left = mid+1; ++ } ++ } ++ if ((unsigned long)zend_llist_dprot_table[left] == value) { ++ found = 1; ++ } ++ ++ if (!found) { ++ ++ if (zend_llist_dprot_counter >= zend_llist_dprot_curmax) { ++ zend_llist_dprot_curmax += 256; ++ zend_llist_dprot_table = (llist_dtor_func_t *) realloc(zend_llist_dprot_table, zend_llist_dprot_curmax * sizeof(llist_dtor_func_t)); ++ } ++ ++ if ((unsigned long)zend_llist_dprot_table[left] < value) { ++ memmove(zend_llist_dprot_table+left+2, zend_llist_dprot_table+left+1, (zend_llist_dprot_counter-left-1)*sizeof(llist_dtor_func_t)); ++ zend_llist_dprot_table[left+1] = pDestructor; ++ } else { ++ memmove(zend_llist_dprot_table+left+1, zend_llist_dprot_table+left, (zend_llist_dprot_counter-left)*sizeof(llist_dtor_func_t)); ++ zend_llist_dprot_table[left] = pDestructor; ++ } ++ ++ zend_llist_dprot_counter++; ++ } ++ } ++ ++ zend_llist_dprot_end_write(); ++} ++ ++static void zend_llist_check_destructor(llist_dtor_func_t pDestructor) ++{ ++ unsigned long value; ++ ++ if (pDestructor == NULL || pDestructor == ZVAL_PTR_DTOR) { ++ return; ++ } ++ ++ zend_llist_dprot_begin_read(); ++ ++ if (zend_llist_dprot_counter > 0) { ++ int left, right, mid; ++ zend_bool found = 0; ++ ++ value = (unsigned long) pDestructor; ++ left = 0; ++ right = zend_llist_dprot_counter-1; ++ ++ while (left < right) { ++ mid = (right - left) >> 1; ++ mid += left; ++ if ((unsigned long)zend_llist_dprot_table[mid] == value) { ++ found = 1; ++ break; ++ } ++ if (value < (unsigned long)zend_llist_dprot_table[mid]) { ++ right = mid-1; ++ } else { ++ left = mid+1; ++ } ++ } ++ if ((unsigned long)zend_llist_dprot_table[left] == value) { ++ found = 1; ++ } ++ ++ if (!found) { ++ zend_llist_dprot_end_read(); ++ ++ zend_suhosin_log(S_MEMORY, "possible memory corruption detected - unknown llist destructor"); ++ if (SUHOSIN_CONFIG(SUHOSIN_LL_IGNORE_INVALID_DESTRUCTOR) == 0) { ++ _exit(1); ++ } ++ return; ++ } ++ ++ } else { ++ zend_llist_dprot_end_read(); ++ ++ zend_suhosin_log(S_MEMORY, "possible memory corruption detected - unknown llist destructor"); ++ if (SUHOSIN_CONFIG(SUHOSIN_LL_IGNORE_INVALID_DESTRUCTOR) == 0) { ++ _exit(1); ++ } ++ return; ++ } ++ ++ zend_llist_dprot_end_read(); ++} ++#else ++#define zend_llist_add_destructor(pDestructor) do {} while(0) ++#define zend_llist_check_destructor(pDestructor) do {} while(0) ++#endif ++ + ZEND_API void zend_llist_init(zend_llist *l, size_t size, llist_dtor_func_t dtor, unsigned char persistent) + { + l->head = NULL; +@@ -30,6 +218,7 @@ ZEND_API void zend_llist_init(zend_llist + l->count = 0; + l->size = size; + l->dtor = dtor; ++ zend_llist_add_destructor(dtor); + l->persistent = persistent; + } + +@@ -81,6 +270,7 @@ ZEND_API void zend_llist_prepend_element + } else {\ + (l)->tail = (current)->prev;\ + }\ ++ zend_llist_check_destructor((l)->dtor); \ + if ((l)->dtor) {\ + (l)->dtor((current)->data);\ + }\ +@@ -108,6 +298,7 @@ ZEND_API void zend_llist_destroy(zend_ll + { + zend_llist_element *current=l->head, *next; + ++ zend_llist_check_destructor(l->dtor); + while (current) { + next = current->next; + if (l->dtor) { +@@ -133,6 +324,7 @@ ZEND_API void *zend_llist_remove_tail(ze + zend_llist_element *old_tail; + void *data; + ++ zend_llist_check_destructor((l)->dtor); + if ((old_tail = l->tail)) { + if (old_tail->prev) { + old_tail->prev->next = NULL; +--- a/Zend/zend_operators.c ++++ b/Zend/zend_operators.c +@@ -152,9 +152,14 @@ ZEND_API void convert_scalar_to_number(z + case IS_STRING: + { + char *strval; ++ int strl; + + strval = Z_STRVAL_P(op); +- if ((Z_TYPE_P(op)=is_numeric_string(strval, Z_STRLEN_P(op), &Z_LVAL_P(op), &Z_DVAL_P(op), 1)) == 0) { ++ strl = Z_STRLEN_P(op); ++#if SUHOSIN_PATCH ++ Z_STRLEN_P(op) = 0; ++#endif ++ if ((Z_TYPE_P(op)=is_numeric_string(strval, strl, &Z_LVAL_P(op), &Z_DVAL_P(op), 1)) == 0) { + ZVAL_LONG(op, 0); + } + STR_FREE(strval); +@@ -186,7 +191,8 @@ ZEND_API void convert_scalar_to_number(z + } else { \ + switch (Z_TYPE_P(op)) { \ + case IS_STRING: \ +- { \ ++ { \ ++ Z_STRLEN(holder) = 0; \ + if ((Z_TYPE(holder)=is_numeric_string(Z_STRVAL_P(op), Z_STRLEN_P(op), &Z_LVAL(holder), &Z_DVAL(holder), 1)) == 0) { \ + ZVAL_LONG(&(holder), 0); \ + } \ +@@ -228,6 +234,7 @@ ZEND_API void convert_scalar_to_number(z + Z_LVAL(holder) = zend_dval_to_lval(Z_DVAL_P(op)); \ + break; \ + case IS_STRING: \ ++ Z_STRLEN(holder) = 0; \ + Z_LVAL(holder) = strtol(Z_STRVAL_P(op), NULL, 10); \ + break; \ + case IS_ARRAY: \ +@@ -270,6 +277,7 @@ ZEND_API void convert_scalar_to_number(z + Z_LVAL(holder) = (Z_DVAL_P(op) ? 1 : 0); \ + break; \ + case IS_STRING: \ ++ Z_STRLEN(holder) = 0; \ + if (Z_STRLEN_P(op) == 0 \ + || (Z_STRLEN_P(op)==1 && Z_STRVAL_P(op)[0]=='0')) { \ + Z_LVAL(holder) = 0; \ +@@ -355,6 +363,9 @@ ZEND_API void convert_to_long_base(zval + { + char *strval = Z_STRVAL_P(op); + ++#if SUHOSIN_PATCH ++ Z_STRLEN_P(op) = 0; ++#endif + Z_LVAL_P(op) = strtol(strval, NULL, base); + STR_FREE(strval); + } +@@ -415,6 +426,9 @@ ZEND_API void convert_to_double(zval *op + { + char *strval = Z_STRVAL_P(op); + ++#if SUHOSIN_PATCH ++ Z_STRLEN_P(op) = 0; ++#endif + Z_DVAL_P(op) = zend_strtod(strval, NULL); + STR_FREE(strval); + } +@@ -501,8 +515,14 @@ ZEND_API void convert_to_boolean(zval *o + + if (Z_STRLEN_P(op) == 0 + || (Z_STRLEN_P(op)==1 && Z_STRVAL_P(op)[0]=='0')) { ++#if SUHOSIN_PATCH ++ Z_STRLEN_P(op) = 0; ++#endif + Z_LVAL_P(op) = 0; + } else { ++#if SUHOSIN_PATCH ++ Z_STRLEN_P(op) = 0; ++#endif + Z_LVAL_P(op) = 1; + } + STR_FREE(strval); +@@ -616,6 +636,9 @@ static void convert_scalar_to_array(zval + *entry = *op; + INIT_PZVAL(entry); + ++#if SUHOSIN_PATCH ++ Z_STRLEN_P(op) = 0; ++#endif + switch (type) { + case IS_ARRAY: + ALLOC_HASHTABLE(Z_ARRVAL_P(op)); +--- a/Zend/zend_variables.c ++++ b/Zend/zend_variables.c +@@ -34,6 +34,9 @@ ZEND_API void _zval_dtor_func(zval *zval + case IS_CONSTANT: + CHECK_ZVAL_STRING_REL(zvalue); + STR_FREE_REL(zvalue->value.str.val); ++#if SUHOSIN_PATCH ++ zvalue->value.str.len = 0; ++#endif + break; + case IS_ARRAY: + case IS_CONSTANT_ARRAY: { +@@ -78,6 +81,9 @@ ZEND_API void _zval_internal_dtor(zval * + case IS_CONSTANT: + CHECK_ZVAL_STRING_REL(zvalue); + free(zvalue->value.str.val); ++#if SUHOSIN_PATCH ++ zvalue->value.str.len = 0; ++#endif + break; + case IS_ARRAY: + case IS_CONSTANT_ARRAY: +--- a/configure.in ++++ b/configure.in +@@ -289,6 +289,7 @@ sinclude(Zend/Zend.m4) + sinclude(TSRM/threads.m4) + sinclude(TSRM/tsrm.m4) + ++sinclude(main/suhosin_patch.m4) + + dnl divert(2) + +@@ -1399,7 +1400,7 @@ PHP_ADD_SOURCES(main, main.c snprintf.c + php_ini.c SAPI.c rfc1867.c php_content_types.c strlcpy.c \ + strlcat.c mergesort.c reentrancy.c php_variables.c php_ticks.c \ + network.c php_open_temporary_file.c php_logos.c \ +- output.c getopt.c) ++ output.c getopt.c suhosin_patch.c ) + + PHP_ADD_SOURCES(main/streams, streams.c cast.c memory.c filter.c \ + plain_wrapper.c userspace.c transports.c xp_socket.c mmap.c \ +@@ -1427,7 +1428,7 @@ PHP_ADD_SOURCES(Zend, \ + zend_list.c zend_indent.c zend_builtin_functions.c zend_sprintf.c \ + zend_ini.c zend_qsort.c zend_multibyte.c zend_ts_hash.c zend_stream.c \ + zend_iterators.c zend_interfaces.c zend_exceptions.c zend_strtod.c zend_gc.c \ +- zend_closures.c zend_float.c) ++ zend_closures.c zend_float.c zend_canary.c zend_alloc_canary.c ) + + if test -r "$abs_srcdir/Zend/zend_objects.c"; then + PHP_ADD_SOURCES(Zend, zend_objects.c zend_object_handlers.c zend_objects_API.c zend_default_classes.c) +--- a/ext/standard/dl.c ++++ b/ext/standard/dl.c +@@ -249,6 +249,23 @@ PHPAPI int php_load_extension(char *file + return FAILURE; + } + } ++ ++#if SUHOSIN_PATCH ++ if (strncmp("suhosin", module_entry->name, sizeof("suhosin")-1) == 0) { ++ void *log_func; ++ /* sucessfully loaded suhosin extension, now check for logging function replacement */ ++ log_func = (void *) DL_FETCH_SYMBOL(handle, "suhosin_log"); ++ if (log_func == NULL) { ++ log_func = (void *) DL_FETCH_SYMBOL(handle, "_suhosin_log"); ++ } ++ if (log_func != NULL) { ++ zend_suhosin_log = log_func; ++ } else { ++ zend_suhosin_log(S_MISC, "could not replace logging function"); ++ } ++ } ++#endif ++ + return SUCCESS; + } + /* }}} */ +--- a/ext/standard/info.c ++++ b/ext/standard/info.c +@@ -867,6 +867,33 @@ PHPAPI void php_print_info(int flag TSRM + + php_info_print_table_end(); + ++ /* Suhosin Patch */ ++ php_info_print_box_start(0); ++ if (expose_php && !sapi_module.phpinfo_as_text) { ++ PUTS("\"Suhosin\n"); ++ } ++ PUTS("This server is protected with the Suhosin Patch "); ++ if (sapi_module.phpinfo_as_text) { ++ PUTS(SUHOSIN_PATCH_VERSION); ++ } else { ++ zend_html_puts(SUHOSIN_PATCH_VERSION, strlen(SUHOSIN_PATCH_VERSION) TSRMLS_CC); ++ } ++ PUTS(!sapi_module.phpinfo_as_text?"
":"\n"); ++ if (sapi_module.phpinfo_as_text) { ++ PUTS("Copyright (c) 2006-2007 Hardened-PHP Project\n"); ++ PUTS("Copyright (c) 2007-2009 SektionEins GmbH\n"); ++ } else { ++ PUTS("Copyright (c) 2006-2007 Hardened-PHP Project\n"); ++ PUTS("Copyright (c) 2007-2009 SektionEins GmbH\n"); ++ } ++ php_info_print_box_end(); ++ + /* Zend Engine */ + php_info_print_box_start(0); + if (expose_php && !sapi_module.phpinfo_as_text) { +--- a/ext/standard/syslog.c ++++ b/ext/standard/syslog.c +@@ -42,6 +42,7 @@ static void start_syslog(TSRMLS_D); + */ + PHP_MINIT_FUNCTION(syslog) + { ++#if !SUHOSIN_PATCH + /* error levels */ + REGISTER_LONG_CONSTANT("LOG_EMERG", LOG_EMERG, CONST_CS | CONST_PERSISTENT); /* system unusable */ + REGISTER_LONG_CONSTANT("LOG_ALERT", LOG_ALERT, CONST_CS | CONST_PERSISTENT); /* immediate action required */ +@@ -97,6 +98,7 @@ PHP_MINIT_FUNCTION(syslog) + /* AIX doesn't have LOG_PERROR */ + REGISTER_LONG_CONSTANT("LOG_PERROR", LOG_PERROR, CONST_CS | CONST_PERSISTENT); /*log to stderr*/ + #endif ++#endif + BG(syslog_device)=NULL; + + return SUCCESS; +--- a/main/fopen_wrappers.c ++++ b/main/fopen_wrappers.c +@@ -85,13 +85,8 @@ or a tightening during activation/runtim + PHPAPI ZEND_INI_MH(OnUpdateBaseDir) + { + char **p, *pathbuf, *ptr, *end; +-#ifndef ZTS +- char *base = (char *) mh_arg2; +-#else +- char *base = (char *) ts_resource(*((int *) mh_arg2)); +-#endif + +- p = (char **) (base + (size_t) mh_arg1); ++ p = &PG(open_basedir); + + if (stage == PHP_INI_STAGE_STARTUP || stage == PHP_INI_STAGE_SHUTDOWN || stage == PHP_INI_STAGE_ACTIVATE || stage == PHP_INI_STAGE_DEACTIVATE) { + /* We're in a PHP_INI_SYSTEM context, no restrictions */ +--- a/main/main.c ++++ b/main/main.c +@@ -90,6 +90,9 @@ + + #include "SAPI.h" + #include "rfc1867.h" ++#if SUHOSIN_PATCH ++#include "suhosin_globals.h" ++#endif + + #if !HAVE_UNISTD_H || (!defined(_SC_PAGESIZE) && !defined(_SC_PAGE_SIZE)) + # if HAVE_SYS_MMAN_H +@@ -490,7 +493,7 @@ PHP_INI_BEGIN() + STD_PHP_INI_ENTRY("extension_dir", PHP_EXTENSION_DIR, PHP_INI_SYSTEM, OnUpdateStringUnempty, extension_dir, php_core_globals, core_globals) + STD_PHP_INI_ENTRY("include_path", PHP_INCLUDE_PATH, PHP_INI_ALL, OnUpdateStringUnempty, include_path, php_core_globals, core_globals) + PHP_INI_ENTRY("max_execution_time", "30", PHP_INI_ALL, OnUpdateTimeout) +- STD_PHP_INI_ENTRY("open_basedir", NULL, PHP_INI_ALL, OnUpdateBaseDir, open_basedir, php_core_globals, core_globals) ++ PHP_INI_ENTRY("open_basedir", NULL, PHP_INI_ALL, OnUpdateBaseDir) + STD_PHP_INI_ENTRY("safe_mode_exec_dir", PHP_SAFE_MODE_EXEC_DIR, PHP_INI_SYSTEM, OnUpdateString, safe_mode_exec_dir, php_core_globals, core_globals) + + STD_PHP_INI_BOOLEAN("file_uploads", "1", PHP_INI_SYSTEM, OnUpdateBool, file_uploads, php_core_globals, core_globals) +@@ -1791,6 +1794,10 @@ void dummy_invalid_parameter_handler( + } + #endif + ++#if SUHOSIN_PATCH ++PHPAPI void suhosin_startup(); ++#endif ++ + /* {{{ php_module_startup + */ + int php_module_startup(sapi_module_struct *sf, zend_module_entry *additional_modules, uint num_additional_modules) +@@ -1835,6 +1842,10 @@ int php_module_startup(sapi_module_struc + tsrm_ls = ts_resource(0); + #endif + ++#if SUHOSIN_PATCH ++ suhosin_startup(); ++#endif ++ + module_shutdown = 0; + module_startup = 1; + sapi_initialize_empty_request(TSRMLS_C); +@@ -1954,7 +1965,11 @@ int php_module_startup(sapi_module_struc + REGISTER_MAIN_STRINGL_CONSTANT("PHP_CONFIG_FILE_SCAN_DIR", PHP_CONFIG_FILE_SCAN_DIR, sizeof(PHP_CONFIG_FILE_SCAN_DIR)-1, CONST_PERSISTENT | CONST_CS); + REGISTER_MAIN_STRINGL_CONSTANT("PHP_SHLIB_SUFFIX", PHP_SHLIB_SUFFIX, sizeof(PHP_SHLIB_SUFFIX)-1, CONST_PERSISTENT | CONST_CS); + REGISTER_MAIN_STRINGL_CONSTANT("PHP_EOL", PHP_EOL, sizeof(PHP_EOL)-1, CONST_PERSISTENT | CONST_CS); +- REGISTER_MAIN_LONG_CONSTANT("PHP_MAXPATHLEN", MAXPATHLEN, CONST_PERSISTENT | CONST_CS); ++#if SUHOSIN_PATCH ++ REGISTER_MAIN_LONG_CONSTANT("SUHOSIN_PATCH", 1, CONST_PERSISTENT | CONST_CS); ++ REGISTER_MAIN_STRINGL_CONSTANT("SUHOSIN_PATCH_VERSION", SUHOSIN_PATCH_VERSION, sizeof(SUHOSIN_PATCH_VERSION)-1, CONST_PERSISTENT | CONST_CS); ++#endif ++ REGISTER_MAIN_LONG_CONSTANT("PHP_MAXPATHLEN", MAXPATHLEN, CONST_PERSISTENT | CONST_CS); + REGISTER_MAIN_LONG_CONSTANT("PHP_INT_MAX", LONG_MAX, CONST_PERSISTENT | CONST_CS); + REGISTER_MAIN_LONG_CONSTANT("PHP_INT_SIZE", sizeof(long), CONST_PERSISTENT | CONST_CS); + +--- a/main/php.h ++++ b/main/php.h +@@ -457,6 +457,10 @@ END_EXTERN_C() + #endif + #endif /* !XtOffsetOf */ + ++#if SUHOSIN_PATCH ++#include "suhosin_patch.h" ++#endif ++ + #endif + + /* +--- a/main/php_logos.c ++++ b/main/php_logos.c +@@ -50,6 +50,10 @@ PHPAPI int php_unregister_info_logo(char + return zend_hash_del(&phpinfo_logo_hash, logo_string, strlen(logo_string)); + } + ++#if SUHOSIN_PATCH ++#include "suhosin_logo.h" ++#endif ++ + int php_init_info_logos(void) + { + if(zend_hash_init(&phpinfo_logo_hash, 0, NULL, NULL, 1)==FAILURE) +@@ -58,7 +62,9 @@ int php_init_info_logos(void) + php_register_info_logo(PHP_LOGO_GUID , "image/gif", php_logo , sizeof(php_logo)); + php_register_info_logo(PHP_EGG_LOGO_GUID, "image/gif", php_egg_logo, sizeof(php_egg_logo)); + php_register_info_logo(ZEND_LOGO_GUID , "image/gif", zend_logo , sizeof(zend_logo)); +- ++#if SUHOSIN_PATCH ++ php_register_info_logo(SUHOSIN_LOGO_GUID, "image/jpeg", suhosin_logo , sizeof(suhosin_logo)); ++#endif + return SUCCESS; + } + +--- a/main/snprintf.c ++++ b/main/snprintf.c +@@ -1091,7 +1091,11 @@ static int format_converter(register buf + + + case 'n': ++#if SUHOSIN_PATCH ++ zend_suhosin_log(S_MISC, "'n' specifier within format string"); ++#else + *(va_arg(ap, int *)) = cc; ++#endif + goto skip_output; + + /* +--- a/main/spprintf.c ++++ b/main/spprintf.c +@@ -698,7 +698,11 @@ static void xbuf_format_converter(smart_ + + + case 'n': ++#if SUHOSIN_PATCH ++ zend_suhosin_log(S_MISC, "'n' specifier within format string"); ++#else + *(va_arg(ap, int *)) = xbuf->len; ++#endif + goto skip_output; + + /* +--- /dev/null ++++ b/main/suhosin_globals.h +@@ -0,0 +1,61 @@ ++/* ++ +----------------------------------------------------------------------+ ++ | Suhosin-Patch for PHP | ++ +----------------------------------------------------------------------+ ++ | Copyright (c) 2004-2009 Stefan Esser | ++ +----------------------------------------------------------------------+ ++ | This source file is subject to version 2.02 of the PHP license, | ++ | that is bundled with this package in the file LICENSE, and is | ++ | available at through the world-wide-web at | ++ | http://www.php.net/license/2_02.txt. | ++ | If you did not receive a copy of the PHP license and are unable to | ++ | obtain it through the world-wide-web, please send a note to | ++ | license@php.net so we can mail you a copy immediately. | ++ +----------------------------------------------------------------------+ ++ | Author: Stefan Esser | ++ +----------------------------------------------------------------------+ ++ */ ++ ++#ifndef SUHOSIN_GLOBALS_H ++#define SUHOSIN_GLOBALS_H ++ ++typedef struct _suhosin_patch_globals suhosin_patch_globals_struct; ++ ++#ifdef ZTS ++# define SPG(v) TSRMG(suhosin_patch_globals_id, suhosin_patch_globals_struct *, v) ++extern int suhosin_patch_globals_id; ++#else ++# define SPG(v) (suhosin_patch_globals.v) ++extern struct _suhosin_patch_globals suhosin_patch_globals; ++#endif ++ ++ ++struct _suhosin_patch_globals { ++ /* logging */ ++ int log_syslog; ++ int log_syslog_facility; ++ int log_syslog_priority; ++ int log_sapi; ++ int log_script; ++ int log_phpscript; ++ char *log_scriptname; ++ char *log_phpscriptname; ++ zend_bool log_phpscript_is_safe; ++ zend_bool log_use_x_forwarded_for; ++ ++ /* memory manager canary protection */ ++ unsigned int canary_1; ++ unsigned int canary_2; ++ unsigned int canary_3; ++ unsigned int dummy; ++}; ++ ++ ++#endif /* SUHOSIN_GLOBALS_H */ ++ ++/* ++ * Local variables: ++ * tab-width: 4 ++ * c-basic-offset: 4 ++ * End: ++ */ +--- /dev/null ++++ b/main/suhosin_logo.h +@@ -0,0 +1,178 @@ ++static unsigned char suhosin_logo[] = ++ "\xff\xd8\xff\xe0\x00\x10\x4a\x46\x49\x46\x00\x01\x01\x01\x00\x48" ++ "\x00\x48\x00\x00\xff\xe1\x00\x16\x45\x78\x69\x66\x00\x00\x4d\x4d" ++ "\x00\x2a\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\xff\xdb\x00\x43" ++ "\x00\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01" ++ "\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01" ++ "\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01" ++ "\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01" ++ "\x01\xff\xc0\x00\x0b\x08\x00\x27\x00\x71\x01\x01\x22\x00\xff\xc4" ++ "\x00\x1e\x00\x00\x02\x02\x02\x03\x01\x01\x00\x00\x00\x00\x00\x00" ++ "\x00\x00\x00\x00\x09\x06\x08\x05\x07\x02\x03\x0a\x01\x04\xff\xc4" ++ "\x00\x32\x10\x00\x01\x04\x03\x00\x02\x00\x05\x01\x05\x09\x01\x00" ++ "\x00\x00\x00\x05\x02\x03\x04\x06\x01\x07\x08\x00\x09\x11\x12\x13" ++ "\x14\x21\x15\x0a\x16\x31\x56\x96\x17\x18\x19\x23\x32\x41\x58\x98" ++ "\xd4\xd6\xff\xda\x00\x08\x01\x01\x00\x00\x3f\x00\xf4\xc1\xe1\xe5" ++ "\x69\xe9\x3e\xb9\xd1\x7c\x8a\x2e\x9d\x66\xe8\x3b\x29\x4d\x7f\x46" ++ "\xba\x58\x55\x54\x8d\xb1\x5f\xaa\xd9\x8d\x51\x2b\xb6\x27\x5a\x69" ++ "\xd1\x43\xaf\x16\x1a\xf0\xb2\xb1\xe9\x6d\x9f\xc2\xa4\x36\x18\xb5" ++ "\x85\x10\x41\xbe\xfc\x09\xac\x49\x29\x11\xd4\x32\x97\xec\x08\x13" ++ "\xc1\x2d\x20\xc3\x59\xeb\x26\x05\xd8\x6b\x76\x31\x43\x8f\x57\xcf" ++ "\x84\x9f\x14\xa8\x53\x81\x0b\xc3\x64\x80\xa3\x02\x0a\x41\x75\xf8" ++ "\x44\x85\x93\x81\x22\x3c\xd8\x13\xe1\xbe\xf4\x59\x91\x1f\x6a\x44" ++ "\x77\x5c\x69\xc4\x2f\x39\x5f\x0f\x2a\x8d\xeb\xba\xf8\xc3\x56\x6c" ++ "\x3b\x36\xa7\xda\xbd\x4d\xa1\xb5\x4e\xc6\xa7\xa4\x3a\xec\x15\x2d" ++ "\xa5\xb3\xea\x5a\xdc\xac\x46\xac\x01\x60\xd8\x43\xc8\x8e\x8b\xb1" ++ "\x40\x4c\x95\x8b\x34\x41\x28\x52\x91\x28\x43\xd3\xa3\xb6\xa7\x55" ++ "\x15\xe7\x5a\x96\xcb\xf1\xda\xe5\x55\xee\xfe\x1e\xbd\xd9\x41\xd3" ++ "\x28\xfd\x97\xca\x57\x2b\x85\x9c\xa4\x30\x95\xaa\xa5\x57\xa2\x35" ++ "\x15\x86\xcb\x61\x34\x41\xe4\xc7\x80\x20\x18\x21\x17\x09\x85\x0b" ++ "\x14\x9d\x21\x68\x62\x1c\x08\x11\x64\x4b\x92\xf2\xd2\xd3\x2d\x2d" ++ "\x6a\xc2\x73\x6b\x3c\x3c\x8b\x9e\xbc\x52\xaa\xa4\xab\x81\x6c\xf6" ++ "\xfa\xbd\x70\xc5\xc6\x7b\xc2\xaa\x22\x4f\x58\x04\x87\x25\x6a\x27" ++ "\x1d\xa4\x3d\x20\x75\x72\x01\x09\x71\xe5\x1c\x9e\xc3\x2e\x36\xf3" ++ "\xd0\xc6\x35\x2a\x43\x4d\x2d\x0e\x2d\xb4\xa1\x49\xce\x65\x1e\x52" ++ "\x9e\xa1\xf6\x09\xcc\xdc\x63\x66\xa8\x01\xe9\x3b\x0d\xd7\x5a\x85" ++ "\xbb\xc5\x65\xc0\x7b\x2e\x46\xa9\xd9\x56\x1d\x4c\x92\x72\x26\x4e" ++ "\x86\xd5\x68\xae\xc4\xaa\x55\xce\xd7\x83\x59\xb3\x81\xee\xce\x74" ++ "\x39\x39\x31\x9f\x8a\x25\xe8\xa5\xa5\xe5\x81\xf2\x11\x23\xcb\xa1" ++ "\x1e\x43\x12\xe3\xb1\x2a\x2b\xcd\xc8\x8d\x25\x96\xa4\x47\x7d\x95" ++ "\xa5\xc6\x9f\x61\xe4\x25\xc6\x5e\x69\xc4\xe7\x29\x5b\x6e\xb6\xa4" ++ "\xad\x0b\x4e\x72\x95\x25\x58\x56\x33\x9c\x67\xce\xef\x0f\x17\xbf" ++ "\x4c\x7b\x2d\xe6\xfe\x76\x35\x27\x5a\x07\x97\x67\xe8\xae\x8d\x71" ++ "\x0f\xb2\x13\x99\xb9\xbc\x14\xad\xb3\xb7\xe6\x11\x6f\xe0\xda\x58" ++ "\xb1\x08\xac\xa6\x6c\x2d\x7f\x05\xb7\x56\xd2\xe6\xcf\xbb\x4d\x0c" ++ "\xe3\x50\xb2\xec\x91\xf0\x4a\xb8\xd6\x22\xb8\xa7\xf6\x67\xaf\xcf" ++ "\x63\x7e\xd7\xe7\x42\xd8\xbd\xc3\x71\xa1\xf2\x7e\x9b\xa8\x97\x83" ++ "\x6e\xd1\xdc\x4b\x06\x11\x2d\xae\x26\x61\x98\x72\x10\xf4\x42\x5d" ++ "\x20\x4a\xa3\x73\xd7\xf2\xcd\x3c\x48\x32\xe4\x03\x9f\x80\x37\x08" ++ "\x36\x11\xd0\xcb\x97\x6c\x08\xed\x6d\x33\x24\xa2\x1b\xb4\x77\xdf" ++ "\x61\x5d\x5f\xc1\x43\xc2\x82\xeb\x0f\x5d\x84\x08\x68\xaa\xa4\x01" ++ "\xe1\x19\xdf\xbc\x31\x65\xfe\xd1\xf5\x7d\x7a\xb2\x2a\x33\x50\x21" ++ "\x2a\x56\x9d\xb1\x81\xab\xdb\x35\x78\x30\x83\xd9\x89\x1d\x31\xac" ++ "\x96\x14\x07\x61\xbc\x20\x68\x42\x85\x33\x19\xac\xbe\xdb\x34\x56" ++ "\xf1\xd5\xfd\x29\xa9\x28\xdb\xcb\x4c\x5a\x23\xdc\xf5\x96\xc5\x10" ++ "\xa3\x35\x5b\x14\x68\xd3\x61\x62\x64\x76\x26\xcb\x17\x3e\x34\x98" ++ "\x04\xa3\xc4\x20\x38\x90\x92\xe3\xc8\x07\x2c\x36\x74\x66\x26\x0e" ++ "\x29\x02\x64\x29\x2d\x21\xe6\x16\x9c\x6b\xce\xa3\x89\xd9\x4f\xd3" ++ "\xc4\xbd\xc5\x87\x79\x9c\x65\xf6\x39\x45\x60\xe8\xce\x9e\xab\x6d" ++ "\x13\x15\x22\xe1\x5e\x4b\x38\x42\xc4\x1e\xd5\x76\xe0\xc5\xeb\x85" ++ "\x07\x2d\x0f\xb8\xb6\xa6\xd6\x6d\x71\x0d\xa2\x43\x4c\x25\xea\xfa" ++ "\xa1\xae\x4c\xe4\x7d\xbd\x76\xa9\xfb\x06\xc2\x83\x42\xeb\xad\xe7" ++ "\xe9\x5f\x68\x6f\xba\xfb\x2f\x07\xce\xb8\x13\xc1\x9b\xeb\xb0\x76" ++ "\x45\x57\x28\x7b\xea\xbe\x0f\xf4\x30\x7b\xa0\xed\xe4\x22\x93\x21" ++ "\xfc\xbc\xe0\xb9\x75\xc1\x4f\xfc\xef\xb6\xfa\xa1\xfc\x64\xa1\x4a" ++ "\x82\xc7\x33\xad\x75\xed\x82\xbd\x3d\xdb\xf7\xa8\xbe\x5e\xbb\x36" ++ "\x62\x04\x9a\x2e\xc5\xd9\x9e\x9c\x3a\x0b\x98\x0b\x57\xac\xf1\x24" ++ "\x62\x58\x83\x15\x5b\xa6\xf2\xda\x34\x70\x03\xce\x0f\x93\x1b\x12" ++ "\xc7\xce\x54\x87\x33\x15\xd6\x53\x25\x1f\x2a\x90\x87\x12\xe3\x78" ++ "\xef\x55\x77\x4d\x4a\xd8\x7e\xef\xd2\xfd\xd1\xaf\x3a\xaf\x55\xdb" ++ "\x6a\x2d\x3d\x42\xac\x51\x79\xee\x91\xab\xe1\x05\x2d\x3c\x80\xa2" ++ "\x43\xad\x22\x2e\xd5\x33\x13\xa4\x9e\x00\xe0\x04\x10\x84\xc8\xf2" ++ "\x19\x30\x92\x1f\xaa\xc3\x28\xc9\x76\x30\x3f\xe9\x10\x61\x5e\x79" ++ "\xd5\xf7\xdf\xd0\x54\xdb\xae\xb6\xae\xfa\xe8\xa3\x57\xe0\x6c\x2d" ++ "\xf7\xbd\x49\xd6\x6e\x76\x79\xcc\x54\x0c\x5f\xff\x00\xbb\x06\x98" ++ "\xa6\x9e\x89\x61\xb4\x6f\xc3\xe3\x6a\xc2\x4f\x59\x03\xc9\x80\x2c" ++ "\x59\x24\x44\x70\x38\xd5\x96\x6a\x9e\x8b\x81\x64\xe5\xbc\xa0\x3c" ++ "\x33\xaf\x17\x9d\xff\x00\x71\x1a\xd1\x3a\x80\x66\xb3\xd9\x31\x77" ++ "\x0d\x12\xbd\xae\x29\xb5\x6a\xd6\xcf\x8d\x68\x87\x75\xcd\xe8\x65" ++ "\x5a\xbe\x3c\x04\x7b\x34\xdb\x54\x19\xa4\x63\x9c\x2a\x5d\x23\xbe" ++ "\xf4\xb1\x1c\x4d\x90\xec\x92\x2f\x49\x71\xf7\x14\xf2\x97\x9f\x15" ++ "\x57\xed\x13\x21\x2a\xf5\x33\xd1\x2a\x52\x52\xac\xb7\x62\xd1\xcb" ++ "\x46\x73\x8c\x67\x28\x56\x77\x86\xbf\x6f\x2a\x4e\x73\xfe\x95\x65" ++ "\x0b\x5a\x3e\x38\xfc\xfc\xaa\x56\x3f\x86\x73\xe3\xb9\x4a\x52\x84" ++ "\xa5\x08\x4e\x12\x94\x27\x09\x4a\x53\x8c\x61\x29\x4a\x71\xf0\x4a" ++ "\x53\x8c\x7e\x31\x8c\x63\x18\xc6\x31\x8f\xc6\x31\xf8\xc7\x9f\x7c" ++ "\xd5\xbb\xae\x5e\xe2\x1f\xab\x6e\x24\x34\x00\x8a\x25\x83\x70\x40" ++ "\x1c\xcc\xda\x45\x7f\x66\x4e\x30\x2e\x94\x7e\x74\x49\xf0\xe4\x4e" ++ "\x06\x5c\xa8\x2f\x89\x21\x2e\x98\x0e\xd9\x21\xc2\x0b\x21\x0f\xc4" ++ "\x16\x6e\x48\xd9\xe4\xe3\x4a\x19\x1e\x64\x67\x54\xff\x00\x3a\x6d" ++ "\x4f\x62\xb5\x00\x4a\xaa\x51\xfd\x2d\xe8\x0e\x6c\xaf\xc6\x7d\x6d" ++ "\xc8\x88\xc7\x67\xea\x8a\x58\x02\x73\xe3\x65\x4d\xc9\x24\xc0\x3d" ++ "\x57\xa3\x2e\x53\x16\x99\x4f\xe5\xe7\x19\x97\x3e\x3b\xcf\xc9\x4b" ++ "\x99\x7f\x33\x25\xa5\xdf\xba\x77\x2b\xd3\x3e\xc2\x7b\x8b\x94\x07" ++ "\xe9\x52\x5b\x43\x87\x34\x14\x86\x37\xcf\x41\x6b\x8e\x6a\xa5\x22" ++ "\xab\xdb\x96\xa2\xcf\x46\xd8\x9b\x45\x93\xef\xd6\xdf\x3e\x99\x9c" ++ "\x7e\x29\x10\x6b\x6c\xa2\xb8\x43\x05\x09\x44\x70\x8c\xb8\xaa\x54" ++ "\x7c\x30\x36\x5e\x1c\x5e\x5b\x9f\x6c\x0d\x81\xee\xa0\x93\x8d\x67" ++ "\x55\xf3\x87\xaf\xaa\x6b\x58\xf9\xbe\xb2\x36\x07\x42\x6e\xbd\x96" ++ "\xe3\x9f\x1f\x8f\xc9\xf4\x9d\xae\x6a\x7d\x4c\x96\xbe\x5f\xc7\xcd" ++ "\xf3\xb2\xf7\xcd\xf0\xcf\xc3\xe4\xf8\xfe\x37\x4f\x1c\x4d\xf6\x40" ++ "\xf1\x6b\x7c\x4e\xe0\xa6\x71\xad\x56\xa7\x1c\x5c\x15\x6b\xfc\xf3" ++ "\x01\x5d\xac\xf1\x75\x9a\x72\x6b\xaa\x28\xc5\x88\x6d\xfb\x33\x85" ++ "\xe0\x4e\x61\xab\xeb\x31\x2c\x71\x08\x73\x11\x3b\xfc\xb5\xc0\x96" ++ "\xcc\x87\x24\x44\xb5\x9b\x9e\xb3\x71\xba\xe9\xed\xb1\x4e\xd7\x76" ++ "\x6c\xd2\xb6\x05\xb7\x5a\xde\xeb\x34\x5b\x96\x16\xfb\x59\xa9\x5c" ++ "\x4f\x55\xca\x8a\xac\x59\xb0\xe4\x54\x39\x25\xbc\x81\x37\x2a\x09" ++ "\x5f\x9e\x3b\x6b\x7d\x1f\x69\xf3\x34\x85\x39\x84\xa7\x28\x0b\xd3" ++ "\xfd\xfb\x4b\x7a\xea\xe7\xd2\x3c\xd3\xda\x15\x68\xbc\x73\xd3\x22" ++ "\x6f\xd7\x72\x5b\x2b\x66\xee\xa8\x0d\x54\xe8\x5b\xf9\x92\x96\x92" ++ "\x93\xea\x97\x4a\xc7\x43\x10\x46\x35\xc5\xc0\x60\x8a\xe4\xc1\xb5" ++ "\x36\xc6\xae\xed\xf7\x70\xa5\x86\x99\x3d\x91\xf8\xfd\x4e\x53\xeb" ++ "\xbb\xbd\x6d\xec\x8f\xd7\x89\x3d\x31\x7f\xd7\x78\xba\x50\xbb\x74" ++ "\x9d\xf6\xac\x4e\xb9\x03\x9c\x79\xd5\xe1\xbd\x17\x68\xd9\x13\x0b" ++ "\x45\x75\x88\x00\x1d\x1f\xae\x73\x6a\x1d\x5c\x6e\x44\x9f\xa6\xfa" ++ "\x4e\xd8\x25\x8b\xc0\xbc\xb2\x99\xe3\x17\x24\xb3\x23\xe2\x48\x8b" ++ "\xfa\x22\xe7\x7e\x8f\xe6\x3f\x5f\x55\x0d\x75\xd3\x51\x0b\xd7\xed" ++ "\xd3\x6f\x97\x3b\x85\x42\x80\x7e\x5f\xdc\x1b\xd6\xba\xee\xc4\x80" ++ "\xce\x06\xa9\x15\x8c\x97\x5f\x40\x69\xb2\x4d\xc5\xb2\x5c\x1e\x01" ++ "\x87\x7e\xe0\x36\x6d\x78\x80\x4e\x3c\x02\xec\x90\x1d\x11\x81\x74" ++ "\xa5\x8b\xa4\xa0\x56\x06\xd5\x79\x72\x85\x57\x3b\xb2\x2e\xae\x90" ++ "\x18\x8d\x91\xb2\x0e\x44\x19\xaa\xb4\xcc\x08\xed\x46\xfa\xd7\x2b" ++ "\x78\x58\x72\x5d\xbb\x5e\x49\xe7\xee\xf3\x8a\x9d\x22\xa4\x19\xc8" ++ "\xe7\x08\xc3\x90\x9b\x35\x9a\xa4\x25\x8c\x4b\x9b\xa7\xf8\xbf\x81" ++ "\xf5\xdf\x22\x66\xf1\x7e\x9f\x66\x3d\xbb\xfa\x73\x73\x4d\xfd\x67" ++ "\x7b\xf4\xce\xc3\x62\x2e\x6f\xbb\x0c\xa2\xdc\x69\xfc\x8a\x17\x0e" ++ "\x3a\x9e\x83\x46\xd7\xe3\x5e\x65\x86\xc0\x51\x00\xbb\x91\xe3\xe1" ++ "\xc1\x16\xc4\xe9\x65\x5c\x14\x3e\x44\x6a\x6b\xd1\x1e\xb0\x36\xdd" ++ "\x0b\x7d\x8a\xeb\xaf\x58\x5b\x64\x3f\x38\xed\x52\x76\xe8\x46\xf7" ++ "\x86\x84\xb3\x93\xb1\x0b\xe5\xfd\xfd\x0d\xe9\x6d\xe4\xf1\x1b\x1d" ++ "\x56\xb4\x34\xe4\x6a\xf5\xa4\x9c\x2c\xc9\x64\x94\xc1\xf5\x79\x6d" ++ "\x12\x96\xf3\x47\xc5\x48\xa8\xdb\xd8\x95\x64\x29\xcf\xf6\x88\xf1" ++ "\x95\x7a\x98\xe8\xbc\x27\x19\xce\x73\x61\xd1\xb8\xc6\x31\x8c\xe7" ++ "\x39\xce\x77\x9e\xbc\xc6\x31\x8c\x63\xf3\x9c\xe7\x39\xc6\x31\x8f" ++ "\xf7\xce\x7e\x1e\x3b\x7f\x0f\x0f\x0f\x13\x57\xb9\x0a\xe1\x0b\x64" ++ "\x5f\x58\x40\xc6\xc7\x7a\x4b\xf2\x3d\xbc\x71\xf4\xa7\xd2\xca\x14" ++ "\xe2\x98\x1a\x30\x1e\xe0\x26\x5a\x6a\xf0\x9c\x67\x38\x66\x00\xb8" ++ "\x72\xe6\xbe\xac\xfe\x12\xd3\x0b\x56\x73\x8c\x63\xc7\x2b\xe1\xe2" ++ "\xe8\xdd\x7b\xff\x00\xd8\xe5\x23\x6c\xce\xa8\x69\xcf\x5e\x3a\xef" ++ "\x77\xea\xe5\xab\x0e\x82\xdb\xd9\xed\x7a\x9e\xb8\x6d\x51\x32\xdb" ++ "\x79\xc3\x36\x9a\x2d\xa3\x50\x39\x65\x0a\x63\x0e\xe5\xd4\x39\x12" ++ "\xbf\x8b\x98\xa4\xa1\x2d\xad\xb3\xcf\x65\x6a\x43\x78\xb3\x3b\x07" ++ "\xd8\xd5\xea\xae\x76\xad\x6f\xf5\xff\x00\xca\x93\xab\x96\xb0\x64" ++ "\xeb\xd6\x4a\xd5\x87\xba\xec\x24\x60\x97\x06\x76\x03\xe3\x4c\x07" ++ "\x29\x11\x8e\x34\x25\x02\x64\x29\xf0\x25\x48\x85\x3a\x33\x8b\x7a" ++ "\x3c\x86\x1e\x75\xa5\x61\xc6\x97\x9f\x8d\x25\xf5\xc9\xcd\xde\xc9" ++ "\x7d\x77\xf2\xc8\x7e\x70\xaf\x73\x5f\x2d\xec\xa2\x51\x2d\x96\xfb" ++ "\x89\xad\x80\x57\xb2\x36\x1d\x7d\x83\x45\xac\xf3\xdb\xcc\x6c\x31" ++ "\x4f\xcf\x30\x58\xd0\x12\x28\x90\x50\x42\x86\xfb\x48\x16\x3c\xc5" ++ "\x9c\xf8\xe7\xcc\x29\x88\xb3\x4a\x4b\x4e\x6c\xbc\xdb\xc7\xbb\xe9" ++ "\xb6\xa0\x8b\x11\xa1\x7d\x73\xd7\xe9\xbf\x7e\xc2\x6c\x10\x8d\xee" ++ "\x9d\xef\x63\x3a\xe0\xf5\xbe\x8c\x3e\xa1\xc7\xc5\xd1\x00\x44\x1e" ++ "\xf3\x51\xf2\xe2\xb0\xe3\xb5\x13\x7f\x32\xf1\x8c\xa6\x22\xfe\x1f" ++ "\x49\x4d\xbb\xcf\x3a\x5d\xed\x4c\xd2\xfc\x85\xed\x23\xd6\xc7\x50" ++ "\xb6\x5b\x3a\x16\x83\xb8\x6f\xfd\x32\x3f\xaa\x36\x34\xbb\xf5\x96" ++ "\xa9\xab\xcf\x9f\x8f\xac\xc3\xca\xd5\x8b\xd8\x48\x9e\x79\xaa\x30" ++ "\x87\xca\x58\x4d\x59\x96\xb9\x4f\xc5\x1b\x1c\xd2\xda\x5b\xe6\x57" ++ "\x29\xa1\x28\x7a\x2b\x5b\xff\x00\x12\x2f\x5e\x3f\xf3\xbb\x8e\x7f" ++ "\xec\xc6\x98\xff\x00\xed\x3c\xa6\xdd\xa9\xdc\x7e\xa0\xf7\xd6\x99" ++ "\x31\xa2\xf7\xaf\x6b\xe9\x82\x74\x4b\x3d\x8f\x5e\x58\x0b\x33\xab" ++ "\xef\xc3\xaf\x84\x64\xb9\xae\xb6\x25\x5f\x62\x8f\x1c\xe3\xf4\x51" ++ "\xb7\x96\xe3\x0e\x30\x42\xa9\x18\x39\xbf\x9e\x2a\x1f\x74\x19\x02" ++ "\x2d\x43\x93\x06\x63\xb1\xa7\x47\x6a\xfa\x9b\x6c\xeb\xbd\xe9\xae" ++ "\x6a\x7b\x6f\x53\x5a\x60\x5d\xb5\xcd\xe8\x67\xeb\x35\x3b\x48\xc6" ++ "\xa6\xb3\x04\xc8\xdf\xb8\x7e\x26\x64\xb0\xc9\x18\xb0\xa7\x33\xf2" ++ "\x4a\x8b\x22\x3b\x8d\x4b\x89\x1d\xf6\x9d\x65\xc4\x38\xd2\x54\x9c" ++ "\xe3\xcd\x89\xe1\xe1\xe6\x3e\x70\x81\x45\x1d\x18\xf9\x31\x83\xc8" ++ "\xbe\x14\x82\x4b\x87\x7a\x74\x28\xd2\xdd\x12\x55\x30\xe6\x0e\x49" ++ "\x31\x8e\x48\x69\xc5\xc0\x20\x91\xe4\x48\x41\x4c\xd8\xb9\x6a\x4e" ++ "\x21\xce\x99\x1b\x0e\xfd\x09\x4f\xa1\x79\x0f\x0f\x0f\x0f\x0f\x0f" ++ "\x0f\x3f\x3c\xb8\x71\x27\xc7\x72\x24\xe8\xb1\xa6\xc5\x7b\x18\xc3" ++ "\xb1\xa5\xb0\xd4\x98\xee\xe3\x19\xc6\x71\x87\x19\x79\x2b\x6d\x78" ++ "\xc6\x71\x8c\xe3\x0a\x4e\x71\x8c\xe3\x19\xfe\x38\xf2\x3b\xfb\x8b" ++ "\x48\xfe\x4e\xaa\xff\x00\x4f\x08\xff\x00\xc7\xe1\xfb\x8b\x48\xfe" ++ "\x4e\xaa\xff\x00\x4f\x08\xff\x00\xc7\xe4\x95\x86\x18\x8a\xcb\x31" ++ "\xa3\x32\xd4\x78\xf1\xdb\x43\x2c\x47\x61\xb4\x32\xcb\x2c\xb4\x9c" ++ "\x21\xb6\x99\x69\xbc\x25\xb6\xdb\x6d\x18\xc2\x10\xda\x12\x94\xa1" ++ "\x38\xc2\x53\x8c\x63\x18\xc7\x9d\xbe\x7f\xff\xd9" ++ ; +--- /dev/null ++++ b/main/suhosin_patch.c +@@ -0,0 +1,470 @@ ++/* ++ +----------------------------------------------------------------------+ ++ | Suhosin Patch for PHP | ++ +----------------------------------------------------------------------+ ++ | Copyright (c) 2004-2010 Stefan Esser | ++ +----------------------------------------------------------------------+ ++ | This source file is subject to version 2.02 of the PHP license, | ++ | that is bundled with this package in the file LICENSE, and is | ++ | available at through the world-wide-web at | ++ | http://www.php.net/license/2_02.txt. | ++ | If you did not receive a copy of the PHP license and are unable to | ++ | obtain it through the world-wide-web, please send a note to | ++ | license@php.net so we can mail you a copy immediately. | ++ +----------------------------------------------------------------------+ ++ | Author: Stefan Esser | ++ +----------------------------------------------------------------------+ ++ */ ++/* $Id: suhosin_patch.c,v 1.2 2004/11/21 09:38:52 ionic Exp $ */ ++ ++#include "php.h" ++ ++#include ++#include ++#include ++ ++#if HAVE_UNISTD_H ++#include ++#endif ++#include "SAPI.h" ++#include "php_globals.h" ++ ++#if SUHOSIN_PATCH ++ ++#ifdef HAVE_SYS_SOCKET_H ++#include ++#endif ++ ++#if defined(PHP_WIN32) || defined(__riscos__) || defined(NETWARE) ++#undef AF_UNIX ++#endif ++ ++#if defined(AF_UNIX) ++#include ++#endif ++ ++#define SYSLOG_PATH "/dev/log" ++ ++#ifdef PHP_WIN32 ++static HANDLE log_source = 0; ++#endif ++ ++#include "snprintf.h" ++ ++#include "suhosin_patch.h" ++ ++#ifdef ZTS ++#include "suhosin_globals.h" ++int suhosin_patch_globals_id; ++#else ++struct _suhosin_patch_globals suhosin_patch_globals; ++#endif ++ ++static char *suhosin_config = NULL; ++ ++static zend_intptr_t SUHOSIN_POINTER_GUARD = 0; ++ ++static void php_security_log(int loglevel, char *fmt, ...); ++ ++static void suhosin_patch_globals_ctor(suhosin_patch_globals_struct *suhosin_patch_globals TSRMLS_DC) ++{ ++ memset(suhosin_patch_globals, 0, sizeof(*suhosin_patch_globals)); ++} ++ ++ZEND_API char suhosin_get_config(int element) ++{ ++ return ((char *)SUHOSIN_MANGLE_PTR(suhosin_config))[element]; ++} ++ ++static void suhosin_set_config(int element, char value) ++{ ++ ((char *)SUHOSIN_MANGLE_PTR(suhosin_config))[element] = value; ++} ++ ++static void suhosin_read_configuration_from_environment() ++{ ++ char *tmp; ++ ++ /* check if canary protection should be activated or not */ ++ tmp = getenv("SUHOSIN_MM_USE_CANARY_PROTECTION"); ++ /* default to activated */ ++ suhosin_set_config(SUHOSIN_MM_USE_CANARY_PROTECTION, 1); ++ if (tmp) { ++ int flag = zend_atoi(tmp, 0); ++ suhosin_set_config(SUHOSIN_MM_USE_CANARY_PROTECTION, flag); ++ } ++ ++ /* check if free memory should be overwritten with 0xFF or not */ ++ tmp = getenv("SUHOSIN_MM_DESTROY_FREE_MEMORY"); ++ /* default to deactivated */ ++ suhosin_set_config(SUHOSIN_MM_DESTROY_FREE_MEMORY, 0); ++ if (tmp) { ++ int flag = zend_atoi(tmp, 0); ++ suhosin_set_config(SUHOSIN_MM_DESTROY_FREE_MEMORY, flag); ++ } ++ ++ /* check if canary violations should be ignored */ ++ tmp = getenv("SUHOSIN_MM_IGNORE_CANARY_VIOLATION"); ++ /* default to NOT ignore */ ++ suhosin_set_config(SUHOSIN_MM_IGNORE_CANARY_VIOLATION, 0); ++ if (tmp) { ++ int flag = zend_atoi(tmp, 0); ++ suhosin_set_config(SUHOSIN_MM_IGNORE_CANARY_VIOLATION, flag); ++ } ++ ++ /* check if invalid hashtable destructors should be ignored */ ++ tmp = getenv("SUHOSIN_HT_IGNORE_INVALID_DESTRUCTOR"); ++ /* default to NOT ignore */ ++ suhosin_set_config(SUHOSIN_HT_IGNORE_INVALID_DESTRUCTOR, 0); ++ if (tmp) { ++ int flag = zend_atoi(tmp, 0); ++ suhosin_set_config(SUHOSIN_HT_IGNORE_INVALID_DESTRUCTOR, flag); ++ } ++ ++ /* check if invalid linkedlist destructors should be ignored */ ++ tmp = getenv("SUHOSIN_LL_IGNORE_INVALID_DESTRUCTOR"); ++ /* default to NOT ignore */ ++ suhosin_set_config(SUHOSIN_LL_IGNORE_INVALID_DESTRUCTOR, 0); ++ if (tmp) { ++ int flag = zend_atoi(tmp, 0); ++ suhosin_set_config(SUHOSIN_LL_IGNORE_INVALID_DESTRUCTOR, flag); ++ } ++ ++ suhosin_set_config(SUHOSIN_CONFIG_SET, 1); ++} ++ ++static void suhosin_write_protect_configuration() ++{ ++ /* check return value of mprotect() to ensure memory is read only now */ ++ if (mprotect(SUHOSIN_MANGLE_PTR(suhosin_config), sysconf(_SC_PAGESIZE), PROT_READ) != 0) { ++ perror("suhosin"); ++ _exit(1); ++ } ++} ++ ++PHPAPI void suhosin_startup() ++{ ++#ifdef ZTS ++ ts_allocate_id(&suhosin_patch_globals_id, sizeof(suhosin_patch_globals_struct), (ts_allocate_ctor) suhosin_patch_globals_ctor, NULL); ++#else ++ suhosin_patch_globals_ctor(&suhosin_patch_globals TSRMLS_CC); ++#endif ++ zend_suhosin_log = php_security_log; ++ ++ /* get the pointer guardian and ensure low 3 bits are 1 */ ++ if (SUHOSIN_POINTER_GUARD == 0) { ++ zend_canary(&SUHOSIN_POINTER_GUARD, sizeof(SUHOSIN_POINTER_GUARD)); ++ SUHOSIN_POINTER_GUARD |= 7; ++ } ++ ++ if (!suhosin_config) { ++#ifndef MAP_ANONYMOUS ++#define MAP_ANONYMOUS MAP_ANON ++#endif ++ suhosin_config = mmap(NULL, sysconf(_SC_PAGESIZE), PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0); ++ if (suhosin_config == MAP_FAILED) { ++ perror("suhosin"); ++ _exit(1); ++ } ++ suhosin_config = SUHOSIN_MANGLE_PTR(suhosin_config); ++ } ++ if (!SUHOSIN_CONFIG(SUHOSIN_CONFIG_SET)) { ++ suhosin_read_configuration_from_environment(); ++ suhosin_write_protect_configuration(); ++ } ++} ++ ++static char *loglevel2string(int loglevel) ++{ ++ switch (loglevel) { ++ case S_FILES: ++ return "FILES"; ++ case S_INCLUDE: ++ return "INCLUDE"; ++ case S_MEMORY: ++ return "MEMORY"; ++ case S_MISC: ++ return "MISC"; ++ case S_SESSION: ++ return "SESSION"; ++ case S_SQL: ++ return "SQL"; ++ case S_EXECUTOR: ++ return "EXECUTOR"; ++ case S_VARS: ++ return "VARS"; ++ default: ++ return "UNKNOWN"; ++ } ++} ++ ++static void php_security_log(int loglevel, char *fmt, ...) ++{ ++ int s, r, i=0; ++#if defined(AF_UNIX) ++ struct sockaddr_un saun; ++#endif ++#ifdef PHP_WIN32 ++ LPTSTR strs[2]; ++ unsigned short etype; ++ DWORD evid; ++#endif ++ char buf[4096+64]; ++ char error[4096+100]; ++ char *ip_address; ++ char *fname; ++ char *alertstring; ++ int lineno; ++ va_list ap; ++ TSRMLS_FETCH(); ++ ++ /*SDEBUG("(suhosin_log) loglevel: %d log_syslog: %u - log_sapi: %u - log_script: %u", loglevel, SPG(log_syslog), SPG(log_sapi), SPG(log_script));*/ ++ ++ if (SPG(log_use_x_forwarded_for)) { ++ ip_address = sapi_getenv("HTTP_X_FORWARDED_FOR", 20 TSRMLS_CC); ++ if (ip_address == NULL) { ++ ip_address = "X-FORWARDED-FOR not set"; ++ } ++ } else { ++ ip_address = sapi_getenv("REMOTE_ADDR", 11 TSRMLS_CC); ++ if (ip_address == NULL) { ++ ip_address = "REMOTE_ADDR not set"; ++ } ++ } ++ ++ ++ va_start(ap, fmt); ++ ap_php_vsnprintf(error, sizeof(error), fmt, ap); ++ va_end(ap); ++ while (error[i]) { ++ if (error[i] < 32) error[i] = '.'; ++ i++; ++ } ++ ++/* if (SPG(simulation)) { ++ alertstring = "ALERT-SIMULATION"; ++ } else { */ ++ alertstring = "ALERT"; ++/* }*/ ++ ++ if (zend_is_executing(TSRMLS_C)) { ++ if (EG(current_execute_data)) { ++ lineno = EG(current_execute_data)->opline->lineno; ++ fname = EG(current_execute_data)->op_array->filename; ++ } else { ++ lineno = zend_get_executed_lineno(TSRMLS_C); ++ fname = zend_get_executed_filename(TSRMLS_C); ++ } ++ ap_php_snprintf(buf, sizeof(buf), "%s - %s (attacker '%s', file '%s', line %u)", alertstring, error, ip_address, fname, lineno); ++ } else { ++ fname = sapi_getenv("SCRIPT_FILENAME", 15 TSRMLS_CC); ++ if (fname==NULL) { ++ fname = "unknown"; ++ } ++ ap_php_snprintf(buf, sizeof(buf), "%s - %s (attacker '%s', file '%s')", alertstring, error, ip_address, fname); ++ } ++ ++ /* Syslog-Logging disabled? */ ++ if (((SPG(log_syslog)|S_INTERNAL) & loglevel)==0) { ++ goto log_sapi; ++ } ++ ++#if defined(AF_UNIX) ++ ap_php_snprintf(error, sizeof(error), "<%u>suhosin[%u]: %s\n", (unsigned int)(SPG(log_syslog_facility)|SPG(log_syslog_priority)),getpid(),buf); ++ ++ s = socket(AF_UNIX, SOCK_DGRAM, 0); ++ if (s == -1) { ++ goto log_sapi; ++ } ++ ++ memset(&saun, 0, sizeof(saun)); ++ saun.sun_family = AF_UNIX; ++ strcpy(saun.sun_path, SYSLOG_PATH); ++ /*saun.sun_len = sizeof(saun);*/ ++ ++ r = connect(s, (struct sockaddr *)&saun, sizeof(saun)); ++ if (r) { ++ close(s); ++ s = socket(AF_UNIX, SOCK_STREAM, 0); ++ if (s == -1) { ++ goto log_sapi; ++ } ++ ++ memset(&saun, 0, sizeof(saun)); ++ saun.sun_family = AF_UNIX; ++ strcpy(saun.sun_path, SYSLOG_PATH); ++ /*saun.sun_len = sizeof(saun);*/ ++ ++ r = connect(s, (struct sockaddr *)&saun, sizeof(saun)); ++ if (r) { ++ close(s); ++ goto log_sapi; ++ } ++ } ++ send(s, error, strlen(error), 0); ++ ++ close(s); ++#endif ++#ifdef PHP_WIN32 ++ ap_php_snprintf(error, sizeof(error), "suhosin[%u]: %s", getpid(),buf); ++ ++ switch (SPG(log_syslog_priority)) { /* translate UNIX type into NT type */ ++ case 1: /*LOG_ALERT:*/ ++ etype = EVENTLOG_ERROR_TYPE; ++ break; ++ case 6: /*LOG_INFO:*/ ++ etype = EVENTLOG_INFORMATION_TYPE; ++ break; ++ default: ++ etype = EVENTLOG_WARNING_TYPE; ++ } ++ evid = loglevel; ++ strs[0] = error; ++ /* report the event */ ++ if (log_source == NULL) { ++ log_source = RegisterEventSource(NULL, "Suhosin-Patch-" SUHOSIN_PATCH_VERSION); ++ } ++ ReportEvent(log_source, etype, (unsigned short) SPG(log_syslog_priority), evid, NULL, 1, 0, strs, NULL); ++ ++#endif ++log_sapi: ++ /* SAPI Logging activated? */ ++ /*SDEBUG("(suhosin_log) log_syslog: %u - log_sapi: %u - log_script: %u - log_phpscript: %u", SPG(log_syslog), SPG(log_sapi), SPG(log_script), SPG(log_phpscript));*/ ++ if (((SPG(log_sapi)|S_INTERNAL) & loglevel)!=0) { ++ sapi_module.log_message(buf); ++ } ++ ++/*log_script:*/ ++ /* script logging activaed? */ ++ if (((SPG(log_script) & loglevel)!=0) && SPG(log_scriptname)!=NULL) { ++ char cmd[8192], *cmdpos, *bufpos; ++ FILE *in; ++ int space; ++ ++ ap_php_snprintf(cmd, sizeof(cmd), "%s %s \'", SPG(log_scriptname), loglevel2string(loglevel)); ++ space = sizeof(cmd) - strlen(cmd); ++ cmdpos = cmd + strlen(cmd); ++ bufpos = buf; ++ if (space <= 1) return; ++ while (space > 2 && *bufpos) { ++ if (*bufpos == '\'') { ++ if (space<=5) break; ++ *cmdpos++ = '\''; ++ *cmdpos++ = '\\'; ++ *cmdpos++ = '\''; ++ *cmdpos++ = '\''; ++ bufpos++; ++ space-=4; ++ } else { ++ *cmdpos++ = *bufpos++; ++ space--; ++ } ++ } ++ *cmdpos++ = '\''; ++ *cmdpos = 0; ++ ++ if ((in=VCWD_POPEN(cmd, "r"))==NULL) { ++ php_security_log(S_INTERNAL, "Unable to execute logging shell script: %s", SPG(log_scriptname)); ++ return; ++ } ++ /* read and forget the result */ ++ while (1) { ++ int readbytes = fread(cmd, 1, sizeof(cmd), in); ++ if (readbytes<=0) { ++ break; ++ } ++ } ++ pclose(in); ++ } ++/*log_phpscript:*/ ++ if ((SPG(log_phpscript) & loglevel)!=0 && EG(in_execution) && SPG(log_phpscriptname) && SPG(log_phpscriptname)[0]) { ++ zend_file_handle file_handle; ++ zend_op_array *new_op_array; ++ zval *result = NULL; ++ ++ /*long orig_execution_depth = SPG(execution_depth);*/ ++ zend_bool orig_safe_mode = PG(safe_mode); ++ char *orig_basedir = PG(open_basedir); ++ ++ char *phpscript = SPG(log_phpscriptname); ++/*SDEBUG("scriptname %s", SPG(log_phpscriptname));`*/ ++#ifdef ZEND_ENGINE_2 ++ if (zend_stream_open(phpscript, &file_handle TSRMLS_CC) == SUCCESS) { ++#else ++ if (zend_open(phpscript, &file_handle) == SUCCESS && ZEND_IS_VALID_FILE_HANDLE(&file_handle)) { ++ file_handle.filename = phpscript; ++ file_handle.free_filename = 0; ++#endif ++ if (!file_handle.opened_path) { ++ file_handle.opened_path = estrndup(phpscript, strlen(phpscript)); ++ } ++ new_op_array = zend_compile_file(&file_handle, ZEND_REQUIRE TSRMLS_CC); ++ zend_destroy_file_handle(&file_handle TSRMLS_CC); ++ if (new_op_array) { ++ HashTable *active_symbol_table = EG(active_symbol_table); ++ zval *zerror, *zerror_class; ++ ++ if (active_symbol_table == NULL) { ++ active_symbol_table = &EG(symbol_table); ++ } ++ EG(return_value_ptr_ptr) = &result; ++ EG(active_op_array) = new_op_array; ++ ++ MAKE_STD_ZVAL(zerror); ++ MAKE_STD_ZVAL(zerror_class); ++ ZVAL_STRING(zerror, buf, 1); ++ ZVAL_LONG(zerror_class, loglevel); ++ ++ zend_hash_update(active_symbol_table, "SUHOSIN_ERROR", sizeof("SUHOSIN_ERROR"), (void **)&zerror, sizeof(zval *), NULL); ++ zend_hash_update(active_symbol_table, "SUHOSIN_ERRORCLASS", sizeof("SUHOSIN_ERRORCLASS"), (void **)&zerror_class, sizeof(zval *), NULL); ++ ++ /*SPG(execution_depth) = 0;*/ ++ if (SPG(log_phpscript_is_safe)) { ++ PG(safe_mode) = 0; ++ PG(open_basedir) = NULL; ++ } ++ ++ zend_execute(new_op_array TSRMLS_CC); ++ ++ /*SPG(execution_depth) = orig_execution_depth;*/ ++ PG(safe_mode) = orig_safe_mode; ++ PG(open_basedir) = orig_basedir; ++ ++#ifdef ZEND_ENGINE_2 ++ destroy_op_array(new_op_array TSRMLS_CC); ++#else ++ destroy_op_array(new_op_array); ++#endif ++ efree(new_op_array); ++#ifdef ZEND_ENGINE_2 ++ if (!EG(exception)) ++#endif ++ { ++ if (EG(return_value_ptr_ptr)) { ++ zval_ptr_dtor(EG(return_value_ptr_ptr)); ++ EG(return_value_ptr_ptr) = NULL; ++ } ++ } ++ } else { ++ php_security_log(S_INTERNAL, "Unable to execute logging PHP script: %s", SPG(log_phpscriptname)); ++ return; ++ } ++ } else { ++ php_security_log(S_INTERNAL, "Unable to execute logging PHP script: %s", SPG(log_phpscriptname)); ++ return; ++ } ++ } ++ ++} ++ ++ ++#endif ++ ++/* ++ * Local variables: ++ * tab-width: 4 ++ * c-basic-offset: 4 ++ * End: ++ * vim600: sw=4 ts=4 fdm=marker ++ * vim<600: sw=4 ts=4 ++ */ +--- /dev/null ++++ b/main/suhosin_patch.h +@@ -0,0 +1,59 @@ ++/* ++ +----------------------------------------------------------------------+ ++ | Suhosin Patch for PHP | ++ +----------------------------------------------------------------------+ ++ | Copyright (c) 2004-2010 Stefan Esser | ++ +----------------------------------------------------------------------+ ++ | This source file is subject to version 2.02 of the PHP license, | ++ | that is bundled with this package in the file LICENSE, and is | ++ | available at through the world-wide-web at | ++ | http://www.php.net/license/2_02.txt. | ++ | If you did not receive a copy of the PHP license and are unable to | ++ | obtain it through the world-wide-web, please send a note to | ++ | license@php.net so we can mail you a copy immediately. | ++ +----------------------------------------------------------------------+ ++ | Author: Stefan Esser | ++ +----------------------------------------------------------------------+ ++ */ ++ ++#ifndef SUHOSIN_PATCH_H ++#define SUHOSIN_PATCH_H ++ ++#if SUHOSIN_PATCH ++ ++#include "zend.h" ++ ++#define SUHOSIN_PATCH_VERSION "0.9.9.1" ++ ++#define SUHOSIN_LOGO_GUID "SUHO8567F54-D428-14d2-A769-00DA302A5F18" ++ ++#define SUHOSIN_CONFIG(idx) (suhosin_get_config(idx)) ++ ++#define SUHOSIN_MM_USE_CANARY_PROTECTION 0 ++#define SUHOSIN_MM_DESTROY_FREE_MEMORY 1 ++#define SUHOSIN_MM_IGNORE_CANARY_VIOLATION 2 ++#define SUHOSIN_HT_IGNORE_INVALID_DESTRUCTOR 3 ++#define SUHOSIN_LL_IGNORE_INVALID_DESTRUCTOR 4 ++ ++#define SUHOSIN_CONFIG_SET 100 ++ ++#include ++#include ++#include ++ ++#if defined(DARWIN) ++#include ++#endif ++ ++#define SUHOSIN_MANGLE_PTR(ptr) (ptr==NULL?NULL:((void *)((zend_intptr_t)(ptr)^SUHOSIN_POINTER_GUARD))) ++ ++#endif ++ ++#endif /* SUHOSIN_PATCH_H */ ++ ++/* ++ * Local variables: ++ * tab-width: 4 ++ * c-basic-offset: 4 ++ * End: ++ */ +--- /dev/null ++++ b/main/suhosin_patch.m4 +@@ -0,0 +1,8 @@ ++dnl ++dnl $Id: suhosin_patch.m4,v 1.1 2004/11/14 13:24:24 ionic Exp $ ++dnl ++dnl This file contains Suhosin Patch for PHP specific autoconf functions. ++dnl ++ ++AC_DEFINE(SUHOSIN_PATCH, 1, [Suhosin Patch]) ++ +--- a/sapi/apache/mod_php5.c ++++ b/sapi/apache/mod_php5.c +@@ -969,7 +969,11 @@ static void php_init_handler(server_rec + { + TSRMLS_FETCH(); + if (PG(expose_php)) { ++#if SUHOSIN_PATCH ++ ap_add_version_component("PHP/" PHP_VERSION " with Suhosin-Patch"); ++#else + ap_add_version_component("PHP/" PHP_VERSION); ++#endif + } + } + #endif +--- a/sapi/apache2filter/sapi_apache2.c ++++ b/sapi/apache2filter/sapi_apache2.c +@@ -583,7 +583,11 @@ static void php_apache_add_version(apr_p + { + TSRMLS_FETCH(); + if (PG(expose_php)) { ++#if SUHOSIN_PATCH ++ ap_add_version_component(p, "PHP/" PHP_VERSION " with Suhosin-Patch"); ++#else + ap_add_version_component(p, "PHP/" PHP_VERSION); ++#endif + } + } + +--- a/sapi/apache2handler/sapi_apache2.c ++++ b/sapi/apache2handler/sapi_apache2.c +@@ -393,7 +393,11 @@ static void php_apache_add_version(apr_p + { + TSRMLS_FETCH(); + if (PG(expose_php)) { ++#if SUHOSIN_PATCH ++ ap_add_version_component(p, "PHP/" PHP_VERSION " with Suhosin-Patch"); ++#else + ap_add_version_component(p, "PHP/" PHP_VERSION); ++#endif + } + } + +--- a/sapi/apache_hooks/mod_php5.c ++++ b/sapi/apache_hooks/mod_php5.c +@@ -1256,7 +1256,11 @@ static void php_init_handler(server_rec + { + TSRMLS_FETCH(); + if (PG(expose_php)) { ++#if SUHOSIN_PATCH ++ ap_add_version_component("PHP/" PHP_VERSION " with Suhosin-Patch"); ++#else + ap_add_version_component("PHP/" PHP_VERSION); ++#endif + } + } + #endif +--- a/sapi/cgi/cgi_main.c ++++ b/sapi/cgi/cgi_main.c +@@ -1923,10 +1923,18 @@ consult the installation file that came + SG(headers_sent) = 1; + SG(request_info).no_headers = 1; + } ++#if SUHOSIN_PATCH + #if ZEND_DEBUG +- php_printf("PHP %s (%s) (built: %s %s) (DEBUG)\nCopyright (c) 1997-2010 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version()); ++ php_printf("PHP %s with Suhosin-Patch (%s) (built: %s %s) (DEBUG)\nCopyright (c) 1997-2009 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version()); + #else +- php_printf("PHP %s (%s) (built: %s %s)\nCopyright (c) 1997-2010 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version()); ++ php_printf("PHP %s with Suhosin-Patch (%s) (built: %s %s)\nCopyright (c) 1997-2009 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version()); ++#endif ++#else ++ #if ZEND_DEBUG ++ php_printf("PHP %s (%s) (built: %s %s) (DEBUG)\nCopyright (c) 1997-2009 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version()); ++ #else ++ php_printf("PHP %s (%s) (built: %s %s)\nCopyright (c) 1997-2009 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version()); ++ #endif + #endif + php_request_shutdown((void *) 0); + exit_status = 0; +--- a/sapi/cli/php_cli.c ++++ b/sapi/cli/php_cli.c +@@ -831,7 +831,11 @@ int main(int argc, char *argv[]) + } + + request_started = 1; +- php_printf("PHP %s (%s) (built: %s %s) %s\nCopyright (c) 1997-2010 The PHP Group\n%s", ++ php_printf("PHP %s " ++#if SUHOSIN_PATCH ++ "with Suhosin-Patch " ++#endif ++ "(%s) (built: %s %s) %s\nCopyright (c) 1997-2009 The PHP Group\n%s", + PHP_VERSION, sapi_module.name, __DATE__, __TIME__, + #if ZEND_DEBUG && defined(HAVE_GCOV) + "(DEBUG GCOV)", +--- a/sapi/litespeed/lsapi_main.c ++++ b/sapi/litespeed/lsapi_main.c +@@ -545,11 +545,19 @@ static int cli_main( int argc, char * ar + break; + case 'v': + if (php_request_startup(TSRMLS_C) != FAILURE) { ++#if SUHOSIN_PATCH ++#if ZEND_DEBUG ++ php_printf("PHP %s with Suhosin-Patch (%s) (built: %s %s) (DEBUG)\nCopyright (c) 1997-2004 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version()); ++#else ++ php_printf("PHP %s with Suhosin-Patch (%s) (built: %s %s)\nCopyright (c) 1997-2004 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version()); ++#endif ++#else + #if ZEND_DEBUG + php_printf("PHP %s (%s) (built: %s %s) (DEBUG)\nCopyright (c) 1997-2004 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version()); + #else + php_printf("PHP %s (%s) (built: %s %s)\nCopyright (c) 1997-2004 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version()); + #endif ++#endif + #ifdef PHP_OUTPUT_NEWAPI + php_output_end_all(TSRMLS_C); + #else +--- a/sapi/milter/php_milter.c ++++ b/sapi/milter/php_milter.c +@@ -1102,7 +1102,11 @@ int main(int argc, char *argv[]) + } + SG(headers_sent) = 1; + SG(request_info).no_headers = 1; +- php_printf("PHP %s (%s) (built: %s %s)\nCopyright (c) 1997-2010 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version()); ++#if SUHOSIN_PATCH ++ php_printf("PHP %s with Suhosin-Patch (%s) (built: %s %s)\nCopyright (c) 1997-2009 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version()); ++#else ++ php_printf("PHP %s (%s) (built: %s %s)\nCopyright (c) 1997-2009 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version()); ++#endif + php_end_ob_buffers(1 TSRMLS_CC); + exit(1); + break; +--- a/win32/build/config.w32 ++++ b/win32/build/config.w32 +@@ -325,7 +325,7 @@ ADD_SOURCES("Zend", "zend_language_parse + zend_stream.c zend_iterators.c zend_interfaces.c zend_objects.c \ + zend_object_handlers.c zend_objects_API.c \ + zend_default_classes.c zend_execute.c zend_strtod.c zend_gc.c zend_closures.c \ +- zend_float.c"); ++ zend_float.c zend_canary.c zend_alloc_canary.c"); + + if (VCVERS == 1200) { + AC_DEFINE('ZEND_DVAL_TO_LVAL_CAST_OK', 1); +@@ -380,6 +380,7 @@ if (PHP_ZEND_MULTIBYTE == "yes") { + + AC_DEFINE('HAVE_USLEEP', 1); + AC_DEFINE('HAVE_STRCOLL', 1); ++AC_DEFINE('SUHOSIN_PATCH', 1); + + /* For snapshot builders, where can we find the additional + * files that make up the snapshot template? */ +--- a/win32/build/config.w32.h.in ++++ b/win32/build/config.w32.h.in +@@ -151,6 +151,9 @@ + /* Win32 supports strcoll */ + #define HAVE_STRCOLL 1 + ++/* Suhosin Patch support */ ++#define SUHOSIN_PATCH 1 ++ + /* Win32 supports socketpair by the emulation in win32/sockets.c */ + #define HAVE_SOCKETPAIR 1 + #define HAVE_SOCKLEN_T 1 --- php5-5.3.2.orig/debian/patches/php5-CVE-2010-4409.patch +++ php5-5.3.2/debian/patches/php5-CVE-2010-4409.patch @@ -0,0 +1,90 @@ +Subject: Fix invalid args bugs by Maksymilian Arciemowicz +Origin: http://svn.php.net/viewvc?view=revision&revision=305571 + + +--- + ext/intl/dateformat/dateformat_attr.c | 1 + + ext/intl/formatter/formatter_attr.c | 9 +++++++-- + ext/intl/tests/dateformat_get_locale.phpt | 6 ++++++ + ext/intl/tests/formatter_get_set_symbol.phpt | 7 ++++++- + 4 files changed, 20 insertions(+), 3 deletions(-) + +Index: b/ext/intl/dateformat/dateformat_attr.c +=================================================================== +--- a/ext/intl/dateformat/dateformat_attr.c ++++ b/ext/intl/dateformat/dateformat_attr.c +@@ -309,6 +309,7 @@ PHP_FUNCTION( datefmt_get_locale ) + DATE_FORMAT_METHOD_FETCH_OBJECT; + + loc = (char *)udat_getLocaleByType(DATE_FORMAT_OBJECT(dfo), loc_type,&INTL_DATA_ERROR_CODE(dfo)); ++ INTL_METHOD_CHECK_STATUS(dfo, "Error getting locale"); + RETURN_STRING(loc, 1); + } + /* }}} */ +Index: b/ext/intl/tests/dateformat_get_locale.phpt +=================================================================== +--- a/ext/intl/tests/dateformat_get_locale.phpt ++++ b/ext/intl/tests/dateformat_get_locale.phpt +@@ -29,6 +29,12 @@ function ut_main() + $res_str .= "\nAfter call to get_locale : locale= $locale"; + $res_str .= "\n"; + } ++ $badvals = array(100, -1, 4294901761); ++ foreach($badvals as $badval) { ++ if(ut_datefmt_get_locale($fmt, $badval)) { ++ $res_str .= "datefmt_get_locale should return false for bad argument $badval\n"; ++ } ++ } + + return $res_str; + +Index: b/ext/intl/tests/formatter_get_set_symbol.phpt +=================================================================== +--- a/ext/intl/tests/formatter_get_set_symbol.phpt ++++ b/ext/intl/tests/formatter_get_set_symbol.phpt +@@ -73,7 +73,12 @@ function ut_main() + // Restore attribute's symbol. + ut_nfmt_set_symbol( $fmt, $symb, $orig_val ); + } +- ++ $badvals = array(2147483648, -2147483648, -1, 4294901761); ++ foreach($badvals as $badval) { ++ if(ut_nfmt_get_symbol( $fmt, 2147483648 )) { ++ $res_str .= "Bad value $badval should return false!\n"; ++ } ++ } + return $res_str; + } + +Index: b/ext/intl/formatter/formatter_attr.c +=================================================================== +--- a/ext/intl/formatter/formatter_attr.c ++++ b/ext/intl/formatter/formatter_attr.c +@@ -250,7 +250,7 @@ PHP_FUNCTION( numfmt_get_symbol ) + long symbol; + UChar value_buf[4]; + UChar *value = value_buf; +- int length = USIZE(value); ++ int length = USIZE(value_buf); + FORMATTER_METHOD_INIT_VARS; + + /* Parse parameters. */ +@@ -262,12 +262,17 @@ PHP_FUNCTION( numfmt_get_symbol ) + + RETURN_FALSE; + } ++ ++ if(symbol >= UNUM_FORMAT_SYMBOL_COUNT || symbol < 0) { ++ intl_error_set( NULL, U_ILLEGAL_ARGUMENT_ERROR, "numfmt_get_symbol: invalid symbol value", 0 TSRMLS_CC ); ++ RETURN_FALSE; ++ } + + /* Fetch the object. */ + FORMATTER_METHOD_FETCH_OBJECT; + + length = unum_getSymbol(FORMATTER_OBJECT(nfo), symbol, value_buf, length, &INTL_DATA_ERROR_CODE(nfo)); +- if(INTL_DATA_ERROR_CODE(nfo) == U_BUFFER_OVERFLOW_ERROR && length >= USIZE( value )) { ++ if(INTL_DATA_ERROR_CODE(nfo) == U_BUFFER_OVERFLOW_ERROR && length >= USIZE( value_buf )) { + ++length; /* to avoid U_STRING_NOT_TERMINATED_WARNING */ + INTL_DATA_ERROR_CODE(nfo) = U_ZERO_ERROR; + value = eumalloc(length); --- php5-5.3.2.orig/debian/patches/fix_broken_upstream_tests.patch +++ php5-5.3.2/debian/patches/fix_broken_upstream_tests.patch @@ -0,0 +1,25 @@ +Description: Add missing settings to fix upstream tests +Origin: vendor +Forwarded: http://bugs.php.net/50796 +Last-Update: 2010-01-18 + +--- a/ext/soap/tests/server009.phpt ++++ b/ext/soap/tests/server009.phpt +@@ -10,6 +10,7 @@ SOAP Server 9: setclass and setpersisten + --INI-- + session.auto_start=1 + session.save_handler=files ++session.save_path=temp_session_store + --FILE-- + + --FILE-- + FORMAT_CONV_MAX_PRECISION) { ++ precision = FORMAT_CONV_MAX_PRECISION; ++ } + } else + adjust_precision = NO; + } else +Index: main/spprintf.c +=================================================================== +--- main/spprintf.c (revision 308524) ++++ main/spprintf.c (revision 308525) +@@ -285,10 +285,6 @@ + + /* + * Check if a precision was specified +- * +- * XXX: an unreasonable amount of precision may be specified +- * resulting in overflow of num_buf. Currently we +- * ignore this possibility. + */ + if (*fmt == '.') { + adjust_precision = YES; +@@ -302,6 +298,10 @@ + precision = 0; + } else + precision = 0; ++ ++ if (precision > FORMAT_CONV_MAX_PRECISION) { ++ precision = FORMAT_CONV_MAX_PRECISION; ++ } + } else + adjust_precision = NO; + } else +Index: main/snprintf.h +=================================================================== +--- main/snprintf.h (revision 308524) ++++ main/snprintf.h (revision 308525) +@@ -12,7 +12,7 @@ + | obtain it through the world-wide-web, please send a note to | + | license@php.net so we can mail you a copy immediately. | + +----------------------------------------------------------------------+ +- | Author: Stig Sæther Bakken | ++ | Author: Stig Sæther Bakken | + | Marcus Boerger | + +----------------------------------------------------------------------+ + */ +@@ -158,6 +158,17 @@ + extern char * ap_php_conv_p2(register u_wide_int num, register int nbits, + char format, char *buf_end, register int *len); + ++/* The maximum precision that's allowed for float conversion. Does not include ++ * decimal separator, exponent, sign, terminator. Currently does not affect ++ * the modes e/f, only g/k/H, as those have a different limit enforced at ++ * another level (see NDIG in php_conv_fp()). ++ * Applies to the formatting functions of both spprintf.c and snprintf.c, which ++ * use equally sized buffers of MAX_BUF_SIZE = 512 to hold the result of the ++ * call to php_gcvt(). ++ * This should be reasonably smaller than MAX_BUF_SIZE (I think MAX_BUF_SIZE - 9 ++ * should be enough, but let's give some more space) */ ++#define FORMAT_CONV_MAX_PRECISION 500 ++ + #endif /* SNPRINTF_H */ + + /* --- php5-5.3.2.orig/debian/patches/045-exif_nesting_level.patch +++ php5-5.3.2/debian/patches/045-exif_nesting_level.patch @@ -0,0 +1,16 @@ +Description: Increase maximum exif nesting level. +Origin: vendor +Forwarded: no +Last-Update: 2010-01-18 + +--- pkg-php.orig/ext/exif/exif.c ++++ pkg-php/ext/exif/exif.c +@@ -99,7 +99,7 @@ typedef unsigned char uchar; + + #define EFREE_IF(ptr) if (ptr) efree(ptr) + +-#define MAX_IFD_NESTING_LEVEL 100 ++#define MAX_IFD_NESTING_LEVEL 250 + + /* {{{ arginfo */ + ZEND_BEGIN_ARG_INFO(arginfo_exif_tagname, 0) --- php5-5.3.2.orig/debian/patches/php5-CVE-2011-0421.patch +++ php5-5.3.2/debian/patches/php5-CVE-2011-0421.patch @@ -0,0 +1,48 @@ +Subject: fix bug 53885 (ZipArchive segfault with FL_UNCHANGED on empty archive) +Origin: http://svn.php.net/viewvc/?view=revision&revision=307867 +Bug: http://bugs.php.net/bug.php?id=53885 + +CVE-2011-421 + +Patch has been modified from upstream commit to remove edits to NEWS, to +reduce conflicts when applying. + +Index: ext/zip/tests/bug53885.phpt +=================================================================== +--- ext/zip/tests/bug53885.phpt (revision 0) ++++ ext/zip/tests/bug53885.phpt (revision 307867) +@@ -0,0 +1,19 @@ ++--TEST-- ++Bug #53885 (ZipArchive segfault with FL_UNCHANGED on empty archive) ++--SKIPIF-- ++ ++--FILE-- ++open($fname); ++$nx->locateName("a",ZIPARCHIVE::FL_UNCHANGED); ++$nx->statName("a",ZIPARCHIVE::FL_UNCHANGED); ++?> ++==DONE== ++--EXPECTF-- ++==DONE== +Index: ext/zip/lib/zip_name_locate.c +=================================================================== +--- ext/zip/lib/zip_name_locate.c (revision 307866) ++++ ext/zip/lib/zip_name_locate.c (revision 307867) +@@ -60,6 +60,10 @@ + return -1; + } + ++ if((flags & ZIP_FL_UNCHANGED) && !za->cdir) { ++ return -1; ++ } ++ + cmp = (flags & ZIP_FL_NOCASE) ? strcmpi : strcmp; + + n = (flags & ZIP_FL_UNCHANGED) ? za->cdir->nentry : za->nentry; --- php5-5.3.2.orig/debian/patches/php5-CVE-2010-3710.patch +++ php5-5.3.2/debian/patches/php5-CVE-2010-3710.patch @@ -0,0 +1,53 @@ +Subject: Segfault in filter_var with FILTER_VALIDATE_EMAIL with large amount of data +Origin: http://svn.php.net/viewvc?view=revision&revision=303779 +Bug: http://bugs.php.net/bug.php?id=52929 + +CVE-2010-3710 + +[Ubuntu note: patch differs from upstream commit in that the change to + the NEWS file has been dropped to reduce conflicts - sbeattie] + +--- + ext/filter/logical_filters.c | 5 +++++ + ext/filter/tests/bug52929.phpt | 18 ++++++++++++++++++ + 2 files changed, 23 insertions(+) + +Index: b/ext/filter/tests/bug52929.phpt +=================================================================== +--- /dev/null ++++ b/ext/filter/tests/bug52929.phpt +@@ -0,0 +1,18 @@ ++--TEST-- ++Bug #52929 (Segfault in filter_var with FILTER_VALIDATE_EMAIL with large amount of data) ++--SKIPIF-- ++ ++--FILE-- ++ 320) { ++ RETURN_VALIDATION_FAILED ++ } ++ + re = pcre_get_compiled_regex((char *)regexp, &pcre_extra, &preg_options TSRMLS_CC); + if (!re) { + RETURN_VALIDATION_FAILED --- php5-5.3.2.orig/debian/patches/fix_broken_sha2_test.patch +++ php5-5.3.2/debian/patches/fix_broken_sha2_test.patch @@ -0,0 +1,40 @@ +--- a/ext/standard/config.m4 ++++ b/ext/standard/config.m4 +@@ -184,12 +184,12 @@ AC_TRY_RUN([ + + main() { + #if HAVE_CRYPT +- char salt[30], answer[80]; +- +- salt[0]='$'; salt[1]='6'; salt[2]='$'; salt[3]='$'; salt[4]='b'; salt[5]='a'; salt[6]='r'; salt[7]='\0'; ++ char salt[21], answer[21+86]; ++ ++ strcpy(salt,"\$6\$rasmuslerdorf\$"); + strcpy(answer, salt); +- strcpy(&answer[29],"$6$$QMXjqd7rHQZPQ1yHsXkQqC1FBzDiVfTHXL.LaeDAeVV.IzMaV9VU4MQ8kPuZa2SOP1A0RPm772EaFYjpEJtdu."); +- exit (strcmp((char *)crypt("foo",salt),answer)); ++ strcat(answer, "EeHCRjm0bljalWuALHSTs1NB9ipEiLEXLhYeXdOpx22gmlmVejnVXFhd84cEKbYxCo.XuUTrW.RLraeEnsvWs/"); ++ exit (strcmp((char *)crypt("rasmuslerdorf",salt),answer)); + #else + exit(0); + #endif +@@ -213,12 +213,13 @@ AC_TRY_RUN([ + + main() { + #if HAVE_CRYPT +- char salt[30], answer[80]; +- salt[0]='$'; salt[1]='5'; salt[2]='$'; salt[3]='$'; salt[4]='s'; salt[5]='a'; salt[6]='l'; salt[7]='t'; salt[8]='s'; salt[9]='t'; salt[10]='r'; salt[11]='i'; salt[12]='n'; salt[13]='g'; salt[14]='\0'; +- strcat(salt,""); ++ char salt[21], answer[21+43]; ++ ++ strcpy(salt,"\$5\$rasmuslerdorf\$"); + strcpy(answer, salt); +- strcpy(&answer[29], "$5$saltstring$5B8vYYiY.CVt1RlTTf8KbXBH3hsxY/GNooZaBBGWEc5"); +- exit (strcmp((char *)crypt("foo",salt),answer)); ++ strcat(answer, "cFAm2puLCujQ9t.0CxiFIIvFi4JyQx5UncCt/xRIX23"); ++ exit (strcmp((char *)crypt("rasmuslerdorf",salt),answer)); ++ + #else + exit(0); + #endif + --- php5-5.3.2.orig/debian/patches/112-proc_open.patch +++ php5-5.3.2/debian/patches/112-proc_open.patch @@ -0,0 +1,11 @@ +--- a/ext/standard/proc_open.c ++++ b/ext/standard/proc_open.c +@@ -62,7 +62,7 @@ + * */ + #ifdef PHP_CAN_SUPPORT_PROC_OPEN + +-#if 0 && HAVE_PTSNAME && HAVE_GRANTPT && HAVE_UNLOCKPT && HAVE_SYS_IOCTL_H && HAVE_TERMIOS_H ++#if HAVE_PTSNAME && HAVE_GRANTPT && HAVE_UNLOCKPT && HAVE_SYS_IOCTL_H && HAVE_TERMIOS_H + # include + # include + # define PHP_CAN_DO_PTS 1 --- php5-5.3.2.orig/debian/patches/php5-CVE-2011-1466.patch +++ php5-5.3.2/debian/patches/php5-CVE-2011-1466.patch @@ -0,0 +1,102 @@ +Subject: Fixed bug #53574 (Integer overflow in SdnToJulian, sometimes leading to segfault). +Origin: http://svn.php.net/viewvc?view=revision&revision=306475 + +CVE-2011-1466 + +Patch differs from upstream commit in that the edit to the NEWS file was +dropped to reduce patch conflicts. + +Index: ext/calendar/tests/bug53574.phpt +=================================================================== +--- ext/calendar/tests/bug53574.phpt (revision 0) ++++ ext/calendar/tests/bug53574.phpt (revision 306475) +@@ -0,0 +1,35 @@ ++--TEST-- ++Bug #53574 (Integer overflow in SdnToJulian; leads to segfault) ++--SKIPIF-- ++ ++--FILE-- ++ ++ string(5) "0/0/0" ++ ["month"]=> ++ int(0) ++ ["day"]=> ++ int(0) ++ ["year"]=> ++ int(0) ++ ["dow"]=> ++ int(3) ++ ["abbrevdayname"]=> ++ string(3) "Wed" ++ ["dayname"]=> ++ string(9) "Wednesday" ++ ["abbrevmonth"]=> ++ string(0) "" ++ ["monthname"]=> ++ string(0) "" ++} ++ +Index: ext/calendar/julian.c +=================================================================== +--- ext/calendar/julian.c (revision 306474) ++++ ext/calendar/julian.c (revision 306475) +@@ -146,6 +146,7 @@ + **************************************************************************/ + + #include "sdncal.h" ++#include + + #define JULIAN_SDN_OFFSET 32083 + #define DAYS_PER_5_MONTHS 153 +@@ -164,15 +165,22 @@ + int dayOfYear; + + if (sdn <= 0) { +- *pYear = 0; +- *pMonth = 0; +- *pDay = 0; +- return; ++ goto fail; + } +- temp = (sdn + JULIAN_SDN_OFFSET) * 4 - 1; ++ /* Check for overflow */ ++ if (sdn > (LONG_MAX - JULIAN_SDN_OFFSET * 4 + 1) / 4 || sdn < LONG_MIN / 4) { ++ goto fail; ++ } ++ temp = sdn * 4 + (JULIAN_SDN_OFFSET * 4 - 1); + + /* Calculate the year and day of year (1 <= dayOfYear <= 366). */ +- year = temp / DAYS_PER_4_YEARS; ++ { ++ long yearl = temp / DAYS_PER_4_YEARS; ++ if (yearl > INT_MAX || yearl < INT_MIN) { ++ goto fail; ++ } ++ year = (int) yearl; ++ } + dayOfYear = (temp % DAYS_PER_4_YEARS) / 4 + 1; + + /* Calculate the month and day of month. */ +@@ -196,6 +204,12 @@ + *pYear = year; + *pMonth = month; + *pDay = day; ++ return; ++ ++fail: ++ *pYear = 0; ++ *pMonth = 0; ++ *pDay = 0; + } + + long int JulianToSdn( --- php5-5.3.2.orig/debian/patches/php5-CVE-2010-3709.patch +++ php5-5.3.2/debian/patches/php5-CVE-2010-3709.patch @@ -0,0 +1,24 @@ +Subject: fix Fixed NULL pointer dereference in ZipArchive::getArchiveComment +Origin: http://svn.php.net/viewvc?view=revision&revision=304505 + +CVE-2010-3709 +report & patch from Maksymilian Arciemowicz + +--- + ext/zip/php_zip.c | 3 +++ + 1 file changed, 3 insertions(+) + +Index: b/ext/zip/php_zip.c +=================================================================== +--- a/ext/zip/php_zip.c ++++ b/ext/zip/php_zip.c +@@ -1961,6 +1961,9 @@ static ZIPARCHIVE_METHOD(getArchiveComme + } + + comment = zip_get_archive_comment(intern, &comment_len, (int)flags); ++ if(comment==NULL) { ++ RETURN_FALSE; ++ } + RETURN_STRINGL((char *)comment, (long)comment_len, 1); + } + /* }}} */ --- php5-5.3.2.orig/debian/patches/php5-CVE-2011-1148.patch +++ php5-5.3.2/debian/patches/php5-CVE-2011-1148.patch @@ -0,0 +1,199 @@ +Subject: fix bug #54238 (use-after-free in substr_replace()) +Origin: http://svn.php.net/viewvc?view=revision&revision=310194 + +CVE-2011-1148 + +Patch differs from upstream commit in that added entry in NEWS file has +been removed to reduce patch conflicts. + +Index: ext/standard/string.c +=================================================================== +--- ext/standard/string.c (revision 310193) ++++ ext/standard/string.c (revision 310194) +@@ -2352,20 +2352,35 @@ + + zend_hash_internal_pointer_reset_ex(Z_ARRVAL_PP(str), &pos_str); + while (zend_hash_get_current_data_ex(Z_ARRVAL_PP(str), (void **) &tmp_str, &pos_str) == SUCCESS) { +- convert_to_string_ex(tmp_str); ++ zval *orig_str; ++ zval dummy; ++ if(Z_TYPE_PP(tmp_str) != IS_STRING) { ++ dummy = **tmp_str; ++ orig_str = &dummy; ++ zval_copy_ctor(orig_str); ++ convert_to_string(orig_str); ++ } else { ++ orig_str = *tmp_str; ++ } + + if (Z_TYPE_PP(from) == IS_ARRAY) { + if (SUCCESS == zend_hash_get_current_data_ex(Z_ARRVAL_PP(from), (void **) &tmp_from, &pos_from)) { +- convert_to_long_ex(tmp_from); ++ if(Z_TYPE_PP(tmp_from) != IS_LONG) { ++ zval dummy = **tmp_from; ++ zval_copy_ctor(&dummy); ++ convert_to_long(&dummy); ++ f = Z_LVAL(dummy); ++ } else { ++ f = Z_LVAL_PP(tmp_from); ++ } + +- f = Z_LVAL_PP(tmp_from); + if (f < 0) { +- f = Z_STRLEN_PP(tmp_str) + f; ++ f = Z_STRLEN_P(orig_str) + f; + if (f < 0) { + f = 0; + } +- } else if (f > Z_STRLEN_PP(tmp_str)) { +- f = Z_STRLEN_PP(tmp_str); ++ } else if (f > Z_STRLEN_P(orig_str)) { ++ f = Z_STRLEN_P(orig_str); + } + zend_hash_move_forward_ex(Z_ARRVAL_PP(from), &pos_from); + } else { +@@ -2374,72 +2389,94 @@ + } else { + f = Z_LVAL_PP(from); + if (f < 0) { +- f = Z_STRLEN_PP(tmp_str) + f; ++ f = Z_STRLEN_P(orig_str) + f; + if (f < 0) { + f = 0; + } +- } else if (f > Z_STRLEN_PP(tmp_str)) { +- f = Z_STRLEN_PP(tmp_str); ++ } else if (f > Z_STRLEN_P(orig_str)) { ++ f = Z_STRLEN_P(orig_str); + } + } + + if (argc > 3 && Z_TYPE_PP(len) == IS_ARRAY) { + if (SUCCESS == zend_hash_get_current_data_ex(Z_ARRVAL_PP(len), (void **) &tmp_len, &pos_len)) { +- convert_to_long_ex(tmp_len); ++ if(Z_TYPE_PP(tmp_len) != IS_LONG) { ++ zval dummy = **tmp_len; ++ zval_copy_ctor(&dummy); ++ convert_to_long(&dummy); ++ l = Z_LVAL(dummy); ++ } else { ++ l = Z_LVAL_PP(tmp_len); ++ } + + l = Z_LVAL_PP(tmp_len); + zend_hash_move_forward_ex(Z_ARRVAL_PP(len), &pos_len); + } else { +- l = Z_STRLEN_PP(tmp_str); ++ l = Z_STRLEN_P(orig_str); + } + } else if (argc > 3) { + l = Z_LVAL_PP(len); + } else { +- l = Z_STRLEN_PP(tmp_str); ++ l = Z_STRLEN_P(orig_str); + } + + if (l < 0) { +- l = (Z_STRLEN_PP(tmp_str) - f) + l; ++ l = (Z_STRLEN_P(orig_str) - f) + l; + if (l < 0) { + l = 0; + } + } + +- if ((f + l) > Z_STRLEN_PP(tmp_str)) { +- l = Z_STRLEN_PP(tmp_str) - f; ++ if ((f + l) > Z_STRLEN_P(orig_str)) { ++ l = Z_STRLEN_P(orig_str) - f; + } + +- result_len = Z_STRLEN_PP(tmp_str) - l; ++ result_len = Z_STRLEN_P(orig_str) - l; + + if (Z_TYPE_PP(repl) == IS_ARRAY) { + if (SUCCESS == zend_hash_get_current_data_ex(Z_ARRVAL_PP(repl), (void **) &tmp_repl, &pos_repl)) { +- convert_to_string_ex(tmp_repl); +- result_len += Z_STRLEN_PP(tmp_repl); ++ zval *repl_str; ++ zval zrepl; ++ if(Z_TYPE_PP(tmp_repl) != IS_STRING) { ++ zrepl = **tmp_repl; ++ repl_str = &zrepl; ++ zval_copy_ctor(repl_str); ++ convert_to_string(repl_str); ++ } else { ++ repl_str = *tmp_repl; ++ } ++ ++ result_len += Z_STRLEN_P(repl_str); + zend_hash_move_forward_ex(Z_ARRVAL_PP(repl), &pos_repl); + result = emalloc(result_len + 1); + +- memcpy(result, Z_STRVAL_PP(tmp_str), f); +- memcpy((result + f), Z_STRVAL_PP(tmp_repl), Z_STRLEN_PP(tmp_repl)); +- memcpy((result + f + Z_STRLEN_PP(tmp_repl)), Z_STRVAL_PP(tmp_str) + f + l, Z_STRLEN_PP(tmp_str) - f - l); ++ memcpy(result, Z_STRVAL_P(orig_str), f); ++ memcpy((result + f), Z_STRVAL_P(repl_str), Z_STRLEN_P(repl_str)); ++ memcpy((result + f + Z_STRLEN_P(repl_str)), Z_STRVAL_P(orig_str) + f + l, Z_STRLEN_P(orig_str) - f - l); ++ if(Z_TYPE_PP(tmp_repl) != IS_STRING) { ++ zval_dtor(repl_str); ++ } + } else { + result = emalloc(result_len + 1); + +- memcpy(result, Z_STRVAL_PP(tmp_str), f); +- memcpy((result + f), Z_STRVAL_PP(tmp_str) + f + l, Z_STRLEN_PP(tmp_str) - f - l); ++ memcpy(result, Z_STRVAL_P(orig_str), f); ++ memcpy((result + f), Z_STRVAL_P(orig_str) + f + l, Z_STRLEN_P(orig_str) - f - l); + } + } else { + result_len += Z_STRLEN_PP(repl); + + result = emalloc(result_len + 1); + +- memcpy(result, Z_STRVAL_PP(tmp_str), f); ++ memcpy(result, Z_STRVAL_P(orig_str), f); + memcpy((result + f), Z_STRVAL_PP(repl), Z_STRLEN_PP(repl)); +- memcpy((result + f + Z_STRLEN_PP(repl)), Z_STRVAL_PP(tmp_str) + f + l, Z_STRLEN_PP(tmp_str) - f - l); ++ memcpy((result + f + Z_STRLEN_PP(repl)), Z_STRVAL_P(orig_str) + f + l, Z_STRLEN_P(orig_str) - f - l); + } + + result[result_len] = '\0'; + add_next_index_stringl(return_value, result, result_len, 0); +- ++ if(Z_TYPE_PP(tmp_str) != IS_STRING) { ++ zval_dtor(orig_str); ++ } + zend_hash_move_forward_ex(Z_ARRVAL_PP(str), &pos_str); + } /*while*/ + } /* if */ +Index: ext/standard/tests/strings/bug54238.phpt +=================================================================== +--- ext/standard/tests/strings/bug54238.phpt (revision 0) ++++ ext/standard/tests/strings/bug54238.phpt (revision 310194) +@@ -0,0 +1,25 @@ ++--TEST-- ++Bug #54238 (use-after-free in substr_replace()) ++--INI-- ++error_reporting=E_ALL&~E_NOTICE ++--FILE-- ++ ++--EXPECT-- ++array(1) { ++ [0]=> ++ string(9) "AArrayray" ++} ++array(1) { ++ [0]=> ++ array(2) { ++ [0]=> ++ string(1) "A" ++ [1]=> ++ string(1) "A" ++ } ++} --- php5-5.3.2.orig/debian/patches/006-debian_quirks.patch +++ php5-5.3.2/debian/patches/006-debian_quirks.patch @@ -0,0 +1,222 @@ +Description: Changes to make php use versioned paths and other minor + cleanup changes. +Origin: vendor +Forwarded: not-needed +Last-Update: 2010-01-18 + +--- a/configure.in ++++ b/configure.in +@@ -1005,7 +1005,7 @@ if test "$PHP_CLI" = "no"; then + fi + + PHP_ARG_WITH(pear, [whether to install PEAR], +-[ --with-pear=DIR Install PEAR in DIR [PREFIX/lib/php] ++[ --with-pear=DIR Install PEAR in DIR [PREFIX/lib/php5] + --without-pear Do not install PEAR], DEFAULT, yes) + + if test "$PHP_PEAR" != "no"; then +@@ -1035,7 +1035,7 @@ dnl + if test "$PHP_PEAR" = "DEFAULT" || test "$PHP_PEAR" = "yes"; then + case $PHP_LAYOUT in + GNU) PEAR_INSTALLDIR=$datadir/pear;; +- *) PEAR_INSTALLDIR=$libdir/php;; ++ *) PEAR_INSTALLDIR=$libdir/php5;; + esac + fi + +@@ -1090,12 +1090,12 @@ test "$program_suffix" = "NONE" && progr + + case $libdir in + '${exec_prefix}/lib') +- libdir=$libdir/php ++ libdir=$libdir/php5 + ;; + esac + case $datadir in + '${prefix}/share') +- datadir=$datadir/php ++ datadir=$datadir/php5 + ;; + esac + +@@ -1161,7 +1161,7 @@ EXPANDED_SYSCONFDIR=`eval echo $sysconfd + EXPANDED_DATADIR=$datadir + EXPANDED_PHP_CONFIG_FILE_PATH=`eval echo "$PHP_CONFIG_FILE_PATH"` + EXPANDED_PHP_CONFIG_FILE_SCAN_DIR=`eval echo "$PHP_CONFIG_FILE_SCAN_DIR"` +-INCLUDE_PATH=.:$EXPANDED_PEAR_INSTALLDIR ++INCLUDE_PATH=.:$EXPANDED_PEAR_INSTALLDIR:/usr/share/pear + + exec_prefix=$old_exec_prefix + libdir=$old_libdir +--- a/ext/ext_skel ++++ b/ext/ext_skel +@@ -70,7 +70,7 @@ if test -d "$extname" ; then + fi + + if test -z "$skel_dir"; then +- skel_dir="skeleton" ++ skel_dir="/usr/lib/php5/skeleton" + fi + + ## convert skel_dir to full path +--- a/php.ini-development ++++ b/php.ini-development +@@ -781,7 +781,7 @@ default_mimetype = "text/html" + ;;;;;;;;;;;;;;;;;;;;;;;;; + + ; UNIX: "/path1:/path2" +-;include_path = ".:/php/includes" ++;include_path = ".:/usr/share/php" + ; + ; Windows: "\path1;\path2" + ;include_path = ".;c:\php\includes" +--- a/php.ini-production ++++ b/php.ini-production +@@ -781,7 +781,7 @@ default_mimetype = "text/html" + ;;;;;;;;;;;;;;;;;;;;;;;;; + + ; UNIX: "/path1:/path2" +-;include_path = ".:/php/includes" ++;include_path = ".:/usr/share/php" + ; + ; Windows: "\path1;\path2" + ;include_path = ".;c:\php\includes" +@@ -938,53 +938,6 @@ default_socket_timeout = 60 + ; If you only provide the name of the extension, PHP will look for it in its + ; default extension directory. + ; +-; Windows Extensions +-; Note that ODBC support is built in, so no dll is needed for it. +-; Note that many DLL files are located in the extensions/ (PHP 4) ext/ (PHP 5) +-; extension folders as well as the separate PECL DLL download (PHP 5). +-; Be sure to appropriately set the extension_dir directive. +-; +-;extension=php_bz2.dll +-;extension=php_curl.dll +-;extension=php_dba.dll +-;extension=php_exif.dll +-;extension=php_fileinfo.dll +-;extension=php_gd2.dll +-;extension=php_gettext.dll +-;extension=php_gmp.dll +-;extension=php_intl.dll +-;extension=php_imap.dll +-;extension=php_interbase.dll +-;extension=php_ldap.dll +-;extension=php_mbstring.dll +-;extension=php_ming.dll +-;extension=php_mssql.dll +-;extension=php_mysql.dll +-;extension=php_mysqli.dll +-;extension=php_oci8.dll ; Use with Oracle 10gR2 Instant Client +-;extension=php_oci8_11g.dll ; Use with Oracle 11g Instant Client +-;extension=php_openssl.dll +-;extension=php_pdo_firebird.dll +-;extension=php_pdo_mssql.dll +-;extension=php_pdo_mysql.dll +-;extension=php_pdo_oci.dll +-;extension=php_pdo_odbc.dll +-;extension=php_pdo_pgsql.dll +-;extension=php_pdo_sqlite.dll +-;extension=php_pgsql.dll +-;extension=php_phar.dll +-;extension=php_pspell.dll +-;extension=php_shmop.dll +-;extension=php_snmp.dll +-;extension=php_soap.dll +-;extension=php_sockets.dll +-;extension=php_sqlite.dll +-;extension=php_sqlite3.dll +-;extension=php_sybase_ct.dll +-;extension=php_tidy.dll +-;extension=php_xmlrpc.dll +-;extension=php_xsl.dll +-;extension=php_zip.dll + + ;;;;;;;;;;;;;;;;;;; + ; Module Settings ; +--- a/sapi/caudium/config.m4 ++++ b/sapi/caudium/config.m4 +@@ -26,8 +26,8 @@ if test "$PHP_CAUDIUM" != "no"; then + AC_MSG_ERROR([Could not find a pike in $PHP_CAUDIUM/bin/]) + fi + if $PIKE -e 'float v; int rel;sscanf(version(), "Pike v%f release %d", v, rel);v += rel/10000.0; if(v < 7.0268) exit(1); exit(0);'; then +- PIKE_MODULE_DIR=`$PIKE --show-paths 2>&1| grep '^Module' | sed -e 's/.*: //'` +- PIKE_INCLUDE_DIR=`echo $PIKE_MODULE_DIR | sed -e 's,lib/pike/modules,include/pike,' -e 's,lib/modules,include/pike,' ` ++ PIKE_MODULE_DIR=`$PIKE --show-paths 2>&1| grep '^Master file' | sed -e 's/.*: //' -e 's/master.pike/modules/'` ++ PIKE_INCLUDE_DIR=`echo $PIKE_MODULE_DIR | sed -e 's,lib/modules,,' -e 's,modules,include,' ` + if test -z "$PIKE_INCLUDE_DIR" || test -z "$PIKE_MODULE_DIR"; then + AC_MSG_ERROR(Failed to figure out Pike module and include directories) + fi +@@ -84,7 +84,9 @@ if test "$PHP_CAUDIUM" != "no"; then + PIKE_VERSION=`$PIKE -e 'string v; int rel;sscanf(version(), "Pike v%s release %d", v, rel); write(v+"."+rel);'` + AC_DEFINE(HAVE_CAUDIUM,1,[Whether to compile with Caudium support]) + PHP_SELECT_SAPI(caudium, shared, caudium.c) +- INSTALL_IT="\$(INSTALL) -m 0755 $SAPI_SHARED $PHP_CAUDIUM/lib/$PIKE_VERSION/PHP5.so" ++ dnl FIXME: This is the ugliest hack in the world! ++ dnl INSTALL_IT="\$(mkinstalldirs) \$(INSTALL_ROOT)$PHP_CAUDIUM/lib/$PIKE_VERSION/ && \$(INSTALL) -m 0755 $SAPI_SHARED \$(INSTALL_ROOT)$PHP_CAUDIUM/lib/$PIKE_VERSION/php5.so" ++ INSTALL_IT="\$(mkinstalldirs) \$(INSTALL_ROOT)$PHP_CAUDIUM/lib/$PIKE_VERSION/ && \$(INSTALL) -m 0755 .$SAPI_SHARED \$(INSTALL_ROOT)$PHP_CAUDIUM/lib/$PIKE_VERSION/PHP5.so" + RESULT=" *** Pike binary used: $PIKE + *** Pike include dir(s) used: $PIKE_INCLUDE_DIR + *** Pike version: $PIKE_VERSION" +--- a/sapi/cli/php.1.in ++++ b/sapi/cli/php.1.in +@@ -309,13 +309,14 @@ Shows configuration for extension + Show configuration file names + .SH FILES + .TP 15 +-.B php\-cli.ini ++.B /etc/php5/cli/php.ini + The configuration file for the CLI version of PHP. + .TP +-.B php.ini +-The standard configuration file will only be used when +-.B php\-cli.ini +-cannot be found. ++.B /etc/php5/cgi/php.ini ++The configuration file for the CGI version of PHP. ++.TP ++.B /etc/php5/apache2/php.ini ++The configuration file for the version of PHP that apache2 uses. + .SH EXAMPLES + .TP 5 + \fIphp \-r 'echo "Hello World\\n";'\fP +--- a/scripts/Makefile.frag ++++ b/scripts/Makefile.frag +@@ -3,8 +3,8 @@ + # Build environment install + # + +-phpincludedir = $(includedir)/php +-phpbuilddir = $(libdir)/build ++phpincludedir = $(includedir)/php5 ++phpbuilddir = $(prefix)/lib/php5/build + + BUILD_FILES = \ + scripts/phpize.m4 \ +--- a/scripts/php-config.in ++++ b/scripts/php-config.in +@@ -5,8 +5,8 @@ prefix="@prefix@" + exec_prefix="@exec_prefix@" + version="@PHP_VERSION@" + vernum="@PHP_VERSION_ID@" +-include_dir="@includedir@/php" +-includes="-I$include_dir -I$include_dir/main -I$include_dir/TSRM -I$include_dir/Zend -I$include_dir/ext -I$include_dir/ext/date/lib" ++include_dir="@includedir@/php5" ++includes="-I$include_dir -I$include_dir/main -I$include_dir/TSRM -I$include_dir/Zend -I$include_dir/ext -I$include_dir/ext/date/lib $(getconf LFS_CFLAGS)" + ldflags="@PHP_LDFLAGS@" + libs="@EXTRA_LIBS@" + extension_dir='@EXTENSION_DIR@' +--- a/scripts/phpize.in ++++ b/scripts/phpize.in +@@ -3,8 +3,8 @@ + # Variable declaration + prefix='@prefix@' + exec_prefix="`eval echo @exec_prefix@`" +-phpdir="`eval echo @libdir@`/build" +-includedir="`eval echo @includedir@`/php" ++phpdir="$prefix/lib/php5/build" ++includedir="$prefix/include/php5" + builddir="`pwd`" + SED="@SED@" + --- php5-5.3.2.orig/debian/patches/001-libtool_fixes.patch +++ php5-5.3.2/debian/patches/001-libtool_fixes.patch @@ -0,0 +1,24 @@ +--- a/TSRM/configure.in ++++ b/TSRM/configure.in +@@ -13,9 +13,6 @@ TSRM_BASIC_CHECKS + TSRM_THREADS_CHECKS + + AM_PROG_LIBTOOL +-if test "$enable_debug" != "yes"; then +- AM_SET_LIBTOOL_VARIABLE([--silent]) +-fi + + dnl TSRM_PTHREAD + +--- a/configure.in ++++ b/configure.in +@@ -1343,9 +1343,6 @@ AC_PROVIDE_IFELSE([PHP_REQUIRE_CXX], [], + ]) + AC_PROG_LIBTOOL + +-if test "$enable_debug" != "yes"; then +- PHP_SET_LIBTOOL_VARIABLE([--silent]) +-fi + + dnl libtool 1.4.3 needs this. + PHP_SET_LIBTOOL_VARIABLE([--preserve-dup-deps]) --- php5-5.3.2.orig/debian/patches/gentoo/117-4_digit_year_big_endian.patch +++ php5-5.3.2/debian/patches/gentoo/117-4_digit_year_big_endian.patch @@ -0,0 +1,11 @@ +--- pkg-php.orig/ext/date/php_date.c ++++ pkg-php/ext/date/php_date.c +@@ -803,7 +803,7 @@ static char *date_format(char *format, i + /* year */ + case 'L': length = slprintf(buffer, 32, "%d", timelib_is_leap((int) t->y)); break; + case 'y': length = slprintf(buffer, 32, "%02d", (int) t->y % 100); break; +- case 'Y': length = slprintf(buffer, 32, "%s%04ld", t->y < 0 ? "-" : "", llabs(t->y)); break; ++ case 'Y': length = slprintf(buffer, 32, "%s%04lld", t->y < 0 ? "-" : "", llabs(t->y)); break; + + /* time */ + case 'a': length = slprintf(buffer, 32, "%s", t->h >= 12 ? "pm" : "am"); break; --- php5-5.3.2.orig/debian/patches/gentoo/009_ob-memory-leaks.patch +++ php5-5.3.2/debian/patches/gentoo/009_ob-memory-leaks.patch @@ -0,0 +1,33 @@ +009_ob-memory-leaks.patch +PHP_5_2 +http://cvs.php.net/viewvc.cgi/php-src/main/output.c?r1=1.167.2.3.2.8&r2=1.167.2.3.2.9&diff_format=u +Fixed memory leak in ob_get_clean/ob_get_flush. + +--- a/main/output.c ++++ b/main/output.c +@@ -816,10 +816,12 @@ PHP_FUNCTION(ob_end_flush) + + if (!OG(ob_nesting_level)) { + php_error_docref("ref.outcontrol" TSRMLS_CC, E_NOTICE, "failed to delete and flush buffer. No buffer to delete or flush."); ++ zval_dtor(return_value); + RETURN_FALSE; + } + if (OG(ob_nesting_level) && !OG(active_ob_buffer).status && !OG(active_ob_buffer).erase) { + php_error_docref("ref.outcontrol" TSRMLS_CC, E_NOTICE, "failed to delete buffer %s.", OG(active_ob_buffer).handler_name); ++ zval_dtor(return_value); + RETURN_FALSE; + } + +@@ -838,10 +840,12 @@ PHP_FUNCTION(ob_end_clean) + + if (!OG(ob_nesting_level)) { + php_error_docref("ref.outcontrol" TSRMLS_CC, E_NOTICE, "failed to delete buffer. No buffer to delete."); ++ zval_dtor(return_value); + RETURN_FALSE; + } + if (OG(ob_nesting_level) && !OG(active_ob_buffer).status && !OG(active_ob_buffer).erase) { + php_error_docref("ref.outcontrol" TSRMLS_CC, E_NOTICE, "failed to delete buffer %s.", OG(active_ob_buffer).handler_name); ++ zval_dtor(return_value); + RETURN_FALSE; + } +