--- php5-5.4.6.orig/.gitignore +++ php5-5.4.6/.gitignore @@ -15,7 +15,6 @@ *.opt *.plg *swp -*.patch *.tgz *.tar.gz *.tar.bz2 --- php5-5.4.6.orig/debian/libapache2-mod-php5filter.load +++ php5-5.4.6/debian/libapache2-mod-php5filter.load @@ -0,0 +1 @@ +LoadModule php5_module /usr/lib/apache2/modules/libphp5filter.so --- php5-5.4.6.orig/debian/php5-dev.files +++ php5-5.4.6/debian/php5-dev.files @@ -0,0 +1,6 @@ +usr/bin/php-config +usr/bin/phpize +usr/share/man/man1/php-config.1 +usr/share/man/man1/phpize.1 +usr/include +usr/lib/php5/build --- php5-5.4.6.orig/debian/source_php5.py +++ php5-5.4.6/debian/source_php5.py @@ -0,0 +1,57 @@ +#!/usr/bin/python + +'''PHP5 Apport interface + +Copyright (C) 2010 Canonical Ltd. +Author: Chuck Short + +This program is free software; you can redistribute it and/or modify it +under the terms of the GNU General Public License as published by the +Free Software Foundation; either version 2 of the License, or (at your +option) any later version. See http://www.gnu.org/copyleft/gpl.html for +the full text of the license. +''' + +import os +import subprocess +from apport.hookutils import * + +def _add_my_conf_files(report, filename): + if not os.path.exists(filename): + return + + key = 'PHPConf' + path_to_key(filename) + report[key] = "" + for line in read_file(filename).split('\n'): + try: + if 'mysql.default_password ' in line.split('=')[0]: + line = "%s = @@APPORTREPLACED@@" % (line.split('=')[0]) + if 'mysqli.default_pw ' in line.split('=')[0]: + line = "%s = @@APPORTREPLACED@@" % (line.split('=')[0]) + if 'ifx.default_password ' in line.split('=')[0]: + line = "%s = @@APPORTREPLACED@@" % (line.split('=')[0]) + report[key] += line + '\n' + except IndexError: + continue + +def add_info(report): + _add_my_conf_files(report, '/etc/php5/apache2/php.ini') + _add_my_conf_files(report, '/etc/php5/cli/php5.ini') + + # packages in main + packages=['php5', 'php-common', 'libapache2-mod-php5', 'libapache2-mod-php5filter' + 'php5-cgi', 'php5-cli', 'php5-dev', 'php5-dbg', 'php-pear', 'php5-curl', 'php5-gd' + 'php5-gmp', 'php5-ldap', 'php5-mhash', 'php5-mysql', 'php5-odbc', 'php5-pgsql', + 'php5-pspell', 'php5-recode', 'php5-snmp', 'php5-sqlite', 'php5-sybase', 'php5-tidy', + 'php5-xmlrpc', 'php5-xsl'] + + versions = '' + for package in packages: + try: + version = packaging.get_version(package) + except ValueError: + version = 'N/A' + if version is None: + version = 'N/A' + versions += '%s %s\n' %(package, version) + report['PHPInstalledModules'] = versions --- php5-5.4.6.orig/debian/libapache2-mod-php5filter.postinst +++ php5-5.4.6/debian/libapache2-mod-php5filter.postinst @@ -0,0 +1,48 @@ +#!/bin/sh + +set -e + +#DEBHELPER# + +reload_apache() +{ + if apache2ctl configtest 2>/dev/null; then + invoke-rc.d apache2 $1 || true + else + echo "Your apache2 configuration is broken, so we're not restarting it for you." + fi +} + +# we've registered a trigger to handle extension updates. +if [ "$1" = "triggered" ] && [ "$2" = "/etc/php5/conf.d" ]; then + reload_apache force-reload + exit 0 +elif [ "$1" != "configure" ]; then + exit 0 +fi + +phpini="/etc/php5/apache2filter/php.ini" + +ucf /usr/share/php5/php.ini-production $phpini +ucfr libapache2-mod-php5filter $phpini + +if [ -n "$2" ]; then + # recover the previous state + if [ -e /etc/php5/apache2filter/.start ]; then + a2enmod php5filter >/dev/null || true + fi +# we're upgrading. test if we're enabled, and if so, restart to reload the module. + if [ -e /etc/apache2/mods-enabled/php5filter.load ]; then + reload_apache force-reload + fi + exit 0 +fi + +if [ -e /etc/apache2/apache2.conf ]; then +# Enable the module, but hide a2enmod's misleading message about apachectl +# and force-reload the thing ourselves. + a2enmod php5filter >/dev/null || true + reload_apache restart +fi + +exit 0 --- php5-5.4.6.orig/debian/php5-sybase.preinst.extra +++ php5-5.4.6/debian/php5-sybase.preinst.extra @@ -0,0 +1 @@ +dpkg-maintscript-helper rm_conffile /etc/php5/conf.d/mssql.ini 5.2.3-1 -- "$@" --- php5-5.4.6.orig/debian/NEWS +++ php5-5.4.6/debian/NEWS @@ -0,0 +1,200 @@ +php5 (5.4.4-5) unstable; urgency=low + + * As a security measure the default configuration for Apache 2 has been + changed to a stricter model. Only files which have the correct + rightmost extension, and at least one character in the filename before + that extension, are now interpreted by PHP. For a full list of + handled extensions please see the Apache 2 configuration. At the time + of writing this paragraph, the list includes the following regular + expressions: + + 1. .+\.ph(p[345]?|t|tml)$ for PHP files (application/x-httpd-php) + 2. .+\.phps$ for PHP source files (application/x-httpd-php-source) + + Previously, as a side effect of system MIME type definitions, the + default configuration would allow the interpreting of files with a + double extension, where the second extension was either unrecognised + or a language or content encoding to be interpreted; e.g. an uploaded + file named blackhat.php.foobar or index.php.cs would be interpreted by + PHP. These non-standard definitions have been removed from the + mime-types packages and all configuration of PHP handlers is now + defined in the Apache 2 configuration files. + + The standard configuration now also denies access to files with names + which consist of an extension and nothing more; e.g. accessing '/.php' + will now return Access Denied instead of the output of the PHP script. + + You can use the following command to find whether there are any files + on your system which would be affected by this change (change + to the directory name where you store PHP files on your system): + + # find -name '*.ph[pt].*' -o -name '*.php[345s].*' -o \ + -name '*.phtml.*' -o -name '.ph[pt]' -o \ + -name '.php[345s]' -o -name '.phtml' + + -- Ondřej Surý Tue, 21 Aug 2012 09:14:47 +0200 + +php5 (5.4.4-1ubuntu1) quantal; urgency=low + + Because upstream has not produced a stable PHP 5.4 patch, and it has + been difficult to keep PHP up to date in Ubuntu in light of that, we + are no longer building PHP5 with Suhosin enabled. + + -- Clint Byrum Mon, 18 Jun 2012 15:17:45 -0700 + +php5 (5.4.0~rc8-1) unstable; urgency=low + + php5-fpm default www spool now listens on unix socket located + in /var/run/php5-fpm.sock instead of localhost:9000. If you + have configured your webserver to use localhost:9000, you will + have to change your settings. + + -- Ondřej Surý Wed, 08 Feb 2012 08:25:30 +0100 + +php5 (5.4.0~rc6-2) unstable; urgency=low + + t1lib support was removed from PHP 5.4. t1lib has many security + issues and is unmaintained by upstream for a very long time (3 years). + + For more information see: + + http://bugs.debian.org/637488 + + http://bugs.debian.org/638755 + + This unfortunately also means that following functions are not + available in PHP5 from now: + + - imagepsloadfont + - imagepsfreefont + - imagepsencodefont + - imagepsextendfont + - imagepsslantfont + - imagepstext + - imagepsbbox + + If you really need those functions you will need to install t1lib from + sources. You will need to install php5-dev and recompile GD extension + (roughly) using following commands: + + cd /ext/gd/ + phpize + configure --with-gd=shared,/usr --enable-gd-native-ttf \ + --with-t1lib= + make + make install + + -- Ondřej Surý Wed, 01 Feb 2012 18:19:45 +0100 + +php5 (5.3.10-1ubuntu1) precise; urgency=low + + * The Suhosin patch that was disabled by default in the Debian + packages is *enabled* on Ubuntu by default. + + -- Clint Byrum Thu, 16 Feb 2012 00:31:53 -0800 + +php5 (5.3.9-4) unstable; urgency=low + + * The Suhosin patch is now disabled in the default build. + + If you want to re-enable it again for your installation, you can + set the option PHP5_SUHOSIN=yes in debian/rules and recompile PHP. + + -- Ondřej Surý Sat, 28 Jan 2012 08:39:36 +0100 + +php5 (5.3.6-13) unstable; urgency=low + + * Updated blowfish crypt() algorithm fixes the 8-bit character handling + vulnerability (CVE-2011-2483) and adds more self-tests. Unfortunately + this change is incompatible with some old (wrong) generated hashes for + passwords containing 8-bit characters. + + It is recommended that any passwords containing characters with + the 8th bit set be changed after this upgrade. In order to allow users + to log in after the upgrade even if they have a potentially affected + password, the newly introduced backwards compatibility hash encoding + prefix of "$2x$" may be used (in place of the usual "$2a$"). Such + password hashes should only be used during a transition period; when + passwords are changed, the usual "$2a$" prefix is used, denoting the + correct algorithm. + + -- Ondřej Surý Mon, 04 Jul 2011 10:31:16 +0200 + +php5 (5.3.1-3) unstable; urgency=low + + * mod_php disabled in userdirs. + + The default Debian libapache2-mod-php5 package now disables the PHP + engine on ~/public_html directories when mod_userdir is enabled, for + security reasons. Although discouraged, it can be re-enabled by + commenting the block in + /etc/apache2/mods-available/php5.conf + + * PHP 5.2 compatibility settings + + Given the short time to the Squeeze release freeze, the + short_open_tag setting has been turned On again (upstream now + defaults to Off on the php.ini files.) However, the request_order and + auto_globals_jit settings continue to be the default from upstream + ("GP" and On, respectively.) + + -- Raphael Geissert Mon, 11 Jan 2010 16:49:28 -0600 + +php5 (5.2.11.dfsg.1-2) unstable; urgency=high + + * Maximum number of file uploads per request limited + + To prevent Denial of Service attacks by exhausting the number of + available temporary file names, upstream introduced the max_file_uploads + option in 5.3.1 and 5.2.12. + + Due to the nature of this new option a default limit has been set + to 50, hoping it is sensible enough to not to cause disruptions on + existing services. + The value of this new limit can be changed in the php.ini file. + + If you installed the php5-suhosin extension there was a limiting + mechanism in place already. In this case you may want to make sure + the new limit imposed by PHP itself is not smaller than suhosin's. + + -- Raphael Geissert Sat, 21 Nov 2009 13:37:51 -0600 + +php5 (5.2.6-1) unstable; urgency=medium + + * Now uses system timezone database. + + Debian PHP now makes use of the system wide timezone database from the + tzdata package, making sure any updates there are automatically used + by PHP aswell. Note that this requires that the PHP process has access + to /etc/localtime and /usr/share/zoneinfo (this is usually the case). + + * New php5-dbg package. + + We are now shipping a php5-dgb package which will greatly aid in finding + the cause of many crashes that you may experience. So if you are going to + report a bug for a reproducible crash, please install this package before + sending a backtrace. + + * New libapache2-mod-php5filter package. + + We are now also shipping a new libapache2-mod-php5filter package which + uses the "Apache 2.0 filter-module support via DSO through APXS". + + -- Thijs Kinkhorst Wed, 23 Jul 2008 17:42:06 +0200 + +php5 (5.2.3-2) unstable; urgency=low + + The Suhosin patch is now enabled by default! + + For more information, see + . + + Special thanks to Blars Blarson for providing a sparc machine for testing + that the patch seems to work okay on that architecture. If you experience + otherwise let us know! + + Suggestions are welcome for default configuration options, examples, + documentation, etc. + + In any event please report successes and/or failures to us at + pkg-php-maint@lists.alioth.debian.org. + + -- sean finney Thu, 12 Jul 2007 23:38:43 +0200 --- php5-5.4.6.orig/debian/php5-sqlite.preinst.extra +++ php5-5.4.6/debian/php5-sqlite.preinst.extra @@ -0,0 +1 @@ +dpkg-maintscript-helper rm_conffile /etc/php5/conf.d/sqlite.ini 5.3.9~ -- "$@" --- php5-5.4.6.orig/debian/php5-sybase.postrm.extra +++ php5-5.4.6/debian/php5-sybase.postrm.extra @@ -0,0 +1 @@ +dpkg-maintscript-helper rm_conffile /etc/php5/conf.d/mssql.ini 5.2.3-1 -- "$@" --- php5-5.4.6.orig/debian/php5-cli.dirs +++ php5-5.4.6/debian/php5-cli.dirs @@ -0,0 +1,3 @@ +/etc/php5/cli +/usr/bin +/usr/share/man/man1 --- php5-5.4.6.orig/debian/php5-common.php5.cron.d +++ php5-5.4.6/debian/php5-common.php5.cron.d @@ -0,0 +1,7 @@ +# /etc/cron.d/php5: crontab fragment for php5 +# This purges session files older than X, where X is defined in seconds +# as the largest value of session.gc_maxlifetime from all your php.ini +# files, or 24 minutes if not defined. See /usr/lib/php5/maxlifetime + +# Look for and purge old sessions every 30 minutes +09,39 * * * * root [ -x /usr/lib/php5/maxlifetime ] && [ -d /var/lib/php5 ] && find /var/lib/php5/ -depth -mindepth 1 -maxdepth 1 -type f -ignore_readdir_race -cmin +$(/usr/lib/php5/maxlifetime) ! -execdir fuser -s {} 2>/dev/null \; -delete --- php5-5.4.6.orig/debian/setup-mysql.sh +++ php5-5.4.6/debian/setup-mysql.sh @@ -0,0 +1,78 @@ +#!/bin/sh + +set -eu + +[ $# -ge 2 ] || { + echo "Usage: debian/setup-mysql.sh port data-dir" >&2 + exit 1 +} + +# CLI arguments # +port=$1 +datadir=$2 +action=${3:-start} +if [ "$(id -u)" -eq 0 ]; then + user="mysql" +else + user="$(whoami)" +fi + +# Some vars # + +socket=$datadir/mysql.sock +# Commands: +mysqladmin="mysqladmin --no-defaults --user root --port $port --host 127.0.0.1 --socket=$socket --no-beep" +mysqld="/usr/sbin/mysqld --no-defaults --user=$user --bind-address=127.0.0.1 --port=$port --socket=$socket --datadir=$datadir" + +# Main code # + +if [ "$action" = "stop" ]; then + $mysqladmin shutdown + exit +fi + +rm -rf $datadir +mkdir -p $datadir +chmod go-rx $datadir +chown $user: $datadir + +mysql_install_db --no-defaults --user=$user --datadir=$datadir --rpm --force + +tmpf=$(mktemp) +cat > "$tmpf" <&2 + if [ "$pid" ]; then + kill $pid || : + sleep 2 + kill -s KILL $pid || : + fi + exit 1 + fi +done + +# Check if the server is running +$mysqladmin status +# Drop the database if it exists +$mysqladmin --force --silent drop test || true +# Create new empty database +$mysqladmin create test --- php5-5.4.6.orig/debian/php5-cgi.NEWS +++ php5-5.4.6/debian/php5-cgi.NEWS @@ -0,0 +1,26 @@ +php5 (5.4.4-5) unstable; urgency=low + + Please be aware that the mime-types package has dropped non-standard + definitions for PHP that might affect any systems using PHP 5 running + as CGI or FastCGI. The following definitions were dropped: + + application/x-httpd-php phtml pht php + application/x-httpd-php-source phps + application/x-httpd-php3 php3 + application/x-httpd-php3-preprocessed php3p + application/x-httpd-php4 php4 + application/x-httpd-php5 php5 + + The php5-cgi package mitigates any known issues by creating a (dummy) + apache2 module php5_cgi with a configuration containing handlers for + all previously defined extensions. Even though we believe that this + configuration should keep your PHP scripts interpreted, it might be a + good idea to check your apache2 site-wide configuration as well as + any specific PHP configuration for websites running on your system. + + As far as we know definitions from the mime-types packages are not + used in any other webserver included in Debian, but it might affect + any application which relies on system MIME types to interpret PHP + files. + + -- Ondřej Surý Wed, 15 Aug 2012 10:31:31 +0200 --- php5-5.4.6.orig/debian/php5-cgi.postinst +++ php5-5.4.6/debian/php5-cgi.postinst @@ -0,0 +1,41 @@ +#!/bin/sh + +set -e + +#DEBHELPER# + +reload_apache() +{ + if apache2ctl configtest 2>/dev/null; then + invoke-rc.d apache2 $1 || true + else + echo "Your apache2 configuration is broken, so we're not restarting it for you." + fi +} + +if [ "$1" != "configure" ]; then + exit 0 +fi + +phpini="/etc/php5/cgi/php.ini" + +ucf /usr/share/php5/php.ini-production $phpini +ucfr php5-cgi $phpini + +# Enable php5_cgi if upgrading from older versions of php5-cgi +if [ -n "$2" ] && dpkg --compare-versions "$2" lt 5.4.4-5; then + # Only enable php5_cgi if apache2 is installed + if [ -x "/usr/sbin/a2enmod" ]; then + a2enmod php5_cgi >/dev/null || true + reload_apache force-reload + fi +fi + +update-alternatives \ + --install /usr/bin/php-cgi php-cgi /usr/bin/php5-cgi 50 \ + --slave /usr/share/man/man1/php-cgi.1.gz php-cgi.1.gz /usr/share/man/man1/php5-cgi.1.gz + +update-alternatives \ + --install /usr/lib/cgi-bin/php php-cgi-bin /usr/lib/cgi-bin/php5 50 + +exit 0 --- php5-5.4.6.orig/debian/libapache2-mod-php5.dirs +++ php5-5.4.6/debian/libapache2-mod-php5.dirs @@ -0,0 +1,3 @@ +/etc/apache2/mods-available +/etc/php5/apache2 +/usr/lib/apache2/modules --- php5-5.4.6.orig/debian/php5-fpm.logrotate +++ php5-5.4.6/debian/php5-fpm.logrotate @@ -0,0 +1,16 @@ +# cat /etc/logrotate.d/php5-fpm +/var/log/php5-fpm.log { + weekly + missingok + rotate 7 + compress + delaycompress + notifempty + postrotate + if [ -x /usr/sbin/invoke-rc.d ]; then \ + invoke-rc.d php5-fpm reopen-logs > /dev/null 2>&1; \ + else \ + /etc/init.d/php5-fpm reopen-logs > /dev/null 2>&1; \ + fi; \ + endscript +} --- php5-5.4.6.orig/debian/php5_cgi.conf +++ php5-5.4.6/debian/php5_cgi.conf @@ -0,0 +1,37 @@ +# This file replaces old system MIME types and sets them only in the +# Apache webserver + +# application/x-httpd-php phtml pht php +# application/x-httpd-php3 php3 +# application/x-httpd-php4 php4 +# application/x-httpd-php5 php + + SetHandler application/x-httpd-php + +# application/x-httpd-php-source phps + + SetHandler application/x-httpd-php-source + # Deny access to raw php sources by default + # To re-enable it's recommended to enable access to the files + # only in specific virtual host or directory + Order Deny,Allow + Deny from all + +# Deny access to files without filename (e.g. '.php') + + Order Deny,Allow + Deny from all + + +# To enable PHP CGI site-wide, just uncomment following lines, however +# as a security measure, it's recommended to enable PHP just in the +# specific virtual servers or just specific directories + +#ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ +# +# AllowOverride None +# Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch +# Order allow,deny +# Allow from all +# +#Action application/x-httpd-php /cgi-bin/php5 --- php5-5.4.6.orig/debian/php5-mysqlnd.preinst.extra +++ php5-5.4.6/debian/php5-mysqlnd.preinst.extra @@ -0,0 +1 @@ +dpkg-maintscript-helper mv_conffile /etc/php5/conf.d/10-mysqlnd.ini /etc/php5/mods-available/mysqlnd.ini 5.4.0~rc6-1 -- "$@"; --- php5-5.4.6.orig/debian/php5-cgi.dirs +++ php5-5.4.6/debian/php5-cgi.dirs @@ -0,0 +1,5 @@ +/etc/apache2/mods-available +/etc/php5/cgi +/usr/lib/cgi-bin +/usr/bin +/usr/share/man/man1 --- php5-5.4.6.orig/debian/libapache2-mod-php5.postinst +++ php5-5.4.6/debian/libapache2-mod-php5.postinst @@ -0,0 +1,49 @@ +#!/bin/sh + +set -e + +#DEBHELPER# + +reload_apache() +{ + if apache2ctl configtest 2>/dev/null; then + invoke-rc.d apache2 $1 || true + else + echo "Your apache2 configuration is broken, so we're not restarting it for you." + fi +} + +# we've registered a trigger to handle extension updates. +if [ "$1" = "triggered" ] && [ "$2" = "/etc/php5/conf.d" ]; then + reload_apache force-reload + exit 0 +elif [ "$1" != "configure" ]; then + exit 0 +fi + +phpini="/etc/php5/apache2/php.ini" + +ucf /usr/share/php5/php.ini-production $phpini +ucfr libapache2-mod-php5 $phpini + +if [ -n "$2" ]; then + # recover the previous state + if [ -e /etc/php5/apache2/.start ]; then + a2enmod php5 >/dev/null || true + rm -f /etc/php5/apache2/.start + fi +# we're upgrading. test if we're enabled, and if so, restart to reload the module. + if [ -e /etc/apache2/mods-enabled/php5.load ]; then + reload_apache force-reload + fi + exit 0 +fi + +if [ -e /etc/apache2/apache2.conf ]; then +# Enable the module, but hide a2enmod's misleading message about apachectl +# and force-reload the thing ourselves. + a2enmod php5 >/dev/null || true + reload_apache restart +fi + +exit 0 --- php5-5.4.6.orig/debian/suhosin_patch.watch +++ php5-5.4.6/debian/suhosin_patch.watch @@ -0,0 +1,8 @@ +# Check for new versions with: +# uscan --watchfile debian/suhosin_patch.watch --package suhosin-patch +# don't forget to update the version in this file when updating the patch! +version=3 + +opts=uversionmangle=s/RC/~RC/ \ +http://www.hardened-php.net/suhosin/download.html \ + http://download.suhosin.org/suhosin-patch-(.*)\.patch\.gz 5.3.1-0.9.8 --- php5-5.4.6.orig/debian/php5-fpm.postinst +++ php5-5.4.6/debian/php5-fpm.postinst @@ -0,0 +1,21 @@ +#!/bin/sh + +set -e + +#DEBHELPER# + +dpkg-maintscript-helper mv_conffile /etc/php5/fpm/main.conf /etc/php5/fpm/php-fpm.conf 5.3.5-1 -- "$@" + +if [ "$1" = "triggered" ] && [ "$2" = "/etc/php5/conf.d" ]; then + invoke-rc.d php5-fpm restart + exit 0 +elif [ "$1" != "configure" ]; then + exit 0 +fi + +phpini="/etc/php5/fpm/php.ini" + +ucf /usr/share/php5/php.ini-production $phpini +ucfr php5-fpm $phpini + +exit 0 --- php5-5.4.6.orig/debian/control +++ php5-5.4.6/debian/control @@ -0,0 +1,499 @@ +Source: php5 +Section: php +Priority: optional +Maintainer: Ubuntu Developers +XSBC-Original-Maintainer: Debian PHP Maintainers +Uploaders: Ondřej Surý , + Sean Finney , + Thijs Kinkhorst , + Lior Kaplan +Build-Depends: apache2-prefork-dev, + autoconf (>= 2.63), + automake (>= 1.11) | automake1.11, + bison, + chrpath, + debhelper (>= 5), + flex, + freetds-dev, + hardening-wrapper, + libapr1-dev (>= 1.2.7-8), + libbz2-dev, + libcurl4-openssl-dev, + libdb-dev, + libenchant-dev, + libevent-dev (>= 1.4.11), + libexpat1-dev (>= 1.95.2-2.1), + libfreetype6-dev, + libgcrypt11-dev, + libgd2-xpm-dev, + libglib2.0-dev, + libgmp3-dev, + libicu-dev, + libjpeg-dev | libjpeg62-dev, + libkrb5-dev, + libldap2-dev, + libmagic-dev, + libmhash-dev (>= 0.8.8), + libmysqlclient-dev, + libpam0g-dev, + libpcre3-dev (>= 6.6), + libpng-dev | libpng12-dev, + libpq-dev, + libpspell-dev, + librecode-dev, + libsasl2-dev, + libsnmp-dev, + libsqlite3-dev, + libssl-dev, + libtidy-dev, + libtool (>= 2.2), + libwrap0-dev, + libxmltok1-dev, + libxml2-dev, + libxslt1-dev (>= 1.0.18), + lemon, + mysql-server-core-5.5, + mysql-client-5.5, + locales-all | language-pack-de, + netbase, + netcat-openbsd | netcat, + quilt, + re2c, + unixodbc-dev, + zlib1g-dev, + libedit-dev, + tzdata +Build-Conflicts: bind-dev +Standards-Version: 3.9.3 +Vcs-Git: git://git.debian.org/pkg-php/php.git +Vcs-Browser: http://git.debian.org/?p=pkg-php/php.git +Homepage: http://www.php.net/ + +Package: php5 +Architecture: all +Depends: ${misc:Depends}, libapache2-mod-php5 (>= ${source:Version}) | libapache2-mod-php5filter (>= ${source:Version}) | php5-cgi (>= ${source:Version}) | php5-fpm (>= ${source:Version}), php5-common (>= ${source:Version}) +Description: server-side, HTML-embedded scripting language (metapackage) + This package is a metapackage that, when installed, guarantees that you + have at least one of the four server-side versions of the PHP5 interpreter + installed. Removing this package won't remove PHP5 from your system, however + it may remove other packages that depend on this one. + . + PHP (recursive acronym for PHP: Hypertext Preprocessor) is a widely-used + open source general-purpose scripting language that is especially suited + for web development and can be embedded into HTML. + +Package: php5-common +Architecture: any +Depends: ${misc:Depends}, sed (>= 4.1.1-1), psmisc (>= 22.15-1~), ${shlibs:Depends}, ucf +Pre-Depends: dpkg (>= 1.15.7.2~) +Provides: php5-json, php5-mhash +Conflicts: php5-json, php5-mhash +Breaks: jffnms (<= 0.9.1-1), + d-push (<= 1.5.5-1), + dotclear (<= 2.4.0+dfsg-1), + boinc-server-maker (<= 7.0.14+dfsg-1), + gforge-common (<= 5.1.1-2), + php5-gpib (<= 3.2.11-2.1), + libow-php5 (<= 2.8p14-3), + php-openid (<= 2.2.2-1), + php-radius-legacy (<= 1.2.5-2.1), + php-imlib (<= 0.7-3), + fossology-common (<= 1.2.0-3.1), + lwat (<= 0.17-4.2), + zoph (<= 0.8.0.1-1), + phpreports (<= 0.4.9-2), + php-kolab-filter (<= 0.1.9-4), + horde3 (<= 3.3.12+debian0-1), + moodle (<= 1.9.9.dfsg2-4) +Description: Common files for packages built from the php5 source + This package contains the documentation and example files relevant to all + the other packages built from the php5 source. + . + PHP (recursive acronym for PHP: Hypertext Preprocessor) is a widely-used + open source general-purpose scripting language that is especially suited + for web development and can be embedded into HTML. + +Package: libapache2-mod-php5 +Section: httpd +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends}, mime-support, ${apache2:Depends}, php5-common (= ${binary:Version}), libmagic1, ucf, tzdata +Conflicts: libapache2-mod-php4, libapache2-mod-php5filter +Provides: ${php:Provides} +Recommends: php5-cli +Suggests: php-pear +Description: server-side, HTML-embedded scripting language (Apache 2 module) + This package provides the PHP5 module for the Apache 2 webserver (as + found in the apache2-mpm-prefork package). Please note that this package + ONLY works with Apache's prefork MPM, as it is not compiled thread-safe. + . + ${php:Extensions} + . + PHP (recursive acronym for PHP: Hypertext Preprocessor) is a widely-used + open source general-purpose scripting language that is especially suited + for web development and can be embedded into HTML. + +Package: libapache2-mod-php5filter +Section: httpd +Priority: extra +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends}, mime-support, ${apache2:Depends}, php5-common (= ${binary:Version}), libmagic1, ucf, tzdata +Conflicts: libapache2-mod-php4, libapache2-mod-php5 +Provides: ${php:Provides} +Suggests: php-pear +Description: server-side, HTML-embedded scripting language (apache 2 filter module) + This package provides the PHP5 Filter module for the Apache 2 webserver (as + found in the apache2-mpm-prefork package). Please note that this package + ONLY works with Apache's prefork MPM, as it is not compiled thread-safe. + . + Unless you specifically need filter-module support, you most likely + should instead install libapache2-mod-php5. + . + ${php:Extensions} + . + PHP (recursive acronym for PHP: Hypertext Preprocessor) is a widely-used + open source general-purpose scripting language that is especially suited + for web development and can be embedded into HTML. + +Package: php5-cgi +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends}, mime-support, php5-common (= ${binary:Version}), libmagic1, ucf, tzdata +Provides: ${php:Provides} +Suggests: php-pear +Description: server-side, HTML-embedded scripting language (CGI binary) + This package provides the /usr/lib/cgi-bin/php5 CGI interpreter built + for use in Apache 2 with mod_actions, or any other CGI httpd that + supports a similar mechanism. Note that MOST Apache users probably + want the libapache2-mod-php5 package. + . + ${php:Extensions} + . + PHP (recursive acronym for PHP: Hypertext Preprocessor) is a widely-used + open source general-purpose scripting language that is especially suited + for web development and can be embedded into HTML. + +Package: php5-cli +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends}, mime-support, php5-common (= ${binary:Version}), libmagic1, ucf, tzdata +Provides: ${php:Provides} +Suggests: php-pear +Description: command-line interpreter for the php5 scripting language + This package provides the /usr/bin/php5 command interpreter, useful for + testing PHP scripts from a shell or performing general shell scripting tasks. + . + ${php:Extensions} + . + PHP (recursive acronym for PHP: Hypertext Preprocessor) is a widely-used + open source general-purpose scripting language that is especially suited + for web development and can be embedded into HTML. + +Package: php5-fpm +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends}, mime-support, php5-common (= ${binary:Version}), libmagic1, ucf, tzdata +Provides: ${php:Provides} +Suggests: php-pear +Pre-Depends: dpkg (>= 1.15.7.2~) +Description: server-side, HTML-embedded scripting language (FPM-CGI binary) + This package provides the Fast Process Manager interpreter that runs + as a daemon and receives Fast/CGI requests. Note that MOST Apache users + probably want the libapache2-mod-php5 package. + . + ${php:Extensions} + . + PHP (recursive acronym for PHP: Hypertext Preprocessor) is a widely-used + open source general-purpose scripting language that is especially suited + for web development and can be embedded into HTML. + +Package: libphp5-embed +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends}, mime-support, php5-common (= ${binary:Version}), libmagic1, ucf, tzdata +Provides: ${php:Provides} +Suggests: php-pear +Description: HTML-embedded scripting language (Embedded SAPI library) + This package provides the library /usr/lib/libphp5.so which can + be used by application developers to embed PHP scripting functionality. + . + ${php:Extensions} + . + PHP (recursive acronym for PHP: Hypertext Preprocessor) is a widely-used + open source general-purpose scripting language that is especially suited + for web development and can be embedded into HTML. + +Package: php5-dev +Depends: ${misc:Depends}, autoconf (>= 2.63), automake (>= 1.11), libssl-dev, libtool (>= 2.2), shtool, php5-common (>= ${binary:Version}) +Conflicts: ${libtool:Conflicts} +Architecture: any +Description: Files for PHP5 module development + This package provides the files from the PHP5 source needed for compiling + additional modules. + . + PHP (recursive acronym for PHP: Hypertext Preprocessor) is a widely-used + open source general-purpose scripting language that is especially suited + for web development and can be embedded into HTML. + +Package: php5-dbg +Depends: ${misc:Depends}, php5-common (= ${binary:Version}), libapache2-mod-php5 (= ${binary:Version}) | libapache2-mod-php5filter (= ${binary:Version}) | php5-cgi (= ${binary:Version}) | php5-cli (= ${binary:Version}) | php5-fpm (= ${binary:Version}) | php5-curl (= ${binary:Version}) | php5-enchant (= ${binary:Version}) | php5-gd (= ${binary:Version}) | php5-gmp (= ${binary:Version}) | php5-intl (= ${binary:Version}) | php5-ldap (= ${binary:Version}) | php5-mysql (= ${binary:Version}) | php5-odbc (= ${binary:Version}) | php5-pgsql (= ${binary:Version}) | php5-pspell (= ${binary:Version}) | php5-recode (= ${binary:Version}) | php5-snmp (= ${binary:Version}) | php5-sqlite (= ${binary:Version}) | php5-sybase (= ${binary:Version}) | php5-tidy (= ${binary:Version}) | php5-xmlrpc (= ${binary:Version}) | php5-xsl (= ${binary:Version}) +Recommends: gdb +Section: debug +Priority: extra +Architecture: any +Description: Debug symbols for PHP5 + This package provides the debug symbols for PHP5 needed for properly + debugging errors in PHP5 with gdb. + . + PHP (recursive acronym for PHP: Hypertext Preprocessor) is a widely-used + open source general-purpose scripting language that is especially suited + for web development and can be embedded into HTML. + +Package: php-pear +Architecture: all +Depends: ${misc:Depends}, php5-common (>= ${source:Version}), php5-cli +Recommends: gnupg +Conflicts: php-xml-util +Suggests: php5-dev +Replaces: php4-pear (<< 4:4.4.0-0), php-xml-util +Provides: php-xml-util +Description: PEAR - PHP Extension and Application Repository + This package contains the base PEAR classes for PHP, as well as the PEAR + installer. Many PEAR classes are already packaged for Debian, and can be + easily identified by names beginning with "php-", such as php-db and + php-auth. Note: to build and install precompiled PECL extensions, you + will need one of the php development packages installed. + . + PHP (recursive acronym for PHP: Hypertext Preprocessor) is a widely-used + open source general-purpose scripting language that is especially suited + for web development and can be embedded into HTML. + +Package: php5-curl +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends}, ${php:Depends}, php5-common (= ${binary:Version}), ucf +Pre-Depends: dpkg (>= 1.15.7.2~) +Description: CURL module for php5 + CURL is a library for getting files from FTP, GOPHER, HTTP server. + . + PHP (recursive acronym for PHP: Hypertext Preprocessor) is a widely-used + open source general-purpose scripting language that is especially suited + for web development and can be embedded into HTML. + +Package: php5-enchant +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends}, ${php:Depends}, php5-common (= ${binary:Version}), ucf +Pre-Depends: dpkg (>= 1.15.7.2~) +Description: Enchant module for php5 + This package provides a module for the generic spell checking library + Enchant, which can use engines such as ispell, aspell and myspells. + . + PHP (recursive acronym for PHP: Hypertext Preprocessor) is a widely-used + open source general-purpose scripting language that is especially suited + for web development and can be embedded into HTML. + +Package: php5-gd +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends}, ${php:Depends}, php5-common (= ${binary:Version}), ucf +Pre-Depends: dpkg (>= 1.15.7.2~) +Description: GD module for php5 + This package provides a module for handling graphics directly from PHP + scripts. It supports the PNG, JPEG, XPM formats as well as Freetype/ttf fonts. + . + PHP (recursive acronym for PHP: Hypertext Preprocessor) is a widely-used + open source general-purpose scripting language that is especially suited + for web development and can be embedded into HTML. + +Package: php5-gmp +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends}, ${php:Depends}, php5-common (= ${binary:Version}), ucf +Pre-Depends: dpkg (>= 1.15.7.2~) +Description: GMP module for php5 + This package provides a module for arbitrary precision arithmetic via the + GNU Multiple Precision (GMP) Arithmetic Library. + . + PHP (recursive acronym for PHP: Hypertext Preprocessor) is a widely-used + open source general-purpose scripting language that is especially suited + for web development and can be embedded into HTML. + +Package: php5-intl +Architecture: any +Depends: ${shlibs:Depends}, ${php:Depends}, ${misc:Depends}, php5-common (= ${binary:Version}), ucf +Conflicts: php5-idn +Replaces: php5-idn +Provides: php5-idn +Pre-Depends: dpkg (>= 1.15.7.2~) +Description: internationalisation module for php5 + This package provides a module to ease internationalisation of PHP scripts. + . + PHP (recursive acronym for PHP: Hypertext Preprocessor) is a widely-used + open source general-purpose scripting language that is especially suited + for web development and can be embedded into HTML. + +Package: php5-ldap +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends}, ${php:Depends}, php5-common (= ${binary:Version}), ucf +Pre-Depends: dpkg (>= 1.15.7.2~) +Description: LDAP module for php5 + This package provides a module for LDAP functions in PHP scripts. + . + PHP (recursive acronym for PHP: Hypertext Preprocessor) is a widely-used + open source general-purpose scripting language that is especially suited + for web development and can be embedded into HTML. + +Package: php5-mysql +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends}, ${php:Depends}, php5-common (= ${binary:Version}), ucf +Conflicts: php5-mysqli, php5-mysqlnd +Replaces: php5-mysqli, php5-mysqlnd +Pre-Depends: dpkg (>= 1.15.7.2~) +Description: MySQL module for php5 + This package provides modules for MySQL database connections directly from + PHP scripts. It includes the generic "mysql" module which can be used + to connect to all versions of MySQL, an improved "mysqli" module for + MySQL version 4.1 or later, and the pdo_mysql module for use with + the PHP Data Object extension. + . + PHP (recursive acronym for PHP: Hypertext Preprocessor) is a widely-used + open source general-purpose scripting language that is especially suited + for web development and can be embedded into HTML. + +Package: php5-mysqlnd +Architecture: any +Priority: extra +Depends: ${shlibs:Depends}, ${misc:Depends}, ${php:Depends}, php5-common (= ${binary:Version}), ucf +Conflicts: php5-mysqli, php5-mysql +Replaces: php5-mysqli, php5-mysql +Pre-Depends: dpkg (>= 1.15.7.2~) +Description: MySQL module for php5 (Native Driver) + This package provides modules for MySQL database connections directly from + PHP scripts. It includes the generic "mysql" module which can be used + to connect to all versions of MySQL, an improved "mysqli" module for + MySQL version 4.1 or later, and the pdo_mysql module for use with + the PHP Data Object extension. + . + This package use the MySQL Native Driver. + . + PHP (recursive acronym for PHP: Hypertext Preprocessor) is a widely-used + open source general-purpose scripting language that is especially suited + for web development and can be embedded into HTML. + +Package: php5-odbc +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends}, ${php:Depends}, php5-common (= ${binary:Version}), ucf +Pre-Depends: dpkg (>= 1.15.7.2~) +Description: ODBC module for php5 + This package provides a module for database access through ODBC drivers. + It uses the unixODBC library as an ODBC provider. It also contains the + pdo_odbc module, for use with the PHP Data Object extension. + . + PHP (recursive acronym for PHP: Hypertext Preprocessor) is a widely-used + open source general-purpose scripting language that is especially suited + for web development and can be embedded into HTML. + +Package: php5-pgsql +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends}, ${php:Depends}, php5-common (= ${binary:Version}), ucf +Pre-Depends: dpkg (>= 1.15.7.2~) +Description: PostgreSQL module for php5 + This package provides a module for PostgreSQL database connections + directly from PHP scripts. It also includes the pdo_pgsql module for + use with the PHP Data Object extension. + . + PHP (recursive acronym for PHP: Hypertext Preprocessor) is a widely-used + open source general-purpose scripting language that is especially suited + for web development and can be embedded into HTML. + +Package: php5-pspell +Architecture: any +Depends: ${shlibs:Depends}, ${php:Depends}, ${misc:Depends}, php5-common (= ${binary:Version}), ucf +Pre-Depends: dpkg (>= 1.15.7.2~) +Description: pspell module for php5 + This package provides a module for pspell functions in PHP scripts. + . + PHP (recursive acronym for PHP: Hypertext Preprocessor) is a widely-used + open source general-purpose scripting language that is especially suited + for web development and can be embedded into HTML. + +Package: php5-recode +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends}, ${php:Depends}, php5-common (= ${binary:Version}), ucf +Pre-Depends: dpkg (>= 1.15.7.2~) +Description: recode module for php5 + This package provides a module for recode - character set recoding. + . + PHP (recursive acronym for PHP: Hypertext Preprocessor) is a widely-used + open source general-purpose scripting language that is especially suited + for web development and can be embedded into HTML. + +Package: php5-snmp +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends}, ${php:Depends}, php5-common (= ${binary:Version}), ucf +Pre-Depends: dpkg (>= 1.15.7.2~) +Description: SNMP module for php5 + This package provides a module for SNMP functions in PHP scripts. + . + PHP (recursive acronym for PHP: Hypertext Preprocessor) is a widely-used + open source general-purpose scripting language that is especially suited + for web development and can be embedded into HTML. + +Package: php5-sqlite +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends}, ${php:Depends}, php5-common (= ${binary:Version}), ucf +Breaks: roundcube-sqlite (<< 0.7.1-2) +Pre-Depends: dpkg (>= 1.15.7.2~) +Description: SQLite module for php5 + This package provides a module allowing you to use the SQLite self-contained + database engine from within your PHP scripts, eliminating the need for a full + SQL server installation like MySQL or PostgreSQL. It also includes the + pdo_sqlite module, for use with the PHP Data Object extension. + . + PHP (recursive acronym for PHP: Hypertext Preprocessor) is a widely-used + open source general-purpose scripting language that is especially suited + for web development and can be embedded into HTML. + +Package: php5-sybase +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends}, ${php:Depends}, php5-common (= ${binary:Version}), ucf +Provides: php5-mssql +Pre-Depends: dpkg (>= 1.15.7.2~) +Description: Sybase / MS SQL Server module for php5 + This package provides a module for Sybase and Microsoft SQL Server + database connections directly from PHP scripts. It also includes the + pdo_dblib module for use with the PHP Data Object extension. + . + PHP (recursive acronym for PHP: Hypertext Preprocessor) is a widely-used + open source general-purpose scripting language that is especially suited + for web development and can be embedded into HTML. + +Package: php5-tidy +Architecture: any +Depends: ${shlibs:Depends}, ${php:Depends}, ${misc:Depends}, php5-common (= ${binary:Version}), ucf +Pre-Depends: dpkg (>= 1.15.7.2~) +Description: tidy module for php5 + This package provides a module for tidy functions in PHP scripts. + . + Tidy is an extension based on Libtidy (http://tidy.sf.net/) and allows + a PHP developer to clean, repair, and traverse HTML, XHTML, and XML + documents -- including ones with embedded scripting languages such as PHP + or ASP within them using OO constructs. + . + PHP (recursive acronym for PHP: Hypertext Preprocessor) is a widely-used + open source general-purpose scripting language that is especially suited + for web development and can be embedded into HTML. + +Package: php5-xmlrpc +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends}, ${php:Depends}, php5-common (= ${binary:Version}), ucf +Pre-Depends: dpkg (>= 1.15.7.2~) +Description: XML-RPC module for php5 + This package provides a module for XML-RPC functions in PHP scripts. + . + PHP (recursive acronym for PHP: Hypertext Preprocessor) is a widely-used + open source general-purpose scripting language that is especially suited + for web development and can be embedded into HTML. + +Package: php5-xsl +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends}, ${php:Depends}, php5-common (= ${binary:Version}), ucf +Pre-Depends: dpkg (>= 1.15.7.2~) +Description: XSL module for php5 + This package provides a module for XSL using the libxslt XSL parser. + . + PHP (recursive acronym for PHP: Hypertext Preprocessor) is a widely-used + open source general-purpose scripting language that is especially suited + for web development and can be embedded into HTML. --- php5-5.4.6.orig/debian/php5-module.triggers +++ php5-5.4.6/debian/php5-module.triggers @@ -0,0 +1 @@ +activate /etc/php5/conf.d --- php5-5.4.6.orig/debian/php5-mysqlnd.postinst.extra +++ php5-5.4.6/debian/php5-mysqlnd.postinst.extra @@ -0,0 +1,5 @@ +if [ "$1" = "configure" ]; then + ucf /usr/share/php5/mysqlnd/mysqlnd.ini /etc/php5/mods-available/mysqlnd.ini +fi + +dpkg-maintscript-helper mv_conffile /etc/php5/conf.d/10-mysqlnd.ini /etc/php5/mods-available/mysqlnd.ini 5.4.0~rc6-1 -- "$@"; --- php5-5.4.6.orig/debian/rules +++ php5-5.4.6/debian/rules @@ -0,0 +1,826 @@ +#!/usr/bin/make -f +# Sample debian/rules that uses debhelper. +# GNU copyright 1997 by Joey Hess. +# +# This version is for a hypothetical package that builds an +# architecture-dependant package, as well as an architecture-independent +# package. + +# Uncomment this to turn on verbose mode. +#export DH_VERBOSE=1 + +# This has to be exported to make some magic below work. +export DH_OPTIONS + +# Set this flag to 'yes' if you want to disable all modifications breaking abi +# compatibility to upstream +PHP5_COMPAT=no + +# Set this flag to 'yes' if you want to compile PHP5 with suhosin patch +PHP5_SUHOSIN=no + +DEB_HOST_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_HOST_GNU_TYPE) +DEB_BUILD_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_BUILD_GNU_TYPE) +DEB_HOST_MULTIARCH ?= $(shell dpkg-architecture -qDEB_HOST_MULTIARCH) +export DEB_HOST_MULTIARCH + +PHP5_HOST_GNU_TYPE = $(subst gnulp,gnu,$(DEB_HOST_GNU_TYPE)) +PHP5_BUILD_GNU_TYPE = $(subst gnulp,gnu,$(DEB_BUILD_GNU_TYPE)) + +PHP5_HOST_GNU_TYPE := $(shell echo $(PHP5_HOST_GNU_TYPE) | sed 's/-gnu$$//') +PHP5_BUILD_GNU_TYPE := $(shell echo $(PHP5_BUILD_GNU_TYPE) | sed 's/-gnu$$//') +DEB_HOST_ARCH ?= $(shell dpkg-architecture -qDEB_HOST_ARCH) + +PHP5_SOURCE_VERSION = $(shell dpkg-parsechangelog | grep ^Version | sed "s/Version: //") +PHP5_UPSTREAM_VERSION = $(shell echo $(PHP5_SOURCE_VERSION) | sed -e "s/-.*//" -e "s/.*://") +PHP5_DEBIAN_REVISION = $(shell echo $(PHP5_SOURCE_VERSION) | sed "s/.*-//") + +RUN_TESTS = yes +ifeq (nocheck,$(findstring nocheck,$(DEB_BUILD_OPTIONS))) + $(warning Disabling checks due DEB_BUILD_OPTIONS) + RUN_TESTS = no +endif +ifeq ($(DEB_HOST_ARCH),$(filter $(DEB_HOST_ARCH),hurd-i386)) + $(warning Disabling checks on hurd-i386) + RUN_TESTS = no +endif + +#ifneq ($(DEB_HOST_ARCH),$(filter $(DEB_HOST_ARCH),hurd-i386 m68k hppa ppc64)) +# CONFIGURE_APACHE_ARGS = --with-interbase=shared,/usr --with-pdo-firebird=shared,/usr +#else +# CONFIGURE_APACHE_ARGS = --without-interbase --without-pdo-firebird +#endif + +ifeq (yes,$(RUN_TESTS)) + MYSQL_PORT := $(shell for i in $$(seq 1025 3600 | sort -R); do nc -z localhost $$i || { echo $$i; exit; } ; done) + MYSQL_DATA_DIR ?= $(shell readlink -f mysql_db) + ifeq (,$(MYSQL_PORT)) + $(error Could not find available port for mysql server) + endif + MYSQL_SOCKET = $(MYSQL_DATA_DIR)/mysql.sock +endif + +# specify some options to our patch system +QUILT_DIFF_OPTS=-p +QUILT_NO_DIFF_TIMESTAMPS=1 +export QUILT_DIFF_OPTS QUILT_NO_DIFF_TIMESTAMPS + +PROG_SENDMAIL = /usr/sbin/sendmail +ifeq (,$(findstring noopt,$(DEB_BUILD_OPTIONS))) + CFLAGS += -O2 +else + CFLAGS += -O0 +endif +CFLAGS += -Wall -fsigned-char -fno-strict-aliasing +# LFS support +ifneq (yes,$(PHP5_COMPAT)) + CFLAGS += $(shell getconf LFS_CFLAGS) +endif + +# Enable IEEE-conformant floating point math on alphas (not the default) +ifeq (alpha-linux-gnu,$(DEB_HOST_GNU_TYPE)) + CFLAGS += -mieee +endif + +ifeq ($(DEB_HOST_GNU_TYPE),$(filter $(DEB_HOST_GNU_TYPE),ia64-linux-gnu powerpc64-linux-gnu avr32-linux-gnu)) + CFLAGS += -g +else + CFLAGS += -gstabs +endif + +# some other helpful (for readability at least) shorthand variables +PHPIZE_BUILDDIR = debian/php5-dev/usr/lib/php5/build + +# support new (>= 2.2) and older versions of libtool for backporting ease +LIBTOOL_DIRS = /usr/share/libtool/config /usr/share/libtool +LTMAIN = $(firstword $(wildcard $(foreach d,$(LIBTOOL_DIRS),$d/ltmain.sh))) +LTMAIN_DIR = $(dir $(LTMAIN)) + +ifeq ($(LTMAIN_DIR), /usr/share/libtool/) +LIBTOOL_CONFLICTS:=libtool (>= 2.2) +else ifeq ($(LTMAIN_DIR), /usr/share/libtool/config/) +LIBTOOL_CONFLICTS:=libtool (<< 2.2) +else +LIBTOOL_CONFLICTS:=$(error "could not resolve path to ltmain.sh") +endif + +#ifneq (,$(filter parallel=%,$(DEB_BUILD_OPTIONS))) +# NUMJOBS = $(patsubst parallel=%,%,$(filter parallel=%,$(DEB_BUILD_OPTIONS))) +# MAKEFLAGS += -j$(NUMJOBS) +#endif + +# enable the hardening wrapper +DEB_BUILD_HARDENING = 1 +# but disable PIE +DEB_BUILD_HARDENING_PIE = 0 +export DEB_BUILD_HARDENING DEB_BUILD_HARDENING_PIE + +COMMON_CONFIG=--build=$(DEB_BUILD_GNU_TYPE) \ + --host=$(DEB_HOST_GNU_TYPE) \ + --sysconfdir=/etc \ + --localstatedir=/var \ + --mandir=/usr/share/man \ + --disable-debug \ + --with-regex=php \ + --disable-rpath \ + --disable-static \ + --with-pic \ + --with-layout=GNU \ + --with-pear=/usr/share/php \ + --enable-calendar \ + --enable-sysvsem \ + --enable-sysvshm \ + --enable-sysvmsg \ + --enable-bcmath \ + --with-bz2 \ + --enable-ctype \ + --with-db4 \ + --without-gdbm \ + --with-iconv \ + --enable-exif \ + --enable-ftp \ + --with-gettext \ + --enable-mbstring \ + --with-pcre-regex=/usr \ + --enable-shmop \ + --enable-sockets \ + --enable-wddx \ + --with-libxml-dir=/usr \ + --with-zlib \ + --with-kerberos=/usr \ + --with-openssl \ + --enable-soap \ + --enable-zip \ + --with-mhash=yes \ + --with-system-tzdata \ + --with-mysql-sock=/var/run/mysqld/mysqld.sock + +BUILTIN_EXTENSION_CHECK=$$e=get_loaded_extensions(); natcasesort($$e); \ + $$s="The following extensions are built in:"; \ + foreach($$e as $$i) { $$s .= " $$i"; } \ + echo("php:Extensions=" . wordwrap($$s . ".\n", 75, "\$${Newline}")); + +# include the patch/unpatch rules from quilt +include /usr/share/quilt/quilt.make + +prepared: prepared-stamp +prepared-stamp: $(QUILT_STAMPFN) + dh_testdir +ifeq (yes,$(PHP5_SUHOSIN)) + QUILT_PATCHES=$(QUILT_PATCH_DIR) \ + quilt --quiltrc /dev/null import debian/patches/suhosin.patch + QUILT_PATCHES=$(QUILT_PATCH_DIR) \ + quilt --quiltrc /dev/null push -a || test $$? = 2 +endif + sed -i -e 's/EXTRA_VERSION=""/EXTRA_VERSION="-$(PHP5_DEBIAN_REVISION)"/' configure.in + ./buildconf --force + touch prepared-stamp + +unprepared: + dh_testdir + sed -i -e 's/EXTRA_VERSION="-$(PHP5_DEBIAN_REVISION)"/EXTRA_VERSION=""/' configure.in + rm -f prepared-stamp + +test-results.txt: build-apache2-stamp build-cli-stamp build-cgi-stamp +ifeq (yes,$(RUN_TESTS)) + mkdir -p temp_session_store + # start our own mysql server for the tests + $(SHELL) -x debian/setup-mysql.sh $(MYSQL_PORT) $(MYSQL_DATA_DIR) + extensions=""; \ + for f in $(CURDIR)/apache2-build/modules/*.so; do \ + ext=`basename "$$f"`; \ + test -d "$(CURDIR)/ext/$${ext%.so}/tests" || continue; \ + test "$$ext" != "imap.so" || continue; \ + test "$$ext" != "interbase.so" || continue; \ + test "$$ext" != "ldap.so" || continue; \ + test "$$ext" != "odbc.so" || continue; \ + test "$$ext" != "pgsql.so" || continue; \ + test "$$ext" != "pdo_dblib.so" || continue; \ + test "$$ext" != "pdo_firebird.so" || continue; \ + test "$$ext" != "pdo_odbc.so" || continue; \ + test "$$ext" != "pdo_pgsql.so" || continue; \ + test "$$ext" != "snmp.so" || continue; \ + extensions="$$extensions -d extension=$$ext"; \ + done; \ + [ "$$extensions" ] || { echo "extensions list is empty"; exit 1; }; \ + env MYSQL_TEST_HOST=127.0.0.1 MYSQL_TEST_PORT=$(MYSQL_PORT) MYSQL_TEST_SOCKET=$(MYSQL_SOCKET) PDO_MYSQL_TEST_HOST=127.0.0.1 PDO_MYSQL_TEST_PORT=$(MYSQL_PORT) PDO_MYSQL_TEST_SOCKET=$(MYSQL_SOCKET) NO_INTERACTION=1 TEST_PHP_CGI_EXECUTABLE=$(CURDIR)/cgi-build/sapi/cgi/cgi-bin.php5 TEST_PHP_EXECUTABLE=$(CURDIR)/cli-build/sapi/cli/php \ + $(CURDIR)/cli-build/sapi/cli/php run-tests.php -d mysql.default_host=127.0.0.1 -d mysql.default_socket=$(MYSQL_SOCKET) -d mysqli.default_socket=$(MYSQL_SOCKET) -d extension_dir=$(CURDIR)/apache2-build/modules/ $$extensions| tee test-results.txt + rm -rf temp_session_store + @for test in `find . -name '*.log' -a '!' -name 'config.log' -a '!' -name 'bootstrap.log' -a '!' -name 'run.log'`; do \ + echo; \ + echo -n "$${test#./}:"; \ + cat $$test; \ + echo; \ + done | tee -a test-results.txt + $(SHELL) -x debian/setup-mysql.sh $(MYSQL_PORT) $(MYSQL_DATA_DIR) stop +else + echo 'nocheck found in DEB_BUILD_OPTIONS or unsupported architecture' | tee test-results.txt +endif + +build: build-apache2-stamp build-apache2filter-stamp build-cgi-stamp build-cli-stamp build-embed-stamp build-fpm-stamp build-pear-stamp test-results.txt + +build-apache2-stamp: configure-apache2-stamp + dh_testdir + cd apache2-build && $(MAKE) + + touch build-apache2-stamp + +build-apache2filter-stamp: configure-apache2filter-stamp + dh_testdir + cd apache2filter-build && $(MAKE) + + touch build-apache2filter-stamp + +build-cli-stamp: configure-cli-stamp + dh_testdir + cd cli-build && $(MAKE) + + touch build-cli-stamp + +build-embed-stamp: configure-embed-stamp + dh_testdir + cd embed-build && $(MAKE) + + touch build-embed-stamp + +build-fpm-stamp: configure-fpm-stamp + dh_testdir + cd fpm-build && $(MAKE) + + touch build-fpm-stamp + + +build-cgi-stamp: configure-cgi-stamp + dh_testdir + cd cgi-build && $(MAKE) && mv sapi/cgi/php-cgi sapi/cgi/cgi-bin.php5 + + # Dirty hack to not rebuild everything twice + cd cgi-build/main && \ + sed -i -e 's/FORCE_CGI_REDIRECT 1/FORCE_CGI_REDIRECT 0/' \ + -e 's/DISCARD_PATH 0/DISCARD_PATH 1/' php_config.h && \ + sed -i -e 's/--enable-force-cgi-redirect/--enable-discard-path/' build-defs.h && \ + touch ../../ext/standard/info.c && \ + touch ../../sapi/cgi/cgi_main.c + + cd cgi-build && $(MAKE) && mv sapi/cgi/php-cgi sapi/cgi/usr.bin.php5-cgi + + touch build-cgi-stamp + +build-pear-stamp: build-cgi-stamp + dh_testdir + -mkdir pear-build + -mkdir pear-build-download + cd cgi-build && PHP_PEAR_DOWNLOAD_DIR=$(CURDIR)/pear-build-download $(MAKE) install-pear PHP_PEAR_PHP_BIN=/usr/bin/php PHP_PEAR_INSTALL_DIR=/usr/share/php PHP_PEAR_SYSCONF_DIR=/etc/pear PHP_PEAR_SIG_BIN=/usr/bin/gpg INSTALL_ROOT=$(CURDIR)/pear-build + sed -i -e 's/-d output_buffering=1 -d open_basedir="" -d safe_mode=0/-d output_buffering=1 -d open_basedir="" -d safe_mode=0 -d memory_limit="-1"/' \ + $(CURDIR)/pear-build/usr/bin/pear && \ + sed -i -e 's/-d output_buffering=1 -d safe_mode=0/-d output_buffering=1 -d open_basedir="" -d safe_mode=0 -d memory_limit="-1"/' \ + $(CURDIR)/pear-build/usr/bin/pecl && \ + sed -i -e 's/-d memory_limit="-1"//' \ + -e 's/-d output_buffering=1 -d open_basedir="" -d safe_mode=0/-d output_buffering=1 -d open_basedir="" -d safe_mode=0 -d memory_limit="-1"/' \ + $(CURDIR)/pear-build/usr/bin/peardev + sed -i -re "s#('PEAR_CONFIG_SYSCONFDIR', PHP_SYSCONFDIR)#\1 . '/pear'#" $(CURDIR)/pear-build/usr/share/php/PEAR/Config.php + patch -s -d $(CURDIR)/pear-build/usr/share/php/ -p1 -i $(CURDIR)/debian/patches/PEAR-Builder-print-info-about-php5-dev.patch + touch build-pear-stamp + +configure: configure-apache2-stamp configure-apache2filter-stamp configure-cli-stamp configure-embed-stamp configure-fpm-stamp configure-cgi-stamp + +configure-apache2-stamp: prepared-stamp + dh_testdir + if [ -d apache2-build ]; then rm -rf apache2-build; fi + -mkdir apache2-build + cd apache2-build && \ + CFLAGS="$(CFLAGS)" PROG_SENDMAIL="$(PROG_SENDMAIL)" ../configure \ + --prefix=/usr --with-apxs2=/usr/bin/apxs2 \ + --with-config-file-path=/etc/php5/apache2 \ + --with-config-file-scan-dir=/etc/php5/apache2/conf.d \ + $(COMMON_CONFIG) \ + --without-mm \ + --with-curl=shared,/usr \ + --with-enchant=shared,/usr \ + --with-zlib-dir=/usr \ + --with-gd=shared,/usr --enable-gd-native-ttf \ + --with-gmp=shared,/usr \ + --with-jpeg-dir=shared,/usr \ + --with-xpm-dir=shared,/usr/X11R6 \ + --with-png-dir=shared,/usr \ + --with-freetype-dir=shared,/usr \ + --enable-intl=shared \ + --without-t1lib \ + --with-ldap=shared,/usr \ + --with-ldap-sasl=/usr \ + --with-mysql=shared,/usr \ + --with-mysqli=shared,/usr/bin/mysql_config \ + --with-pspell=shared,/usr \ + --with-unixODBC=shared,/usr \ + --with-recode=shared,/usr \ + --with-xsl=shared,/usr \ + --with-snmp=shared,/usr \ + --with-sqlite3=shared,/usr \ + --with-mssql=shared,/usr \ + --with-tidy=shared,/usr \ + --with-xmlrpc=shared \ + --with-pgsql=shared,/usr PGSQL_INCLUDE=`pg_config --includedir` \ + --enable-pdo=shared \ + --without-pdo-dblib \ + --with-pdo-mysql=shared,/usr \ + --with-pdo-odbc=shared,unixODBC,/usr \ + --with-pdo-pgsql=shared,/usr/bin/pg_config \ + --with-pdo-sqlite=shared,/usr \ + --with-pdo-dblib=shared,/usr \ + $(CONFIGURE_APACHE_ARGS) + cd apache2-build && \ + cp ../Zend/zend_ini_scanner.c ../Zend/zend_language_scanner.c \ + ../Zend/zend_ini_parser.h ../Zend/zend_language_parser.h \ + ../Zend/zend_ini_parser.c ../Zend/zend_language_parser.c \ + Zend/ + touch configure-apache2-stamp + +configure-apache2filter-stamp: prepared-stamp + dh_testdir + if [ -d apache2filter-build ]; then rm -rf apache2filter-build; fi + -mkdir apache2filter-build + cd apache2filter-build && \ + CFLAGS="$(CFLAGS)" PROG_SENDMAIL="$(PROG_SENDMAIL)" ../configure \ + --prefix=/usr --with-apxs2filter=/usr/bin/apxs2 \ + --with-config-file-path=/etc/php5/apache2filter \ + --with-config-file-scan-dir=/etc/php5/apache2filter/conf.d \ + $(COMMON_CONFIG) \ + --without-mm \ + --disable-pdo \ + --without-mysql --without-sybase-ct --without-mssql \ + --without-sqlite3 + cd apache2filter-build && \ + cp ../Zend/zend_ini_scanner.c ../Zend/zend_language_scanner.c \ + ../Zend/zend_ini_parser.h ../Zend/zend_language_parser.h \ + ../Zend/zend_ini_parser.c ../Zend/zend_language_parser.c \ + Zend/ + touch configure-apache2filter-stamp + +configure-cgi-stamp: prepared-stamp + dh_testdir + if [ -d cgi-build ]; then rm -rf cgi-build; fi + -mkdir cgi-build + cd cgi-build && \ + CFLAGS="$(CFLAGS)" PROG_SENDMAIL="$(PROG_SENDMAIL)" ../configure \ + --prefix=/usr --enable-force-cgi-redirect --enable-fastcgi \ + --with-config-file-path=/etc/php5/cgi \ + --with-config-file-scan-dir=/etc/php5/cgi/conf.d \ + $(COMMON_CONFIG) \ + --without-mm \ + --enable-pdo=shared \ + --enable-mysqlnd=shared \ + --with-mysql=shared,mysqlnd \ + --with-mysqli=shared,mysqlnd \ + --with-pdo-mysql=shared,mysqlnd \ + --without-pdo-sqlite \ + --without-sybase-ct --without-mssql \ + --without-sqlite3 \ + --enable-pcntl + cd cgi-build && \ + cp ../Zend/zend_ini_scanner.c ../Zend/zend_language_scanner.c \ + ../Zend/zend_ini_parser.h ../Zend/zend_language_parser.h \ + ../Zend/zend_ini_parser.c ../Zend/zend_language_parser.c \ + Zend/ + touch configure-cgi-stamp + +configure-cli-stamp: prepared-stamp + dh_testdir + if [ -d cli-build ]; then rm -rf cli-build; fi + -mkdir cli-build + cd cli-build && \ + CFLAGS="$(CFLAGS)" PROG_SENDMAIL="$(PROG_SENDMAIL)" ../configure \ + --prefix=/usr --disable-cgi \ + --with-config-file-path=/etc/php5/cli \ + --with-config-file-scan-dir=/etc/php5/cli/conf.d \ + $(COMMON_CONFIG) \ + --with-libedit \ + --without-mm \ + --disable-pdo \ + --without-mysql --without-sybase-ct \ + --without-mssql --without-sqlite3 --enable-pcntl + cd cli-build && \ + cp ../Zend/zend_ini_scanner.c ../Zend/zend_language_scanner.c \ + ../Zend/zend_ini_parser.h ../Zend/zend_language_parser.h \ + ../Zend/zend_ini_parser.c ../Zend/zend_language_parser.c \ + Zend/ + touch configure-cli-stamp + +configure-embed-stamp: prepared-stamp + dh_testdir + if [ -d embed-build ]; then rm -rf embed-build; fi + -mkdir embed-build + cd embed-build && \ + CFLAGS="$(CFLAGS)" PROG_SENDMAIL="$(PROG_SENDMAIL)" ../configure \ + --prefix=/usr --enable-embed --disable-cgi \ + --with-config-file-path=/etc/php5/embed \ + --with-config-file-scan-dir=/etc/php5/embed/conf.d \ + $(COMMON_CONFIG) \ + --without-mm \ + --disable-pdo \ + --without-mysql --without-sybase-ct \ + --without-mssql --without-sqlite3 --enable-pcntl + cd embed-build && \ + cp ../Zend/zend_ini_scanner.c ../Zend/zend_language_scanner.c \ + ../Zend/zend_ini_parser.h ../Zend/zend_language_parser.h \ + ../Zend/zend_ini_parser.c ../Zend/zend_language_parser.c \ + Zend/ + touch configure-embed-stamp + +configure-fpm-stamp: prepared-stamp + dh_testdir + if [ -d fpm-build ]; then rm -rf fpm-build; fi + -mkdir fpm-build + cd fpm-build && \ + CFLAGS="$(CFLAGS)" PROG_SENDMAIL="$(PROG_SENDMAIL)" ../configure \ + --prefix=/usr --enable-fpm --disable-cgi \ + --with-fpm-user=www-data --with-fpm-group=www-data \ + --with-config-file-path=/etc/php5/fpm \ + --with-config-file-scan-dir=/etc/php5/fpm/conf.d \ + $(COMMON_CONFIG) \ + --with-libevent-dir=/usr \ + --without-mm \ + --disable-pdo \ + --without-mysql --without-sybase-ct \ + --without-mssql --without-sqlite3 + cd fpm-build && \ + cp ../Zend/zend_ini_scanner.c ../Zend/zend_language_scanner.c \ + ../Zend/zend_ini_parser.h ../Zend/zend_language_parser.h \ + ../Zend/zend_ini_parser.c ../Zend/zend_language_parser.c \ + Zend/ + touch configure-fpm-stamp + +clean: unprepared unpatch + dh_testdir + dh_testroot + +ifeq (yes,$(PHP5_SUHOSIN)) + QUILT_PATCHES=$(QUILT_PATCH_DIR) \ + quilt --quiltrc /dev/null delete debian/patches/suhosin.patch \ + || return 0 +endif + + rm -f configure-apache2-stamp build-apache2-stamp + rm -f configure-apache2filter-stamp build-apache2filter-stamp + rm -f configure-cgi-stamp build-cgi-stamp + rm -f configure-cli-stamp build-cli-stamp + rm -f configure-embed-stamp build-embed-stamp + rm -f configure-fpm-stamp build-fpm-stamp + rm -f build-pear-stamp + rm -f install-stamp + rm -rf apache2-build + rm -rf apache2filter-build + rm -rf cgi-build + rm -rf cli-build + rm -rf embed-build + rm -rf fpm-build + rm -rf pear-build pear-build-download + rm -f debian/copyright + # just in case the build tests failed, kill the running mysqld + $(SHELL) debian/setup-mysql.sh $(MYSQL_PORT) $(MYSQL_DATA_DIR) stop > /dev/null 2>&1 || exit 0 + rm -rf test-results.txt $(MYSQL_DATA_DIR) + dh_clean -Xorig + + # clean up autogenerated cruft + cat debian/modulelist | while read package extname dsoname priority; do \ + rm -f debian/php5-$$package.postinst; \ + rm -f debian/php5-$$package.preinst; \ + rm -f debian/php5-$$package.prerm; \ + rm -f debian/php5-$$package.postrm; \ + done + for sapi in libapache2-mod-php5 libapache2-mod-php5filter php5-cgi php5-cli libphp5-embed php5-fpm; do \ + for cruft in postrm links; do \ + rm -f debian/$${sapi}.$${cruft}; \ + done; \ + done + +PCNTL_FUNCTIONS := $(shell < ext/pcntl/php_pcntl.h sed -ne "/^PHP_FUNCTION/ s/PHP_FUNCTION(\(.*\));/\1/;t end;d;:end p" | tr '\n' ',') + +install: DH_OPTIONS= +install: build + dh_testdir + dh_testroot + dh_prep + dh_installdirs + + chmod 01733 debian/php5-common/var/lib/php5 + + cp debian/php5_cgi.conf \ + debian/php5-cgi/etc/apache2/mods-available/php5_cgi.conf + cp debian/php5_cgi.load \ + debian/php5-cgi/etc/apache2/mods-available/php5_cgi.load + + # install apache2 DSO module + cp apache2-build/.libs/libphp5.so \ + debian/libapache2-mod-php5/`apxs2 -q LIBEXECDIR`/ + cp debian/libapache2-mod-php5.load \ + debian/libapache2-mod-php5/etc/apache2/mods-available/php5.load + cp debian/libapache2-mod-php5.conf \ + debian/libapache2-mod-php5/etc/apache2/mods-available/php5.conf + + # Add here commands to install the package into debian/php5. + # install apache2 DSO filter module + cp apache2filter-build/.libs/libphp5.so \ + debian/libapache2-mod-php5filter/`apxs2 -q LIBEXECDIR`/libphp5filter.so + cp debian/libapache2-mod-php5filter.load \ + debian/libapache2-mod-php5filter/etc/apache2/mods-available/php5filter.load + cp debian/libapache2-mod-php5filter.conf \ + debian/libapache2-mod-php5filter/etc/apache2/mods-available/php5filter.conf + + # sanitize php.ini file + cat php.ini-production | tr "\t" " " | sed -e'/short_open_tag =/ s/Off/On/g;/session.gc_probability =/ s/1/0/g;/disable_functions =/ s/$$/ $(PCNTL_FUNCTIONS)/g;' > debian/php5-common/usr/share/php5/php.ini-production + # memory_limit: 16M for cgi/apache; 32M for cli + cat php.ini-production | tr "\t" " " | sed -e'/memory_limit =/ s/128M/-1/g;/short_open_tag =/ s/Off/On/g;/session.gc_probability =/ s/1/0/g' > debian/php5-common/usr/share/php5/php.ini-production.cli + cat php.ini-production | tr "\t" " " | sed -e'/memory_limit =/ s/128M/32M/g' > debian/php5-common/usr/share/php5/php.ini-production-dist + cat php.ini-development | tr "\t" " " | sed -e'/short_open_tag =/ s/Off/On/g;/session.gc_probability =/ s/1/0/g;/disable_functions =/ s/$$/ $(PCNTL_FUNCTIONS)/g;' > debian/php5-common/usr/share/php5/php.ini-development + cp test-results.txt debian/php5-common/usr/share/doc/php5-common/ + + # install embed SAPI + cd embed-build && make install-headers install-build install-sapi install-programs INSTALL_ROOT=$(CURDIR)/debian/libphp5-embed + + # install the apache modules' files + cd apache2-build && $(MAKE) install-headers install-build install-modules install-programs INSTALL_ROOT=$(CURDIR)/debian/libapache2-mod-php5 + # remove netware and win32 headers that we don't want + cd debian/libapache2-mod-php5/usr/include/php5/ && \ + $(RM) TSRM/readdir.h \ + TSRM/tsrm_config.nw.h TSRM/tsrm_config.w32.h\ + TSRM/tsrm_nw.h TSRM/tsrm_win32.h\ + Zend/zend_config.nw.h Zend/zend_config.w32.h\ + main/config.nw.h main/config.w32.h\ + main/win95nt.h + + # install PEAR + cp -a pear-build/* debian/php-pear/ + + # everything under usr/share/php/data except 'PEAR' is b0rken + # and actually needs to be fixed + [ ! -f debian/php-pear/usr/share/php/data/Structures_Graph/LICENSE ] || \ + $(RM) debian/php-pear/usr/share/php/data/Structures_Graph/LICENSE + [ ! -f debian/php-pear/usr/share/php/doc/PEAR/INSTALL ] || \ + $(RM) debian/php-pear/usr/share/php/doc/PEAR/INSTALL + [ ! -f debian/php-pear/usr/share/php/doc/Structures_Graph/docs/generate.sh ] || \ + $(RM) debian/php-pear/usr/share/php/doc/Structures_Graph/docs/generate.sh + for f in Structures_Graph/publish.sh Structures_Graph/package.sh \ + Structures_Graph/genpackage.xml.pl; do \ + $(RM) debian/php-pear/usr/share/php/data/$$f; \ + done + # we don't want test suites + $(RM) -r debian/php-pear/usr/share/php/test/ + [ -d debian/php-pear/usr/share/php/doc ] && { \ + mkdir -p debian/php-pear/usr/share/doc/php5-common/PEAR; \ + mv debian/php-pear/usr/share/php/doc/* \ + debian/php-pear/usr/share/doc/php5-common/PEAR/; \ + $(RM) -r debian/php-pear/usr/share/php/doc; \ + ln -s ../doc/php-pear/PEAR debian/php-pear/usr/share/php/doc; \ + echo "Dummy placeholder to prevent the directory's deletion" > \ + debian/php-pear/usr/share/doc/php5-common/PEAR/.placeholder; \ + } + + # install extensions + ext=`./debian/libapache2-mod-php5/usr/bin/php-config --extension-dir`;\ + for i in libapache2-mod-php5 libapache2-mod-php5filter php5-cgi php5-cli libphp5-embed php5-fpm; do \ + mkdir -p debian/$$i/$${ext}; \ + done; \ + cat debian/modulelist debian/extramodulelist | while read package extname dsoname priority; do \ + if [ "$$package" = "mysqlnd" ]; then \ + modulepath=cgi-build/modules; \ + else \ + modulepath=debian/libapache2-mod-php5/$${ext}; \ + fi; \ + if [ -z "$$dsoname" ]; then dsoname=$$package; fi; \ + mkdir -p debian/php5-$$package$${ext}; \ + install -m 644 -o root -g root \ + $${modulepath}/$$dsoname.so \ + debian/php5-$$package$${ext}/$$dsoname.so; \ + rm $${modulepath}/$$dsoname.so; \ + done + + # install CGI + cp cgi-build/sapi/cgi/cgi-bin.php5 debian/php5-cgi/usr/lib/cgi-bin/php5 + cp cgi-build/sapi/cgi/usr.bin.php5-cgi debian/php5-cgi/usr/bin/php5-cgi + cp cli-build/sapi/cli/php.1 debian/php5-cgi/usr/share/man/man1/php5-cgi.1 + + # install CLI + cp cli-build/sapi/cli/php debian/php5-cli/usr/bin/php5 + cp cli-build/sapi/cli/php.1 debian/php5-cli/usr/share/man/man1/php5.1 + + # install FPM + mkdir -p debian/php5-fpm/usr/sbin debian/php5-fpm/usr/share/man/man8/ debian/php5-fpm/etc/php5/fpm/pool.d + cp fpm-build/sapi/fpm/php-fpm debian/php5-fpm/usr/sbin/php5-fpm + cp fpm-build/sapi/fpm/php-fpm.8 debian/php5-fpm/usr/share/man/man8/php5-fpm.8 + # we don't want the pool definitions on the main file itself: + sed -r '/('"'"'|\[)www('"'"'|\])/Q' < fpm-build/sapi/fpm/php-fpm.conf > \ + debian/php5-fpm/etc/php5/fpm/php-fpm.conf + # extract the first pool, called "www," from the config file: + sed -nr '/('"'"'|\[)www('"'"'|\])/{h;p;d};x;/www/{x;p}' < fpm-build/sapi/fpm/php-fpm.conf \ + > debian/php5-fpm/etc/php5/fpm/pool.d/www.conf + + # move and install -dev files + dh_movefiles --sourcedir=debian/libphp5-embed + dh_movefiles --sourcedir=debian/libapache2-mod-php5 + rm -rf debian/libphp5-embed/usr/include/ \ + debian/libphp5-embed/usr/bin/ + rm -rf debian/libapache2-mod-php5/usr/lib/php5/build/ \ + debian/libapache2-mod-php5/usr/include/ \ + debian/libapache2-mod-php5/usr/bin/ + rm -rf debian/libapache2-mod-php5filter/usr/lib/php5/build/ \ + debian/libapache2-mod-php5filter/usr/include/ \ + debian/libapache2-mod-php5filter/usr/bin/ + for i in Makefile.global acinclude.m4 mkdep.awk phpize.m4 scan_makefile_in.awk; do \ + chmod 644 debian/php5-dev/usr/lib/php5/build/$$i; \ + done + mkdir -p debian/php5-dev/usr/share/php5 + cp -a ext/skeleton ext/ext_skel debian/php5-dev/usr/share/php5 + sed -i 's/skel_dir="skeleton"/skel_dir="\/usr\/share\/php5\/skeleton"/' \ + debian/php5-dev/usr/share/php5/ext_skel + # shipping duplicate files from other packages is hell for security audits + ln -sf /usr/share/misc/config.guess $(PHPIZE_BUILDDIR)/config.guess + ln -sf /usr/share/misc/config.sub $(PHPIZE_BUILDDIR)/config.sub + ln -sf /usr/share/aclocal/libtool.m4 $(PHPIZE_BUILDDIR)/libtool.m4 + ln -sf $(LTMAIN_DIR)ltmain.sh $(PHPIZE_BUILDDIR)/ltmain.sh + ln -sf /usr/bin/shtool $(PHPIZE_BUILDDIR)/shtool + # make php-dev stuff versioned + for i in php-config phpize; do \ + mv debian/php5-dev/usr/bin/$$i debian/php5-dev/usr/bin/"$$i"5; \ + mv debian/php5-dev/usr/share/man/man1/"$$i".1 debian/php5-dev/usr/share/man/man1/"$$i"5.1; \ + done + # remove windows devel file + rm $(CURDIR)/debian/php5-dev/usr/share/php5/skeleton/skeleton.dsp + + # install common files + install -m755 debian/maxlifetime debian/php5-common/usr/lib/php5 + install -m755 debian/php5enmod debian/php5-common/usr/sbin/php5enmod + ln -s php5enmod debian/php5-common/usr/sbin/php5dismod + + # install lintian overrides + cp debian/php5.lintian-overrides $(CURDIR)/debian/php5-common/usr/share/lintian/overrides/php5-common + cp debian/php5-dev.lintian-overrides $(CURDIR)/debian/php5-dev/usr/share/lintian/overrides/php5-dev + cp debian/php-pear.lintian-overrides $(CURDIR)/debian/php-pear/usr/share/lintian/overrides/php-pear + + # install the apport hook + install -D -m 644 debian/source_php5.py debian/php5-common/usr/share/apport/package-hooks/source_php5.py + + # install some generic lintian overrides + ext=`debian/php5-dev/usr/bin/php-config5 --extension-dir | cut -b2- `; \ + for sapi in php5-cli php5-fpm php5-cgi libapache2-mod-php5 libapache2-mod-php5filter libphp5-embed; do \ + mkdir -p $(CURDIR)/debian/"$$sapi"/usr/share/lintian/overrides/; \ + sed "s/@sapi@/$$sapi/g;s,@extdir@,$$ext,g" \ + < $(CURDIR)/debian/php5-sapi.lintian-overrides | \ + grep -E "^$${sapi}: " \ + >> $(CURDIR)/debian/"$$sapi"/usr/share/lintian/overrides/"$$sapi"; \ + done + + # directories cleanup: + -rmdir -p debian/libapache2-mod-php5/usr/share/man/man1 + -find debian/php-pear -type d -exec rmdir --ignore-fail-on-non-empty -p '{}' \; >/dev/null 2>&1 + + touch install-stamp + +# Build architecture-independent files here. +# Pass -i to all debhelper commands in this target to reduce clutter. +binary-indep: DH_OPTIONS=-i +binary-indep: build install + # Need this version of debhelper for DH_OPTIONS to work. + dh_testdir + dh_testroot + cat debian/copyright.header LICENSE Zend/LICENSE > debian/copyright + + dh_installdocs + + for package in php5 php-pear; do \ + rm -rf debian/$$package/usr/share/doc/$$package; \ + ln -s php5-common debian/$$package/usr/share/doc/$$package; \ + done + + dh_link + dh_compress -Xphp.ini + dh_fixperms + dh_installdeb + dh_gencontrol + dh_md5sums + dh_builddeb + +# Build architecture-dependent files here. +binary-arch: build install + # Need this version of debhelper for DH_OPTIONS to work. + dh_testdir + dh_testroot + # Do this first so we don't overwrite any debhelper-generated files + # + # generate the config snippets for various php + # modules from the templates. + cat debian/modulelist debian/extramodulelist | while read package extname dsoname priority; do \ + if [ -z "$${dsoname}" ]; then dsoname=$$package; fi; \ + if [ -z "$${priority}" ]; then priority=20; fi; \ + mkdir -p debian/php5-$$package/usr/share/php5/$$package; \ + sed -e"s|@extname@|$${extname}|g; \ + s/@dsoname@/$${dsoname}/g; \ + s/@priority@/$${priority}/g" \ + < debian/php5-module.ini \ + > debian/php5-$$package/usr/share/php5/$$package/$${dsoname}.ini; \ + echo -n "$$dsoname " >> debian/php5-$$package.modules; \ + done + + # generate the maintscripts for various php + # modules from the templates. + cat debian/modulelist | while read package extname dsoname priority; do \ + modules=$$(cat debian/php5-$$package.modules); \ + for script in postinst preinst postrm prerm; do \ + sed -e"s/@package@/$${package}/g; \ + s/@modules@/$${modules}/g; \ + /#EXTRA#/ r debian/php5-$${package}.$${script}.extra" \ + < debian/php5-module.$${script} \ + | sed -e'/#EXTRA#/ d' \ + > debian/php5-$${package}.$${script}; \ + done; \ + cp debian/php5-module.triggers debian/php5-$${package}.triggers; \ + rm debian/php5-$$package.modules; \ + done + + # likewise, for the different sapi implementations + for tmpl in postrm links; do \ + for sapi in cgi cli fpm; do \ + sed -e "s/@sapi@/$${sapi}/g; \ + s/@package@/php5-$${sapi}/g; \ + /#EXTRA#/ r debian/php5-$${sapi}.$${tmpl}.extra" \ + < debian/php5-sapi.$${tmpl} \ + | sed -e'/#EXTRA#/ d' \ + > debian/php5-$${sapi}.$${tmpl}; \ + done; \ + for sapi in embed; do \ + sed -e "s/@sapi@/$${sapi}/g; \ + s/@package@/libphp5-$${sapi}/g; \ + /#EXTRA#/ r debian/libphp5-$${sapi}.$${tmpl}.extra" \ + < debian/php5-sapi.$${tmpl} \ + | sed -e'/#EXTRA#/ d' \ + > debian/libphp5-$${sapi}.$${tmpl}; \ + done; \ + for sapi in "" "filter"; do \ + sed -e "s/@sapi@/apache2$${sapi}/g; \ + s/@package@/libapache2-mod-php5$${sapi}/g; \ + /#EXTRA#/ r debian/libapache2-mod-php5$${sapi}.$${tmpl}.extra" \ + < debian/php5-sapi.$${tmpl} \ + | sed -e'/#EXTRA#/ d' \ + > debian/libapache2-mod-php5$${sapi}.$${tmpl}; \ + done; \ + done + + cat debian/copyright.header LICENSE Zend/LICENSE > debian/copyright + dh_installdocs -s + + cat debian/modulelist | grep -v common | while read package extname dsoname priority; do \ + rm -rf debian/php5-$$package/usr/share/doc/php5-$$package; \ + ln -s php5-common debian/php5-$$package/usr/share/doc/php5-$$package; \ + done + + for package in php5-dbg php5-dev php5-cgi php5-cli php5-fpm libapache2-mod-php5 libapache2-mod-php5filter libphp5-embed; do \ + rm -rf debian/$$package/usr/share/doc/$$package; \ + ln -s php5-common debian/$$package/usr/share/doc/$$package; \ + done + dh_installcron -pphp5-common --name=php5 + dh_installchangelogs -pphp5-common NEWS + dh_installinit + dh_strip -s --dbg-package=php5-dbg + dh_link -s + dh_compress -s -Xphp.ini + dh_fixperms -s -X /var/lib/php5 + dh_installdeb -s + dh_shlibdeps -s + + phpapi=`./debian/php5-dev/usr/bin/php-config5 --phpapi`; \ + stored=`cat debian/phpapi`; \ + [ "$${phpapi%+lfs}" = "$${stored}" ] || echo "PHPAPI has changed, please modify debian/phpapi"; \ + for i in libapache2-mod-php5 libapache2-mod-php5filter php5-cgi php5-cli libphp5-embed php5-fpm; do \ + echo "php:Provides=phpapi-$${phpapi}" >> debian/$$i.substvars; \ + done; \ + cat debian/modulelist | while read package extname dsoname priority; do \ + echo "php:Depends=phpapi-$${phpapi}" >> debian/php5-$$package.substvars; \ + done + + for i in cgi cli fpm; do \ + "$$i"-build/sapi/cli/php -n -r '$(BUILTIN_EXTENSION_CHECK)' \ + >> debian/php5-"$$i".substvars; \ + done + for i in embed; do \ + "$$i"-build/sapi/cli/php -n -r '$(BUILTIN_EXTENSION_CHECK)' \ + >> debian/libphp5-"$$i".substvars; \ + done + for i in apache2; do \ + "$$i"-build/sapi/cli/php -n -r '$(BUILTIN_EXTENSION_CHECK)' \ + >> debian/lib"$$i"-mod-php5.substvars; \ + "$$i"filter-build/sapi/cli/php -n -r '$(BUILTIN_EXTENSION_CHECK)' \ + >> debian/lib"$$i"-mod-php5filter.substvars; \ + done + + echo "apache2:Depends=apache2-mpm-prefork (>> 2.0.52) | apache2-mpm-itk, apache2.2-common" >>debian/libapache2-mod-php5.substvars + echo "apache2:Depends=apache2-mpm-prefork (>> 2.0.52) | apache2-mpm-itk, apache2.2-common" >>debian/libapache2-mod-php5filter.substvars + + echo "libtool:Conflicts=$(LIBTOOL_CONFLICTS)" >>debian/php5-dev.substvars + dh_gencontrol -s + dh_md5sums -s + dh_builddeb -s + +binary: binary-arch binary-indep +build-arch: build +build-indep: build + +.PHONY: build build-arch build-indep clean binary-indep binary-arch binary install configure --- php5-5.4.6.orig/debian/php5-cgi.prerm +++ php5-5.4.6/debian/php5-cgi.prerm @@ -0,0 +1,17 @@ +#!/bin/sh + +set -e + +#DEBHELPER# + +case "$1" in + remove) + if [ -x /usr/sbin/a2dismod ]; then + a2dismod php5_cgi || true + fi + update-alternatives --remove php-cgi /usr/bin/php5-cgi + update-alternatives --remove php-cgi-bin /usr/lib/cgi-bin/php5 + ;; +esac + +exit 0 --- php5-5.4.6.orig/debian/php5-sapi.postrm +++ php5-5.4.6/debian/php5-sapi.postrm @@ -0,0 +1,30 @@ +#! /bin/sh + +set -e + +phpini=/etc/php5/@sapi@/php.ini + +case "$1" in +purge) + # remove the flag to remember the original state + if [ -e /etc/php5/@sapi@/.start ]; then + rm -f /etc/php5/@sapi@/.start + fi + for ext in '~' '%' .bak .ucf-new .ucf-old .ucf-dist; do + rm -f $phpini$ext + done + rm -f $phpini + if which ucf >/dev/null; then + ucf --purge $phpini + fi + if which ucfr >/dev/null; then + ucfr --purge @package@ $phpini + fi + ;; +esac + +#EXTRA# + +#DEBHELPER# + +exit 0 --- php5-5.4.6.orig/debian/README.Debian.security +++ php5-5.4.6/debian/README.Debian.security @@ -0,0 +1,23 @@ +The Debian stable security team does not provide security support for +certain configurations known to be inherently insecure. This includes +the interpreter itself, extensions, and user scripts written in the PHP +language. Most specifically, but not exclusively, the security team will +not provide support for the following. + + * Security issues which are caused by careless programming, such as: + - extracting a tar file without first checking the contents; + - using unserialize() on untrusted data; + - relying on a specific value of short_open_tag. + + * Vulnerabilities involving any kind of open_basedir violation, as + this feature is not considered a security model either by us or by + PHP upstream. + + * Any "works as expected" vulnerabilities, such as "user can cause + PHP to crash by writing a malicious PHP script", unless such + vulnerabilities involve some kind of higher-level DoS or privilege + escalation that would not otherwise be available. + +PHP upstream has published a statement regarding their view on security +and the PHP interpreter: +http://www.php.net/security-note.php --- php5-5.4.6.orig/debian/php5-common.README.Debian +++ php5-5.4.6/debian/php5-common.README.Debian @@ -0,0 +1,151 @@ +Table of Contents: +---------------------------------------------------------------------- +* Using PHP 5 with threaded webservers (e.g. apache2-mpm-worker) +* Problems starting Apache HTTP Server with PHP 5 +* Session storage +* Other caveats +* PHP 5 CGI and Apache HTTP Server +* Configuration layout +* Timezone data from system timezone database +* Further documentation, errata, etc + +Using PHP 5 with threaded webservers (e.g. apache2-mpm-worker) +---------------------------------------------------------------------- + + After much back-and-forth with upstream (and even building our + packages thread-safe for a while), we're currently admitting defeat + on that front, and are NOT building any thread-safe versions of PHP + 5 for any webservers. Our recommendation is that, if you need to use + a threaded webserver, you should use php5-fpm and interface to your + webserver with FastCGI. + +Problems starting Apache HTTP Server with PHP 5 +---------------------------------------------------------------------- + + At the time of writing, there are no *known* incompatibilities + between any of the PHP 5 modules we ship. However, there have been + many bug reports in the past due to dynamically-loaded extensions, + and it's possible there are still bugs in the released packages. If + Apache fails to start after you install PHP 5, check your list of + enabled extensions at the bottom of /etc/php5/apache2/php.ini (and + in the per-SAPI configuration directory), and try commenting out or + reordering the extensions until you find a combination that works. + + For example, in the past the mhash extension was incompatible with + some other common extensions. To work around this, you could list + the mhash extension first in php.ini. + + If you find an extension-related bug in the Debian packages, and you + are willing to help debug the problem, please send us a bug report + that lists all enabled PHP 5 extensions (extension=), in the order + in which they appear in php.ini, as well as all enabled Apache + modules (LoadModule), with version numbers where possible. + +Session storage +---------------------------------------------------------------------- + + Session files are stored in /var/lib/php5. For security purposes, + this directory is unreadable to non-root users. This means that PHP + 5 running from Apache HTTP Server, for example, will not be able to + clean up stale session files. Instead, we have a cron job run every + 30 minutes that cleans up stale session files; /etc/cron.d/php5. You + may need to modify how often this runs, if you've modified + session.gc_maxlifetime in your php.ini; otherwise, it may be too lax + or overly aggressive in cleaning out stale session files. + +Other caveats +---------------------------------------------------------------------- + + Configuration directives extension_dir and include_path should be + commented out, unless you need special settings for them so PHP will + look in compiled-in paths. If you set them, you should also add + appropriate PHP install directories there. + +PHP 5 CGI and Apache HTTP Server +---------------------------------------------------------------------- + + In simple cases, what you probably want isn't the php5-cgi package + at all, but rather the libapache2-mod-php5 package, which will + configure itself on installation and Just Work(tm). However, if you + have a need to use the CGI version of PHP 5 with Apache HTTP Server, + the following should help get you going, though there are dozens of + different ways to do this. + + The current recommended approach is to install the php5-fpm package + and use FastCGI to interface to your webserver. However, you will + have to use the libapache2-mod-fastcgi package (from non-free) or a + different FastCGI-capable webserver (such as nginx or lighttpd), + since the libapache2-mod-fcgid available from the main archive has + no way of interacting with external FastCGI servers. + + Please note that this process will never be made automatic, as + php5-cgi is meant to be a webserver-agnostic package that can be + used with any httpd, and we don't want it to conflict with the + httpd-specific packages such as libapache2-mod-php5. If both were + installed side-by-side and both were automatically enabled, the + results would be a bit confusing, obviously. + + You should also be aware that a server deployed in CGI mode is open + to several possible vulnerabilities. See the upstream CGI security + page to learn how to defend yourself from such attacks: + http://www.php.net/manual/en/security.cgi-bin.php + + To use php5-cgi with Apache HTTP Server: + 1) activate php5_cgi module: run 'a2enmod php5_cgi' + 2) this will also activate the mod_actions module as a dependency + 3) comment out the last block of configuration in the + /etc/apache2/mods-enabled/php5_cgi.conf file to enable + server-wide PHP 5 CGI or add the mentioned configuration block to + one or more virtual hosts or directories. + 4) It's advised to not mix-and-match multiple SAPIs (such as + php5-cgi along with libapache2-mod-php5) in the same apache2 + configuration as it is likely to create unpredictable results. + +Configuration Layout +---------------------------------------------------------------------- + + Each SAPI (apache2/apache2filter/cgi/cli/fpm) has a different + central configuration file /etc/php5/$SAPI/php.ini. + + Additionally, each SAPI is configured with the compile-time option + + --with-config-file-scan-dir=/etc/php5/$SAPI/conf.d + + which for all SAPIs is actually a symlink pointing to a central + directory /etc/php5/conf.d. Any file found in this directory ending + in .ini will be treated as a configuration file by the PHP SAPI. + + The rationale behind this method is that each SAPI can thus be + identically configured with a minimal amount of conffile handling, + but at the same time if you want to have SAPI-specific + configuration, you can just remove the symlink. + + Note that the usage of the PHP_INI_SCAN_DIR environment variable + overrides what is set with --with-config-file-scan-dir and thus the + directory /etc/php5/$SAPI/conf.d will no longer be included. + +Timezone data from system timezone database +---------------------------------------------------------------------- + + Debian PHP has been patched to use the system wide timezone database + from the tzdata package, making sure any updates there are + automatically used by PHP as well. + + Note that this requires that the PHP process has access to + /etc/localtime and /usr/share/zoneinfo. For any regular installation + this should be the case, but in specific secured environments when + reading the timezone database is impossible PHP will give a + "Timezone database is corrupt - this should *never* happen!" error. + +Further documentation, errata, misc. +---------------------------------------------------------------------- + + Errata and other general information about PHP in Debian can be + found in the debian wiki at: + + http://wiki.debian.org/PHP + + If after reading the documentation in this file you still have + unanswered questions, that's a good next place to go. + + -- Ondřej Surý , Tue, 21 Aug 2012 09:12:53 +0200 --- php5-5.4.6.orig/debian/libapache2-mod-php5filter.dirs +++ php5-5.4.6/debian/libapache2-mod-php5filter.dirs @@ -0,0 +1,3 @@ +/etc/apache2/mods-available +/etc/php5/apache2filter +/usr/lib/apache2/modules --- php5-5.4.6.orig/debian/php5-dev.postinst +++ php5-5.4.6/debian/php5-dev.postinst @@ -0,0 +1,17 @@ +#!/bin/sh + +set -e + +#DEBHELPER# + +if [ "$1" != "configure" ]; then + exit 0 +fi + +for i in php-config phpize; do + update-alternatives \ + --install /usr/bin/"$i" $i /usr/bin/"$i"5 50 \ + --slave /usr/share/man/man1/"$i".1.gz "$i".1.gz /usr/share/man/man1/"$i"5.1.gz +done + +exit 0 --- php5-5.4.6.orig/debian/php-pear.lintian-overrides +++ php5-5.4.6/debian/php-pear.lintian-overrides @@ -0,0 +1 @@ +php-pear: extra-license-file usr/share/doc/php5-common/PEAR/PEAR/LICENSE --- php5-5.4.6.orig/debian/watch +++ php5-5.4.6/debian/watch @@ -0,0 +1,5 @@ +version=3 +opts=downloadurlmangle=s#/a/#/this/#,\ +filenamemangle=s#/get/(php-(5\.[0-9\.]*)\.tar\.gz)/.*#$1#,\ +dversionmangle=s/\.dfsg\.\d+// \ +http://www.php.net/downloads.php /get/php-(5\.[0-9\.]*)\.tar\.gz/from/a/mirror debian --- php5-5.4.6.orig/debian/php5-fpm.preinst +++ php5-5.4.6/debian/php5-fpm.preinst @@ -0,0 +1,9 @@ +#!/bin/sh + +set -e + +#DEBHELPER# + +dpkg-maintscript-helper mv_conffile /etc/php5/fpm/main.conf /etc/php5/fpm/php-fpm.conf 5.3.5-1 -- "$@" + +exit 0 --- php5-5.4.6.orig/debian/README.source +++ php5-5.4.6/debian/README.source @@ -0,0 +1,53 @@ + == Generation of the php5-dbg package Depends == + +The following command can be used to generate a heuristic list of +packages the php5-dbg package probably needs to Depend on: + +dh_testdir && egrep '^Package' debian/control | cut '-d ' -f2 | \ + egrep -v '(^php5|dbg|dev|common|pear)$' | tr "\n" "|" | sed 's/|$//' |\ + sed -r 's/([^|]+)(\||$)/ \1 (= ${binary:Version}) \2/g'; echo + + == Used patch system == + +This package uses quilt to manage all modifications to the upstream +source. Changes are stored in the source package as diffs in +debian/patches and applied during the build. + +See /usr/share/doc/quilt/README.source for a detailed explanation. + + == Making some sense out of the configure options == + +The COMMON_CONFIG variable contains the configure options that are to +be used on all the SAPIs. Built-in extensions and other general options +should be set here. +The shared extensions are built when building the apache2 SAPI and as +such they need to be specified there. +The calls to configure for the other SAPIs usually only need +--without-foo when the extension or feature is otherwise enabled by +default. + + == The *modulelist files == + +When building a new module (or extension) on an individual binary +package, it must be added to the debian/modulelist file. However, if +the extension is to be included in an existing binary package, it +must be added to the debian/extramodulelist file. + +The format of these files is: +" " + +E.g. for, if we want the mysql extension to be shipped in the +php5-mysql package we use: +"mysql MySQL mysql" +But we also want mysqli and the PDO in the same package, so we add the +following lines to extramoduleslist: +"mysql MySQLi mysqli +mysql MySQL_PDO pdo_mysql" + + == More debian/rules foo == + +* The shared extensions are built under the apache2 target (see above). +* The CLI SAPI is built on the build-cli-stamp AND build-cgi-stamp, with + different configure options. + + -- Ondřej Surý , Wed, 16 Feb 2011 15:24:44 +0100 --- php5-5.4.6.orig/debian/php5-module.prerm +++ php5-5.4.6/debian/php5-module.prerm @@ -0,0 +1,14 @@ +#!/bin/sh + +set -e + +#EXTRA# +#DEBHELPER# + +if [ "$1" = "remove" ]; then + for dsoname in @modules@; do + php5dismod ${dsoname} + done +fi + +exit 0 --- php5-5.4.6.orig/debian/php5.lintian-overrides +++ php5-5.4.6/debian/php5.lintian-overrides @@ -0,0 +1,3 @@ +php5-common: non-standard-dir-perm var/lib/php5/ 1733 != 0755 +php5-common: package-contains-empty-directory usr/lib/php5/libexec/ +php5-common: missing-dependency-on-phpapi --- php5-5.4.6.orig/debian/php5-dev.lintian-overrides +++ php5-5.4.6/debian/php5-dev.lintian-overrides @@ -0,0 +1,2 @@ +php5-dev: script-not-executable ./usr/lib/php5/build/run-tests.php +php5-dev: script-not-executable usr/lib/php5/build/run-tests.php --- php5-5.4.6.orig/debian/libapache2-mod-php5filter.triggers +++ php5-5.4.6/debian/libapache2-mod-php5filter.triggers @@ -0,0 +1 @@ +interest /etc/php5/conf.d --- php5-5.4.6.orig/debian/php5-common.postrm.extra +++ php5-5.4.6/debian/php5-common.postrm.extra @@ -0,0 +1 @@ +[ "$1" = "purge" ] && rm -rf /var/lib/php5 --- php5-5.4.6.orig/debian/php5-module.ini +++ php5-5.4.6/debian/php5-module.ini @@ -0,0 +1,3 @@ +; configuration for php @extname@ module +; priority=@priority@ +extension=@dsoname@.so --- php5-5.4.6.orig/debian/libphp5-embed.postinst +++ php5-5.4.6/debian/libphp5-embed.postinst @@ -0,0 +1,18 @@ +#!/bin/sh + +set -e + +#DEBHELPER# + +[ "$1" = "configure" ] && ldconfig + +if [ "$1" != "configure" ]; then + exit 0 +fi + +phpini="/etc/php5/embed/php.ini" + +ucf /usr/share/php5/php.ini-production $phpini +ucfr libphp5-embed $phpini + +exit 0 --- php5-5.4.6.orig/debian/modulelist +++ php5-5.4.6/debian/modulelist @@ -0,0 +1,19 @@ +curl CURL +common PDO pdo 10 +enchant Enchant +gd GD +gmp GMP +intl Internationalisation +ldap LDAP +mysql MySQL +mysqlnd MySQL mysqlnd 10 +odbc ODBC +pgsql PostgreSQL +pspell pspell +recode recode +snmp SNMP +sqlite SQLite sqlite3 +sybase Sybase mssql +tidy tidy +xmlrpc XML-RPC +xsl XSL --- php5-5.4.6.orig/debian/php5-common.docs +++ php5-5.4.6/debian/php5-common.docs @@ -0,0 +1,7 @@ +CREDITS +EXTENSIONS +CODING_STANDARDS +README.EXT_SKEL +README.SELF-CONTAINED-EXTENSIONS +README.PHP4-TO-PHP5-THIN-CHANGES +debian/README.Debian.security --- php5-5.4.6.orig/debian/libapache2-mod-php5.conf +++ php5-5.4.6/debian/libapache2-mod-php5.conf @@ -0,0 +1,29 @@ + + + SetHandler application/x-httpd-php + + + SetHandler application/x-httpd-php-source + # Deny access to raw php sources by default + # To re-enable it's recommended to enable access to the files + # only in specific virtual host or directory + Order Deny,Allow + Deny from all + + # Deny access to files without filename (e.g. '.php') + + Order Deny,Allow + Deny from all + + + # Running PHP scripts in user directories is disabled by default + # + # To re-enable PHP in user directories comment the following lines + # (from to .) Do NOT set it to On as it + # prevents .htaccess files from disabling it. + + + php_admin_value engine Off + + + --- php5-5.4.6.orig/debian/libphp5-embed.prerm +++ php5-5.4.6/debian/libphp5-embed.prerm @@ -0,0 +1,11 @@ +#!/bin/sh + +set -e + +#DEBHELPER# + +if [ "$1" = "remove" -o "$1" = "deconfigure" ]; then + update-alternatives --remove php /usr/bin/php5 +fi + +exit 0 --- php5-5.4.6.orig/debian/php5-fpm.init +++ php5-5.4.6/debian/php5-fpm.init @@ -0,0 +1,178 @@ +#!/bin/sh +### BEGIN INIT INFO +# Provides: php-fpm php5-fpm +# Required-Start: $remote_fs $network +# Required-Stop: $remote_fs $network +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: starts php5-fpm +# Description: Starts PHP5 FastCGI Process Manager Daemon +### END INIT INFO + +# Author: Ondrej Sury + +PATH=/sbin:/usr/sbin:/bin:/usr/bin +DESC="PHP5 FastCGI Process Manager" +NAME=php5-fpm +DAEMON=/usr/sbin/$NAME +DAEMON_ARGS="--fpm-config /etc/php5/fpm/php-fpm.conf" +PIDFILE=/var/run/php5-fpm.pid +TIMEOUT=30 +SCRIPTNAME=/etc/init.d/$NAME + +# Exit if the package is not installed +[ -x "$DAEMON" ] || exit 0 + +# Read configuration variable file if it is present +[ -r /etc/default/$NAME ] && . /etc/default/$NAME + +# Load the VERBOSE setting and other rcS variables +. /lib/init/vars.sh + +# Define LSB log_* functions. +# Depend on lsb-base (>= 3.0-6) to ensure that this file is present. +. /lib/lsb/init-functions + +# +# Function to check the correctness of the config file +# +do_check() +{ + [ "$1" != "no" ] && $DAEMON $DAEMON_ARGS -t 2>&1 | grep -v "\[ERROR\]" + FPM_ERROR=$($DAEMON $DAEMON_ARGS -t 2>&1 | grep "\[ERROR\]") + + if [ -n "${FPM_ERROR}" ]; then + echo "Please fix your configuration file..." + $DAEMON $DAEMON_ARGS -t 2>&1 | grep "\[ERROR\]" + return 1 + fi + return 0 +} + +# +# Function that starts the daemon/service +# +do_start() +{ + # Return + # 0 if daemon has been started + # 1 if daemon was already running + # 2 if daemon could not be started + start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON --test > /dev/null \ + || return 1 + start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON -- \ + $DAEMON_ARGS 2>/dev/null \ + || return 2 + # Add code here, if necessary, that waits for the process to be ready + # to handle requests from services started subsequently which depend + # on this one. As a last resort, sleep for some time. +} + +# +# Function that stops the daemon/service +# +do_stop() +{ + # Return + # 0 if daemon has been stopped + # 1 if daemon was already stopped + # 2 if daemon could not be stopped + # other if a failure occurred + start-stop-daemon --stop --quiet --retry=QUIT/$TIMEOUT/TERM/5/KILL/5 --pidfile $PIDFILE --name $NAME + RETVAL="$?" + [ "$RETVAL" = 2 ] && return 2 + # Wait for children to finish too if this is a daemon that forks + # and if the daemon is only ever run from this initscript. + # If the above conditions are not satisfied then add some other code + # that waits for the process to drop all resources that could be + # needed by services started subsequently. A last resort is to + # sleep for some time. + start-stop-daemon --stop --quiet --oknodo --retry=0/30/TERM/5/KILL/5 --exec $DAEMON + [ "$?" = 2 ] && return 2 + # Many daemons don't delete their pidfiles when they exit. + rm -f $PIDFILE + return "$RETVAL" +} + +# +# Function that sends a SIGHUP to the daemon/service +# +do_reload() { + # + # If the daemon can reload its configuration without + # restarting (for example, when it is sent a SIGHUP), + # then implement that here. + # + start-stop-daemon --stop --signal USR2 --quiet --pidfile $PIDFILE --name $NAME + return 0 +} + +case "$1" in + start) + [ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME" + do_check $VERBOSE + case "$?" in + 0) + do_start + case "$?" in + 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; + 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; + esac + ;; + 1) [ "$VERBOSE" != no ] && log_end_msg 1 ;; + esac + ;; + stop) + [ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME" + do_stop + case "$?" in + 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; + 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; + esac + ;; + status) + status_of_proc "$DAEMON" "$NAME" && exit 0 || exit $? + ;; + check) + do_check yes + ;; + reload|force-reload) + log_daemon_msg "Reloading $DESC" "$NAME" + do_reload + log_end_msg $? + ;; + reopen-logs) + log_daemon_msg "Reopening $DESC logs" $NAME + if start-stop-daemon --stop --signal USR1 --oknodo --quiet \ + --pidfile $PIDFILE --exec $DAEMON + then + log_end_msg 0 + else + log_end_msg 1 + fi + ;; + restart) + log_daemon_msg "Restarting $DESC" "$NAME" + do_stop + case "$?" in + 0|1) + do_start + case "$?" in + 0) log_end_msg 0 ;; + 1) log_end_msg 1 ;; # Old process is still running + *) log_end_msg 1 ;; # Failed to start + esac + ;; + *) + # Failed to stop + log_end_msg 1 + ;; + esac + ;; + *) + echo "Usage: $SCRIPTNAME {start|stop|status|restart|reload|force-reload}" >&2 + exit 1 + ;; +esac + +: --- php5-5.4.6.orig/debian/libphp5-embed.postrm.extra +++ php5-5.4.6/debian/libphp5-embed.postrm.extra @@ -0,0 +1 @@ +[ "$1" = "remove" ] && ldconfig --- php5-5.4.6.orig/debian/php5-sybase.postinst.extra +++ php5-5.4.6/debian/php5-sybase.postinst.extra @@ -0,0 +1 @@ +dpkg-maintscript-helper rm_conffile /etc/php5/conf.d/mssql.ini 5.2.3-1 -- "$@" --- php5-5.4.6.orig/debian/extramodulelist +++ php5-5.4.6/debian/extramodulelist @@ -0,0 +1,10 @@ +mysql MySQL mysqli +mysql MySQL pdo_mysql +mysqlnd MySQL mysql +mysqlnd MySQL mysqli +mysqlnd MySQL pdo_mysql +interbase InterBase/Firebird pdo_firebird +odbc ODBC pdo_odbc +pgsql PostgreSQL pdo_pgsql +sqlite SQLite pdo_sqlite +sybase Sybase pdo_dblib --- php5-5.4.6.orig/debian/php5-fpm.postrm.extra +++ php5-5.4.6/debian/php5-fpm.postrm.extra @@ -0,0 +1 @@ +dpkg-maintscript-helper mv_conffile /etc/php5/fpm/main.conf /etc/php5/fpm/php-fpm.conf 5.3.5-1 -- "$@" --- php5-5.4.6.orig/debian/libapache2-mod-php5.load +++ php5-5.4.6/debian/libapache2-mod-php5.load @@ -0,0 +1 @@ +LoadModule php5_module /usr/lib/apache2/modules/libphp5.so --- php5-5.4.6.orig/debian/php-pear.doc-base.php-structures-graph +++ php5-5.4.6/debian/php-pear.doc-base.php-structures-graph @@ -0,0 +1,8 @@ +Document: php-structures-graph +Title: PEAR Structures_Graph +Abstract: API documentation of the Structures_Graph module. +Section: Programming + +Format: HTML +Index: /usr/share/doc/php-pear/PEAR/Structures_Graph/docs/html/index.html +Files: /usr/share/doc/php-pear/PEAR/Structures_Graph/docs/html/Structures_Graph/*.html --- php5-5.4.6.orig/debian/php5-module.postinst +++ php5-5.4.6/debian/php5-module.postinst @@ -0,0 +1,34 @@ +#!/bin/sh + +set -e + +#EXTRA# +#DEBHELPER# + +inidir=/etc/php5/mods-available +if [ "$1" = "configure" ]; then + for dsoname in @modules@; do + inifile=${dsoname}.ini + priority=$(sed -ne "s/^; priority=\([0-9]\+\)$/\\1/p" /usr/share/php5/@package@/${inifile}) + + # Register new conffile with UCF + ucf /usr/share/php5/@package@/${inifile} ${inidir}/${inifile} + ucfr --force php5-@package@ ${inidir}/${inifile} + + # Move pre-extension manager conffile + dpkg-maintscript-helper mv_conffile /etc/php5/conf.d/${inifile} ${inidir}/${inifile} 5.4.0~rc6-1 -- "$@"; + + if [ -f "${inidir}/${inifile}.dpkg-new" ]; then + md5sum="$(md5sum ${inidir}/${inifile}.dpkg-new | sed -e 's/ .*//')" + old_md5sum="$(md5sum ${inidir}/${inifile} | sed -e 's/ .*//')" + if [ "$md5sum" = "$old_md5sum" ]; then + mv "${inidir}/${inifile}.dpkg-new" "${inidir}/${inifile}" + fi + fi + + # Enable the module + php5enmod ${dsoname}/${priority:-20} + done +fi + +exit 0 --- php5-5.4.6.orig/debian/php5-fpm.triggers +++ php5-5.4.6/debian/php5-fpm.triggers @@ -0,0 +1 @@ +interest /etc/php5/conf.d --- php5-5.4.6.orig/debian/libphp5-embed.dirs +++ php5-5.4.6/debian/libphp5-embed.dirs @@ -0,0 +1 @@ +/usr/lib --- php5-5.4.6.orig/debian/changelog +++ php5-5.4.6/debian/changelog @@ -0,0 +1,4803 @@ +php5 (5.4.6-1ubuntu2) raring; urgency=low + + [ Robie Basak ] + * Re-add logic to guess default timezone from system to fix default timezone + regression (LP: #1069529). Cherry-picked from Debian 5.4.4-6 (also in + Debian 5.4.6-2). + + [ Marc Deslauriers ] + * debian/patches/libxml290.patch: Fix FTBFS with libxml 2.9.0. + + -- Marc Deslauriers Wed, 07 Nov 2012 11:54:55 -0500 + +php5 (5.4.6-1ubuntu1) quantal; urgency=low + + * Merge from Debian experimental (LP: #1006738 , LP: #1040212) + Remaining changes: + - d/rules: Simplify apache config settings since we never build + interbase or firebird. + - debian/rules: export DEB_HOST_MULTIARCH properly. + - Add build-dependency on lemon, which we now need. + - Dropped firebird2.1-dev, libc-client-dev, libmcrypt-dev as it is + in universe. + - Dropped libcurl-dev not in the archive. + - debian/control: replace build-depends on mysql-server with + mysql-server-core-5.5 and mysql-client-5.5 to avoid upstart and + mysql-server-5.5 postinst confusion with starting up multiple + mysqlds listening on the same port. + - Dropped php5-imap, php5-interbase, php5-mcrypt since we have + versions already in universe. + - Dropped libonig-dev and libqgdbm since its in universe. (libonig + MIR has been declined due to an inactive upstream. So this is + probably a permanent change). + - modulelist: Drop imap, interbase, sybase, and mcrypt. + - debian/rules: + - Dropped building of mcrypt, imap, and interbase. + - Install apport hook for php5. + - stop mysql instance on clean just in case we failed in tests + - debian/control, debian/rules: Re-enable libedit-dev. + * Dropped Changes: + - debian/rules: change memory limits on example .ini files. + + -- Clint Byrum Wed, 22 Aug 2012 13:40:18 -0700 + +php5 (5.4.6-1) experimental; urgency=low + + * Imported Upstream version 5.4.6 + * Apply another fix to compile --without-system-tzdata + (Courtesy of Michael Heimpold) + * Get rid of empty examples directory (Closes: #684108), but + keep parent directory to store test-results.txt among others + * Provide sensible default configuration for PHP-CGI files + (Closes: #685340) + * Add NEWS text about default extension configuration + * Update NEWS and README.Debian based on debian-l10n-english review + (Courtesy of Justing B Rye) + + -- Ondřej Surý Tue, 21 Aug 2012 12:37:12 +0200 + +php5 (5.4.5-1) experimental; urgency=low + + * Imported Upstream version 5.4.5 + * Update patches for PHP 5.4.5 release + * Compile with system libzip (upstream has added support for that) + + -- Ondřej Surý Mon, 23 Jul 2012 11:12:08 +0200 + +php5 (5.4.4-4) unstable; urgency=low + + * Fix php5-fpm segfault (PHP#62205) + * CVE-2012-2688: potential overflow in _php_stream_scandir + (Closes: #683274) + * Improve security in CGI section in README.Debian (Closes: #674205) + + -- Ondřej Surý Mon, 06 Aug 2012 13:01:42 +0200 + +php5 (5.4.4-3ubuntu1) quantal; urgency=low + + * Merge from Debian unstable. (LP: #1014044) (LP: #1024355) + Remaining changes: + - d/rules: Simplify apache config settings since we never build + interbase or firebird. + - debian/rules: export DEB_HOST_MULTIARCH properly. + - Add build-dependency on lemon, which we now need. + - Dropped firebird2.1-dev, libc-client-dev, libmcrypt-dev as it is in universe. + - Dropped libcurl-dev not in the archive. + - debian/control: replace build-depends on mysql-server with + mysql-server-core-5.5 and mysql-client-5.5 to avoid upstart and + mysql-server-5.5 postinst confusion with starting up multiple + mysqlds listening on the same port. + - Dropped php5-imap, php5-interbase, php5-mcrypt since we have versions + already in universe. + - Dropped libonig-dev and libqgdbm since its in universe. (libonig MIR + has been declined due to an inactive upstream. So this is probably + a permanent change). + - modulelist: Drop imap, interbase, sybase, and mcrypt. + - debian/rules: + * Dropped building of mcrypt, imap, and interbase. + * Install apport hook for php5. + * stop mysql instance on clean just in case we failed in tests + + -- Clint Byrum Mon, 23 Jul 2012 11:08:52 -0700 + +php5 (5.4.4-3) unstable; urgency=low + + * Update ucf/ucfr scripts to not conflict between mysql and mysqlnd + extension (Closes: #678371) + + -- Ondřej Surý Thu, 21 Jun 2012 11:22:05 +0200 + +php5 (5.4.4-2) unstable; urgency=high + + * Fix PHP5-FPM not reporting errors to web server (nginx) + (Closes: #677994) + * Bump urgency to high to replace the RC2 version in testing sooner. + + -- Ondřej Surý Tue, 19 Jun 2012 09:09:13 +0200 + +php5 (5.4.4-1ubuntu1) quantal; urgency=low + + * Merge from Debian unstable. Remaining changes: + - d/rules: Simplify apache config settings since we never build + interbase or firebird. + - debian/rules: export DEB_HOST_MULTIARCH properly. + - Add build-dependency on lemon, which we now need. + - Dropped firebird2.1-dev, libc-client-dev, libmcrypt-dev as it is in universe. + - Dropped libcurl-dev not in the archive. + - debian/control: replace build-depends on mysql-server with + mysql-server-core-5.5 and mysql-client-5.5 to avoid upstart and + mysql-server-5.5 postinst confusion with starting up multiple + mysqlds listening on the same port. + - Dropped php5-imap, php5-interbase, php5-mcrypt since we have versions + already in universe. + - Dropped libonig-dev and libqgdbm since its in universe. (libonig MIR + has been declined due to an inactive upstream. So this is probably + a permanent change). + - modulelist: Drop imap, interbase, sybase, and mcrypt. + - debian/rules: + * Dropped building of mcrypt, imap, and interbase. + * Install apport hook for php5. + * stop mysql instance on clean just in case we failed in tests + * Dropped Changes: + * d/rules: enable Suhosin patch with PHP5_SUHOSIN=yes -- Upstream suhosin + has been slow to adopt PHP 5.4, and is showing signs of disengagement. + Therefore, we will follow Debian's lead and drop Suhosin for now. + - d/control: build-depend on mysql 5.5 instead of 5.1 for running tests. + -- Debian just deps on mysql-server + - Suggest php5-suhosin rather than recommends. -- Dropping suhosin + - d/setup-mysql.sh: modify to work with mysql 5.5 differences -- superseded + in Debian. + - Only build php5-sqlite for sqlite3, dropping the obsolete sqlite2. -- + superseded in Debian + - d/maxlifetime: Improve maxlifetime script to scan for more SAPIs and + scan all *.ini in conf.d directory. -- Change came from Debian + - d/libapache2-mod-php5.postinst,libapache2-mod-php5filter.postinst: + Restart apache on first install to ensure module is fully enabled. + -- Change came from Debian + - debian/patches/php5-CVE-2012-1823.patch: filter query strings that + are prefixed with '-' -- Fixed upstream + - debian/control: Recommend php5-dev for php-pear. -- This was a poorly + conceived idea anyway. + - Pre-Depend on a new enough version of dpkg for dpkg-maintscript-helper + rather than checking whether it exists at run-time, leading to more + predictable behaviour on upgrades. -- Applied in Debian + - d/p/gd-multiarch-fix.patch: superseded + * d/NEWS: add note explaining that SUHOSIN is no longer enabled in the + Ubuntu packages. + + -- Clint Byrum Mon, 18 Jun 2012 16:10:26 -0700 + +php5 (5.4.4-1) unstable; urgency=low + + * Imported Upstream version 5.4.4 + * Generate 16 char salt instead of 12 char salt for SHA-512 + + -- Ondřej Surý Thu, 14 Jun 2012 16:03:51 +0200 + +php5 (5.4.4~rc2-1) unstable; urgency=low + + * Imported Upstream version 5.4.4~rc2 + + -- Ondřej Surý Thu, 31 May 2012 10:58:14 +0200 + +php5 (5.4.4~rc1-1) unstable; urgency=low + + * Imported Upstream version 5.4.4~rc1 + + CVE-2012-2386: Fix integer overflow leading to heap-buffer overflow + in the Phar extension + * Remove some READMEs removed by upstream + + README.SVN-RULES - upstream has moved to git + + README.Zeus - Zeus Web Server is dead + * CVE-2012-2386: one additional, similar vulnerable code construct in + the Phar extension + + -- Ondřej Surý Tue, 29 May 2012 12:12:27 +0200 + +php5 (5.4.3-6) unstable; urgency=low + + [ Ondřej Surý ] + * Merge 5.3.10-1 and 5.3.10-2 changelog + * Remove *.patch from .gitignore, it broke adding quilt patches + * Revert "Use system libzip (Pulled from Fedora)" (Closes: #674151) + * Add patch to fix tt-rss backend php crash (Closes: #666200) + + [ Thorsten Glaser ] + * Add support for Linux/m68k atomics needed by the FPM SAPI + (Closes: #672277) + + [ Gedalya ] + * Add logrotate script for php5-fpm (Closes: #673558) + + -- Ondřej Surý Mon, 28 May 2012 10:43:44 +0200 + +php5 (5.4.3-5) unstable; urgency=low + + * Pull patches from Fedora: + + Update use_embedded_timezonedb.patch to r8: fix compile error + without --with-system-tzdata configured + + Add ldconfig post/postun for -embedded (Hans de Goede) + + Use RTLD_NOW instead of RTLD_LAZY (pulled from Fedora) + + Use system libzip (pulled from Fedora) + * Disable undefined ZIP_OVERWRITE to allow compile with system libzip + + -- Ondřej Surý Mon, 21 May 2012 13:37:35 +0200 + +php5 (5.4.3-4) unstable; urgency=low + + * Fix tests ([ERROR] Can't start server: bind-address refers to + multiple interfaces!) (Closes: #672588) + + -- Ondřej Surý Tue, 15 May 2012 18:01:55 +0200 + +php5 (5.4.3-3) unstable; urgency=low + + * Disable log redirection in debian/setup-mysql.sh to help diagnose + the setup-mysql.sh failure (still not fixed, but not reproduceable + on my local box) + + -- Ondřej Surý Tue, 15 May 2012 14:27:12 +0200 + +php5 (5.4.3-2) unstable; urgency=low + + * Add --no-defaults to rest of the mysql commands in setup-mysql.sh + script (Closes: #672588) + * Add debugging info to debian/setup-mysql.sh to help diagnose any + further problems + + -- Ondřej Surý Tue, 15 May 2012 10:26:34 +0200 + +php5 (5.4.3-1) unstable; urgency=low + + * Imported Upstream version 5.4.3 + + CVE-2012-2311: Complete fix for PHP-CGI query string parameter + vulnerability + + CVE-2012-2329: Fix a buffer overflow vulnerability in the + apache_request_headers() (PHP 5.3 is not vulnerable) + + -- Ondřej Surý Wed, 09 May 2012 08:48:10 +0200 + +php5 (5.4.2-1) unstable; urgency=low + + * Imported Upstream version 5.4.2 + + CVE-2012-1823: Fix PHP-CGI query string parameter vulnerability. + + -- Ondřej Surý Fri, 04 May 2012 08:47:42 +0200 + +php5 (5.4.1-1) unstable; urgency=low + + * Imported Upstream version 5.4.1 + + Fixed insufficient validating of upload name leading to corrupted + $_FILES indices). (CVE-2012-1172). + + Add open_basedir checks to readline_write_history and + readline_read_history. + + Add Apache 2.4 support (.deb package in experimental comming soon) + + Added debug info handler to DOM objects. + * Remove Breaks: on php applications on maintainer requests: + + simplesamlphp + + php-horde-auth + * Add better configuration snippet for CGI (Closes: #571795) + * Update a description of PHP language based on the text from upstream + web page (http://www.php.net/manual/en/intro-whatis.php) + * Enable embed SAPI (Closes: #380731) + * Add lintian override for libphp5-embed: embedded-library + usr/lib/libphp5.so: file + * Add ldconfig to libphp5-embed.{postinst,postrm} + * Fix #EXTRA# processing for SAPIs (extra ; at the end of sed cmd) + + -- Ondřej Surý Thu, 03 May 2012 13:29:07 +0200 + +php5 (5.4.1~rc1-1) unstable; urgency=low + + * Add information about flavor of INI file inside the INI file, + install php.ini-development INI to /usr/share/php5 (Closes: #667711) + * Imported Upstream version 5.4.1~rc1 + * Update patches for the 5.4.1RC1 release + + -- Ondřej Surý Fri, 06 Apr 2012 15:04:08 +0200 + +php5 (5.4.0-4) unstable; urgency=low + + * Change id -u+getent combo to whoami (Courtesy of Michiel van + Leening) + * Fix missing FOUND declaration (pulled from dotdeb) + * Add Breaks for all known broken packages not working with PHP 5.4 + (Closes: #666411) + + -- Ondřej Surý Fri, 06 Apr 2012 12:46:14 +0200 + +php5 (5.4.0-3) unstable; urgency=high + + [ Thijs Kinkhorst ] + * Correct version number; 5.4.0~rc7-3 never existed + * Add placeholder build-arch, build-indep targets + * Each module needs to depend on ucf, as it's used in postinst + * Newer version of roundcube available that isn't broken anymore + * Checked for policy 3.9.3 + + [ Ondřej Surý ] + * Remove Pre-Depends on dpkg-maintscript-helper + * Remove obsolete configure options + * Add support for *.extra.{post,pre}{inst,rm} files + * Add support for MultiArch libgd2-xpm-dev + * Add support for MultiArch libmysqlclient-dev + * Add Lior to maintainers + * setup-mysql.sh changed to: + + never run as root (fix needed for MySQL 5.5 in pbuilder) + + drop and create database test which may or may not exist + * Restart apache2 instead of reloading on first install + (Closes: #589386) + + [ Julien Cristau ] + * Fix postinst scripts to not use 'local' outside functions (Closes: + #664853, #664849) + + -- Ondřej Surý Wed, 14 Mar 2012 08:49:32 +0100 + +php5 (5.4.0-2) unstable; urgency=low + + * Build depend on libpng-dev | libpng12-dev (Closes: #662466) + + -- Ondřej Surý Mon, 05 Mar 2012 13:26:06 +0100 + +php5 (5.4.0-1) unstable; urgency=low + + * PHP 5.4 has landed in unstable + * Imported Upstream version 5.4.0 + * Use $(filter pattern...,text) instead of $(findstring find,in) in + debian/rules to match against space separated list of words and not + substrings (Closes: #660647) + + -- Ondřej Surý Sat, 03 Mar 2012 16:03:12 +0100 + +php5 (5.4.0~rc8-2) experimental; urgency=low + + * Use $(filter pattern...,text) instead of $(findstring find,in) in + debian/rules to match against space separated list of words and not + just substrings (i386 != hurd-i386) (Closes: #660647) + + -- Ondřej Surý Mon, 20 Feb 2012 17:26:54 +0100 + +php5 (5.4.0~rc8-1) experimental; urgency=low + + * Imported Upstream version 5.4.0~rc8 + * Improve maxlifetime script to scan for more SAPIs and scan all *.ini + in conf.d directory + * Move php5-mysqlnd to Priority: extra to make debcheck happy + * Check for dpkg-maintscript-helper existence in php5-fpm maintainer + scripts + * Add Pre-Depends: dpkg (>= 1.15.7.2~) | dpkg-maintscript-helper to + allow single upgrade path (dpkg-maintscript-helper package will be + provided for Ubuntu Lucid PPA) + + -- Ondřej Surý Fri, 17 Feb 2012 21:37:05 +0100 + +php5 (5.4.0~rc7-2) experimental; urgency=low + + * Use corrected module PHPAPI (20100525) and not (220100525) + * Use $ZEND_MODULE_API_NO for $DEBIAN_PHP_API. Check for PHPAPI + changes, so we don't become binary incompatible without knowing it. + * Update debian/README.Debian.security: + + register_globals was removed from PHP 5.4 + + Remove safe_mode (removed upstream) and update and reformat text + slightly + + Reviewed by english l10n team (thanks a lot) + * php5-fpm now listen on socket instead of localhost by default + (Closes: #650204) + * Add NEWS about change of default location of php5-fpm socket + * Stop php5-fpm on runlevels 0 1 6 (Closes: #650203) + * Add -ignore_readdir_race to find call in session cleanup (#634864) + * Don't prefix extension list automatically, it's done by subsvars now + (Closes: #633491) + * Depends on non-forking fuser in psmisc (Closes: #633100) + * php5-common.README.Debian additions and cleanup: + + Add a paragraph about PHP_INI_SCAN_DIR (Closes: #659123) + + Reformat README.Debian to common formatting + + Mention php5-fpm where appropriate + + Use 'PHP 5' and 'Apache HTTP Server' instead of php5 and apache2 + + -- Ondřej Surý Thu, 09 Feb 2012 00:03:26 +0100 + +php5 (5.4.0~rc7-1) experimental; urgency=low + + [ Thijs Kinkhorst ] + * Textual improvements to README.Debian.security, NEWS + (closes: #632675,#643015,#658208). + + [ Ondřej Surý ] + * Imported Upstream version 5.4.0~rc7 + + CVE-2012-0830: Fix PHP remote vulnerability (code injection) in the + implementation of the max_input_vars configuration variable + + CVE-2011-3389: Fix possible attack in SSL sockets with SSL 3.0/TLS 1.0. + + -- Ondřej Surý Fri, 03 Feb 2012 11:03:39 +0100 + +php5 (5.4.0~rc6-3) experimental; urgency=low + + * ucfize php5-module.* and store priority in module .ini file + * Store dsonames in maintainer scripts to make postrm work + * Make php5enmod idempotent + + -- Ondřej Surý Thu, 02 Feb 2012 12:25:54 +0100 + +php5 (5.4.0~rc6-2) experimental; urgency=low + + * Merge all changes from Debian unstable branch (up to 5.3.9-6) + * Fix -Wformat-security error in mysqlnd + * Add php5{en,dis}mod to enable/disable modules from maintainer + scripts (Closes: #447826, #582320, #627145) + (Initial work courtesy of Clint Byrum) + * Modify comments in php.inis to match compiled default session + * Adjust new 5.3 patches for 5.4 branch + * Ensure pdo.so is loaded before all other modules + * Add trigger to restart php5-fpm when module is installed/removed + * Remove --with-ttf and --with-t1lib (Closes: #658248, #638755) + * Add debian/NEWS item about missing t1lib functions + + -- Ondřej Surý Wed, 01 Feb 2012 18:27:30 +0100 + +php5 (5.4.0~rc6-1) experimental; urgency=low + + * Imported Upstream version 5.4.0~rc6 + + -- Ondřej Surý Fri, 20 Jan 2012 15:30:48 +0100 + +php5 (5.4.0~rc5-1) experimental; urgency=low + + * Imported Upstream version 5.4.0~rc5 + * Update patches for new release + * Disable suhosin patch + + -- Ondřej Surý Thu, 19 Jan 2012 19:23:36 +0100 + +php5 (5.4.0~beta2-1) experimental; urgency=low + + * Remove obsolete sqlite(2) module from php5-sqlite + * Use correct signals in php5-fpm init script (Closes: #645934) + * Update gbp.conf for experimental branch + * Imported Upstream version 5.4.0~beta2 + * Refresh patches for the 5.4.0beta2 release + * Remove php.ini-paranoid, it's almost useless now + * Remove safe_mode setting from suhosin, it has been removed upstream + * Remove the php_stream stuff to allow compiling with system-wide + libgd + * php5-common.docs: Don't install non-existant TODO file + + -- Ondřej Surý Sat, 22 Oct 2011 18:39:33 +0200 + +php5 (5.3.10-2) unstable; urgency=low + + * Use $(filter pattern...,text) instead of $(findstring find,in) in + debian/rules to match against space separated list of words and not + substrings (Closes: #660647) + * CVE-2012-0831: magic_quotes_gpc remote disable vulnerability (NOTE: + magic_quotes_gpc is DEPRECATED and will be removed from PHP 5.4, + e.g. you should not use them!), also fix regression in CVE-2012-0831 + (LP#930115) + * Depends on non-forking fuser in psmisc (Closes: #633100) + * Add Pre-Depends: dpkg (>= 1.15.7.2~) | dpkg-maintscript-helper to + allow single upgrade path (dpkg-maintscript-helper package will be + provided for Ubuntu Lucid PPA) + + -- Ondřej Surý Mon, 20 Feb 2012 17:40:24 +0100 + +php5 (5.3.10-1ubuntu4) quantal; urgency=low + + * SECURITY UPDATE: php5-cgi query string parameters parsing + vulnerability + - debian/patches/php5-CVE-2012-1823.patch: filter query strings that + are prefixed with '-' + - CVE-2012-1823 + - CVE-2012-2311 + + -- Steve Beattie Wed, 23 May 2012 15:57:57 -0400 + +php5 (5.3.10-1ubuntu3) precise; urgency=low + + * Cherry picked fixes from Debian testing: + - d/maxlifetime: Improve maxlifetime script to scan for more SAPIs and + scan all *.ini in conf.d directory. + (LP: #916065). + - d/libapache2-mod-php5.postinst,libapache2-mod-php5filter.postinst: + Restart apache on first install to ensure module is fully enabled. + (LP: #953081). + + -- James Page Wed, 11 Apr 2012 14:27:10 +0100 + +php5 (5.3.10-1ubuntu2) precise; urgency=low + + * Pre-Depend on a new enough version of dpkg for dpkg-maintscript-helper + rather than checking whether it exists at run-time, leading to more + predictable behaviour on upgrades. + + -- Colin Watson Mon, 05 Mar 2012 12:21:35 +0000 + +php5 (5.3.10-1ubuntu1) precise; urgency=low + + * Merge from Debian testing. Remaining changes: + - d/control: build-depend on mysql 5.5 instead of 5.1 for running tests. + - d/setup-mysql.sh: modify to work with mysql 5.5 differences + - debian/rules: export DEB_HOST_MULTIARCH properly. + - Only build php5-sqlite for sqlite3, dropping the obsolete sqlite2. + - Add build-dependency on lemon, which we now need. + - Dropped firebird2.1-dev, libc-client-dev, libmcrypt-dev as it is in universe. + - Dropped libcurl-dev not in the archive. + - debian/control: replace build-depends on mysql-server with + mysql-server-core-5.5 and mysql-client-5.5 to avoid upstart and + mysql-server-5.5 postinst confusion with starting up multiple + mysqlds listening on the same port. + - Dropped php5-imap, php5-interbase, php5-mcrypt since we have versions + already in universe. + - Suggest php5-suhosin rather than recommends. + - Dropped libonig-dev and libqgdbm since its in universe. (libonig MIR + has been declined due to an inactive upstream. So this is probably + a permanent change). + - modulelist: Drop imap, interbase, sybase, and mcrypt. + - debian/rules: + * Dropped building of mcrypt, imap, and interbase. + * Install apport hook for php5. + * stop mysql instance on clean just in case we failed in tests + - debian/control: Recommend php5-dev for php-pear. + * Dropped Changes: + - d/patches/CVE-2011-4566.patch: Applied upstream + - debian/rules: --enable-pcntl for cgi as well. (Applied in Debian) + * d/rules: enable Suhosin patch with PHP5_SUHOSIN=yes + * d/NEWS: add note explaining that SUHOSIN *is* enabled in the Ubuntu + package. + * d/rules: Simplify apache config settings since we never build + interbase or firebird. + + -- Clint Byrum Thu, 16 Feb 2012 03:17:18 -0800 + +php5 (5.3.10-1) unstable; urgency=high + + [ Raphael Geissert ] + * Remove myself from uploaders + * Randomly choose the mysql server's port + + [ Ondřej Surý ] + * Fix use_embedded_timezonedb.patch in custom builds (Courtesy of + Dominic Scheirlinck) (Closes: #652599) + * Fix typo in firebird2.1-dev build dependency + * Update gbp.conf for 5.3.x branch + * Imported Upstream version 5.3.10 + + CVE-2012-0830: Fix PHP remote vulnerability (code injection) in the + implementation of the max_input_vars configuration variable + + -- Ondřej Surý Fri, 03 Feb 2012 09:38:06 +0100 + +php5 (5.3.9-6) unstable; urgency=low + + * Build MySQL extensions with Native Driver as an alternative + (Closes: #576412) + * Set default mysql socket location to /var/run/mysqld/mysqld.sock + * Move php5-sqlite postinst code to postinst.extra + * Cherry-pick patches from Fedora: + + Fix mysqlnd socket location fix + + Define _GNU_SOURCE in the configure.in + + Typing fixes in dba extension + + Don't add RPATH to extensions + * Add missing check for dpkg-maintscript-helper in sqlite preinst + and postrm + * Add code to specify priority of modules to load mysqlnd.so before + mysql.so and mysqli.so in php5-mysqlnd package + * Alter version in rm_conffile call to 5.3.9~ to handle all possible + versions due binNMUs (Closes: #656495) + * Add more condition when to remove empty postinst script + + -- Ondřej Surý Tue, 31 Jan 2012 15:25:57 +0100 + +php5 (5.3.9-5) unstable; urgency=low + + * Use DEB_HOST_ARCH, not DEB_HOST_ARCH_OS to check where to build + firebird module (Closes: #645401) + * Add back firebird2.5-dev and firebird2.1-dev to allow backports + * Disable tests on hurd-i386 for now, because it FTBFS + * Don't fail if suhosin is not enabled (Closes: #657808) + + -- Ondřej Surý Sun, 29 Jan 2012 09:27:28 +0100 + +php5 (5.3.9-4) unstable; urgency=low + + * Remove suhosin patch from description and add short NEWS about + disabling Suhosin patch (Closes: #657697) + * Re-enable firebird extension build on armhf and powerpcspe + (Closes: #657691) + + -- Ondřej Surý Sat, 28 Jan 2012 08:50:42 +0100 + +php5 (5.3.9-3) unstable; urgency=low + + * Don't build firebird extension on hurd, m68k, hppa, ppc64, armhf and + powerpcspe (Closes: #651070) + * Avoid ptrace hungs when building on hurd + * Check for dpkg-maintscript-helper existence instead of hard dpkg + dependency to allow backported packaged on older (Ubuntu lucid) + systems + * Remove Suhosin patch, but add PHP5_SUHOSIN=no/yes option to + debian/rules + * Update patches after suhosin.patch removal and update suhosin.patch to + cleanly apply as a last patch in the series + * Replace firebird2.[15]-dev (transitional) dependencies with + firebird-dev + * More Firebird adjustments, don't build the extension on more ports, + where firebird-dev is not available + + -- Ondřej Surý Fri, 27 Jan 2012 11:02:48 +0100 + +php5 (5.3.9-2) unstable; urgency=low + + * Handle sqlite.so removal (remove conffile) (Closes: #656495) + * Add Breaks: roundcube-sqlite since we no longer ship sqlite.so + + -- Ondřej Surý Tue, 24 Jan 2012 09:55:56 +0100 + +php5 (5.3.9-1) unstable; urgency=low + + * Remove obsolete sqlite(2) module from php5-sqlite + * Use correct signals in php5-fpm init script (Closes: #645934) + * Imported Upstream version 5.3.9 + * Adapt debian/patches to 5.3.9 release + + -- Ondřej Surý Wed, 11 Jan 2012 16:33:20 +0100 + +php5 (5.3.8.0-1ubuntu3) precise; urgency=low + + * SECURITY UPDATE: Denial of service and possible information disclosure + via exif integer overflow + - debian/patches/CVE-2011-4566.patch: fix count checks in + ext/exif/exif.c. + - CVE-2011-4566 + + -- Marc Deslauriers Mon, 12 Dec 2011 15:14:28 -0500 + +php5 (5.3.8.0-1ubuntu2) precise; urgency=low + + * d/control: build-depend on mysql 5.5 instead of 5.1 for running tests. + * d/setup-mysql.sh: modify to work with mysql 5.5 differences + + -- Clint Byrum Thu, 24 Nov 2011 10:28:38 -0800 + +php5 (5.3.8.0-1ubuntu1) precise; urgency=low + + * Resynchronise with Debian. Remaining changes: + - debian/rules: export DEB_HOST_MULTIARCH properly. + - Only build php5-sqlite for sqlite3, dropping the obsolete sqlite2. + - Add build-dependency on lemon, which we now need. + - Dropped firebird2.1-dev, libc-client-dev, libmcrypt-dev as it is in universe. + - Dropped libcurl-dev not in the archive. + - debian/control: replace build-depends on mysql-server with + mysql-server-core-5.1 and mysql-client-5.1 to avoid upstart and + mysql-server-5.1 postinst confusion with starting up multiple + mysqlds listening on the same port. + - Dropped php5-imap, php5-interbase, php5-mcrypt since we have versions + already in universe. + - Suggest php5-suhosin rather than recommends. + - Dropped libonig-dev and libqgdbm since its in universe. (libonig MIR + has been declined due to an inactive upstream. So this is probably + a permanent change). + - modulelist: Drop imap, interbase, sybase, and mcrypt. + - debian/rules: + * Dropped building of mcrypt, imap, and interbase. + * Install apport hook for php5. + * stop mysql instance on clean just in case we failed in tests + - debian/control: Recommend php5-dev for php-pear. + - debian/rules: --enable-pcntl for cgi as well. + * debian/patches/temporary-path-fixes-for-multiarch.patch: Handle + multiarch libmysqlclient as well. + + -- Colin Watson Wed, 23 Nov 2011 12:58:51 +0000 + +php5 (5.3.8.0-1) unstable; urgency=low + + * Re-re-imported upstream version 5.3.8, as a new sourceful update, + in order to prevent the package from remaining as a native package. + + -- Sean Finney Thu, 27 Oct 2011 17:17:02 +0200 + +php5 (5.3.8-2ubuntu2) precise; urgency=low + + * Rebuild for libicu48. + + -- Colin Watson Wed, 23 Nov 2011 10:54:32 +0000 + +php5 (5.3.8-2ubuntu1) precise; urgency=low + + * Merge with Debian; remaining changes: + - debian/rules: export DEB_HOST_MULTIARCH properly. + - Only build php5-sqlite for sqlite3, dropping the obsolete sqlite2. + - Add build-dependency on lemon, which we now need. + - Dropped firebird2.1-dev, libc-client-dev, libmcrypt-dev as it is in universe. + - Dropped libcurl-dev not in the archive. + - debian/control: replace build-depends on mysql-server with + mysql-server-core-5.1 and mysql-client-5.1 to avoid upstart and + mysql-server-5.1 postinst confusion with starting up multiple + mysqlds listening on the same port. + - Dropped php5-imap, php5-interbase, php5-mcrypt since we have versions + already in universe. + - Suggest php5-suhosin rather than recommends. + - Dropped libonig-dev and libqgdbm since its in universe. (libonig MIR + has been declined due to an inactive upstream. So this is probably + a permanent change). + - modulelist: Drop imap, interbase, sybase, and mcrypt. + - debian/rules: + * Dropped building of mcrypt, imap, and interbase. + * Install apport hook for php5. + * stop mysql instance on clean just in case we failed in tests + - debian/control: Recommend php5-dev for php-pear. + - debian/rules: --enable-pcntl for cgi as well. + + -- Matthias Klose Tue, 18 Oct 2011 15:39:03 +0200 + +php5 (5.3.8-2) unstable; urgency=low + + * Fix botched upload when git-buildpackage didn't play well with + bz2 upstream archive + * Add additional temporary fix for MultiArch OpenSSL + + -- Ondřej Surý Mon, 12 Sep 2011 09:06:10 +0200 + +php5 (5.3.8-1) unstable; urgency=low + + * Imported Upstream version 5.3.8 + * Refresh patches to 5.3.8 release + * Pull fixes for DateTime tests from upstream SVN + * Add additional temporary fix for MultiArch for sybase/mssql + + -- Ondřej Surý Wed, 24 Aug 2011 13:13:51 +0200 + +php5 (5.3.7-1) unstable; urgency=low + + * Imported Upstream version 5.3.7 + * Update patches to the new 5.3.7 release and remove those merged + upstream + * Don't require autoconf 2.59 and lower, we'll deal with consequences + * Add MultiArch fix for LDAP libraries + * Remove PEAR patching with CVE-2011-1144.patch which was merged upstream + + -- Ondřej Surý Fri, 19 Aug 2011 14:18:03 +0200 + +php5 (5.3.6-13ubuntu3) oneiric; urgency=low + + * debian/rules: export DEB_HOST_MULTIARCH properly, so that I don't spend + an hour scratching my head at './debian/rules configure' not working + right. + * Only build php5-sqlite for sqlite3, dropping the obsolete sqlite2. + * Add build-dependency on lemon, which we now need. + + -- Steve Langasek Wed, 24 Aug 2011 21:40:27 +0000 + +php5 (5.3.6-13ubuntu2) oneiric; urgency=low + + * debian/rules: build with --with-openssl instead of --with-openssl=/usr, + to autodetect libraries in multiarch directories. + * debian/patches/temporary-path-fixes-for-multiarch.patch: add ldap + multiarch checks. LP: #826601. + + -- Steve Langasek Tue, 16 Aug 2011 06:14:55 +0000 + +php5 (5.3.6-13ubuntu1) oneiric; urgency=low + + * Merge from debian unstable. Remaining changes: + * Dropped firebird2.1-dev, libc-client-dev, libmcrypt-dev as it is in universe. + * Dropped libcurl-dev not in the archive. + * debian/control: replace build-depends on mysql-server with + mysql-server-core-5.1 and mysql-client-5.1 to avoid upstart and + mysql-server-5.1 postinst confusion with starting up multiple + mysqlds listening on the same port. + * Dropped php5-imap, php5-interbase, php5-mcrypt since we have versions + already in universe. + * Suggest php5-suhosin rather than recommends. + * Dropped libonig-dev and libqgdbm since its in universe. (libonig MIR + has been declined due to an inactive upstream. So this is probably + a permanent change). + * modulelist: Drop imap, interbase, sybase, and mcrypt. + * debian/rules: + * Dropped building of mcrypt, imap, and interbase. + * Install apport hook for php5. + * stop mysql instance on clean just in case we failed in tests + * debian/control: Recommend php5-dev for php-pear. + * debian/rules: --enable-pcntl for cgi as well. + * debian/patches/temporary-path-fixes-for-multiarch.patch: as a stopgap + for natty, patch the various config.m4 files for modules whose + libraries have moved to the multiarch dir; we can't use --with-libdir + yet because that requires all the build-deps to have moved. Thanks to + Jonathan Marsden for preparing this patch. + * debian/patches/fpm-config.patch: Update php-fpm.conf(pool.d/con) + to do initial chdir to / as suggest by Olaf van van der Spek + to detect early problems if php5-fpm needs a write access to + initial chdir. + * SECURITY UPDATE: use-after-free vulnerability + - debian/patches/php5-CVE-2011-1148.patch: improve reference + counting + - CVE-2011-1148 + * debian/rules: set DEB_HOST_MULTIARCH to enable 'debian/rules' for + building. + + -- Chuck Short Mon, 25 Jul 2011 19:14:12 +0100 + +php5 (5.3.6-13) unstable; urgency=low + + * Fix CVE-2011-2483: 8-bit character mishandling allows different + password pairs to produce the same hash (Closes: #631347) + * Add support for $2x$ identifier as blowfish variant in crypt.c to + allow backward compatibility with old invalid hashes + * Return fail string (*0) on invalid Blowfish salt rounds + * Add NEWS item about incompatible blowfish hashes + * Fix CVE-2011-1938: Stack-based buffer overflow in the socket_connect + function in ext/sockets/sockets.c in PHP 5.3.3 through 5.3.6 might + allow context-dependent attackers to execute arbitrary code via a + long pathname for a UNIX socket. + + -- Ondřej Surý Mon, 04 Jul 2011 12:41:07 +0200 + +php5 (5.3.6-12) unstable; urgency=low + + * Bump standards version to 3.9.2 + * Update cron.d code to even safer variant (Courtesy of Bob Proulx) + * Small optimization in cron.d script (Courtesy of Marcus Cobden) + * Add firebird2.1-dev option to allow backports + * Pull (and fix broken patch) multiarch workaround from Ubuntu natty + * Add error message when phpize is not found (Closes: #627937) + * Enable pcntl extension for CGI builds (Closes: #627941), but + disable all pcntl functions by default + * File path injection vulnerability in RFC1867 File upload filename + [CVE-2011-2202] + + -- Ondřej Surý Wed, 15 Jun 2011 11:06:40 +0200 + +php5 (5.3.6-11ubuntu1) oneiric; urgency=low + + * Merge from debian unstable. Remaining changes: + * Dropped firebird2.1-dev, libc-client-dev, libmcrypt-dev as it is in universe. + * Dropped libcurl-dev not in the archive. + * debian/control: replace build-depends on mysql-server with + mysql-server-core-5.1 and mysql-client-5.1 to avoid upstart and + mysql-server-5.1 postinst confusion with starting up multiple + mysqlds listening on the same port. + * Dropped php5-imap, php5-interbase, php5-mcrypt since we have versions + already in universe. + * Suggest php5-suhosin rather than recommends. + * Dropped libonig-dev and libqgdbm since its in universe. (libonig MIR + has been declined due to an inactive upstream. So this is probably + a permanent change). + * modulelist: Drop imap, interbase, sybase, and mcrypt. + * debian/rules: + * Dropped building of mcrypt, imap, and interbase. + * Install apport hook for php5. + * stop mysql instance on clean just in case we failed in tests + * debian/control: Recommend php5-dev for php-pear. + * debian/rules: --enable-pcntl for cgi as well. + * debian/patches/temporary-path-fixes-for-multiarch.patch: as a stopgap + for natty, patch the various config.m4 files for modules whose + libraries have moved to the multiarch dir; we can't use --with-libdir + yet because that requires all the build-deps to have moved. Thanks to + Jonathan Marsden for preparing this patch. + * debian/patches/fpm-config.patch: Update php-fpm.conf(pool.d/con) + to do initial chdir to / as suggest by Olaf van van der Spek + to detect early problems if php5-fpm needs a write access to + initial chdir. + * SECURITY UPDATE: use-after-free vulnerability + - debian/patches/php5-CVE-2011-1148.patch: improve reference + counting + - CVE-2011-1148 + * debian/rules: set DEB_HOST_MULTIARCH to enable 'debian/rules' for + building. + * Dropped Changes: + * Dropped libmysqlclient15-dev, build against mysql 5.1. -- Dropped in debian. + * Dropped locales-all. -- Now has alternative language-pack-de for use in tests. + * debian/php5-fpm.init: backport changes from Debian package to run + configuration check. Removes check for /var/www which broke stand- + alone installation of php5-fpm. -- superseded upstream + * All CVE's not mentioned above (applied upstream or in Debian) + * debian/patches/configure-as-needed.patch. Work around suspicious + configure macros to fix a build failure with --as-needed + * debian/patches/backport-upstream-lp592442.patch: Backport upstream fix + for ssl fopen issues. -- applied in Debian + * debian/patches/lp564920-fix-big-files.patch: Fix downloading of large + files -- applied in Debian + + -- Clint Byrum Wed, 25 May 2011 10:34:40 -0700 + +php5 (5.3.6-11) unstable; urgency=low + + * Use more reasonable default number of processes for PHP5-FPM + * Enable firebird support everywhere also in debian/rules + * Don't delete still used session files (Closes: #626640) + * Enable building of php5-interbase by adding Architecture: any + to debian/control + * Use dh_prep instead of dh_clean -k + + -- Ondřej Surý Sat, 14 May 2011 22:15:32 +0200 + +php5 (5.3.6-10) unstable; urgency=low + + * Purge .start files in postrm, not in prerm (Closes: #607520) + * Register config files to UCF Registry + + -- Ondřej Surý Sat, 30 Apr 2011 13:16:27 +0200 + +php5 (5.3.6-9) unstable; urgency=low + + * Make sure even harded to not left any stale file after purging the + package (Closes: #607520) + * Move libapache2-mod-php5filter to extra to satisfy policy + * Remove oldstable dependcy on firebird2.0-dev + * Enable php5-interbase on all platforms and update build dependency + on firebird2.5-dev + * Import backported upstream fix for fopen fails on some SSL urls + * Remove windows devel file from php5-dev + * Add more lintian-overrides: + + Missing dependency on phpapi for php5-common is not missing + + php-pear is keeping it's original directory structure + + Double the filenames (./usr vs usr) to fix difference between + lintian versions + + the embedded file library (libmagic) is unfortunately a custom + one and cannot be replaced by system one (it's on the TODO list) + + -- Ondřej Surý Thu, 28 Apr 2011 13:37:07 +0200 + +php5 (5.3.6-8) unstable; urgency=low + + * Provides/Replaces/Conflicts: php5-idn (Closes: #547117) + * Build depend on libdb-dev (>= 5.1) (Closes: #621443) + + -- Ondřej Surý Sun, 10 Apr 2011 23:27:44 +0200 + +php5 (5.3.6-7) unstable; urgency=low + + * Disable SSLv2 when disabled in OpenSSL (Closes: #620776) + + -- Ondřej Surý Mon, 04 Apr 2011 08:40:25 +0200 + +php5 (5.3.6-6) unstable; urgency=low + + * Fix order of do_check in php5-fpm.init to check for the right return + code + + -- Ondřej Surý Thu, 31 Mar 2011 11:46:49 +0200 + +php5 (5.3.6-5) unstable; urgency=low + + * Don't fail the php5-fpm init.d script if VERBOSE is `no' + * Fix some compile errors with --enable-maintainer-zts as reported by + Raphaël Gertz + * Make php5-fpm init.d script even less verbose on startup + + -- Ondřej Surý Mon, 28 Mar 2011 17:05:17 +0200 + +php5 (5.3.6-4) unstable; urgency=low + + * Merged r308688 fix s/raiseErro/raiseError/ and fixed parenthese in + r309043 (Closes: #619307) (Courtesy of upstream and Ernesto Domato) + * Make locales-all build dependency useful by fixing language tests + to use de_DE.UTF-8 + * Debian packaging: + + Allow easy porting to Ubuntu by adding alternate dependency for + locales-all -> language-pack-de, because only german locale is used + in the tests + + Fix missing debhelper token in php5-fpm.preinst + * Explicitly set pm.start_servers in php5-fpm to make it quiet + * Update php5-fpm.init according to latest /etc/init.d/skeleton + (Closes: #619383) + + -- Ondřej Surý Wed, 23 Mar 2011 16:44:28 +0100 + +php5 (5.3.6-3) unstable; urgency=low + + * Update php-fpm.conf(pool.d/www.conf) to do initial chdir to / as + suggested by Olaf van der Spek to detect early problems if php5-fpm + needs a write access to initial chdir. Also fix brown-paper-bug + which made the setting new chdir not work because we already modify + it elsewhere (Closes: #601243) + + -- Ondřej Surý Mon, 21 Mar 2011 16:27:01 +0100 + +php5 (5.3.6-2) unstable; urgency=low + + * Update default configuration file for php5-fpm (Closes: #619104) + * Depend only on libdb4.8-dev | libdb4.6-dev to match apache2 + (Closes: #619036) + + Will coordinate change to db5.1 with apache2 maintainer + + -- Ondřej Surý Mon, 21 Mar 2011 11:54:04 +0100 + +php5 (5.3.6-1) unstable; urgency=low + + * Imported Upstream version 5.3.6 + + PEAR updated to 1.9.2 (CVE-2011-1072) + * Cherry-pick CVE-2011-1144 from PEAR 1.9.3 (Closes: #546164) + * Debian packaging: + + Start using pristine-tar + + Remove patches merged upstream or otherwise deprecated + + Move php5-fpm.postrm extras to debian/rules + * FPM SAPI changes: + + Set initial chdir to /tmp in www pool (Closes: #601243) + + Rename main configuration file to php-fpm.conf to match upstream + + Enable error reporting in init.d file + + Patch FPM SAPI to use Debian php-fpm.conf as default + * Fix regression with missing CRYPT_SALT_LENGTH (Closes: #603012) + * Generate SHA512 salt string when provided salt is null (Closes: #581170) + * Fix FTBFS with gold or ld --no-add-needed (Closes: #615770) + * Don't mmap large >4GB files + * CVE-2011-0441: Be more careful when removing session files + (Closes: #618489) + + -- Ondřej Surý Fri, 18 Mar 2011 15:51:50 +0100 + +php5 (5.3.5-1ubuntu7.2) natty-security; urgency=low + + * debian/patches/php5-pear-CVE-2011-1144-regression.patch: fix + mkdir parenthesis issue and PEAR::raiseErro typo (LP: #774452) + + -- Steve Beattie Sat, 30 Apr 2011 16:00:39 -0700 + +php5 (5.3.5-1ubuntu7.1) natty-security; urgency=low + + * SECURITY UPDATE: arbitrary files removal via cronjob + - debian/php5-common.php5.cron.d: take greater care when removing + session files. + - http://git.debian.org/?p=pkg-php%2Fphp.git;a=commitdiff_plain;h=d09fd04ed7bfcf7f008360c6a42025108925df09 + - CVE-2011-0441 + * SECURITY UPDATE: symlink tmp races in pear install + - debian/patches/php5-pear-CVE-2011-1072.patch: improved + tempfile handling. + - debian/rules: apply patch manually after unpacking PEAR phar + archive. + - CVE-2011-1072 + * SECURITY UPDATE: more symlink races in pear install + - debian/patches/php5-pear-CVE-2011-1144.patch: add TOCTOU save + file handler. + - debian/rules: apply patch manually after unpacking PEAR phar + archive. + - CVE-2011-1144 + * SECURITY UPDATE: denial of service through application crash with + invalid images + - debian/patches/php5-CVE-2010-4698.patch: verify anti-aliasing + steps are either 4 or 16. + - CVE-2010-4698 + * SECURITY UPDATE: denial of service through application crash + - debian/patches/php5-CVE-2011-0420.patch: improve grapheme_extract() + argument validation. + - CVE-2011-0420 + * SECURITY UPDATE: denial of service through application crash + - debian/patches/php5-CVE-2011-0421.patch: fail operation gracefully + when handling zero sized zipfile with the FL_UNCHANGED argument + - CVE-2011-0421 + * SECURITY UPDATE: denial of service through application crash when + handling images with invalid exif tags + - debian/patches/php5-CVE-2011-0708.patch: stricter exif checking + - CVE-2011-0708 + * SECURITY UPDATE: denial of service and possible data disclosure + through integer overflow + - debian/patches/php5-CVE-2011-1092.patch: better boundary + condition checks in shmop_read() + - CVE-2011-1092 + * SECURITY UPDATE: use-after-free vulnerability + - debian/patches/php5-CVE-2011-1148.patch: improve reference + counting + - CVE-2011-1148 + * SECURITY UPDATE: format string vulnerability + - debian/patches/php5-CVE-2011-1153.patch: correctly quote format + strings + - CVE-2011-1153 + * SECURITY UPDATE: denial of service through buffer overflow crash + (code execution mitigated by compilation with Fortify Source) + - debian/patches/php5-CVE-2011-1464.patch: limit amount of precision + to ensure fitting within MAX_BUF_SIZE + - CVE-2011-1464 + * SECURITY UPDATE: denial of service through application crash + - debian/patches/php5-CVE-2011-1467.patch: check for invalid + attribute symbols in NumberFormatter::setSymbol() + - CVE-2011-1467 + * SECURITY UPDATE: denial of service through memory leak + - debian/patches/php5-CVE-2011-1468.patch: fix memory leak of + openssl contexts + - CVE-2011-1468 + * SECURITY UPDATE: denial of service through application crash + when using HTTP proxy with the FTP wrapper + - debian/patches/php5-CVE-2011-1469.patch: improve pointer handling + - CVE-2011-1469 + * SECURITY UPDATE: denial of service through application crash when + handling ziparchive streams + - debian/patches/php5-CVE-2011-1470.patch: set necessary elements of + the meta data structure + - CVE-2011-1470 + * SECURITY UPDATE: denial of service through application crash when + handling malformed zip files + - debian/patches/php5-CVE-2011-1471.patch: correct integer + signedness error when handling zip_fread() return value. + - CVE-2011-1471 + * debian/control: replace build-depends on mysql-server with + mysql-server-core-5.1 and mysql-client-5.1 to avoid upstart and + mysql-server-5.1 postinst confusion with starting up multiple + mysqlds listening on the same port. + + -- Steve Beattie Tue, 26 Apr 2011 08:34:26 -0700 + +php5 (5.3.5-1ubuntu7) natty; urgency=low + + * debian/php5-fpm.init: backport changes from Debian package to run + configuration check. Removes check for /var/www which broke stand- + alone installation of php5-fpm. (LP: #753924) + * debian/rules: set DEB_HOST_MULTIARCH to enable 'debian/rules' for + building. + + -- Clint Byrum Tue, 12 Apr 2011 14:21:14 -0700 + +php5 (5.3.5-1ubuntu6) natty; urgency=low + + * debian/patches/fpm-config.patch: Update php-fpm.conf(pool.d/con) + to do initial chdir to / as suggest by Olaf van van der Spek + to detect early problems if php5-fpm needs a write access to + initial chdir. + * debian/patches/backport-upstream-lp592442.patch: Backport upstream fix + for ssl fopen issues. (LP: #592442) + + -- Chuck Short Fri, 01 Apr 2011 09:29:49 -0400 + +php5 (5.3.5-1ubuntu5) natty; urgency=low + + * debian/patches/temporary-path-fixes-for-multiarch.patch: as a stopgap + for natty, patch the various config.m4 files for modules whose + libraries have moved to the multiarch dir; we can't use --with-libdir + yet because that requires all the build-deps to have moved. Thanks to + Jonathan Marsden for preparing this patch. LP: #739977. + * debian/patches/ubuntu/ubuntu-php-version.patch: drop. This is an + autogenerated file. + + -- Steve Langasek Thu, 24 Mar 2011 22:34:00 +0000 + +php5 (5.3.5-1ubuntu4) natty; urgency=low + + * debian/control: Recommend php5-dev for php-pear. (LP: #634359) + * debian/rules: --enable-pcntl for cgi as well. (LP: #658346) + + -- Chuck Short Mon, 14 Mar 2011 10:34:00 -0400 + +php5 (5.3.5-1ubuntu3) natty; urgency=low + + * debian/php5-fpm.init: Fix logic from previous commit. + + -- Chuck Short Mon, 14 Mar 2011 08:18:17 -0400 + +php5 (5.3.5-1ubuntu2) natty; urgency=low + + * debian/php5-fpm.init: Dont start fpm if /var/www doesnt exist. + (LP: #731572) + + -- Chuck Short Fri, 11 Mar 2011 16:29:24 -0500 + +php5 (5.3.5-1ubuntu1) natty; urgency=low + + * Merge from debian/unstable. Remaining changes: + - debian/control: + * Dropped firebird2.1-dev, libc-client-dev, libmcrypt-dev as it is in universe. + * Dropped libmysqlclient15-dev, build against mysql 5.1. + * Dropped libcurl-dev not in the archive. + * Suggest php5-suhosin rather than recommends. + * Dropped php5-imap, php5-interbase, php5-mcrypt since we have versions + already in universe. + * Dropped libonig-dev and libqgdbm since its in universe. (will be re-added in lucid+1) + - modulelist: Drop imap, interbase, sybase, and mcrypt. + - debian/rules: + * Dropped building of mcrypt, imap, and interbase. + * Install apport hook for php5. + * stop mysql instance on clean just in case we failed in tests + + -- Chuck Short Tue, 22 Feb 2011 09:46:37 -0500 + +php5 (5.3.5-1) unstable; urgency=low + + * Imported Upstream version 5.3.5 + * Updated suhosin patch to 0.9.10 + * Add Conflict: with php5-idn to php5-intl (Closes: #610935) + * Build the FPM SAPI (Closes: #603174) + * Adapted (and removed upstream-applied) patches to php 5.3.5 + + -- Ondřej Surý Wed, 16 Feb 2011 15:17:32 +0100 + +php5 (5.3.3-7ubuntu1) natty; urgency=low + + * Merge from debian unstable. Remaining changes: + - debian/control: + * Dropped firebird2.1-dev, libc-client-dev, libmcrypt-dev as it is in universe. + * Dropped libmysqlclient15-dev, build against mysql 5.1. + * Dropped libcurl-dev not in the archive. + * Suggest php5-suhosin rather than recommends. + * Dropped php5-imap, php5-interbase, php5-mcrypt since we have versions + already in universe. + * Dropped libonig-dev and libqgdbm since its in universe. (will be re-added in lucid+1) + * Dropped locales-all. + - modulelist: Drop imap, interbase, sybase, and mcrypt. + - debian/rules: + * Dropped building of mcrypt, imap, and interbase. + * Install apport hook for php5. + * stop mysql instance on clean just in case we failed in tests + - Dropped debian/patches/fix-upstream-bug53632.patch, used debian's instead. + - Dropped debian/patches/mssql-fix-segfault.patch, use debian's instead. + - debian/patches/configure-as-needed.patch. Work around suspicious + configure macros to fix a build failure with --as-needed + - debian/patches/php52389-pgsql-segfault.patch: removing, causes error + handling to fail. + + -- Chuck Short Fri, 07 Jan 2011 22:44:56 +0000 + +php5 (5.3.3-7) unstable; urgency=low + + * Cherry pick patches for: + + double free vulnerability in the imap_do_open function in the IMAP + extension (CVE-2010-4150) + + infinite loop with x87 CPU + + extract() to not overwrite $GLOBALS and $this when using + EXTR_OVERWRITE + + crash if aa steps are invalid in GD extension + + crash with entitity declaration in simplexml.c + + NULL dereference in Zend language scanner + + integer overflow in SdnToJulian + + memory leaks and possible crash introduced by NULL poisoning patch + + leaks and crash when passing the callback as a variable + + leak in highlight_string + + segmentation fault in pgsql_stmt_execute when postgres is down + + segmentation fault when extending SplFixedArray + + segmentation fault when node is NULL in simplexml.c + + segmentation fault when using several cloned intl objects + + segmentation fault when using bad column_number in sqlite3 columnName + * Add comment about cherry picked patches (and last revision) from + upstream SVN to README.source + + -- Ondřej Surý Wed, 05 Jan 2011 11:06:20 +0100 + +php5 (5.3.3-6) unstable; urgency=medium + + * Cherry-pick fix for crashes on invalid parameters in intl extension. + (CVE-2010-4409). + * Cherry pick fix for crash in zip extract method (possible CWE-170) + * Cherry pick fix for unaligned memory access in ext/hash/hash_tiger.c + * Update CVE-2010-3870 to include test case + * Cherry pick complete fix to reject filenames with NULL (CVE requested) + + -- Ondřej Surý Tue, 07 Dec 2010 11:15:58 +0100 + +php5 (5.3.3-5) unstable; urgency=high + + * Add firebird support for armhf (Closes: #604526) + * More updates to open_basedir (Closes: #605391) + + -- Ondřej Surý Tue, 30 Nov 2010 12:00:37 +0100 + +php5 (5.3.3-4) unstable; urgency=low + + * Cherry pick patches for (Closes: #603751): + + NULL pointer dereference in ZipArchive::getArchiveComment + (CVE-2010-3709) + + utf8_decode xml_utf8_decode vulnerability (CVE-2010-3870) + + mb_strcut() returns garbage with the excessive length parameter + (CVE-2010-4156) + + possible flaw in open_basedir (CVE-2010-3436) + + segfault in SplFileObject::fscanf + + memory leak in PDO::FETCH_INTO + + crash when storing many SPLFixedArray in an array + + possible crash in php_mssql_get_column_content_without_type() + + cURL leaks handle and causes assertion error (CURLOPT_STDERR) + + segfault when optional parameters are not passed in to mssql_connect + + segfault when ssl stream option capture_peer_cert_chain used + + crash in GC because of incorrect reference counting + + crash when calling enchant_broker_get_dict_path before set_path + + crash in pdo_firebird getAttribute() + + -- Ondřej Surý Wed, 17 Nov 2010 10:31:58 +0100 + +php5 (5.3.3-3) unstable; urgency=high + + * Fix segfault in filter_var with FILTER_VALIDATE_EMAIL with large + amount of data (CVE-2010-3710, Closes: #601619) + + -- Ondřej Surý Wed, 27 Oct 2010 23:39:37 +0200 + +php5 (5.3.3-2) unstable; urgency=low + + * Upload 5.3.3 to unstable + + Fixes CVE-2010-2225, CVE-2010-2094, CVE-2010-1917, CVE-2010-1866, + CVE-2010-2531, CVE-2010-3065. + * Don't build FPM SAPI now + * Bump standards version to 3.9.1 + * Synchronize system crypt patch + * Cherry pick upstream fix for format vulnerability in phar/stream.c + + Fixes CVE-2010-2950. + * Set explicit error level to hide warnings on systems with modified + php.ini (Closes: #590485) + * Apply patch to fix loading of extensions without [PHP] section + (Closes: #595761) + * Set session.gc_probability back to 0 (Closes: #595706) + * Update PHP5 description to not include references to C, Java and + Perl (Closes: #351032) + + -- Ondřej Surý Thu, 21 Oct 2010 16:57:53 +0200 + +php5 (5.3.3-1ubuntu12) natty; urgency=low + + * debian/patches/fix-upstream-bug53632.patch: Fix infinite loop bug (php bug #53632) + (LP: #697181) + + -- Chuck Short Fri, 07 Jan 2011 12:57:59 -0500 + +php5 (5.3.3-1ubuntu11) natty; urgency=low + + * Add debian/patches/mssql-fix-segfault.patch: Fixes segfault on missing + parameters for mssql. Upstream php bug #52843 and LP: #611316. + + -- Clint Byrum Fri, 03 Dec 2010 23:45:19 -0800 + +php5 (5.3.3-1ubuntu10) natty; urgency=low + + * debian/patches/configure-as-needed.patch. Work around suspicious + configure macros to fix a build failure with --as-needed (Clint Byrum). + Addresses #676672. + + -- Matthias Klose Wed, 24 Nov 2010 10:44:36 +0100 + +php5 (5.3.3-1ubuntu9.1) maverick-proposed; urgency=low + + * debian/patches/php52389-pgsql-segfault.patch: removing, + causes error handling to fail (LP: #660227) + + -- Clint Byrum Thu, 14 Oct 2010 06:46:02 -0700 + +php5 (5.3.3-1ubuntu9) maverick; urgency=low + + * SECURITY UPDATE: arbitrary memory disclosure and possible code + execution via phar extension + - debian/patches/CVE-2010-2950.patch: use correct format string in + ext/phar/stream.c. + - CVE-2010-2094 + - CVE-2010-2950 + + -- Marc Deslauriers Mon, 20 Sep 2010 14:56:33 -0400 + +php5 (5.3.3-1ubuntu8) maverick; urgency=low + + * Build-depend on netcat-openbsd | netcat, instead of just netcat (only + in universe). + + -- Matthias Klose Fri, 17 Sep 2010 14:33:13 +0200 + +php5 (5.3.3-1ubuntu7) maverick; urgency=low + + * debian/setup-mysql.sh: Copy mysqld to local dir during build to avoid + apparmor restrictions (LP: #638401) + * debian/rules: stop mysql instance on clean just in case we failed in tests + + -- Clint Byrum Wed, 15 Sep 2010 10:48:32 -0700 + +php5 (5.3.3-1ubuntu6) maverick; urgency=low + + * Undo sybase debugging libraries split: keeping a smaller delta with Debian + is more important than demoting sybase to universe. + + -- Mathias Gug Wed, 25 Aug 2010 14:04:57 -0400 + +php5 (5.3.3-1ubuntu5) maverick; urgency=low + + * Drop sybase libraries to universe: + Move debugging libraries to php5-sybase-dbg: + - debian/control: + + create php5-sybase-dbg package. + + drop php5-sybase as php5-dbg dependency. + - debian/rules: move sybase debugging libraries to php5-sybase-dbg. + + -- Mathias Gug Fri, 20 Aug 2010 19:13:55 -0400 + +php5 (5.3.3-1ubuntu4) maverick; urgency=low + + * debian/php5-module.ini: # replaced with ; (LP: #591286) + * debian/patches/php52389-pgsql-segfault.patch (LP: #607646) + - Applying patch for upstream bug that causes segfaults in pgsql + + -- Clint Byrum Fri, 13 Aug 2010 00:07:15 -0700 + +php5 (5.3.3-1ubuntu3) maverick; urgency=low + + * debian/patches/lp564920-fix-big-files.patch: Fix downloading of large + files (LP: #564920) + + -- Clint Byrum Fri, 06 Aug 2010 13:10:17 -0700 + +php5 (5.3.3-1ubuntu2) maverick; urgency=low + + * debian/control: Use netcat rather than netcat-traditional. + + -- Chuck Short Thu, 05 Aug 2010 20:00:34 -0500 + +php5 (5.3.3-1ubuntu1) maverick; urgency=low + + * Merge from debian experimental: + - debian/control: + * Dropped firebird2.1-dev, libc-client-dev, libmcrypt-dev as it is in universe. + * Dropped libmysqlclient15-dev, build against mysql 5.1. + * Dropped libcurl-dev not in the archive. + * Suggest php5-suhosin rather than recommends. + * Dropped php5-imap, php5-interbase, php5-mcrypt since we have versions already in + universe. + * Dropped libonig-dev and libqgdbm since its in universe. (will be re-added in lucid+1) + * Dropped locales-all. + - modulelist: Drop imap, interbase, and mcrypt. + - debian/rules: + * Dropped building of mcrypt, imap, and interbase. + * Install apport hook for php5. + + -- Chuck Short Sun, 01 Aug 2010 14:28:03 -0500 + +php5 (5.3.3-1) experimental; urgency=low + + * Upload PHP 5.3.3 to experimental for further testing + + Fixes odbc_autocommit (Closes: #586570) + + Adds support for sqlite3_busy_timout (Closes: #589473) + + Fixes CVE-2010-2225, CVE-2010-2094, CVE-2010-1917, CVE-2010-1866 + and other CVEs that do not apply to the Debian packages or are + irrelevant as per the pre-5.3.2-2 security policy. + * Changes pending update from unstable: + + Use system crypt + * Build the FPM SAPI. + + -- Raphael Geissert Sat, 31 Jul 2010 15:53:12 -0400 + +php5 (5.3.2-2) unstable; urgency=low + + [ Ondřej Surý ] + * Fix unittest about failing crypt() calls with invalid salt + + [ Raphael Geissert ] + * Cherry pick upstream fix for mysqli_ssl_set (Closes: #572122) + * Cherry pick patch to reset error status on beginTransaction() + * Cherry pick patch to add missing definition of JSON_ERROR_UTF8 + * Cherry pick patch to fix SplFileInfo::getPathName() + * Cherry pick patch to fix a memory leak in the cyclical gc + * Cherry pick fix for memory leak in date when gc is enabled + * Cherry pick patch to fix an unaligned mem access in the dba ext + * Cherry pick fix for memory issues in mysqli_options (Closes: #577784) + * Set default session.save_path to /var/lib/php5 (Closes: #576593) + * Don't install an extra copy of php.ini-production + * Remove obsolete TODO list + * Add debian/source/format and set it to 1.0 + * Add doc-base registration for Structuctures_Graph documentation + * Cherry pick patch to fix multiple typos + * Synchronize enchant patch with changes committed upstream + * Cherry pick patch to workaround BDB 4.8 bc changes (Closes: #570149) + * Cherry pick patch to allow the timeout on mssql to be effective p/query + * Cherry pick patch to correctly determine length of doc_root + * Cherry pick patch to fix a memory leak in SoapServer::handle + * Cherry pick patch to fix SplFileInf::fscanf()'s prototype + * Test the mysql extensions too + * Update the security policy for Squeeze and greater + * Include ext_skel script (Closes: #530757) + + [ Sean Finney ] + * Fix for parallel FTBFS in (Closes: #584348) + * Import upstream fix for pdo_mysql segfaults (Closes: #581911) + - thanks to Richard van den Berg + * Dynamically determine maxlifetime if possible. (Closes: #504053) + - thanks to Chris Butler + + -- Raphael Geissert Sun, 18 Jul 2010 15:35:06 -0500 + +php5 (5.3.2-1ubuntu5) maverick; urgency=low + + * debian/php5-module.ini: Comment should be "#" not ";". (LP: #573436) + * debian/patches/cherrypick-upstream-51740.diff: Fix acinclude.ac macro check. (LP: #576910) + * debian/patches/cherrypick-upstream-48361.diff: Fix regression with getPathInfo() + doesn't return parent info (LP: #576910) + * debian/patches/session_save_path.patch: ave PHP sessions to + /var/lib/php rather than /tmp. (LP: #573222) + + -- Chuck Short Tue, 25 May 2010 10:17:00 -0400 + +php5 (5.3.2-1ubuntu4.1) lucid-proposed; urgency=low + + * debian/patches/fix-mysql-badmem.patch: Fix mysql crash when using php5-cgi. (LP: #567043) + + -- Chuck Short Mon, 03 May 2010 11:23:43 -0400 + +php5 (5.3.2-1ubuntu4) lucid; urgency=low + + * debian/control, debian/rules: Re-enable libedit-dev. (LP: #548823) + + -- Chuck Short Mon, 05 Apr 2010 15:33:21 -0400 + +php5 (5.3.2-1ubuntu3) lucid; urgency=low + + * debian/control: Fix upgrade of php5-ldap from 5.3.1. (LP: #) + + -- Chuck Short Sun, 28 Mar 2010 15:41:34 -0400 + +php5 (5.3.2-1ubuntu2) lucid; urgency=low + + * debian/control: Dont build with libmcrypt-dev. + + -- Chuck Short Fri, 26 Mar 2010 14:39:36 -0400 + +php5 (5.3.2-1ubuntu1) lucid; urgency=low + + * Merge from debian unstable: + - debian/control: + * Dropped firebird2.1-dev, libc-client-dev, libmcrypt-dev as it is in universe. + * Dropped libmysqlclient15-dev, build against mysql 5.1. + * Dropped libcurl-dev not in the archive. + * Suggest php5-suhosin rather than recommends. + * Dropped php5-imap, php5-interbase, php5-mcrypt since we have versions already in + universe. + * Dropped libonig-dev and libqgdbm since its in universe. (will be re-added in lucid+1) + * Dropped locales-all. + - modulelist: Drop imap, interbase, and mcrypt. + - debian/rules: + * Dropped building of mcrypt, imap, and interbase. + * Install apport hook for php5. + - Dropped debian/patches/libedit_is_editline.patch. + + -- Chuck Short Tue, 16 Mar 2010 09:09:50 -0400 + +php5 (5.3.2-1) unstable; urgency=high + + [ Sean Finney ] + * Fix improper signed overflow detection in filter extension + (Closes: #570287) + * Another integer overflow/underflow logic fix. (Closes: #570144) + * new debian patch fix_filter_var_email_test.patch (Closes: #571764) + * New debian patch fix_var_dump_64bit.phpt.patch (Closes: #571772) + * New debian patch use_embedded_timezonedb_fixes.patch (Closes: #571762) + + [ Raphael Geissert ] + * Build with qdbm support + * Really run extensions' tests + * Add a note about user_dirs in apache conf file (Closes: #571714) + * Fix typo in debian/NEWS + * Don't install a(nother) useless Structures_Graph sh script + * Re-enable short_open_tag for CLI too (Closes: #573367) + * Disable memory limit in CLI, letting ulimit do its job (Closes: #407425) + * Fix the locale name in some tests (Closes: #573511) + * Fix some gd tests that need the bundled library + * Fix a null pointer dereference when processing invalid XML-RPC + requests (CVE-2010-0397, Closes: #573573) + * Fix an unaligned memory access in enchant_dict_suggest() + * Fix another unaligned memory access in enchant + * Test that the list of extensions to test is never empty + * Update the list of alternative dependencies of php5-dbg + * debian/rules cleanup + * debian/control cleanup + * Build against the system oniguruma library + * Add libjpeg-dev as an alternative to libjpeg62-dev for future + transitions + + [ Ondřej Surý ] + * Imported Upstream version 5.3.2 + * Updated suhosin patch to 0.9.9.1 version. + * Removed debian/patches/suhosin_page_size_fixes.patch. (Closes: #571974) + * Refreshed debian/patches/001-libtool_fixes.patch + * Refreshed debian/patches/006-debian_quirks.patch + * Adapt debian patches to 5.3.2. + * Remove "binary" contents from + debian/patches/fix_var_dump_64bit.phpt.patch + * New debian patch fix_broken_sha2_test.patch + * New debian patch always_use_system_crypt.patch (Closes: #572601) + * New debian patch php_crypt_revamped.patch (Closes: #572601) + + -- Raphael Geissert Sat, 13 Mar 2010 15:11:48 -0600 + +php5 (5.3.1-5) unstable; urgency=low + + [ Sean Finney ] + * Pass full path to php cli executable for unit tests + * dont-gitclean-in-build.patch: Don't run git-clean via buildconf + * update debian patch page_size_fixes.patch with upstream bug ref + * new debian patch broken_5.3_test-posix_uname.patch (Closes: #570286) + + [ Raphael Geissert ] + * Add build-dependency on netbase to fix a test (Closes: #570291) + * Suhosin PAGE_SIZE fixes have been already forwarded + * Fix a race condition on shtool's mkdir -p (Closes: #570111) + * Actually test the binary that is to be shipped in the -cli package + * Add some more documentation about the build system + * Documentation updates + * Update the suhosin patch version information + * Build-dep on locales-all to enable multiple tests + * Don't ship empty maintainer scripts + * Add patch to allow building with qdbm + * Test the extensions that don't require a special setup + * Get the correct list of built-in extensions of apache2filter + + -- Raphael Geissert Mon, 22 Feb 2010 10:41:51 -0600 + +php5 (5.3.1-4) unstable; urgency=low + + [ Raphael Geissert ] + * Pass -O0 when using 'noopt' to actually disable any optimization + * Add patch to use sysconf() to determine the page size + * Add patch to remove PAGE_SIZE assumptions in suhosin code + * Fix an unaligned memory access in the phar extension + * Fix another unaligned memory access + * Print the expected/actual output of failed test + * Add missing PEAR directory (Closes: #542483) + * Build sqlite3 as shared (Closes: #568956) + * Add some more documentation about the source package + + [ Sean Finney ] + * New debian patch fix_broken_5.3_tests.patch + + -- Raphael Geissert Thu, 11 Feb 2010 02:22:47 -0600 + +php5 (5.3.1-3) unstable; urgency=low + + [ Ondřej Surý ] + * get rid of php4 dependencies + * Enable short_open_tag again (Closes: #537099) + * fix dependency on automake1.4 in php5-dev package + * fix typo s/firefox/firebird/ in changelog + * Removed long inactive Adam Conrad and Jeroen van Wolffelaar from uploaders + + [ Raphael Geissert ] + * Fix maintainer scripts to use php.ini-production (Closes: #565130) + * Revert b22a350: Turn the phpapi dependencies into php5 | phpapi + * Allow parallel building via parallel=n + * Build with the hardening wrapper + * Remove no-longer-needed dfsg-repack script + * Add DEP-3-format metadata to some of the patches + * Build the intl extension + * Drop exif_read_data-segfault patch, merged upstream + * Build the enchant extension + * Add ${misc:Depends} where missing + * Disable mod_php in user directories (Closes: #555606) + * Add missing comment character to php.ini-paranoid (Closes: #564622) + * Build the interbase extension on all the supported architectures + + [ Sean Finney ] + * 5.3 upload for unstable. + - Includes backported fix for "ref converted to value" (Closes: #556237). + + -- Raphael Geissert Sun, 07 Feb 2010 23:31:51 -0600 + +php5 (5.3.1-2) experimental; urgency=low + + * Merged changes from 5.2.x sid branch. + * Adapt mssql-null-exception.patch and sybase-alias.patch to 5.3.1 + * Update strcmp_null-OnUpdateErrorLog.patch; merged upstream, leave a + patch with a test case + * Removed check_ini_on_modify_status.patch and gentoo/117- + 4_digit_year_big_endian.patch; merged upstream + * Removed max_file_uploads.patch; no need for backwards compatibility + between major releases + * Refreshed 112-proc_open.patch,exif_read_data-segfault.patch + * Fix duplicate Provides: in debian/control introduced by cherry- + picking 94f0ec3 + * Update sybase aliases to include correct arguments, needed for 5.3.x + * Update Build-Depends: to include firebird2.1-dev as preferred + alternative (Closes: #564691) + * Reformat Build-Depends: to one-dependency-per-line + * Reduce number of libdb*-dev to include only version in + stable/testing/unstable + * Switch to automake (>= 1.11) | automake1.11, depend on autoconf >= + 2.63 (Closes: #549148) + + -- Ondřej Surý Mon, 11 Jan 2010 16:56:01 +0100 + +php5 (5.3.1-1) experimental; urgency=low + + * Imported Upstream version 5.3.1 + * Change dependcy to libdb-dev instead on arbitrary version of + libdb4.x-dev + * Refreshed 006-debian_quirks patch to apply cleanly. + * Removed 114-php_gd_segfault.patch, merged upstream. + * Refreshed 115-autoconf_ftbfs.patch to apply cleanly + * Updated suhosin.patch to 0.9.8 version for php-5.3.1 + * Refreshed 001-libtool_fixes.patch + * Refreshed 004-ldap_fix.patch + * Refreshed 013-force_getaddrinfo.patch + * Refreshed 036-fd_setsize_fix.patch + * Refreshed 052-phpinfo_no_configure.patch + * Refreshed 053-extension_api.patch + * Refreshed 108-64_bit_datetime.patch + * Refreshed 113-php.ini_securitynotes.patch + * Refreshed 116-posixness_fix.patch + * Refreshed gentoo/006_ext-curl-set_opt-crash.patch + * Refreshed gentoo/009_ob-memory-leaks.patch + * Refreshed libedit_is_editline.patch + * Refreshed suhosin.patch + * Add .gitignore file to ignore .pc/ directory + * Removed README.CVS-RULES from debian/php5-common.docs, file is no + longer shipped by upstream. + + -- Ondřej Surý Thu, 07 Jan 2010 17:21:47 +0100 + +php5 (5.3.0-3) experimental; urgency=low + + * Fix segmentation fault in php-gd (Closes: #543496) + * Update suhosin patch to 0.9.8 *BETA* and enable it again + * Fix FTBFS with current autoconf/automake (Closes: #542906, #542088) + * Add avr32-linux-gnu to no -gstabs toolchains (Closes: #543278) + * Fix FTBFS on Debian Hurd (Closes: #530281) + * Use updated (v7) version of use_embedded_timezonedb.patch (Closes: #535770) + + -- Ondřej Surý Tue, 25 Aug 2009 16:12:13 +0200 + +php5 (5.2.12.dfsg.1-2) unstable; urgency=low + + * Update Build-Depends: to include firebird2.1-dev as preferred + alternative (Closes: #564691) + * Reformat Build-Depends: to one-dependency-per-line + * Reduce number of firebird*-dev to include only version in + stable/testing/unstable + * Reduce number of libdb*-dev to include only version in + stable/testing/unstable + * Switch to automake (>= 1.11) | automake1.11, depend on autoconf + (>= 2.63) (Closes: #549148) + + -- Ondřej Surý Mon, 11 Jan 2010 17:31:33 +0100 + +php5 (5.2.12.dfsg.1-1) unstable; urgency=low + + [ Thijs Kinkhorst ] + * Change comment in module .ini snippets from # to ; to avoid deprecation + warnings with PHP 5.3.0. + + [ Ondřej Surý ] + * Imported Upstream version 5.2.12.dfsg.1 + * Removed manpage_spelling.patch, merged upstream. + * Removed libedit_is_editline.patch, merged upstream. + * Refreshed max_file_uploads.patch, patch can be removed, it's kept to + raise max_file_uploads to 50. + * Refreshed and updated suhosin.patch + * Refreshed 001-libtool_fixes.patch, 004-ldap_fix.patch, + 006-debian_quirks.patch, 013-force_getaddrinfo.patch, + 034-apache2_umask_fix.patch, 053-extension_api.patch, + 056-mime_magic_liberal.patch, 115-autoconf_ftbfs.patch, + gentoo/009_ob-memory-leaks.patch, mssql-null-exception.patch, + use_embedded_timezonedb.patch + * Removed autogenerated main/php_config.h.in from suhosin.patch + (Ubuntu: #493761) + * Short open tags are On again in php.ini-dist (Closes: #537099) + * Don't leave .start if we are purging (Closes: #561739) + * Add README.Debian file to /usr/share/doc/php-pear/PEAR, so the + directory is not deleted (Closes: #563437, #542483) + + [ Upstream ] + * Fix default pear.php.net channel definitions (Closes: #559029) + + -- Ondřej Surý Fri, 08 Jan 2010 18:18:43 +0100 + +php5 (5.2.11.dfsg.1-2) unstable; urgency=high + + * max_file_uploads: limit the maximum number of file uploads to 50 + + Reduces the chances of a temporary file exhaustion DoS + * Add libdb4.8-dev as an alternative dependency (Closes: #555945) + * Add libdb-dev as another alternative, hopefully the last one + (Closes: #548486) + * Add a versioned dependency on libtool 2.2 (Closes: #548015) + * Use FilesMatch and SetHandler on apache setups (Closes: #491928) + * Gentoo patch ext-curl-set_opt-crash has already been merged upstream + * Drop unused lintian override + + -- Raphael Geissert Sat, 21 Nov 2009 13:37:51 -0600 + +php5 (5.2.11.dfsg.1-1) unstable; urgency=low + + * New upstream release + + [ Fixes incorporated upstream ] + * Fix 4-year digit year on big-endian platforms (Closes: #542301) + * patch curl_streams_sleep.patch + * patch strcmp_null-OnUpdateErrorLog.patch (partially addresses #540605) + * patch check_ini_on_modify_status.patch + + [ Raphael Geissert ] + * Add aliases to the mssql functions on the sybase extension (Closes: #523073) + * Fix the rows_affected alias, it should be affected_rows + * Avoid possible memory dumps via PG on restored ini values (Closes: #540605) + + [ Ondrej Sury ] + * Fix FTBFS with current autoconf/automake (Closes: #542906, #542088) + * Add avr32-linux-gnu to no -gstabs toolchains (Closes: #543278) + * Fix FTBFS on Debian Hurd (Closes: #530281) + * fix whitespace in libapache2-mod-php5.postinst + + [ Sean Finney ] + * incorporate/ack previous NMU's, thanks Andreas. + * update debian patch 115-autoconf_ftbfs.patch for new upstream version + * update debian patch fix_broken_upstream_tests.patch + * update debian patch mssql-null-exception.patch + * refresh various quilt patches against new upstream version + * remove no longer needed "legacy" support for conffile migration + * add dpkg trigger in the apache2 and apache2filter sapis for reloading + apache2 on extension updates (Closes: #490023, #524206) + * let libmysqlclient15-dev be a fallback alternative for libmysqlclient-dev + in case someone wants to backport the package. + * update list of installed documentation + + -- Sean Finney Sun, 20 Sep 2009 11:05:35 +0200 + +php5 (5.2.10.dfsg.1-2.2) unstable; urgency=medium + + * Non-maintainer upload. + * Drop hand-crafted dependency on libmysqlclient15. + + -- Andreas Barth Mon, 31 Aug 2009 09:22:16 +0200 + +php5 (5.2.10.dfsg.1-2.1) unstable; urgency=medium + + * Non-maintainer upload. + * Fix FTBFS with new autoconf. Thanks to Russ Allbery for the patch. + Closes: #542906 + + -- Andreas Barth Sun, 30 Aug 2009 13:49:40 +0200 + +php5 (5.2.10.dfsg.1-2) unstable; urgency=low + + * Declare that PEAR replaces XML_UTIL (Closes: #534621) + * Bump standards-version, no change needed + * Fix an unconditional limit on dblib_driver.c (Closes: #534881) + * Fix a segfault on exif_data_read with corrupted jpg files (Closes: #535888) + * Recommend php5-suhosin, as suggested by Thijs (Closes: #529760) + * Set sysconfig to /etc, to avoid getting /usr/etc in PHP_SYSCONFDIR + * Add myself to uploaders + * Fix the path to PEAR's config, directly in rules (Closes: #507762) + + -- Raphael Geissert Thu, 09 Jul 2009 18:25:48 -0500 + +php5 (5.3.0-2) experimental; urgency=low + + * update configuration file names to new upstream naming convention + + -- Sean Finney Wed, 01 Jul 2009 09:12:10 +0200 + +php5 (5.3.0-1) experimental; urgency=low + + * New Upstream Version + + [ Sean Finney ] + * use ';' instead of '#' as comments in module ini files + * remove binary package for php5-mhash which is now built-in + * update removed windows modules in 006-debian_quirks.patch + * quilt refresh for new upstream release + + -- Sean Finney Tue, 30 Jun 2009 20:09:07 +0200 + +php5 (5.3.0~RC4-1) UNRELEASED; urgency=low + + * New Upstream Version + + [ Sean Finney ] + * (temporarily) disable suhosin patch while it does not apply to 5.3 + * refresh various debian patches, fixing whitespace and offsets + * copy the gbp.conf from debian-sid and adapt it for experimental + * cherry-pick relevant gentoo patches from unstable + * cherry-pick debian fixes in libtool2.2.patch from unstable + * Update package sections to match override. + + [ Raphael Geissert ] + * Detect the path to ltmain.sh at build time and set conflicts + appropriately + * Add libdb4.7-dev as an ORed build dependency to fix FTBFS + * Update the Vcs-* fields to reflect the move from svn to git + * Turn the phpapi dependencies into php5 | phpapi to fix + installability issues + * Bump Standards-Version to 3.8.1, no change needed + * Add a set of lintian overrides for some FP spelling-error-in-binary + + [ Thijs Kinkhorst ] + * Update php5-cli package description to make it more neutral + + -- Sean Finney Mon, 29 Jun 2009 07:54:51 +0200 + +php5 (5.3.0~RC1-1) unstable; urgency=low + + * New Upstream Version + + -- Mark A. Hershberger Wed, 25 Mar 2009 19:39:48 -0400 + +php5 (5.2.9.dfsg.1-1) unstable; urgency=low + + * New upstream release (closes: #520538). + - fixes regressions with parsing via libxml2 (closes: #520246, #520423). + + [ Sean Finney ] + * Refresh all patches. + * Update suhosin patch to 5.2.9, remove autotools-generated files (configure, + php_config.h.in) and .dsp files from patch. + * remove obsolete configure options from ./configure: --enable-memory-limit, + --enable-track-vars, --enable-trans-sid, --enable-filepro and --enable-dbx. + * Remove obsoleted patches which have been incorporated upstream: + - snmp_leaks.patch + - BG-initializing-fix.patch + - CVE-2008-2829.patch + - CVE-2008-3658.patch + - CVE-2008-3659.patch + - CVE-2008-3660.patch + - CVE-2008-5557.patch + - CVE-2008-5658.patch + - pdo-fetchobject-prototype-error.patch + - zend_object_handlers-invalid-write.patch + - dba-inifile-truncation.patch + - gentoo/freetds-compat.patch + - gentoo/010_ticks-zts-crashes.patch + - gentoo/019_new-memory-corruption.patch + - gentoo/009_array-function-crashes.patch + - gentoo/015_CVE-2008-2665-wrapper-safemode-bypass.patch + - gentoo/017_xmlrpc-invalid-callback-crash.patch + - gentoo/007_dom-setAttributeNode-crash.patch + - gentoo/006_PDORow-crash.patch + - gentoo/005_stream_context_set_params-crash.patch + * Update fix_broken_upstream_tests.patch, one of the tests is fixed. + + -- Sean Finney Tue, 24 Mar 2009 19:05:09 +0100 + +php5 (5.2.6.dfsg.1-3) unstable; urgency=low + + [ Sean Finney ] + * Do not add -O2 to CFLAGS if DEB_BUILD_OPTIONS contains noopt. + * Security related fixes: + - php: inifile handler for the dba functions can be used to truncate a file + Patch: dba-inifile-truncation.patch (closes: #507101). + - CVE-2008-5658.patch: ZipArchive::extractTo directory traversal + Patch: CVE-2008-5658.patch (closes: #507857). + Thanks to Pierre Joye for help with the patch. + + [ Raphael Geissert ] + * Picked up some patches from Gentoo (most included in PHP 5.2.7 and later): + + patches/gentoo/005_stream_context_set_params-crash.patch + + patches/gentoo/006_PDORow-crash.patch + + patches/gentoo/007_dom-setAttributeNode-crash.patch + + patches/gentoo/009_array-function-crashes.patch + + patches/gentoo/010_ticks-zts-crashes.patch + + patches/gentoo/015_CVE-2008-2665-wrapper-safemode-bypass.patch + + patches/gentoo/017_xmlrpc-invalid-callback-crash.patch + + patches/gentoo/019_new-memory-corruption.patch + + patches/gentoo/freetds-compat.patch + - was deprecated_freetds_check.patch + + -- Sean Finney Sat, 24 Jan 2009 21:17:13 +0100 + +php5 (5.2.6.dfsg.1-2) unstable; urgency=low + + [ Sean Finney ] + * Make sure a file used to track state is properly removed in the + postinst, thanks Raphael (closes: #511049). + + [ Thijs Kinkhorst ] + * Fix watch file to mangle version. + + [ Raphael Geissert ] + * Ship script used to take an upstream tarball and remove the non + DFSG-free stuff, update watch file accordingly. + + -- Sean Finney Tue, 13 Jan 2009 08:24:36 +0100 + +php5 (5.2.6.dfsg.1-1) unstable; urgency=high + + [ Sean Finney ] + * Incorporate previous NMU. + * Updated system tzdata patch from Joe Orton. + * Removed tzdb-nofree_ents_ifnotzdata.patch, which is now incorporated + into Joe's patch. + * Two backported fixes from 5.2.8, thanks to Olivier Bonvalet for looking + them up. + - Upstream bug #46157 (PDOStatement::fetchObject prototype error) + Patch: pdo-fetchobject-prototype-error.patch + - Upstream bug #46308 (Invalid write in zend object handler / getter) + Patch: zend_object_handlers-invalid-write.patch + * Security related fixes: + - CVE-2008-5624: Incorporate fix from 5.3 for proper initialization of + uid/gid for apache2 sapi. + Patch: BG-initializing-fix.patch + - CVE-2008-5557: heap overflows in the mbstring extension. + Patch: CVE-2008-5557.patch (closes: #511493). + + [ Thijs Kinkhorst ] + * Correct description typo, thanks Mathias Brodala (Closes: #508989). + + -- Sean Finney Mon, 12 Jan 2009 12:12:36 +0100 + +php5 (5.2.6.dfsg.1-0.1) unstable; urgency=low + + * Non-maintainer upload. + * Remove exts/dbase from orig tarball (Closes: #341420) + + -- Ben Hutchings Sat, 29 Nov 2008 19:19:28 +0000 + +php5 (5.2.6-5) unstable; urgency=high + + * Update debian/copyright to document that the DFSG-unfree email + requirement in ext/standard/rand.c has been rescinded by the + copyrightholder (Closes: #498621). + + -- Thijs Kinkhorst Sun, 05 Oct 2008 11:32:35 +0200 + +php5 (5.2.6-4) unstable; urgency=high + + [ Sean Finney ] + * Take three unreleased fixes from upstream CVS: + - CVE-2008-3658: Buffer overflow in the imageloadfont function. + Patch: CVE-2008-3658.patch (closes: #499989) + - CVE-2008-3659: Buffer overflow in the memnstr function. + Patch: CVE-2008-3659.patch (closes: #499988) + - CVE-2008-3660: Remote DoS in fastcgi module + Patch: CVE-2008-3660.patch (closes: #499987) + + [ Raphael Geissert ] + * snmp_leaks.patch: fixes memory leaks in the snmp extension (Closes: #423296) + - Thanks to Rodrigo Campos for the follow up + - Thanks to Federico Cuello for the original patch + * php5-dev.lintian-override: fix it so it actually works + + -- Sean Finney Sun, 14 Sep 2008 14:25:11 +0200 + +php5 (5.2.6-3) unstable; urgency=high + + [ Thijs Kinkhorst ] + * Drop unneeded php5-timezonedb Suggests and obsolete php3 Conflicts. + * Add documentation about the timezonedb change (Closes: #492025). + + [ Adam Conrad ] + * Modify 033-we_WANT_libtool.patch to cope with newer versions of + libtool that only copy auxilliary files when --install is used, + while still working with older versions that DTRT without. + + [ Raphael Geissert ] + * debian/rules: + + Avoid installing useless test suites in php-pear (Closes: #478995) + + Remove any empty directory in php-pear + + Also get rid of usr/share/php/data/Structures_Graph/* + - Those were meant to be used by upstream maintainer + * debian/php5-dev.lintian-overrides: + - usr/lib/php5/build/run-tests.php is not meant to be used directly + * debian/control: bumped Standards Version to 3.8.0, no changes needed + * bad_whatis_entries.patch: fixes the whatis entries of all the manpages + * deprecated_freetds_check.patch: fixes the freetds detection routine + + Closes: #494230 + - Thanks to jklowden@freetds.org and the Gentoo folks for the patch + (RC bugfix, upload urgency bumped) + * debian/libapache2-mod-php5*-{prerm,postinst}: + - Create a status file when removing the package (but not purging) + while having the mod enabled so reinstallation of the package + does not end up disabling the module (Closes: #471548) + + [ Sean Finney ] + * Bump dependency on libmysqlclient15off to require the version from + lenny or later, in order to avoid subtle problems not previously detected + with libmysqlclient_r on mixed etch/lenny/sid systems (closes: #495575). + + -- Sean Finney Wed, 20 Aug 2008 19:32:02 +0200 + +php5 (5.2.6-2) unstable; urgency=high + + [ Raphael Geissert ] + * Lintian-based changes: + - also install a lintian override for libapache2-mod-php5filter + - fixed the generic lintian overrides so they are meaningful + - dropping linda overrides, linda is gone now + - s/meta-package/metapackage + * debian/control: + - Updated php5's description so it mentions three instead of + only two server-side SAPIs + - Depend on php5-cli in php-pear (Closes: #482517) + + Previous change reverted because of PEAR packages FTBFS + - {B-,}Depend on tzdata to avoid crashes caused by the tz ext patch + - Dropped some versioned {b-,}dependencies that are satisified + even on sarge + * php.ini-*: state that when using a custom save_path, + gc_probability should also be set (Closes: #388808, #321460) + * tzdb-nofree_ents_ifnotzdata.patch: avoid free'ing ents when the tz dir does + not exist (Closes: #483461) + + [ Sean Finney ] + * Fix for CVE-2008-2829: unsafe usage of deprecated imap functions + Patch: CVE-2008-2829.patch + * Modifications to suhosin.patch due to alignment problems on some + architectures. Thanks to Stefan Esser for the initial suggestion. + (Closes: #481737). + * Rename the apache2 filter module to libphp5filter.so, to prevent + conflicting filenames for symbols in the debug package. + + -- Sean Finney Thu, 03 Jul 2008 08:14:45 +0200 + +php5 (5.2.6-1) unstable; urgency=medium + + * New upstream release. Fixes several security issues of unknown impact: + + possible stack buffer overflow in the FastCGI SAPI + + integer overflow in printf() + + unknown issue CVE-2008-0599 + + a safe_mode bypass in cURL + + incomplete multibyte chars inside escapeshellcmd() + + [ Sean Finney ] + * New patch (use_embedded_timezonedb.patch) allows us to default to + using the system provided timezone database instead of the one bundled + with PHP. Many thanks to Joe Orten from Red Hat for the patch! + (closes: #447174, #471104). + * Updated the Suhosin patch to v0.9.6 (5.2.6). + * New patch: force_libmysqlclient_r.patch, forcing the build system + to link against the threadsafe libmysqlclient without having to enable + the other zts features in php. This is required since the apr libraries + are now linking against this as well and mysql exports the same symbols + from both libraries. Thanks to Stefan Fritsch (closes: #469081). + * Massaged/updated various other patches in debian/patches + * Update copyright information to have information about non-trivial + patches worthy of copyright attributions, and update information about + current debian maintainers. + * Add some useful quilt settings in debian/rules to lower the amount of + noise in future quilt updates. + * Now building a php5 apache2 module with filter-module support in a new + libapache2-mod-php5filter package (closes: #438120). + + [ Thijs Kinkhorst ] + * Checked for policy 3.7.3, no changes. + + [ Raphael Geissert ] + * Build a php5-dbg package with the debug symbols of the SAPIs & extensions + + Bump debhelper dependency to >= 5 as dh_strip behaves differently. + * debian/watch: refactored so it can actually be used to download the tarball + * debian/rules: removed bashisms (Closes: #478613) + * debian/control: add a notice about Suhosin being applied (Closes: #471324) + + Additionally make sure the PHP boilerplate is the same for each package + * debian/patches/manpage_spelling.patch: + - fix spelling mistakes in man page (Closes: #413712) + * debian/NEWS: s/suhosin/Suhosin (Closes: #434351) + * debian/control: removed ORed postgresql-dev build-dep (Closes: #429981) + + postgresql-dev is a transitional package since etch + * Override the following lintian messages: + + SAPI packages package-contains-empty-directory usr/lib/php5/20060613+lfs/ + + php5-common package-contains-empty-directory usr/lib/php5/libexec/ + * Set our custom PHP_PEAR_DOWNLOAD_DIR when building the pear stuff + + Avoids the creation of /tmp/pear (Closes: #463979) + * Replaced all 'make' with '$(MAKE)' so any extra flag is preserved + * debian/rules: s/DEB_BUILD_ARCH/DEB_HOST_ARCH + + HOST is the machine the package is built for. + * Recommend php5-cli instead of depending on it in php-pear (Closes: #243214) + + php5-cli is only needed by the, rearely used, pear installer + * debian/README.source: inform how to generate php5-dbg's Depends + * debian/patches/029-php.ini_paranoid.patch: updated (Closes: #459814) + + Thanks to Javier Fernández-Sanguino Peña + Changes: + - includes some variables which were no present in the first version and + removes modules not available in PHP5. Also fixes typos in comments which + have since been fixed in php.ini-dist + - adds notes (Debian-specific) of which security features applications + should not rely on + - add more information of why some variables were enabled + - reorder the description of changes to suit the location in the config file + - add notes of deprecated features in PHP6 + - add more (suggested) changes to the session module to make a more secure + use and storage of session IDs. + - remove the 'include' function from the list of disabled functions as it + is quite common for most applications + - modify the valid 'include_path' to make it really paranoid ('.' is not + allowed anymore) + - adjust locations of directories, including the upload dir and session dir + - proper definition for sql.safe_mode and description (missing in + php.ini-dist of what it is really for) + - added session configuration variables which are not available in + php.ini-dist together with recommended paranoid values + (session.referer_check, session.entropy_file, session.entropy_length) + - added more information to session configuration (not available in php.ini) + based on the information at php.net + * Lintian-based changes: + - debian/php5-common.dirs: do NOT create usr/share/doc/php5-common/PEAR/ + - fixed a hyphen-used-as-minus-sign in php5(1):319 + - get rid of usr/share/php/data/Structures_Graph/LICENSE in php-pear + * Move /usr/share/php/docs to /usr/share/doc/pear-php/PEAR (Closes: #331034) + + [ Steve Langasek ] + * Step down from the PHP maintenance team, removing myself from uploaders. + So long, and thanks for all the fish! + + -- Sean Finney Sun, 04 May 2008 21:15:47 +0200 + +php5 (5.2.5-3) unstable; urgency=high + + * zend_parse_parameters does not handle size_t's, causing issues with + 043-recode_size_t.patch and segmentation faults for recode-using pages. + changed problematic parameters back to "int" and added an overflow check. + thanks to Thomas Stegbauer, Tim Dijkstra, Bart Cortooms, Sebastian Göbel, + and Vincent Tondellier for their reports. closes: #459020. + + -- Sean Finney Thu, 21 Feb 2008 00:59:21 +0100 + +php5 (5.2.5-2) unstable; urgency=low + + * debian/patches/libdb_is_-ldb: reorder the search for db4 instances to + give precedence to -ldb, so that we always get the version that matches + the installed -dev package instead of whichever most recent version php + upstream currently knows about. Closes: #463397. + * Update suhosin patch to not patch .dsp files (and config.w32), which + are irrelevant to Unix builds and seem to cause problems for clean + patching/unpatching. + + -- Steve Langasek Fri, 01 Feb 2008 18:46:15 +0000 + +php5 (5.2.5-1) unstable; urgency=low + + [ Sean Finney ] + * New upstream release + * Updated suhosin patch for 5.2.5 minus ./configure as before. + * Workaround for xargs not handling extra long cmdlines in session + cleanup script (Closes: #461755). + * Remove unneccesary DEB_BUILD_GNU_TYPE fudging (Closes: #429066). Thanks + to Riku Voipio for the report/patch. + + [ Raphael Geissert ] + * debian/rules: now DEB_BUILD_OPTIONS=nocheck aware + * Updated description of the php5 meta-package to reflect removal of apache + (Closes: #418038) + * Capitalise apache where needed (Closes: #439575) + * Homepage is now a control entry (moved from Description), Closes: #439578 + * Fixed test-results.txt target so parallel package building doesn't fail + * Added Suggests: php5-timezonedb to all the SAPIs + + [ Steve Langasek ] + * Add ${shlibs:Depends} to php5-common, since it does build ELF objects now + (pdo.so) + * Update build-deps to libdb4.6-dev now that libaprutil1-dev has switched. + Closes: #461192. + + -- Steve Langasek Thu, 17 Jan 2008 13:39:17 -0800 + +php5 (5.2.4-2) unstable; urgency=low + + [ sean finney ] + * for posterity revised previous changelog to reference the CVE id's + of security issues resolved by the latest upstream release. + * lintian: use debian/compat instead of DH_COMPAT in debian/rules. + * lintian: use source:Version and binary:Version where appropriate, + instead of Source-Version + * lintian: remove a couple pieces of cruft in the changelog that were causing + false-postive wrong-bug-number-in-closes, but were generally useless + anyway. + + [ Raphael Geissert ] + * Using test-results.txt as a target + * cronjob now checks for existance of /usr/lib/php5/maxlifetime (Closes: #439286) + * Fixed memory limit of 1232M in php.ini for cli (Closes: #440624) + * Build the interbase extension using firebird2.0-dev (Closes: #433736) + * Unapply patches with debian/rules clean + + [ Steve Langasek ] + * Don't patch configure or php_config.h.in in suhosin.patch, as these are + auto-generated and including them in the patch results in a race + condition for the necessary build-time regeneration. Thanks to Daniel + Schepler for reporting, and to Damyan Ivanov for helping to sort out the + fix. Closes: #443637. + * Also remove the modified auto-generated files in the clean target, + which triggers a warning about disappearing files when building the + source package but avoids carrying irrelevant diffs to these files + in the Debian diff. + * Now that the testsuite is being run at build time, test failures cause + a bunch of junk files to be left around in the Debian diff. So clean up + several false-positive failures: + - 052-phpinfo_no_configure.patch: we're patching the output of phpinfo(), + so patch the test as well + - fix_broken_upstream_tests.patch: use a local directory for tests that + use sessions, skip the phpinfo test after all because it doesn't appear + to be compatible with current testsuite behavior, and disable the + moneyformat test if en_US locale is not available. + There are still several other failing tests, but these are not false + positives and remain enabled pending investigation. + + -- sean finney Wed, 24 Oct 2007 21:51:14 +0200 + +php5 (5.2.4-1) unstable; urgency=low + + * New upstream release. + * Security issues resolved in the latest release: + - CVE-2007-2519 - Directory traversal vulnerability in PEAR + + + [ sean finney ] + * patch from Jan Wagner to be able to conditionally disable any + patches that break binary-compatibility with official php + binary-only extensions. see debian/rules for more information. + * now incorporate the php unit tests into the build process. for + those interested the output is stored in the file + /usr/share/doc/php5-common/test-results.txt . + * by default we now ship with enable_dl = Off, as there are some + fairly significant ramifications security-wise to having it on. + * we shipping with the suhosin patch enabled by default. + special thanks to Blars Blarson for providing a sparc machine for + testing purposes with 5.2.3 (closes: #397179). + * new binary package php5-gmp, with the newly enabled gmp extension, + since whatever reason for not doing so either never existed or no + no longer exists (closes: #344137). Build-Depends added for libgmp3-dev. + + [ Steve Langasek ] + * php5-module.postinst: don't assume that the postinst is only relevant + when called with 'configure' as an argument, some future debhelper code + could apply in the case of other methods of invocation. + * Clean up build dependencies for recent library transitions: + - libsnmp-dev is now the real package name, and is supported as a virtual + package for backports. + - re-add firebird2-dev as an alternative to firebird1.5-dev, to support + backports. + - the curl -dev package name has changed from libcurl3-openssl-dev to + libcurl4-openssl-dev; update to the proper name, with libcurl-dev as + an alternative. + * Switch php5-sybase to use the mssql extension instead of the sybase_ct + extension. Closes: #418734, #329065. + + -- sean finney Sun, 16 Sep 2007 14:46:06 +0200 + +php5 (5.2.3-1) unstable; urgency=low + + * new upstream release. + * upstream has incorporated the last of the recent CVE fixes, so + the patches have been removed. + * change build dependencies for firebird2-dev -> firebird1.5-dev, + as the firebird maintainer has changed names in order to provide + more clarity since there's also a firebird2.0 now (closes: #427181). + * now include, but do not apply by default, the suhosin patch. see + NEWS.Debian for more information. + + -- sean finney Mon, 04 Jun 2007 22:02:10 +0200 + +php5 (5.2.2-2) unstable; urgency=low + + [sean finney] + - build with --with-ldap-sasl and modify build-depends to include + libsasl2-dev in order to get the ldap_sasl_bind function (closes: #422490). + - the json extension is now on by default in php builds, so there's + no need for the php5-json package. added a Provides/Conflicts to + help set an upgrade path. + - apache 1.x support is soon disappearing. as a consequence we are + no longer building the libapache-mod-php5 module. the php5 metapackage + should as a result bring in libapache2-mod-php5 by default for those who + already have it installed. + + -- sean finney Sun, 20 May 2007 21:59:56 +0200 + +php5 (5.2.2-1) unstable; urgency=low + + [ sean finney ] + * new upstream release (closes: #422405). + * /most/ of the previous CVE patches have been committed upstream, though: + - the patch for MOPB-41 was fixed in a different way and we'll be keeping + our fix for the time being. + - it doesn't seem like MOPB-45 has been fixed yet. + * remove build-dependency option on libmysqlclient12-dev, since the mysqli + option requires it, and 15 is in stable now anyway. thanks to + Henk van de kamer for finding this (closes: #422224). + * now includes requested fix for mysql row counts (closes: #418471). + * needle/haystack issues are reported fixed (closes: #399924). + * oh yeah, because we're using quilt now: (closes: #338315). + * update build-deps to libdb4.5-dev | libdb4.4-dev (closes: #421929). + note that the resulting php packages won't actually build against + libdb4.5 until all of our build-dependant packages do too. + + -- sean finney Sat, 05 May 2007 19:56:30 +0200 + +php5 (5.2.0-12) unstable; urgency=high + + [ sean finney ] + * modify the build-depends to play more nicely when the net-snmp + maintainers decide to change their package names (closes: #421061). + + -- sean finney Tue, 01 May 2007 14:24:01 +0200 + +php5 (5.2.0-11) unstable; urgency=high + + [ sean finney ] + * The following security issues are addressed with this update: + - CVE-2007-0910/MOPB-32 session_decode() Double Free Vulnerability + * note that this is an update to the previous version of the upstream + fix for CVE-2007-0910, which introduced a seperate exploit path. + - CVE-2007-1286/MOPB-04 unserialize() ZVAL Reference Counter Overflow + - CVE-2007-1380/MOPB-10 php_binary Session Deserialization Information Leak + - CVE-2007-1375/MOPB-14 substr_compare() Information Leak Vulnerability + - CVE-2007-1376/MOPB-15 shmop Functions Resource Verification Vulnerability + - CVE-2007-1453/MOPB-18 ext/filter HTML Tag Stripping Bypass Vulnerability + - CVE-2007-1453/MOPB-19 ext/filter Space Trimming Buffer Underflow Vuln. + - CVE-2007-1521/MOPB-22 session_regenerate_id() Double Free Vulnerability + - CVE-2007-1583/MOPB-26 mb_parse_str() register_globals Activation Vuln. + - CVE-2007-1700/MOPB-30 _SESSION unset() Vulnerability + - CVE-2007-1718/MOPB-34 mail() Header Injection + - CVE-2007-1777/MOPB-35 zip_entry_read() Integer Overflow Vulnerability + - CVE-2007-1887-1888/MOPB-41 sqlite_udf_decode_binary() Buffer Overflow + - CVE-2007-1824/MOPB-42 php_stream_filter_create() Off By One Vulnerablity + - CVE-2007-1889/MOPB-44 Memory Manager Signed Comparision Vulnerability + - CVE-2007-1900/MOPB-45 ext/filter Email Validation Vulnerability + * The other security issues resulting from the "Month of PHP bugs" either + did not affect the version of php5 shipped in unstable, or did not merit + a security update according to the established security policy for php + in debian. You are encouraged to verify that your configuration is not + affected by any of the other vulnerabilities by visiting: + http://www.php-security.org/ + * other, less interesting changes: + - now use quilt for managing local patches. + - massage all of the patches, eliminating fuzz and offsets. + + -- sean finney Mon, 23 Apr 2007 19:02:51 +0200 + +php5 (5.2.0-10) unstable; urgency=high + + [ sean finney ] + * The php security update contained a regression in the streams + module. this version contains an updated version of the patch + for CVE-2007-0906 (116-CVE-2007-0906_streams.patch), which should + fix the regression. Thanks to Martin Pitt for noticing this. + * Fix the patch names in the previous changelog entry, and fix a factual + inaccuracy that was accidentally pasted from the php4 changelog. + * The previous update was missing two fixes from CVE-2007-0906: + * interbase: (116-CVE-2007-0906_interbase.patch) + * zip: (116-CVE-2007-0906_zip.patch) + + -- sean finney Wed, 07 Mar 2007 23:11:29 +0100 + +php5 (5.2.0-9) unstable; urgency=high + + [ sean finney ] + * The following security issues are addressed with this update: + - CVE-2007-0906: Multiple buffer overflows in various code: + * session (116-CVE-2007-0906_session.patch) + * imap (116-CVE-2007-0906_imap.patch) + * str_replace: (116-CVE-2007-0906_string.patch) + * the sqlite and mail related vulnerabilities in this CVE do not + affect the php5 source packages. + - CVE-2007-0907: sapi_header_op buffer underflow (116-CVE-2007-0907.patch) + - CVE-2007-0908: wddx information disclosure (116-CVE-2007-0908.patch) + - CVE-2007-0909: More buffer overflows: + * the odbc_result_all function (116-CVE-2007-0909_odbc.patch) + * various formatted print functions (116-CVE-2007-0909_print.patch) + - CVE-2007-0910: Clobbering of super-globals (116-CVE-2007-0910.patch) + - CVE-2007-0988: 64bit unserialize DoS (116-CVE-2007-0988.patch) + Closes: #410995. + * The package maintainers would like to thank Joe Orton from redhat and + Martin Pitt from ubuntu for their help in preparation of this update. + * backport upstream fix for AUTH PLAIN support in imap extension + Closes: #401712. + + -- sean finney Sat, 03 Mar 2007 11:13:33 +0100 + +php5 (5.2.0-8) unstable; urgency=high + + [ sean finney ] + * Update package information to say simply "Apache 2" instead + of "Apache 2.0" (ref: #400306). + * Update package description for php-pear to mention needing + phpN-dev for building PECL extensions (closes: #401825). + * Add mention of Freetype fonts to php5-gd package description, + thanks to Ole Laursen for the suggestion (closes: #387881). + * Include a backported version of upstream's fix for + alignment calculatations which cause FTBFS problems for + some arches. Thanks to Roman Zippel for finding this (closes: #401129). + patch: 114-zend_alloc.c_m68k_alignment.patch + * Remove --enable-yp, as it's no longer used and seperately + packaged. Thanks to Martijn Grendelman for mentioning this + (closes: #402161). + * Add mention to README.Debian of needing to restart apache when + installing modules (closes: #392249). + * Don't strip the DSO modules if building with DEB_BUILD_OPTIONS + containing nostrip + * Backported a patch from upstream CVS to fix a rather nasty + memory leak in zend_alloc (closes: #402506). + patch: 115-zend_alloc.c_memleak.patch + * The memleak and FTBFS are targeted at etch, and there aren't + any other significant changes, so priority=high. + + -- sean finney Sun, 17 Dec 2006 16:49:35 +0100 + +php5 (5.2.0-7) unstable; urgency=high + + [ Steve Langasek ] + * Also disable firebird in the PDO config for archs other than + i386/amd64. + + -- sean finney Fri, 24 Nov 2006 15:20:53 +0100 + +php5 (5.2.0-6) unstable; urgency=high + + [ sean finney ] + * firebird2-dev (and thus php5-interbase) is only available on + i386/amd64, so update the control/rules information accordingly. + thanks to Bastian Blank for reporting this (closes: #399558). + + -- sean finney Wed, 22 Nov 2006 19:04:04 +0100 + +php5 (5.2.0-5) unstable; urgency=high + + [ sean finney ] + * bring some of the mainline php4 modules back into the php source + package instead of distributing them in independant source packages: + - php5-imap + - php5-interbase + - php5-mcrypt + - php5-pspell + - php5-tidy + these modules are still provided in the same binary packages as + before, but will now be built in tandem with the core php packages. + * fix for pdo.so duplicate loading warnings, thanks to Jan Wagner + (closes: #398367, #399248). + + -- sean finney Mon, 20 Nov 2006 12:41:37 +0100 + +php5 (5.2.0-4) unstable; urgency=high + + * Re-re-enable LFS support, forward-porting vorlon's fixes in + the php4 tree. + * Add a bit of support in upgrade scripts to avoid unnecessary + ucf prompting during upgrades (closes: #398363). + * Update build-dependencies to reflect that libpcre3-dev >= 6.6 + is required. Thanks to Jan Wagner for pointing this out. + * loosen dependencys for libapache2-mod-php5 to allow usage with + apache2-mpm-itk as an alternative to prefork. + Closes: #398580, #398481. + + -- sean finney Wed, 15 Nov 2006 08:33:28 +0100 + +php5 (5.2.0-3) unstable; urgency=high + + * Unify PHP options for pear binaries to: + -d output_buffering=1 -d open_basedir="" -d safe_mode=0 -d memory_limit="-1" + (Closes: #397625) + * [debian/rules]: Enable PDO building only in apache2 build. + + -- Ondřej Surý Fri, 10 Nov 2006 14:09:00 +0100 + +php5 (5.2.0-2) unstable; urgency=high + + [ Ondřej Surý ] + * Revert Large File Support for this moment. We will try to found + root of the problem for etch, but we do not promise anything. + (Closes: #397465) + + -- Ondřej Surý Wed, 8 Nov 2006 01:13:48 +0100 + +php5 (5.2.0-1) unstable; urgency=high + + [ sean finney ] + * new upstream release. since this means the 5.1 series is deadware + in the eyes of its developers, we better get on this train before + it's too late. Note: this also fixes the htmlentities() exploit. + Reference: CVE-2006-5465. + Closes: #396766. + * s/postinst/postrm/ on one critical line in debian/rules. whoops. + Thanks to Bart Martens for finding this (closes: #396873). + * as a pennance i've enabled LFS support (closes: #359686). + * new version now includes all mbstring headers (closes: #391368). + * enable new built-in zip support. + * enable pdo support for currently supported db types, and place the + extensions in the respective extension packages. future db + types will be added, but probably post-etch as they will probably + introduce new packages/dependencies (closes: #348882). + * move the mysqli module into the mysql module's package, and remove + the no longer necessary mysqli package. + * massaging/removal of various patches to upstream changes: + D patches/106-strptime_xopen.patch + D patches/110-CVE-2006-4812_zend_alloc.patch + M patches/006-debian_quirks.patch + D patches/111-mbstring-headers.patch + M patches/053-extension_api.patch + + [ Ondřej Surý ] + * Package checked, upload to unstable. + + -- Ondřej Surý Tue, 7 Nov 2006 09:26:51 +0100 + +php5 (5.1.6-6) unstable; urgency=high + + [ sean finney ] + * add notes to php.ini(-dist) about "unsupported" security features. + patch: 113-php.ini_securitynotes.patch + + [ Ondřej Surý ] + * SECURITY: include patch for html buffer overflows in ext/standard/html.c + Reference: CVE-2006-5465 + Patch: 114-CVE-2006-5465_htmlentities.patch + Closes: #396766 + + -- Ondřej Surý Fri, 3 Nov 2006 12:32:50 +0100 + +php5 (5.1.6-5) unstable; urgency=high + + [sean finney] + * add a README.Debian.security to clarify how we handle/respond + to security problems in stable releases. + * SECURITY: include patch for integer overflow in zend_alloc.c. + Reference: CVE-2006-04812 (closes: #391586). + patch: 110-CVE-2006-4812_zend_alloc.patch + * bump the debhelper compatibility level to 4. + * remove cyclic depends for mysql/mysqli. + * the long overdue rework of configuration file handling. this also + removes the need for debconf and template translations + (closes: #361211, #393788, #388697). + * start using ucf to manage the the various SAPI php.ini files. + * cleanup and consolidation of a few things in the ./debian dir + * bump the memory limit to 32M for the cli API (closes: #375070, #340586). + * include a fix for missing mbstring headers reported by Jan Wagner + (closes: #391368). + patch: 111-mbstring-headers.patch. + * include support for PTY's in proc_open, as reported by Eike Dehling. + according to php's BTS (http://bugs.php.net/bug.php?id=39224) the + feature was disabled only because the configure script couldn't + accurately determine whether the feature was available, and we know + it is :) (closes: #381438). + patch: 112-proc_open.patch. + * update standards-version to 3.7.2 + + -- sean finney Sat, 28 Oct 2006 14:29:44 +0200 + +php5 (5.1.6-4) unstable; urgency=high + + [sean finney] + * no longer build against GPL'd gdbm library (closes: #390452). + * updated apache2 module dependencies to build against and coexist + with apache2.2 (closes: #390455). + + -- sean finney Sat, 07 Oct 2006 12:06:09 +0200 + +php5 (5.1.6-3) unstable; urgency=low + + [ sean finney ] + * php5 was building against db4.3 even though db4.4 headers were + installed. fix applied to ./ext/dba/config.m4 while we wait + for a real fix from upstream (closes: #388601). + + -- sean finney Mon, 02 Oct 2006 17:42:50 +0200 + +php5 (5.1.6-2) unstable; urgency=low + + [ sean finney ] + * enable the mysqli extension (closes: #320835). + + -- sean finney Tue, 19 Sep 2006 19:31:27 +0200 + +php5 (5.1.6-1) unstable; urgency=high + + [ Adam Conrad ] + * Drop 041-shut_up_snmp.patch, which was no longer needed as of 5.1.0. + + [ Ondřej Surý ] + * Acknowledge NMU. + * New upstream release (Closes: #383596) + - Added missing safe_mode/open_basedir checks inside the error_log(), + file_exists(), imap_open() and imap_reopen() functions. + - Fixed overflows inside str_repeat() and wordwrap() functions on 64bit + systems. + - Fixed possible open_basedir/safe_mode bypass in cURL extension and + with realpath cache. (CVE-2006-2563) (Closes: #370165) + - Fixed overflow in GD extension on invalid GIF images. + - Fixed a buffer overflow inside sscanf() function. (CVE-2006-4020) + (Closes: #382256) + - Fixed an out of bounds read inside stripos() function. + - Fixed memory_limit restriction on 64 bit system (really with 5.1.6). + * Bump libdb build-dep from libdb4.3 to libdb4.4, to match with apache. + + -- Ondřej Surý Sat, 19 Aug 2006 14:41:43 +0200 + +php5 (5.1.4-0.1) unstable; urgency=high + + * Non-maintainer upload. + * New upstream release. (Closes: #366109) + * Fixes information leak in html_entity_decode() (CVE-2006-1490). + (Closes: #359907) + * Fixes phpinfo() XSS (CVE-2006-0996). (Closes: #361914) + * Fixes copy() safe mode bypass (CVE-2006-1608). (Closes: #361915) + * Fixes tempnam() open_basedir bypass (CVE-2006-1494). (Closes: #361916) + * Fixes wordwrap() buffer overflow (CVE-2006-1990). (Closes: #365312) + * Fixes substr_compare() DoS condition (CVE-2006-1991). + * Fixes crash during too deep recursion (CVE-2006-1549). (Closes: #361917) + * Fixes injection in mb_send_mail() (CVE-2006-1014, CVE-2006-1015); not + mentioned in upstream changelog. (Closes: #368595) + * 044-strtod_arm_fix.patch: Adapted for new upstream; pulled in from + Piotr Roszatycki's packages. + * 108-64bit_datetime.patch: Patch to fix possible segfault on systems where + sizeof(void*) > sizeof(int); patch from David Mosberger-Tang. + + -- Steinar H. Gunderson Tue, 13 Jun 2006 22:38:33 +0200 + +php5 (5.1.2-1) unstable; urgency=low + + * New upstream bugfix and security update release (closes: #347894) + - Fixes multiple cross-site-scripting vulnerabilities; CVE-2006-0208 + - Resolves multiple HTTP response splitting vulnerabilities, allowing + arbitrary header injection via Set-Cookie headers; see CVE-2006-0207 + - While we don't currently build it, this release also fixes a format + string vulnerability in the mysqli extension; see CVE-2006-0200 + - Includes a new version of the PEAR installer that seems to have a + slightly better clue about the difference between INSTALL_ROOT and + PHP_PEAR_INSTALL_DIR, fixing pear.conf (closes: #346479, #346501) + * While the above is partially true, the PEAR installer is still a bit + broken (it won't install correctly under fakeroot anymore, YAY), so + shuffle debian/rules to have a build-pear-stamp target, as a stopgap. + * Add 106-strptime_xopen.patch, moving the _XOPEN_SOURCE definition down + in ext/standard/datetime.c, below the php.h include (closes: #346550) + * Add 107-reflection_is_ext.patch, munging ext/reflection/config.m4 to + properly call the PHP_ARG_ENABLE macro for an extension, not built-in. + * Stop php-pear from Replacing and Conflicting with php-html-template-it, + as we only now ship the bare essential to make the pear installer go. + + -- Adam Conrad Mon, 16 Jan 2006 16:12:31 +1100 + +php5 (5.1.1-1) unstable; urgency=low + + * New upstream bugfix release, skipping the problematic 5.1.0 release: + - Fixes a zend.ze1_compatibility_mode segfault (closes: #333374) + - Remove libtool patch from acinclude.m4, now integrated upstream. + - Remove 038-round_test_fix.patch, now integrated upstream. + - Remove 049-exported-headers.patch, as upstream's build system has + gotten more clever about what they should and shouldn't export. + - Remove 054-open_basedir_slash.patch, now integrated upstream. + - Remove 055-gd_safe_mode_checks.patch, fixed differently upstream. + - Mangle 101-sqlite_is_shared.patch, to deal with upstream changes. + - Remove 104-64_bit_serialize.patch, now integrated upstream. + - Remove 105-64_bit_imagettftext.patch, now integrated upstream. + * Many security vulnerabilities fixed (closes: #341368, #336005, #336654): + - Resolves a local denial of service in the apache2 SAPI, which can + be triggered by using session.save_path in .htaccess; CVE-2005-3319 + - Resolves an infinite loop in the exif_read_data function which can + be triggered with a specially-crafted JPEG image; CVE-2005-3353 + - Resolves a vulnerability in the parse_str function whereby a remote + attacker can fool PHP into turning on register_globals, thus making + applications vulnerable to global variable injections; CVE-2005-3389 + - Resolves a vulnerability in the RFC1867 file upload feature where, if + register_globals is enabled, a remote attacker can modify the GLOBALS + array with a multipart/form-data POST request; see CVE-2005-3390 + - Resolves numerous safe_mode and open_basedir bypasses; CVE-2005-3391 + - Resolves INI settings leaks in the apache2 SAPI, leading to safe_mode + and open_basedir bypasses between virtual hosts; CVE-2005-3392 + - Resolves a CRLF injection vulnerability in the mb_send_mail function, + allowing injection of arbitrary mail headers; see CVE-2005-3883 + - Includes PEAR 1.4.5, resolving a vulnerability in the pear installer + which could lead to arbitrary code execution; see CVE-2005-4154 + * Bump libdb build-dep from libdb4.2 to libdb4.3, to match with apache. + * Bump our MySQL build-dep to 5.0's libmysqlclient15-dev (closes: #343793) + * Automate the process of getting the list of built-in modules into the + package descriptions, so it stays fresh in the future (closes: #341867) + * Intentionally disable PDO support until I've sorted out the best way to + deal with shipping this shiny new feature that won't break the world. + * The new PEAR happens to fix the Command.php greedy match bug filed in + Debian as part of the fix for the wider security issue (closes: #334969) + * Create 056-mime_magic_strings.patch, making the mime_magic extension + more liberal about what mime-types is accepts, as well as making it skip + over ones it dislikes, rather than disabling itself (closes: #335674) + * Add 057-no_apache_installed.patch, to stop spewing a mess of errors in + configure because we don't have the apache binaries in the build chroot. + * Fix small typo in the php5-xsl package description (closes: #344816) + + -- Adam Conrad Thu, 15 Dec 2005 14:46:56 +1100 + +php5 (5.0.5-3) unstable; urgency=low + + * Build-Depend on libcurl3-openssl-dev, since libcurl3-dev is going away + soon. Keep libcurl3-dev as an alternate for backporting (see: #334367) + * Switch from libmysqlclient12 to libmysqlclient14; this puts us on the + *other* side of the line regarding which combinations of DSOs cause + segfaults, so hopefully the others catch up with us soon (closes: #332453) + * Look for magic.mime in /usr/share/file now instead of /usr/share/misc/file, + as the path has been changed to comply with the FHS (see: #334510) + * Make the above backportable as well, by searching for both files, and + picking the one that's currently installed on the user's system. + * Include swedish debconf translation from Daniel Nylander (closes: #330763) + * Make pear use '/usr/bin/php' instead of just 'php' to make sure we don't + get some random binary on $PATH that won't work right (closes: #329415) + * Set PHP_PEAR_SIG_BIN to /usr/bin/gpg, and have php-pear Recommends: gnupg + + -- Adam Conrad Fri, 21 Oct 2005 02:30:19 +1000 + +php5 (5.0.5-2) unstable; urgency=medium + + * Remove Andres Salomon from the Uploaders field, at his request. Thanks + for all your work on the PHP packages, Andres, now fix our kernel bugs. + * Add 054-open_basedir_slash.patch, which fixes a bug where if open_basedir + is set to "/foo/", users can access files in "/foobar/", which is not the + documented behaviour; this addresses CAN-2005-3054 (see: #323585) + * Add 104-64_bit_serialize.patch from Joe Orton, resolving a segfault when + serializing objects on all 64-bit architectures (closes: #329768) + * Add 105-64_bit_imagettftext.patch, fixing a type mismatch in the GD + extension, causing memory corruption on 64-bit arches (closes: #331001) + * Add 055-gd_safe_mode_checks.patch from PHP CVS, adding missing safe_mode + checks to the _php_image_output and _php_image_output_ctx GD functions. + * Make php-pear Provide, Replace, and Conflict php-html-template-it, which + we appear to have absorbed into the main PEAR packaging (closes: #332393) + + -- Adam Conrad Tue, 27 Sep 2005 16:09:29 +1000 + +php5 (5.0.5-1) unstable; urgency=low + + * New upstream release, adjust patch offsets and fuzz, and drop patches: + - Drop 009-snmp-int-sizes.patch, finally fixed upstream. + - Drop 051-gcc-4.0.patch, fixed differently upstream. + - Drop 102-php_streams.patch, fixed upstream. + - Drop 103-catch_segv.patch, also fixed upstream. + - Includes PEAR XML_RPC fix for CAN-2005-2498. + - Includes phpinfo() XSS fix for CVE-2005-3388. + * Distribute the shiny new manpages for php-config and phpize. + + -- Adam Conrad Mon, 12 Sep 2005 02:29:24 +1000 + +php5 (5.0.4-4) unstable; urgency=low + + * Ondřej Surý : + - Add patch from CVS to fix regression in PHP 5.0.4, where file related + functions all stop reading at 2,000,000 bytes (closes: #321930) + * Adam Conrad : + - Enable support for gdbm files in the dba handler; half the base system + already appears to depend on libgdm, so we can't make things worse. + - Add another patch from CVS to fix a segfault in the catch/throw + handler under interesting nesting cases (closes: #322507) + - Rebuild against libsnmp9-dev for new libsnmp SOVER (closes: #327107) + + -- Adam Conrad Thu, 8 Sep 2005 00:36:36 +1000 + +php5 (5.0.4-3) unstable; urgency=low + + * And fix the module/extension API situation one last time, this time + we read ZEND_EXTENSION_API_NO, ZEND_MODULE_API_NO, and PHP_API_VERSION, + pick the most recent of the three, assume things broke in ways we're + not willing to cope with, and both change the extension directory to + use that value, as well as setting it to the provides/depends for the + various SAPI and extension packages. + * Add a new option to php-config, 'php-config --phpapi', which extension + packagers should now be using to get the current phpapi they're building + against and set their dependencies accordingly. + * Strip the -gnu off the end of the DEB_*_* variables and drop the + versioned dpkg-dev build-dep to ease backporting to sarge and hoary; + doing so in such a way as to still allow for easy cross-compiling. + * Add postgresql-dev build-dep alternate for easy hoary/sarge backports. + * Make libapache2-mod-php5 the default alternate dependency for the php5 + metapackage, since we really do want to encourage the apache upgrade. + * Make php5-dev stop shipping copies of files from autotools-dev, shtool, + and libtool, and instead symlink to them and depend on those packages, + thus avoiding the shtool issues from CAN-2005-1751 and CAN-2005-1759. + + -- Adam Conrad Sun, 31 Jul 2005 03:05:08 +1000 + +php5 (5.0.4-2) unstable; urgency=low + + * We now have a mailing list. Set the maintainer to the list, and move + myself to Uploaders where, apparently, I belong. + * Use ZEND_MODULE_API_NO rather than PHP_API_VERSION for extension deps, + as recent upstream ABI breakage in 4.4.0 leads me to believe this is + the only constant they actually bother to update on ABI changes. + * Bring back some concflicts that went missing (libapache-mod-php5 needs + to conflict with libapache-mod-php4 and older versions of php4, while + the two libapache2-mod-php[45] modules also need to conflict). + * Adjust debian/watch to not match on upstream's alpha/beta/rc releases. + + -- Adam Conrad Wed, 27 Jul 2005 22:30:42 +1000 + +php5 (5.0.4-1) unstable; urgency=low + + * Initial PHP5 release; packaging forked from php4 4:4.3.11-1. + - Closes: #262977, #293832 + * Ondrej Sury : + - Removed some obsolete cruft, since there wasn't any previous php5 + packages there is no need, to check /usr/share/doc/*, etc. + - Removed apache2 IfModule hack, it's been fixed in php5. + - Updated patches to php5, removing those which are obsolete. + - Changes xslt extension to xsl (using libxslt). + - Updated debian/* including changelog. + - Raised update-alternatives priority to 50. + * Adam Conrad : + - Merged with php4 4:4.4.0-1 packaging. + - Re-roll upstream tarball to include PEAR::XML_RPC 1.3.3, which + includes a security fix for CVE CAN-2005-1921. + - Bump to Standards-Version 3.6.2, with no source changes. + - Stop distributing the phpextdist binary, as upstream has stopped. + - Drop the ext_skel binary and skeleton dir from php5-dev, as it has + been deemed obsolete upstream and the version in the tarball is not + considered useful anymore. PEAR::PECL_Gen upstream will replace it. + - Fix longstanding broken shebang lines in debconf config scripts. + - Remove lintian overrides for modules; lintian no longer complains + about missing shlibs for libraries outside the linker path. + - Add a linda override for the non-standard directory permissions on + /var/lib/php5 in php5-common. + - Rename php5-pear to php-pear, have it replace php4-pear, and depend + on php5-cli OR php4-cli; make sure it works with both. + - Compile in SOAP extension (closes: #307580) + - Enable SQLite extension as shared, make the xmlrpc extension shared. + - Enabled the pgsql extension, and disabled the imap extension (which + will be moving to another source package and become the example + package for out-of-tree builds). + + -- Adam Conrad Sat, 16 Jul 2005 23:42:36 +1000 + +php4 (4:4.3.11-1) unstable; urgency=low + + * New upstream release (closes: #304052) + - Drop CVS patches, we're back in step with upstream versions. + - Remove 048-x509_multiple_orgUnits.patch, incorporated in 4.3.11. + - Remove 050-4.3.11_file_copy_fix.patch, incorporated in 4.3.11. + - Remove 040-curl_open_basedir.patch, as upstream has solved this + in a different fashion. + - Adjust patches for offset and fuzz. + - Remove bits from debian/rules dealing with the DB PEAR extension, + since it's no longer shipped in the php4-pear package. + * Rebuild against newer version of freetds library (closes: #317369) + * Add 052-phpinfo_no_configure.patch, which disables the display of our + "Configure Command" in phpinfo(), which was the source of many bogus + bug reports over the years, due to people misinterpreting its meaning. + * New translations to Vietnamese and Russian (closes: #316821, #310199) + - vi.po contributed by Clytie Siddall + - ru.po contributed by Yuriy Talakan' + * Mention FastCGI in the description of php4-cgi (closes: #310810) + + -- Adam Conrad Mon, 4 Jul 2005 17:47:32 +1000 + +php4 (4:4.3.10-15) unstable; urgency=low + + * Bring back the shipping of /usr/share/doc symlinks in our packages, + as this, in concert with moving the migration detection from preinst + to postinst (which was done in the last upload), seems to give us the + sanest upgrade path. Thanks to Steve Langasek for smacking me around + with unpack/upgrade scenarios for a while to convince me of this. + + -- Adam Conrad Mon, 9 May 2005 02:13:19 -0600 + +php4 (4:4.3.10-14) unstable; urgency=high + + * Revert the directory->symlink magic to work how it used to, since the + new behaviour broke hideously on upgrades from Woody, causing certain + files (like the changelog) to mysteriously go missing (closes: #307591) + * Move our template php.ini to /usr/share/php4, so we stop violating + policy by using files from /usr/share/doc (as seen in #307591) + * Remove 'readline' from the php4-cli package description, since we don't + actually build with readline support enabled anymore (closes: #306571) + + -- Adam Conrad Wed, 4 May 2005 01:48:19 -0600 + +php4 (4:4.3.10-13) unstable; urgency=low + + * Update email address for Andres Salomon + * Add Portuguese translation from Miguel Figueiredo (closes: #305038) + * Include 051-gcc-4.0.patch, which resolves a build failure in + libxmlrpc (from the xmlrpc extension) with gcc-4.0 (closes: #287956) + + -- Adam Conrad Mon, 18 Apr 2005 00:29:54 -0600 + +php4 (4:4.3.10-12) unstable; urgency=low + + * Add 050-4.3.11_file_copy_fix.patch, which reverts a broken 'fix' + made to the copy() function, causing it to fail in particularly + spectacular ways when used on remote files (closes: #304601) + * Use -g instead of -gstabs on powerpc64-linux (closes: #301571) + + -- Adam Conrad Thu, 14 Apr 2005 03:53:27 -0600 + +php4 (4:4.3.10-11) unstable; urgency=medium + + * Address an FTBFS waiting to happen in the php4-dev package: + - Remove Win32 and Netware specific headers. + - Stop shipping php4-pgsql headers. + - Stop shipping the expat headers, since we don't even + use the bundled expat library. + - Make php4-dev depend on libssl-dev, since it wants to include + ssl.h when you use it to build network-using extensions. + * Stop building extensions twice; we don't need two copies. + + -- Adam Conrad Tue, 12 Apr 2005 03:14:03 -0600 + +php4 (4:4.3.10-10) unstable; urgency=low + + * Update to 200503131325 CVS (AKA: 4.3.11RC1), fixing several bugs + including a segfault in mysql_fetch_field() (closes: #299608) + * Remove 042-remove_windows_paths.patch, incorporated upstream. + * Add 048-x509_multiple_orgUnits.patch to bring the openssl extension + in line with the upcoming 4.3.11 behaviour of listing multiple + Organisational Units in an x509 cert as an array, rather than only + listing the last in the list. + * After much talk with upstream, revert the ZTS changes. We are no + longer building a thread-safe PHP. (closes: #299820, #297223, #297679) + * ZTS was breaking file search paths, leading to errors loading files + from the cwd (closes: #298282, #298518, #299089, #299356) + * Stop building caudium-php4 (closes: #294718, #297702, #295100) + - We can't link against the GPL pike7.2, which we've been doing. Oops. + - Even if the above weren't true, upstream has insisted that ZTS is a + horribly broken solution, slated for eventual removal, and should + never, ever be used. In light of that, caudium users should instead + use php4-cgi, either as a plain CGI, or as a FastCGI backend. + - Not even attempting to provide an upgrade path, as it would be + needlessly complex, and caudium-php4 in previous stable releases + was nothing more than a useless toy, given that it had nearly no + useful extensions built-in or supported. + * Rewrite 041-shut_up_snmp.patch to take a different approach, this time + regrettably reverting a fix for a memory leak, in the name of making + things work properly, including squashing the putenv() intecaction + bug between PHP and other apache modules (closes: #298511, #300628) + * On sidegrades from distributions where different modules may be built + from their own source, and thus have their own doc directories, bad + things happen when we try to replace those with symlinks, so now we + check for this in preinst, and fix stuff up magically to Just Work. + * Add Jeroen van Wolffelaar to Uploaders. + * Fix up modules regexes to use "\.so" instead of ".so" (cf: #300998) + + -- Adam Conrad Wed, 16 Mar 2005 22:46:05 -0700 + +php4 (4:4.3.10-9) unstable; urgency=low + + * Update 040-curl_open_basedir.patch once more to make sure it doesn't + segfault when fed a null or uninitialised URL (closes: #295447) + * Add 047-zts_with_dl.patch, courtesy of Steve Langasek to re-enable the + dl() function in our builds, despite upstream's claim that it "might + not be threadsafe on all platforms"; it is on ours (closes: #297839) + * Make the php4-dev binaries versioned with alternatives (closes: #295903) + * Update build-deps to libmysqlclient12-dev (closes: #290989, #227549) + + -- Adam Conrad Sun, 6 Mar 2005 07:30:35 -0700 + +php4 (4:4.3.10-8) unstable; urgency=high + + * Add 046-zend_plist_buggery.patch which unrolls the changes made to + zend.c in CVS post-4.3.10. The memory leaks fixed by these changes + seem to not have been hurting us terribly so far, while the "fix" + (breaking persistent lists) was, uhm, bad (closes: #295998, #296694) + * Revise 041-shut_up_snmp.patch to call init_snmp with 'snmpapp' as the + appname, rather than 'php', to maintain backward compatibility, and to + wrap our setenv/unsetenv magic only around snmp_shutdown, which seems to + solve a segfault when php4-snmp is loaded with mod_perl (closes: #296282) + * Fix 042-remove_windows_paths.patch to catch both cases where windows + path stripping should occur (closes: #296406) + + -- Adam Conrad Tue, 22 Feb 2005 07:49:32 -0700 + +php4 (4:4.3.10-7) unstable; urgency=high + + * Rewrite 040-curl_open_basedir.patch, so it now does what it's supposed + to (addressing CAN-2004-1392) and no longer segfaults (closes: #295447) + + -- Adam Conrad Thu, 17 Feb 2005 00:06:36 -0700 + +php4 (4:4.3.10-6) unstable; urgency=high + + * Add 044-strtod_arm_fix.patch to fix the FPU confusion FTBFS on arm. + * Add 045-exif_nesting_level.patch to bump the exif header parsing max + nesting level to something that actually works with most JPEG images. + + -- Adam Conrad Mon, 14 Feb 2005 16:04:28 -0700 + +php4 (4:4.3.10-5) unstable; urgency=low + + * Add 043-recode_size_t.patch to fix 32/64-bit issues causing the recode + extension to segfault on alpha/amd64/ia64 (closes: #294986) + * Move the ./buildconf stuff in the unpatch target inside the test + for patch-stamp, as it's uselss unless we're unpatching. + + -- Adam Conrad Sun, 13 Feb 2005 19:09:39 -0700 + +php4 (4:4.3.10-4) unstable; urgency=medium + + * Make php4-dev arch:any, as it contains some arch-specific defines. + * Add 042-remove_windows_paths.patch, a patch to rfc1867.c to strip Windows + paths from uploaded filenames, like it used to. (closes: #294305) + * Fix up caudium description to reflect the fact that caudium it is no + longer restricted from sharing extensions with other SAPIs. + * Build-dep on apache2-threaded-dev (>= 2.0.53-3) to make sure we + get a version with non-broken headers. + + -- Adam Conrad Wed, 9 Feb 2005 11:52:10 -0700 + +php4 (4:4.3.10-3) unstable; urgency=medium + + * Update to CVS, as of 200502060530 (closes: #288672) + - Fixes two vulnerabilities in exif.c, CAN-2005-1042 and CAN-2005-1043 + - Fixes two vulnerabilities in image.c, CAN-2005-0524 and CAN-2005-0525 + - File uploads with "'" in them aren't cut off anymore (closes: #288679) + - unserialize() is no longer ridiculously slow (closes: #291392) + - Add 000-200502060530_CVS.patch + - Adapt debian/rules to the realities of upstream's new buildconf + - Add 033-we_WANT_libtool.patch, to force relibtoolizing with Debian's + libtool, rather than using upstream's broken bundled libtool + - Drop 031_zend_strtod_1.1.2.10.patch and 032_zend_strtod_debian.patch + - Adjust patches for offsets and fuzz + - Force --with-pic, as policy demands it, and the build system doesn't + * Added several patches, yanked from the Fedora PHP sources: + - 034-apache2_umask_fix.patch, fixes umask not being properly reset + after each request (closes: #286225) + - 036-fd_setsize_fix.patch, fixes misuse of FD_SET() + - 038-round_test_fix.patch, makes the rounding test work on gcc-3.3 + * Removed --with-libedit, as being able to background php is more useful, + in my opinion, than using readline functions (see #286356) + * Include zip support in all SAPIs (closes: #288534, #288909) + * Enable Zend Thread Safety for all SAPIs, meaning that our modules + are now compiled for ZTS APIs as well. (closes: #278212, #264015) + - Make sure caudium-php4 now provides phpapi-$(ver), and modules can + be configured with the caudium SAPI. + - Add 039-reentrant_libs.patch to link to the reentrant versions of + libldap and libmysqlclient + * Stop suggesting phpdoc, as it's undistributable anyway. + * Add 040-curl_open_basedir.patch, to make php4-curl respect the value + of open_basedir, thanks to Martin Pitt (closes: #291410) + * Add 041-shut_up_snmp.patch, to prevent libsnmp5 from attempting (and + failing) to write persistent data every time it shuts down. Ugh. + + -- Adam Conrad Sun, 6 Feb 2005 05:32:11 -0700 + +php4 (4:4.3.10-2) unstable; urgency=high + + * Patch Zend/zend_strtod.c twice: + - Patch from upstream CVS to fix FTBFS on Sparc/Linux systems + - Patch from me to fix FTBFS on __mc68000__, __ia64__, and __s390__ + + -- Adam Conrad Sat, 18 Dec 2004 19:35:30 -0700 + +php4 (4:4.3.10-1) unstable; urgency=high + + * New upstream release, including the following security fixes: + - CAN-2004-1018 - shmop_write() out of bounds memory write access. + - CAN-2004-1018 - integer overflow/underflow in pack() and unpack() + functions. + - CAN-2004-1019 - possible information disclosure, double free and + negative reference index array underflow in deserialization code. + - CAN-2004-1020 - addslashes() not escaping \0 correctly. + - CAN-2004-1063 - safe_mode execution directory bypass. + - CAN-2004-1064 - arbitrary file access through path truncation. + - CAN-2004-1065 - exif_read_data() overflow on long sectionname. + - magic_quotes_gpc could lead to one level directory traversal with + file uploads. + * Adjust patch offsets for new upstream, fix 013-force_getaddrinfo.patch + to match with new configure.in and drop 026-4.3.10_session_fixes.patch + which is included in 4.3.10. + + -- Adam Conrad Wed, 15 Dec 2004 17:17:40 -0700 + +php4 (4:4.3.9-2) unstable; urgency=low + + * Adam Conrad : + - Add -fno-strict-aliasing to CFLAGS, as the (several thousand) + warnings I'm getting from GCC are frightening me a tad. + - Remove the php-cgi alternative in php4-cgi's prerm, to avoid + leaving dangling symlinks (closes: #275962, #282315) + - Include 030-imap_getacl.patch, adding the imap_getacl() function + required by the GOsa project (closes: #282484) + - Include php.ini-paranoid in doc/examples, provided and maintained + by Javier Fernández-Sanguino Peña (closes: #274374) + - Make /cgi-bin/php4 an alternative for /cgi-bin/php (closes: #282464) + - Remove obsolete info from README.Debian relating to session_mm, + since we stopped building with libmm a while back. + - Reintroduce /usr/lib/php4/libexec that went missing in a previous + upload, since the build uses it as the default safe_mode exec dir. + * Andres Salomon : + - Add patch to include gd headers in php4-dev, as some PECL modules + (notably, pdflib) expect it; 028-export_gd_headers.patch. + - Lintian fix: Add missing #DEBHELPER# token to php4-common.postrm. + + -- Adam Conrad Wed, 01 Dec 2004 18:48:13 -0700 + +php4 (4:4.3.9-1) unstable; urgency=high + + * New upstream release, removed the following patches fixed upstream: + 014-apache2handler_CVS_fixes.patch, 015-gdNewDynamicCtx_Add_Ex.patch, + 018-unix_socket_fd_leak.patch, 020-4.3.9_overflow_fixes.patch, + 021-4.3.9_sybase_ct_fixes.patch, 022-4.3.9_sprintf_fixes.patch, + 023-4.3.9_array_fixes.patch, 024-4.3.9_glob_fix.patch, + and 025-4.3.9_domxml_segfaults.patch + * Resolves undiscolsed vulnerabilities in GPC processing and rfc1867 + handling of file uploads via the $_FILES array; these have since + been assigned CVE CAN-2004-0958 and CAN-2004-0959 (closes: #274206) + * After some fairly heavy testing from several users and developers, + finally update php4-snmp to use libsnmp5 (closes: #195929) + * Add 026-4.3.10_session_fixes.patch from CVS, which prevents PHP + from segfaulting when a nonexistant or unsupported save_handler or + serialize_handler is specified in php.ini. + * Add /etc/apache/conf.d/php4.conf, setting up our mime-types, on the + off chance that the user's /etc/mime.types is broken (closes: #271171) + * Reintroduce a CGI binary at /usr/bin/php4-cgi, so people who can't + make use of the --force-cgi-redirect CGI binary in /usr/lib/cgi-bin + can instead use #!/usr/bin/php4-cgi scripts (closes: #273143) + * Enable FastCGI for both CGI binaries, now that it no longer conflicts + with, but rather complements, the CGI SAPI (closes: #233849) + * Bump libgd2 build-dep a notch to make sure we build against a version + that actually has XPM support built in (closes: #270435) + * Finally drop the bogus libapache-mod-ssl dependency from the apache1.3 + php4 module, as glibc (>= 2.3.2.ds1-17) has fixed the dlopen refcount + bug that we were hacking around (closes: #205553, #230956, #271000) + * Remove the mm session handler from the apache1.3 build. Since the + files handler now works on all arches, and is configured to be secure + by default, mm seems to have outlived its usefulness. + (closes: #119902, #149430, #166811, #272463, #232840) + * Rename sapi/apache2handler/sapi_apache2.c to mod_php4.c so that + directives aren't ambiguous between php4 and php5. + * Add Czech translation, thanks to Miroslav Kure (closes: #274038) + * Configure CLI with --with-libedit for readline support, and add + 027-readline_is_editline.patch, since Debian's libedit headers are + not installed in /usr/include/readline (closes: #274031) + * libcurl grew a new SONAME somewhere along the way, and upgrading + doesn't seem to cause regressions in php4-curl, so upgrade we shall, + changing build-deps accordingly (closes: #260389) + + -- Adam Conrad Mon, 4 Oct 2004 22:57:37 -0600 + +php4 (4:4.3.8-12) unstable; urgency=high + + * On new php4-cli installations, if php4-cgi is installed, we copy its + php.ini as a starting reference, so that command line scripts that + used to work don't start mysteriously failing (closes: #270153) + * php4-common has grown a postrm script to make sure we completely + clean out and remove /var/lib/php4 during the purge phase. + * Optimize garbage collection cronjob to use 'xargs -r -0 rm', so we + aren't forking for every session file we delete (closes: #268918) + + -- Adam Conrad Sun, 5 Sep 2004 19:17:42 -0600 + +php4 (4:4.3.8-11) unstable; urgency=high + + * Andres Salomon : + - Fix bashism in maxlifetime script (closes: #270015) + * Adam Conrad : + - Clarify setup instructions in README.Debian for using php4-cgi + with the apache and apache2 packages (closes: #228342, #228343) + + -- Adam Conrad Sat, 04 Sep 2004 23:21:21 -0600 + +php4 (4:4.3.8-10) unstable; urgency=high + + * Andres Salomon : + - Change frequency of session file cleansing, based on the maximum value + of session.gc_maxlifetime from all php.ini files (closes: #269688). + - Update README.Debian to mention session cleaning cron job. + * Adam Conrad : + - Drop php4-cgi from the list of alternate dependencies for the php4 + metpackage to smooth upgrades for woody users who have both php4 and + php4-cgi installed (closes: #269628, #269348, #269377) + - Fix cut-n-paste issue in php4-cli postinst (closes: #269466) + - Add 023-4.3.9_array_fixes.patch, which fixes problems with the + extract() function misbehaving with multiple element references. + - Add 024-4.3.9_glob_fix.patch to fix broken return values from glob() + when it succeeds with no matches (closes: #269287) + - Add 025-4.3.9_domxml_segfaults.patch, fixing segfaults in the domxml + extension when it shares memory space with other libxml2-using libs. + - Update the comments in php.ini to point out that, due to dilinger's + changes above, session.gc_maxlifetime is honoured by the gc cronjob. + + -- Adam Conrad Fri, 03 Sep 2004 20:42:56 -0600 + +php4 (4:4.3.8-9) unstable; urgency=high + + * Re-introduce the changelog.Debian that went missing in the last + upload due to the php4-common move from arch:all to arch:any + * Clean up lintian warnings regarding scripts that weren't executable + and executables that weren't scripts. + * Add a lintian override for the non-standard-dir-perm of /var/lib/php4 + * Update to Standards-Version 3.6.1 (no changes, other than the above) + + -- Adam Conrad Thu, 26 Aug 2004 21:53:27 -0600 + +php4 (4:4.3.8-8) unstable; urgency=low + + * Default session.save_path is now compiled in to php4, allowing + us to, again, comment out the value in php.ini. + * Comment out session.gc_probability in the default php.ini, as we've + now compiled in a default of 0, allowing the cronjob to do the + garbage collection for us instead. (closes: #267720) + * Make the 5 SAPI postinsts smarter, allowing them to poke around in + people's configs and make sure that sessions won't be broken + after we upgraded them from a perfectly functional system. + * Add 022-4.3.9_sprintf_fixes.patch, fixing incorrect formatting of + floats with padding by sprintf(). + * Make php4-common arch:any, and loosen up some of the other any->all + package dependencies to make sure binNMUs won't break. + + -- Adam Conrad Tue, 24 Aug 2004 03:09:43 -0600 + +php4 (4:4.3.8-7) unstable; urgency=high + + * Back out LFS support AGAIN, as we're disabling LFS in apache2 for + the Sarge release. (closes: #266869) + * Add 021-4.3.9_sybase_ct_fixes.patch, backporting several fixes + for the sybase_ct extension from 4.3.9rc1. + * Tidy up descriptions a fair bit: + - Disambiguate short descriptions of SAPIs. (closes: #244571) + - Refresh the (now much longer) lists of built-in modules for each SAPI. + - Explain why caudium-php4 can't use any loadable extensions. + - Remove silly advertising blurb for Zend, since very few people are + still using php3, and those who are can't be convinced to upgrade + just by telling them "Hey, it's faster!". + - Add Homepage URI to each SAPI description. + - Fix typo in php4-domxml description. (closes: #146124) + * Make caudium-php4 provide php4-mysql and php4-pgsql, so it can be used + with packages that depend on something like "php4, php4-mysql". + * Enable --with-mime-magic and make sure all SAPIs depend on libmagic1 + to pull in /usr/share/misc/file/magic.mime (closes: #175136) + + -- Adam Conrad Thu, 19 Aug 2004 18:27:17 -0600 + +php4 (4:4.3.8-6) unstable; urgency=high + + * Add libgcrypt11-dev to the build-depends, as something seems to be + pulling it in and causing an FTBFS (closes: #265952) + * Add 020-4.3.9_overflow_fixes, backporting fix for integer overflows + in array_slice(), array_splice(), substr(), substr_replace(), + strspn() and strcspn(). + * Bump the apache2 build-dep to (>= 2.0.50-9) to ensure we're building + against the new ABI-incompatble libapr0, which brings in proper + large file support. Bump the apache2 binary dependency as well. + (closes: #266210, #266192) + * Enable large file support on all SAPIs except for caudium, as I'm not + sure how caudium will react to the change, and I don't want to + destabilise anything just before release. This change has been + heavily tested with apache2/apache/cgi/cli, and all is well there. + * Re-enable 019-z_off_t_as_long.patch, which is needed to make sure + that LFS-enabled SAPIs can still use zlib file functions correctly. + * Rework the apache2 restarting logic to only restart apache2 if + apache2ctl configtest succeeds, otherwise kick out a warning to + the user. Even then, we run force-reload with ||true, in case + apache2 fails to start for other reasons (closes: #264958) + * Make php4-gd Provide php4-gd2, so packages which still depend on + php4-gd2 are installable (and so packaging frontends can take the + provides/conflicts/replaces hint and DTRT with it) + * Split php4-cgi to php4-cgi and php4-cli (closes: #227915) + - Add php4-cli to debian/control, replaces older php4-cgi versions + - php4-cgi depends on php4-cli for smooth transitions + - php4-pear now depends on php4-cli (closes: #243214, #221434) + - Add php4-cli to list of SAPIs configurable for modules + - Munge php.1 manpage to include -cli info + - Enable pcntl and ncurses in -cli (closes: #135861, #190947, #241806) + * Move all of php4's files to libapache-mod-php4, and make php4 a + metapackage that depends on libapache-mod-php4 | libapache2-mod-php4 | + php4-cgi | caudium-php4 (closes: #244573, #246654, #244571, #266517) + * Include skeleton directory in php4-dev (closes: #95832, #211338) + * Include php.ini-recommended in php4-common's examples (closes: #181396) + * Move /var/lib/php4 to php4-common and install a cronjob that cleans + out old sessions every 30 minutes (closes: #256831, #257111) + * Move the libapache-mod-ssl dependency from php4-imap to + libapache-mod-php4 to stop irritating users of other SAPIs + (closes: #240003, #246887, #263381) + * Compile pgsql and mysql support into the caudium SAPI, so it's + slightly less useless (closes: #181175) + + -- Adam Conrad Sun, 15 Aug 2004 19:56:14 -0600 + +php4 (4:4.3.8-5) unstable; urgency=low + + * Build-depend on chrpath and use it to nuke rpath from modules + during the install target of debian/rules. + * Add 018-unix_socket_fd_leak.patch to get rid of UNIX socket file + descriptor leak on failed fsockopen() calls. (closes: #257269) + * It would seem that if we want LFS support, all SAPIs and all extensions + that do file access need to be built with LFS support, and since + apache2 currently doesn't have LFS, this presents a problem. As + such, I'm disabling LFS accross the board until apache2 supports it. + (closes: #263962) + * Add 019-z_off_t_as_long.patch, including local headers for zlib, + forcing off_t = long for gzip file functions, however disable it + for now, as we'll only need it if we reenable LFS (closes: #208608) + * Add the Debian package revision as EXTRAVERSION to PHP, so one can + more easily tell what version is currently running (for instance, + if a user fails to restart Apache after an upgrade of php4, this + would become obvious to them in the version banner and in phpinfo() + * Fixed up debian/patches, adjusting offsets and adding newlines, + so patch stops complaining and applies them cleanly. + * libapache2-mod-php4 postinst now forces a reload of apache2, which + should get the module properly working in all cases where people + previously thought 'apachectl graceful' would cut it. + (closes: #241352, #263424, #228343) + * debian/rules explicitly sets PROG_SENDMAIL during configure so + that builds on buildds with no sendmail installed don't get the + mail() function disabled. (closes: #180734) + * Enable XMLRPC-EPI support for all SAPIs (closes: #228825, #249368) + * Enable sysvmsg support for all SAPIs (closes: #236190) + * Enable dbx support for all SAPIs (closes: #229508, #249797) + * Nuke aclocal.m4 before we run ./buildconf to ensure we get it + regenerated correctly, and we get an up-to-date libtoolization. + + -- Adam Conrad Mon, 9 Aug 2004 07:47:46 -0600 + +php4 (4:4.3.8-4) unstable; urgency=low + + * Drop 016-pread_pwrite_XOPEN_SOURCE_500.patch, as it didn't seem to + solve anything, really, and add 017-pread_pwrite_disable.patch, + wich completely disables pread/pwrite usage, fixing session support + on sparc, and pread/pwrite usage on amd64. (closes: #261311) + + -- Adam Conrad Mon, 26 Jul 2004 06:15:59 -0600 + +php4 (4:4.3.8-3) unstable; urgency=low + + * Steve Langasek : + - Give php4-pear a versioned dependency on php4-cgi, due to + backwards-compatibility issues (closes: #260924). + + * Adam Conrad : + - Added a debian/watch file for the curious, or people running + automated uscan scripts over the entire archive. + - Bump libgd2 build-dep to 2.0.28 to buy us guaranteed GIF + support in php4-gd (closes: #66293) + - Add 015-gdNewDynamicCtx_Add_Ex.patch, which fixes three double-free + errors in php4-gd. This, in concert with the librrd0 update + (see #261323) should clear up all known segfaults in php4-gd + (closes: #220196, #234571, #241270, #246833, #251220, #260790) + Thanks to Klaus Reimer for the tip. + - Add 016-pread_pwrite_XOPEN_SOURCE_500.patch, which fixes use of + pread/pwrite in conjunction with LFS64. This should fix the files + session handler on sparc, as well as the amd64 build failure. + (closes: #234766, #239420, #261311, #248765) + - Clean up debian/rules to remove a bunch of obsolete cruft, as well + as introducing an LFSFLAGS, allowing us to easily turn LFS support + on and off for each SAPI. + - Re-enable LFS for apache 1.3, as it was enable in Woody and we should + remain backward compatible. + + -- Adam Conrad Sun, 25 Jul 2004 18:49:31 -0600 + +php4 (4:4.3.8-2) unstable; urgency=high + + * Urgency "high" to make up for the last upload which contained + security fixes but was uploaded urgency "low". + + * Adam Conrad : + - Bump debhelper build-dep to >= 3, as we were using DH_COMPAT=3 + in debian/rules. Not sure how this was missed for so long. + - Add 014-apache2handler_CVS_fixes.patch, which fixes a memory + leak in the apache2handler SAPI, as well as a logical mishandling + of fatal errors during activation. + + * Steve Langasek : + - Revert large file support, which appears to cause + ABI-incompatibilities (and therefore segfaults) for apache2 + (closes: #259659). + + -- Adam Conrad Mon, 19 Jul 2004 20:44:00 -0600 + +php4 (4:4.3.8-1) unstable; urgency=low + + * Adam Conrad : + - New upstream release (4.3.8). Fixes several security issues: + + Fixed strip_tags() to correctly handle '\0' characters. + + Improved stability during startup when memory_limit is used. + + Replace alloca() with emalloc() for better stack protection. + + Added missing safe_mode checks inside ftok and itpc. + + Fixed address allocation routine in IMAP extension. + + Prevent open_basedir bypass via MySQL's LOAD DATA LOCAL. + + Fixes DoS in readfile() function, see CAN-2005-0596. + - php4-pear now includes PEAR::Mail 1.1.3 (closes: #257688) + - debian/control: change libpng3-dev build-dep to libpng12-dev + - Add Turkish debconf translation, thanks to Osman Yuksel. + (closes: #252940) + + * Andres Salomon : + - New upstream release (4.3.7). The following patches are dropped: + 007-dba_fix.patch + 008-xbithack.patch + 011-curl_api_update.patch + 012-curl_deprecated_opts.patch. + - Add 013-force_getaddrinfo.patch, so that getaddrinfo support is + always enabled (instead of doing check during build). + + * Steve Langasek : + - Enumerate supported SAPIs in both the module postinst and the module + config script, to avoid "question not found" errors from debconf. + This doesn't give us automatic support for new SAPIs as they're + added, but it avoids trying to configure SAPIs that we don't support + (e.g., caudium), and it also sidesteps shell syntax errors caused by + strangely-named subdirectories. + - Remove apache2 from the TODO list, because it's done + (closes: #243793). + - Add /var/lib/php4 to the list of directories for the apache2 module, + so we don't end up with a missing session dir (closes: #240962). + - s/modules-config/apache-modconf/, now that the canonical name of the + apache-common tool has changed + - Drop references to php3 in README.Debian, and document the + simplified process for enabling php4 in apache 1.3 (closes: #244564). + - Enable large files support for all SAPIs (closes: #249500). + - Fix commented-out default include path in php.ini (closes: #250274). + + -- Adam Conrad Wed, 14 Jul 2004 18:06:42 -0600 + +php4 (4:4.3.4-4) unstable; urgency=low + + * Drop apache2 work-around patch and add build-dep on apache2 2.0.48-8, + now that #228840 is fixed. + * Fix FTBFS problem caused by curl api changes, adding patches 011 and + 012 (closes: #239159). + * Add phpapi Provides for libapache2-mod-php4 (closes: #240386). + * Add versioned build-dep for pcre, as apache2 has proven that pcre-3.9 + and older won't work (closes: #215069). + * Tighten build-dep versions to match upstream's autoconf version checks + (closes: #214060). + + -- Andres Salomon Fri, 26 Mar 2004 23:27:27 -0500 + +php4 (4:4.3.4-3) unstable; urgency=low + + * Andres Salomon : + - Fix incorrect php.ini path in CLI manpage (closes: #233757). + - Add libapache2-mod-php4 module (closes: #214611). + * Updated Japanese debconf translation; thanks to Kenshi Muto + (closes: #222424). + * Build php4-gd against libgd2-xpm, removing the need for a separate + php4-gd2 package (closes: #235390, #206045, #135664). + * Add new Catalan debconf translation; thanks to Aleix Badia i Bosch + (closes: #236630). + * Add new Spanish debconf translation; thanks to Carlos Valdivia + Yagüe (closes: #235052). + + -- Steve Langasek Sat, 28 Feb 2004 12:11:57 -0600 + +php4 (4:4.3.4-2) unstable; urgency=low + + * Add build-depends on autoconf, missed earlier (closes: #235012). + * Minor updates to README.Debian list of supported extensions. + * Fix integer size mismatch in snmp extension affecting 64-bit + platforms + + -- Steve Langasek Thu, 26 Feb 2004 22:25:27 -0600 + +php4 (4:4.3.4-1) unstable; urgency=low + + * New upstream version. Update local patch set accordingly, with help + from Andres Salomon . + - includes fix for snmpget() not closing its socket + (closes: #207363). + * Update build-depends to libdb4.2-dev, to match apache-dev + (closes: #231692). + * Drop translations of stale templates, and add new German debconf + translation; thanks to Alwin Meschede + (closes: #232270). + * Add new Danish debconf translation; thanks to Claus Hindsgaul + (closes: #233887). + * Move local patches into debian/patches/ for easier management, and + add debian/rules targets for build-time application of patches. + * Fix a problem with PHP "xbithack" causing ini scope leakage + (closes: #230047). + * Re-enable the openssl extension statically, since we now know for + sure that the php4-imap problems are a glibc bug (closes: #197450). + * Fix pear to set /usr/bin/php4 instead of /usr/bin/php for the value + of php_bin, so PEAR-managed scripts work correctly + (closes: #228381). In addition, use alternatives for /usr/bin/php + for the benefit of user scripts (closes: #185283). + * Set the default session save_path to /var/lib/php4 instead of to + /tmp, and create this directory such that all users (for php4-cgi) + can create files there and access their own files once created, but + not see the names of other files in the directory (closes: #139810). + * Drop our override of upstream's register_globals default + (closes: #230878). + + -- Steve Langasek Sat, 14 Feb 2004 10:23:24 -0600 + +php4 (4:4.3.3-5) unstable; urgency=low + + * Have php4-pear Suggest: php4-dev, for PECL extensions + (closes: #225969). + * Recompiled against the new version of libxslt, to get rid of the + dependency on libxsltbreakpoint (closes: #224806). + * Also recompiled against the new version of libc-client (closes: #227347). + * Fix pear to not expect to be able to twiddle locks when running as + non-root, which also seems to fix a memory utilization problem + (closes: #225026). + * Make php4-imap depend on libapache-mod-ssl, since this seems to be + the only reliable way of getting apache to stop segfaulting. + * Build-depend on libt1-dev, which replaces t1lib-dev. + + -- Steve Langasek Mon, 5 Jan 2004 22:53:18 -0600 + +php4 (4:4.3.3-4) unstable; urgency=low + + * Fix prerm script to remove mod_php4, *not* mod_perl, from the + config (Closes: #216889). + * Use /etc/$i/httpd.conf instead of /etc/$i to decide whether to + call modules-config. + * Don't invoke debconf unless we have to in the postinst, to reduce + the risk of interactions between modules-config and our questions. + * Add Dutch debconf translation; thanks to Tim Dijkstra + (closes: #221439). + * Sync dba lock handling against upstream CVS HEAD, to fix a bug with + truncating db4 files when opening with 'c' (create). + (Closes: #221559). + + -- Steve Langasek Tue, 21 Oct 2003 16:49:03 -0500 + +php4 (4:4.3.3-3) unstable; urgency=low + + * Disable -gstabs on ia64, since this debugging symbol type is + apparently unknown there; we should now have clean builds (with + appropriate debugging symbols) on all archs. + + -- Steve Langasek Mon, 20 Oct 2003 19:07:40 -0500 + +php4 (4:4.3.3-2) unstable; urgency=low + + * Don't call db_stop in the postinst, as this seems to cause problems + for modules-config (closes: #215663, #215584). + * Remove duplicate -prefer-pic flag on caudium build, in hope of + making libtool do something sensible on ia64,hppa (closes: #216020). + * Always build with debugging symbols, per current policy. + * Unconditionally call dh_strip, which knows about DEB_BUILD_OPTIONS; + and call install -s when installing shared extensions by hand. + * Fix upstream build rules to not call libtool --silent. + + -- Steve Langasek Wed, 15 Oct 2003 23:19:55 -0500 + +php4 (4:4.3.3-1) unstable; urgency=low + + * New upstream release. + * Add Japanese debconf translation; thanks to Kenshi Muto + (closes: #211961). + * Fix caudium handling to always grab the current pike version from + dpkg when constructing include paths (closes: #212585). + * Bump the c-client build dependencies to use the new -dev package + name. + * Convert php4 postinst/prerm scripts to use the new apache + modules-config interface. + + -- Steve Langasek Sun, 21 Sep 2003 17:26:31 -0500 + +php4 (4:4.3.2+rc3-6) unstable; urgency=low + + * Add Brazilian Portuguese debconf translation; thanks to André Luís + Lopes (closes: #207078). + * Catch debian/control up with debian/rules for the zendapi -> phpapi + transition. + + -- Steve Langasek Sun, 31 Aug 2003 20:35:57 -0500 + +php4 (4:4.3.2+rc3-5) unstable; urgency=low + + * Kill the lintian warning on the grammar in the copyright file. + * Redirect apacheconfig I/O to /dev/tty, to work around debconf + behavior (for real this time). Closes: #207468, #206404. + * Replace 'zendapi' with 'phpapi', since the former does not + accurately describe the ABI changes that affect modules and can + leave some packages installable but broken (closes: #208020). Also, + remove the versioned conflicts with php4-{mysql,pgsql}, since this + now supersedes. + * Add French debconf translation; thanks to Michel Grentzinger + (closes: #207662). + + -- Steve Langasek Sat, 23 Aug 2003 21:43:24 -0500 + +php4 (4:4.3.2+rc3-4) unstable; urgency=low + + * Have all php extensions automatically detect and configure for any + installed SAPIs (closes: #143436). + * Remove spurious dependencies from php4-dev, and replace autoconf2.13 + with autoconf (closes: #180497). + * Conflict with old php4-pgsql as we do with php4-mysql, as it + manifests the same bug. + * Add preliminary rules for building apache2 SAPI, but don't enable. + * Call db_stop before trying to run apacheconfig (closes: #206404). + * Check for the existence of /etc/php4 before trying to rmdir it, + since there are apparently those who remove such directories + prematurely (closes: #206120). + + -- Steve Langasek Sun, 17 Aug 2003 00:19:38 -0500 + +php4 (4:4.3.2+rc3-3) unstable; urgency=low + + * Fixes for spurious package dependencies + * Fix the paths emitted by php-config, so we can build php4-pgsql et al. + + -- Steve Langasek Fri, 15 Aug 2003 23:44:55 -0500 + +php4 (4:4.3.2+rc3-2) unstable; urgency=low + + * Make sure pear.conf is properly marked as a conffile, by bumping + DH_COMPAT to 3. + * Generate all per-extension postinsts/prerms at build time, instead + of managing them by hand. + * Get rid of bogus, non-FHS directories from the caudium build. + * Install the upstream php manpage in the php4-cgi package + (closes: #175836). + * Prevent null dereferencing in ldap_explode_dn() (closes: #205405). + * Hard-code /usr/share/pear at the end of the include path, for + backwards compatibility. + * Debconf support for PHP extension registration, including + po-debconf support (closes: #122353). + * Fix interpreter path in /usr/bin/pear. + * Make php4-pear depends: php4-cgi (closes: #182393). + + -- Steve Langasek Wed, 13 Aug 2003 22:39:08 -0500 + +php4 (4:4.3.2+rc3-1) unstable; urgency=low + + * New upstream version. + - includes fix for buffer overflow crashes in imap module + (closes: #191640) + - includes fix for dysfunctional open_basedir directive + (closes: #197803) + - include fix for various XSS vulnerabilities (closes: #200736) + * Recompile against newest libc-client libs, following another soname + change (closes: #199049) + * Replace db2 with db4. + * Trim down the cgi sapi rules, since it will now build both cli and + cgi for us by default. + * Kludge the caudium sapi, by hard-coding the include path we need for + pike headers. + * Copy the lex/yacc-generated .c and .h files into the build + directories, since generating them at build time gives wildly + different, and undisputably broken, results. + * Update the install rules so they're compatible with current upstream + handling of pear and the various SAPIs. + * Add '=shared' to the --enable-xslt option, to get the right results + for that extension. + * Move PEAR extensions from /usr/share/pear to /usr/share/php. + * Conflict with php4-mysql=4:4.2.3-14, due to bizarre Zend errors. + + -- Steve Langasek Wed, 6 Aug 2003 22:43:28 -0500 + +php4 (4:4.2.3-14) unstable; urgency=low + + * Disable openssl extensions AGAIN. It appears that this double-linking mess + is still causing nasty segfaults. + (closes: #188014, #188025, #188058, #189202, #189653) + + -- Adam Conrad Sun, 20 Apr 2003 17:31:59 -0600 + +php4 (4:4.2.3-13) unstable; urgency=low + + * Revert NET-SNMP patch and build php4-snmp against UCD-SNMP again + (closes: #185534) + * Build against libmm13, as libmm12 no longer exists (closes: #187401) + * Rebuild caudium-php4 against latest caudium-dev + * Re-enable openssl linking and functions, now that our glibc 2.3 + problems appear to be ironed out. + * Enable xslt and exslt support in php4-domxml (closes: #172881) + + -- Adam Conrad Thu, 3 Apr 2003 05:53:24 -0700 + +php4 (4:4.2.3-12) unstable; urgency=low + + * Rebuild php4-sybase against libct1 (closes: #184461) + + -- Steve Langasek Sat, 8 Mar 2003 20:03:33 -0600 + +php4 (4:4.2.3-11) unstable; urgency=low + + * Remove pike header location detection from debian/rules and do it + properly in sapi/caudium/config.m4, using pike7.2-config --version + + -- Adam Conrad Mon, 3 Mar 2003 23:33:26 -0700 + +php4 (4:4.2.3-10) unstable; urgency=low + + * Added patch to build with NET-SNMP 5.x + * Updated build-dep for libc-client to 2003debian + (closes: #181565, #182854, #169886) + * Updated build-dep for libcurl to libcurl2-dev (closes: #179722) + * Added -mieee to alpha build to solve FPE errors (closes: #180656) + * Removed arch-specific logic to build with gcc-3.2 on arm, since gcc-3.2 + is now the default compiler on all architectures. + * Add libwrap0-dev to the end of the build-depends to work around #183041. + Someone remember to remove this later when the bug is fixed. :) + * Build against newer libsablot0-dev (closes: #179886, #181550) + * Introduce ugly hack in debian/rules to get the pike includes + directory right for the caudium SAPI. + + -- Adam Conrad Sun, 2 Mar 2003 12:49:07 -0700 + +php4 (4:4.2.3-9) unstable; urgency=low + + * Fix caudium-php4 to not conflict with php4-pear (closes: #175415). + + -- Steve Langasek Sun, 5 Jan 2003 16:40:20 -0600 + +php4 (4:4.2.3-8) unstable; urgency=low + + * Fix typo in debian/rules + * Rebuild to bring in sync with latest caudium packages + + -- Adam Conrad Wed, 25 Dec 2002 20:00:59 -0700 + +php4 (4:4.2.3-7) unstable; urgency=low + + * Set a sane default for safe_mode_exec_dir (closes: #122920). + * Rebuild against libmm-dev on i386, instead of against the + no-longer-available libmm11-dev which Provides: the same + (closes: #173509). + + -- Steve Langasek Mon, 16 Dec 2002 22:48:40 -0600 + +php4 (4:4.2.3-6) unstable; urgency=low + + * Build with PEAR for all SAPIs, so that the built-in include_path is + set correctly (overkill?). Closes: #169786, #172321 + * Change section of php4-dev package to devel. + * Add libkrb5-dev to build-depends, since libc-client2002-dev doesn't + pull it in (closes: #173313). + * Depend on coreutils instead of fileutils, since the latter is now an + empty package (closes: #171265). + + -- Steve Langasek Sun, 15 Dec 2002 23:20:30 -0600 + +php4 (4:4.2.3-5) unstable; urgency=low + + * Fix (snip, snip) the upstream build scripts, so that libphp4.so + isn't worthlessly linked against the problematic openssl libs + (closes: #165699, #165718, #165719, #166414). + * Update config.{sub,guess} so that the package builds on mips + platforms (closes #173218) + * Replace libc-client-ssl2001-dev with libc-client2002-dev in build + dependencies, fixing various php4-imap segfaults (closes: #169610, + #169769). + + -- Steve Langasek Sun, 15 Dec 2002 19:42:43 -0600 + +php4 (4:4.2.3-4) unstable; urgency=low + + * Remove build dependency on non-extant libmagick5-dev, which is no + longer used anyway (closes: #169829, #172402). + * Add myself to the Uploaders: field of the control file. + + -- Steve Langasek Sat, 14 Dec 2002 12:52:06 -0600 + +php4 (4:4.2.3-3) unstable; urgency=low + + * Backport a patch from CVS to sanitize control characters in php_url_parse() + to prevent ASCII control injection in fopen() calls. + + -- Adam Conrad Thu, 12 Sep 2002 16:29:46 -0600 + +php4 (4:4.2.3-2) unstable; urgency=low + + * I'm a moron (thanks to James Troup for pointing this out). + * Change gcc-3.1 references in debian/rules to gcc-3.2. + * Change GD build-dep to libgd-xpm-dev until GD package mess is worked out. + + -- Adam Conrad Tue, 10 Sep 2002 12:18:21 -0600 + +php4 (4:4.2.3-1) unstable; urgency=low + + * New upstream version + * Added a patch from Ginger Alliance to eliminate warnings in xslt compile + * Messed with the php4-imap build: + - compiling with SSL support (closes: #122700) + - commented out the static-on-i386 hack, libc-client is now linked dynamically + * Sessions should finally be fixed, however I won't tag the bugs "woody" + until I know for sure. (if you were affected, please test and send + followups to me) + * Updated arm build-dep to use gcc-3.2 since gcc-3.1 is gone now. + + -- Adam Conrad Tue, 10 Sep 2002 09:02:51 -0600 + +php4 (4:4.2.2-3) unstable; urgency=low + + * Fix typo resulting in php4-odbc not having a postinst + (closes: #157116, #157927) + * Build against latest caudium-dev to made caudium-php4 installable + again. (closes: #158247) + * Update build-deps to swap libpng3 for libpng2. (closes: #158908) + + -- Adam Conrad Sat, 7 Sep 2002 01:22:57 -0600 + +php4 (4:4.2.2-2) unstable; urgency=low + + * Pulled --with-ndbm out of ./configure, as libc6 no longer ships with + headers or the library for db1 (closes: #156141, #155889) + * Update build deps to build against libmm12 (closes: #155042) + * php4-curl no longer depends on libcurl2-ssl (closes: #155015) + + -- Adam Conrad Sat, 10 Aug 2002 01:12:47 -0600 + +php4 (4:4.2.2-1) unstable; urgency=medium + + * New upstream + * Fixes input validation vulnerability in rfc1867.c (closes: #153850) + * Added missing prerm/postinst for php4-xslt (oops) + + -- Adam Conrad Mon, 22 Jul 2002 11:58:53 -0600 + +php4 (4:4.2.1-3) unstable; urgency=low + + * Yet more build fixes. This time, bump the arm build-dep from gcc-3.0 to + gcc-3.1 to avoid compiler errors. I love the arm toolchain. No, really. + + -- Adam Conrad Wed, 29 May 2002 17:40:30 -0600 + +php4 (4:4.2.1-2) unstable; urgency=low + + * Applied small patch to fix building on non-32-bit architectures + (closes: #148231) + * Added still /more/ documentation about the unserializer, sessions, + and the session.save_handler php.ini option. + + -- Adam Conrad Sun, 26 May 2002 14:43:55 -0600 + +php4 (4:4.2.1-1) unstable; urgency=low + + * The "When is Debian going to have new software like XF^H^HPHP 4.2?" release. + * Probably the last update (barring huge packaging bugs or plain broken + binaries) before starting on a complete reorg of the PHP packages. + * Deserializer now works on big-endian architectures (addresses bug #121391 + and probably others) + * This release probably fixes a whole bunch of bugs. Will be going through + the bug list and playing the reproducibility game after the upload. + * Default include_path in php.ini now set to include pear. + * Upstream default for register_globals HAS CHANGED. In the Debian php.ini + we are still using "register_globals = On" for compatibility reasons, + however our packages will change too. This is a warning for anyone + packaging PHP scripts and applications to make sure you'll be compatible + with the new default once it's set. + + -- Adam Conrad Sun, 26 May 2002 06:24:21 -0600 + +php4 (4:4.1.2-4) unstable; urgency=high + + * No binaries were harmed in the making up this upload. + * Updated README.Debian and changelog. All other files untouched, + as the binaries were merely unpacked and repacked. + - Added a note to README.Debian about how to properly set up + Apache for use with php4, if the installation didn't (and it usually + doesn't ) get it right. + - Added a note to README.Debian about the unserializer (and sessions) + being messed up on big endian architectures. It's too late to try + to get a proper fix in for this, so we're just going to have to cope. + + -- Adam Conrad Fri, 26 Apr 2002 12:27:40 -0600 + +php4 (4:4.1.2-3.1) unstable; urgency=low + + * The 'I broke it, I have to take credit for it' release. + * Rebuild the package to get proper binary dependencies on alpha. + + -- Steve Langasek Sun, 31 Mar 2002 17:13:09 -0600 + +php4 (4:4.1.2-3) unstable; urgency=low + + * Switched to --with-regex=php (from =system). This fixes all the + problems with eregi/parse_url/fopen/etc on Alpha. + * Cleaned up long descriptions (closes: #130977, #130954) + + -- Adam Conrad Wed, 27 Mar 2002 15:11:43 -0700 + +php4 (4:4.1.2-2) unstable; urgency=low + + * New maintainer (closes: #132980) + * Enabling unixodbc support (closes: #107201) + * Changed the install-modules target in build/rules_pear.mk so that + it will error out in the case of an empty modules directory or + failure to install modules (closes: #135304) + + -- Adam Conrad Tue, 12 Mar 2002 00:25:41 -0700 + +php4 (4:4.1.2-1) unstable; urgency=high + + * New upstream version with a security fix. This + supercedes 4.1.1-2.2 from Steve Langasek: + * Fix an error in the handling of MIME file upload headers, which left + open a potential security hole. (Closes: #136063) + * Fixed gcc-3.0 fix :-) + * Thanks for fixing apache-common fix + * This version should fix session bugs with upstream fix (closes: #133877) + * With a brutal change to main/SAPI.c try to fix(?) authorize bugs + + -- Petr Cech Thu, 28 Feb 2002 11:14:26 +0100 + +php4 (4:4.1.1-2.1) unstable; urgency=low + + * Non-maintainer upload. + * loosen apache-common dependency to make us forwards-compatible, as + recommended by the apache maintainer. + * use gcc-3.0 when building on arm, because the default toolchain on + that arch has Issues (closes: #135906, #135913). + + -- Steve Langasek Tue, 26 Feb 2002 09:59:49 -0600 + +php4 (4:4.1.1-2) unstable; urgency=medium + + * Rebuild with apache 1.3.23. + * This package is in maintainer change mode. Though I orphaned it I'm not + going to change maintainer to QA, because we already have fresh blood. + * ext/gd/gd.c: s/HAVE_GD_GIF/HAVE_GD_GIF_CREATE/ to build correctly with + libgd which has GIF support (fixed included upstream) + * debian/control: + - Build-Depends: s/libgd1g-dev/libgd-dev/ + also libc-client at least version 4:2001adebian-6 to fix some segfaults + * ext/standard/head.c: make the setcookie() thingie test more simple + + -- Petr Cech Mon, 11 Feb 2002 20:07:22 +0100 + +php4 (4:4.1.1-1) unstable; urgency=high + + * New upstream bugfix release. + * debian/control: php4-gd - Conflicts/Replaces: php4-gd2 if I ever get + to upload it + * debian/rules: Correctly supply modified CFLAGS to build process + + -- Petr Cech Fri, 28 Dec 2001 23:23:47 +0100 + +php4 (4:4.1.0-2) unstable; urgency=low + + * debian/php4-cgi.README.Debian: fix typo (closes: #123866) + * debian/rules: remove --enable-mbstr-enc-trans as it breaks parametr + parsing (closes: #121403) + * debian/README.Debian: document shmmax increase (closes: #119688) + + -- Petr Cech Fri, 14 Dec 2001 09:59:59 +0100 + +php4 (4:4.1.0-1) unstable; urgency=high + + * Finally final 4.1.0 + * Urgency to reflect previous version + * debian/control: php4-pear depends on php4-cgi + + -- Petr Cech Thu, 13 Dec 2001 23:09:54 +0100 + +php4 (3:4.1-2) unstable; urgency=high + + * FIxes from CSV 4.1.0RC5. Looks like it was not the release after all. + * ext/exif/exif.c: MFH + * ext/ldap/ldap.c: small crash fix from HEAD + * and misc tiny changes. Really :-) + * ext/imap/php_imap.c: HIGH. fix from CVS (imap_rfc822_parse_adrlist) changing + the argument + + -- Petr Cech Sun, 9 Dec 2001 00:01:37 +0100 + +php4 (3:4.1-1) unstable; urgency=medium + + * Final 4.1.0 (not released) + * NEWS: s/4.0/4.1/ + * Build with GD1. It should fix some GD bugs, as gd 2.0.1 is supposed to be + a beta version with known bugs. How should I know. + * sablot extension removed upstream. So use XSLT (C/R in place) + * Apply fix for file_exists() from tilo (closes: #114409) + * "Cannot redeclare" were fixed in previous RCs (closes: #112341) + * previous version is build in hppa and ia64, so I assume it + (closes: #115391) + * Add note to sybase_ct, that it conflicts with mod_gzip folowing a user + report. + * This should fix the "final HTML> stripped" bug that was introduced + in 4.0.6-3. (closes: #110415). + * add --enable-ucd-snmp-hack to try to fix segfaults with ucd-snmp + + -- Petr Cech Mon, 26 Nov 2001 14:56:50 +0100 + +php4 (3:4.0.100-1) unstable; urgency=low + + * Really a 4.1.0RC2 + * Remove hack for apache 1.3.14, as we build-depends on 1.3.22 anyway + * Build-depends: libexpat1 (>= 1.95.2-2.1) for the .1 + * Added Provides: zendapi-$version to php4 and php4-cgi + * Made modules depend on zendapi-$version instead of php4|php4-cgi. + Please use this in your php4-$module packages + * Apply c-client hack only to i386 most architectures don't support linking + both PIC and non-PIC code. I'm still affrai to do this on i386, as it + crashes a lot more :( + * Apply some CVS patches + + -- Petr Cech Wed, 14 Nov 2001 20:50:19 +0100 + +php4 (3:4.0.99-4) unstable; urgency=medium + + * Recompile because of new version of caudium. + (I really hope this gets into testing soon as php in testing + now doesn't do apache 1.3.22) + + -- Petr Cech Fri, 9 Nov 2001 11:11:46 +0100 + +php4 (3:4.0.99-3) unstable; urgency=medium + + * Recompile for new libexpat1 (closes: #116623 and others) + * upstream: ext/gd/gd.c, ext/iconv/iconv.c + * crypt(): defalt to using DES crypt() (closes: #117092) + * debian/rules: disable libmm in -cgi build. Will lesser the impact + of the infamous /tmp/session_mm.reg + * apply patch to Zend, which should fix the "cannot redeclare" error. + It's still a bug in your code though (use include_once). More changes + to this are comming (upstream). + * Add some documentation to sybase + + -- Petr Cech Mon, 22 Oct 2001 11:20:46 +0200 + +php4 (3:4.0.99-2) unstable; urgency=low + + * "Some days are just no good" release. + * Recompile with apache 1.3.22 from Incoming + * Deal with automake going to 1:1.4 and automake1.5 + + -- Petr Cech Fri, 19 Oct 2001 15:02:00 +0200 + +php4 (3:4.0.99-1) unstable; urgency=low + + * This is really 4.1.0RC1, but ... + * Applied setcookie(), which is not in upstream yet + + -- Petr Cech Fri, 19 Oct 2001 12:05:20 +0200 + +php4 (3:4.0.6.7rc3-3) unstable; urgency=medium + + * Fix dependency in caudium-php4. Sorry for this + + -- Petr Cech Fri, 19 Oct 2001 11:28:07 +0200 + +php4 (3:4.0.6.7rc3-2) unstable; urgency=medium + + * Recompile with recent caudium/pike. Please, no new version so it can get + into testing :) + * debian/control: move php4-pear to suggests + * Fix setcookie() again. I really hate this bug + * Build-Depends: re2c - it's usually not needed, but if you make some + strange changes to the parser ... + * FIx automake 1.5 build problems (I hope) + + -- Petr Cech Thu, 18 Oct 2001 12:03:39 +0200 + +php4 (3:4.0.6.7rc3-1) unstable; urgency=low + + * New upstream test release. + + -- Petr Cech Fri, 5 Oct 2001 09:23:35 +0000 + +php4 (3:4.0.6.7rc2-3) unstable; urgency=low + + * "Let's try to fix some bugs" release. + * Add some patches: ldap (does this fix things?), pgsql, + domxml + * Build-Conflicts: automake (>= 1.5) for now + + -- Petr Cech Tue, 2 Oct 2001 10:55:23 +0200 + +php4 (3:4.0.6.7rc2-2) unstable; urgency=low + + * Enable recode extension (the library is LGPL) - shared + * Enable iconv extension - in main php4. Experimental + * Build-Depends: s/libgd-dev/libgd2-dev/ + * Build-Depends: libxml2-dev (>= 2.4.2) (Closes: #112304) + and fix autoconf macros (Closes: #113980) + * Improve?? description of PEAR (Closes: #112432) + + -- Petr Cech Sat, 22 Sep 2001 10:37:42 +0200 + +php4 (3:4.0.6.7rc2-1) unstable; urgency=medium + + * 2nd release candidate + * ext/mbstring: fix compile (cp1252) + * ext/standard/url_scanner_ex: off by one + * WARNING: caudium builds with Zend Threading enabled, but other + modules don't. So you cannot safely use DSO with caudium + * Added some Build-Conflicts - with broken libmysqlclient + - with libtool 1.4b + + -- Petr Cech Mon, 10 Sep 2001 18:04:27 +0200 + +php4 (3:4.0.6-6) unstable; urgency=medium + + * The "Paul Hampson fixes release". + * Closed those atexit() bugs. Now to find out, how to make libtool link with + gcc instead of ld :(( + * ext/standard/head.c: Fix setcookie("bla) (closes: #109524, #109697) + Thanks to Paul Hampson for finding the cause, though I've used another + fix - fixed changes in CVS made in -3 I think. Silly me to think, that + all "small" changes are fixes. + * libc-client2001 was fixed in -5, so add a (closes: #109202) here + * Conflicts: only with libtool 1.4b-{1,2,3}. libtool 1.4.1 is OK + + -- Petr Cech Sat, 1 Sep 2001 20:59:40 +0200 + +php4 (3:4.0.6-5) unstable; urgency=low + + * Recompile for libc-client2001 (I hope it doesn't break anything else) + And many other libraries. + * ATTENTION. php4 still doesn't work with autoconf 2.52 and thus libtool 1.4b!! + You have to get libtool 1.4 to be able to use phpize. + + -- Petr Cech Wed, 22 Aug 2001 23:26:08 +0200 + +php4 (3:4.0.6-4) unstable; urgency=high + + * Add pear/CODING_STANDARDS into php4-pear (fixes 105574. closed too early. sorry) + * Fix the nasty segfaults with mail(). That'll teach me taking upstream + changes without looking. Thanks Cvetan Ivanov for the correct fix (also upstream now) + (closes: #105686, #105878). + + -- Petr Cech Fri, 20 Jul 2001 23:07:30 +0200 + +php4 (3:4.0.6-3) unstable; urgency=high + + * ext/standard/mail.c: security fix + * debian/control: Build-Depends: libtool (>= 1.4) + * ext/curl/curl.c: fix typo + * ext/gd/config.m4: fix typo + * ext/mcrypt/mcrypt.c: upstream buffer overflow fix + * ext/mhash/mhash.c: upstream buffer overflow fix + * ext/pgsql/pgsql.c: fix + * ext/posix/config.m4: check for getpgid + * ext/sablot/sablot.c: fix leaks + * ext/standard/url* : fixes + * ext/sysvshm/sysvshm.c: fixes + * Zend/*: small fixes + + -- Petr Cech Fri, 13 Jul 2001 16:21:04 +0200 + +php4 (3:4.0.6-2) unstable; urgency=low + + * pear/Makefile.in: add IT_Error.php to installed files (closes: #103087) + * debian/control: - allow also libcurl-ssl-dev as Build-Depends (closes: #103618) + - libfreetype6-dev to Build-Depends + - add auto* suite to php4-dev depends (closes: #104199) + * debian/rules: - build gd module with freetype2 support + - move common ./configure flags to COMMON_CONFIG + - build with mbstring support + + -- Petr Cech Fri, 13 Jul 2001 08:22:02 +0200 + +php4 (3:4.0.6-1) unstable; urgency=medium + + * New upstream release. + * NOTE: new extension will probably be in another upload, to get this + into testing ... + + -- Petr Cech Mon, 25 Jun 2001 20:43:24 +0200 + +php4 (3:4.0.5.6rc3-3) unstable; urgency=low + + * The "I hate sablot release". Recompile with 0.60 + * debian/php4-domxml.postrm: also fix the :: (closes: #101306) + * debian/rules: --enable-ctype - still EXPERIMENTAL!!! Bug upstream + + -- Petr Cech Mon, 18 Jun 2001 09:46:17 +0200 + +php4 (3:4.0.5.6rc3-2) unstable; urgency=low + + * ext/sablot/config.m4: link sablot.so with -lsablot, not main php4 + * build/ ... : upstream fix for building with automake 1.4-pX + * don't fail, when libssl-dev is not installed. sigh + + -- Petr Cech Thu, 14 Jun 2001 23:36:34 +0200 + +php4 (3:4.0.5.6rc3-1) unstable; urgency=low + + * New upstream test release. + * Recompile with apache 1.3.20 + * debian/control: + - php4-dev: Depends: bison, flex (closes: #100634) + - Build-Depends: libcurl-dev (>=7.8) + * debian/rules: + - add --enable-bcmath to all rules (closes: #100491) + * Zend/zend.c: apply upstream fix to allow building of caudium + + -- Petr Cech Tue, 12 Jun 2001 22:27:26 +0200 + +php4 (3:4.0.5.6rc2-1) unstable; urgency=low + + * New upstream test release. + * FIx regex/regex.h (int regoff_t) + * fix php4-cgi build with pcre - don't use supplied pcre + * Fix wddx support (closes: #99468) + * Add missing $(INSTALL_ROOT) to sapi/caudium/config.m4 + + -- Petr Cech Fri, 8 Jun 2001 11:37:07 +0200 + +php4 (3:4.0.5.6rc1-1) unstable; urgency=low + + * New upstream test release with new bugs :)) + * moved pear from /usr/lib/php4 to /usr/share/php4 + * Whups. Sorry about the epoch 3: . It somehow slipped in, so I'll + have to live with it + + -- Petr Cech Wed, 16 May 2001 14:14:04 +0200 + +php4 (3:4.0.5-2) unstable; urgency=low + + * Build-Depend on newer libmhash-dev, as it supposedly doesn't + compile on current woody (closes: #96555) + * Build-Depends: s/freetype2/libttf-dev/ + * Stop building php4-pgsql - move to non-US + * Build-Deps on new libsablot0 + + -- Petr Cech Thu, 10 May 2001 10:43:02 +0200 + +php4 (3:4.0.5-1) unstable; urgency=medium + + * New upstream release. + * recompile with new sablot - how I hate this (closes: #95401) + * Merge XML into main php4 + * Reword README.Debian (closes: #89667) + * Enable wddx + * debian/*.postinst: * only ask upon first install, not upgrade (closes: #93452) + * fix typos (closes: #94118) + * Added support for Sybase/MS SQL Server (using FreeTDS) + using patch from: + http://rpms.arvin.dk/php/source/patches/php-sybase_ct.patch + thanks to Bradley Bell for the patch + * ext/pcre : two upstream fixes + * ext/sablot/sablot.c: small upstream fix + * build/buildcheck.sh : fixes to allow compile with libtool 1.4 + * ext/standard/exec.c: upstream fixes + * sapi/apache/mod_php4.c: off by one fix + * sapi/cgi/cgi_main.c: fix POST bug + * main/snprintf.c: upstream fix + + -- Petr Cech Wed, 3 May 2001 22:17:10 +0200 + +php4 (4.0.4.5rc6-2) unstable; urgency=low + + * Build-depends: libcurl-dev will pull libcurl2 (closes: #92994) + * TSRM/TSRM.c: upstream fix + * ext/pgsql: upstream fix + + -- Petr Cech Thu, 5 Apr 2001 17:51:09 +0200 + +php4 (4.0.4.5rc6-1) unstable; urgency=low + + * New upstream test release. + * Don't mention CGI support, as it's not so for a long time. + + -- Petr Cech Wed, 4 Apr 2001 13:47:45 +0200 + +php4 (4.0.4.5rc5-1) unstable; urgency=low + + * New upstream test release. + * ask about /etc/php4/cgi/php.ini also + * It's really recompiled for 1.3.19 (closes: #91901, #91822) + * problems with modules documented (closes: #81141, #82611) + + -- Petr Cech Mon, 2 Apr 2001 09:38:16 +0200 + +php4 (4.0.4.5rc3-1) unstable; urgency=low + + * New upstream RC release + * debian/rules: s/with-yp/enable-yp/ to really enable YP support. Discovered + on broken potato upload. -0potato2 is fixed + * Looks like there was a bug in latest build, this should fix it (closes: #92018) + * remove libmcal0 workaround + + -- Petr Cech Wed, 28 Mar 2001 21:15:36 +0200 + +php4 (4.0.4.5rc2-1) unstable; urgency=low + + * New upstream release test release 4.0.5RC2. + * debian/rules: Add lintian overrides + * debian/control: * add libexpat1-dev to Build-Depends + * add libmcal0 to Build-Depends since libmcal0-dev is + missing this dependancy :(( Bug filled + * ext/socket/socket.c: minor upstream patch + + -- Petr Cech Mon, 26 Mar 2001 20:43:49 +0200 + +php4 (4.0.4pl1-6) unstable; urgency=low + + * NEVER RELEASED + * Build-depends on libcurl1-dev (>= 7.6.1-5), which fixes the libcurl1 or + libcurl1-ssl problem. + * remove dh_testversion and use versioned Build-depends instead + + -- Petr Cech Tue, 13 Mar 2001 23:20:58 +0100 + +php4 (4.0.4pl1-5) unstable; urgency=low + + * Add lintian overrides + * Rebuild with correct libgd-dev installed. Sorry + (closes: #88490, #88255, #88371, #88619, #88635) + * Closed by fixed libjpeg (closes: #85865, #88141) + + -- Petr Cech Tue, 6 Mar 2001 17:26:41 +0100 + +php4 (4.0.4pl1-4) unstable; urgency=low + + * The "Enable what you can" release. + * Enable sablot extension (many files) (closes: #84073) + * Enable mcal extension (finaly closes: #65688, #85925) + * Build-Conflicts: bind-dev - this supposedly causes unresolved symbols. + Why? + * ext/pgsql/pgsql.c: apply tiny patch, which should fix postgres + problems. There is a better patch in CVS, but it needs changes to Zend + * pear/pear.in: binary is php4 no php (closes: #87848) + * ext/domxml/config.m4: link with -lxml2 (closes: #87457) + * debian/README.Debian: add notes about ldap, imap and mhash extensions + * debian/{control,rules}: activate bz2 extension + * php4.ini-dist: comment out include_path so php will use compiled in + path (closes 2nd part of 87848) + + -- Petr Cech Wed, 28 Feb 2001 10:18:11 +0100 + +php4 (4.0.4pl1-3) unstable; urgency=medium + + * Fixed postrm issues. Sorry + + -- Petr Cech Sun, 4 Feb 2001 06:13:00 +0100 + +php4 (4.0.4pl1-2) unstable; urgency=medium + + * debian/control: Build-depends: xlibs-dev (seems it's missing and causes + failed builds for arm, m68k and powerpc) + s/libsnmp4.1/libsnmp4.2/ (closes: #84139) + * debian/php4.*: make LoadModule matching case insensitive (fixes 83641 + for unstable) + + -- Petr Cech Wed, 31 Jan 2001 10:14:29 +0100 + +php4 (4.0.4pl1-1) unstable; urgency=high + + * New upstream version. + * This release fixes some security problems. + * Some patches from previous versions are not here. + * debian/control: Build-depends on newer libcurl1-dev, remove librecode-dev + * debian/control: add libjpeg62-dev to build-depends from powerpc buildlog + (hmm. Where ir Roman?) + * debian/php4{,-cgi}.postinst: don't mark php.ini as conffile and install it + when it doesn't already exist. I should find a way to check, that the default + php.ini changed and user should update it. + * debian/php4{,-cgi}.postrm: cleanup the /etc/php4 dir after purge + * fix xml.so not working with php4-cgi + + -- Petr Cech Thu, 23 Jan 2001 11:12:59 +0100 + +php4 (4.0.4final-6) unstable; urgency=medium + + * OK. Now also fix the prerm issues (closes: #81418) and to ease + that thanks for submiting bugs (closes: #81818, #81819) + * some upstream updates: browsercap, php-config + + -- Petr Cech Wed, 10 Jan 2001 14:04:19 +0100 + +php4 (4.0.4final-5) unstable; urgency=medium + + * OK. Take a deep breath and fix those bloody postinst + bugs - fix it and rewrite from ed -> sed, because ed is not essential :( + closes: #80801. + * apply some upstream fixes. + * disable ctype extension - not yet ready + + -- Petr Cech Tue, 2 Jan 2001 13:40:35 +0100 + +php4 (4.0.4final-4) unstable; urgency=low + + * debian/libc-client.la: add -lpam -ldl -lcrypt + * fix php4-cgi.postinst bugs (closes: #80817, #80805, #80801) + + -- Petr Cech Fri, 29 Dec 2000 11:40:43 +0100 + +php4 (4.0.4final-3) unstable; urgency=low + + * Brown Xmas Sock Release + * Grr. correctly fix the php4 postinst error + (closes: #80303, #80324, #80326, #80359) + NMU by Wichert Akkerman (closes: #80381) + * also fix php4-cgi. NMU by Marcelo E. Magallon + (closes: #80406). + * fix fix for php4-cgi postinst s/apache/cgi/ + * apply some upstream fixes to ext/session/ + * domxml/config.m4: fix my -Lshared,/usr/lib error + * debian/rules: + * add --enable-ctype to both targets + * --diable-pear to CGI target + * generate Depends: php4 (=ver) | php4-cgi (=ver) + + -- Petr Cech Wed, 27 Dec 2000 15:29:56 +0100 + +php4 (4.0.4final-2) unstable; urgency=low + + * Run apacheconfig with --force-modules. + * Fix stupid bug in php4 and php4-cgi postinst. + * ext/sysvshm/sysvshm.c : upstream fix + + -- Petr Cech Thu, 21 Dec 2000 22:58:27 +0100 + +php4 (4.0.4final-1) unstable; urgency=low + + * New upstream version. + * Sorry for the version, but da-katie doesn't allow overwriting of files, notably + .orig.tar.gz. It's my fault I know, but it worked till now. + + -- Petr Cech Wed, 20 Dec 2000 01:32:34 +0100 + +php4 (4.0.4-0RC6.1) unstable; urgency=low + + * OK. Final final RC for 4.0.4. + * Build-depends on libxml2-dev (>= 2.2.7) because php needs this. + * Activate ndbm dba driver. + + -- Petr Cech Sun, 17 Dec 2000 19:43:51 +0100 + +php4 (4.0.4-0RC5.1) unstable; urgency=low + + * UNRELEASED. + * Final RC for 4.0.4. + * Some mods to README.Debian and TODO + + -- Petr Cech Wed, 13 Dec 2000 00:01:08 +0100 + +php4 (4.0.4-0RC4.1) unstable; urgency=low + + * New upstream beta release. Let's stabilize things now and add new + modules after final release of 4.0.4. + + -- Petr Cech Thu, 7 Dec 2000 10:12:11 +0100 + +php4 (4.0.4-0RC3.2) unstable; urgency=low + + * recompile with new libc-client200-dev. + * fix source recompile + * depend on fixed apache 1.3.14-2 + + -- Petr Cech Thu, 7 Dec 2000 00:49:14 +0100 + +php4 (4.0.4-0RC3.1) unstable; urgency=low + + * New upstream beta release. + * Add libxml2-dev to build-depends (closes: #78479). + * implement DEB_BUILD_OPTIONS + * fix apache build wrt. apxs + * fix typo in description of curl modules (closes: #78828) + + -- Petr Cech Tue, 5 Dec 2000 14:22:30 +0100 + +php4 (4.0.3pl1-7) unstable; urgency=low + + * Rebuild with apache 1.3.14-1 + + -- Petr Cech Fri, 1 Dec 2000 01:41:41 +0100 + +php4 (4.0.3pl1-6) unstable; urgency=low + + * add --enable-memory-limit + * add --enable-exif per request from William Ono. + * Add Suggests: phpdoc (yes. it's here). + * ext/standard/crypt.c - fix from CVS. + * ext/ftp/ftp.{c,h} - fix mkdir() and RETR, STOR + * ext/gd/gd.c - add format string + - add XBM to phpinfo() + * ext/imap/php_imap.{c,h} - CVS fixes + * main/main.c - fix CGI crash + - add HTTP_SERVER_VARS in CGI mode + * and many more. Taken from php4.srpm (thanks :)) + * recompile with apache 1.3.12-2.2 + * and hack large files support into DSO module. php4 doesn't use it now :(( + + -- Petr Cech Thu, 30 Nov 2000 00:01:39 +0100 + +php4 (4.0.3pl1-5) unstable; urgency=low + + * Back out changes about --enable-versioning + * ext/domxml/php_domxml.c : fix compilation with recent libxml2 (>=2.2.7) + + -- Petr Cech Tue, 21 Nov 2000 18:03:56 +0100 + +php4 (4.0.3pl1-4) unstable; urgency=low + + * Clarify README.Debian about the DB change a bit (dbm_ -> dba_*) + * Remove aliasing hack - deprecated upstream. (closes: #76558) + * Compile with libgd-dev again (Write 100x always reinstall libgd-dev). + * --enable-versioning and tweak debian/control a bit, let's see, what breaks + + -- Petr Cech Tue, 14 Nov 2000 10:00:54 +0100 + +php4 (4.0.3pl1-3) unstable; urgency=low + + * Activate curl module. + * Really enable shmop module. + * Fix include paths in phpize. Now everyone should be able to easilly build + php4 extension modules (php4-dbase anyone?). + + -- Petr Cech Mon, 6 Nov 2000 23:17:41 +0100 + +php4 (4.0.3pl1-2) unstable; urgency=low + + * Build with libgd-dev installed (NOT libgd-gif). + + -- Petr Cech Tue, 17 Oct 2000 02:08:36 +0200 + +php4 (4.0.3pl1-1) unstable; urgency=medium + + * New upstream bugfix release. + * Depend on libopenldap1 as with the newer ldap module crashes php&apache. + + -- Petr Cech Mon, 16 Oct 2000 15:30:55 +0200 + +php4 (4.0.3-2) unstable; urgency=high + + * Urgency=high because last upload didn't have it ad it fixes some + security holes. + * ext/domxml/config.m4: don't try to build then --without-domxml + + -- Petr Cech Thu, 12 Oct 2000 12:50:17 +0200 + +php4 (4.0.3-1) unstable; urgency=low + + * New upstream release. + - fixes also some string format bugs + * Build with fixed libmysqlclient10-dev. + + -- Petr Cech Thu, 12 Oct 2000 00:00:07 +0200 + +php4 (4.0.2-7) unstable; urgency=low + + * Really, really install libldap2-dev. + * Workaround broken libmysqlclient9-dev. It has broken (again) .so symlink. + + -- Petr Cech Tue, 10 Oct 2000 22:28:48 +0200 + +php4 (4.0.2-6) unstable; urgency=low + + * Again fix description a little bit. + * Correct build-depends. + * Sic. Recompile, because I've busted (libopenldap-dev instead of + libldap2-dev was installed). + * While at it install also new apache glibc NMU and recompile with it. + * Move PEAR from php4-dev to php4 and install ALL of PEAR. + * add --prefix=/usr + * debhelper v2 + * prepare for CURL module + * Updated README.Debian + * updated XML module from php4 CVS to close: #72360 + + -- Petr Cech Mon, 2 Oct 2000 14:36:35 +0200 + +php4 (4.0.2-5) unstable; urgency=low + + * Correct build-depends (libgd1-dev -> libgd-dev). Where is Roman? :) + * Add libdb2-dev (>= 2:2.7.7-2.1) to build-depends for glibc 2.1.94. + * and recompile with glibc 2.1.94 to fix it. + + -- Petr Cech Wed, 27 Sep 2000 09:00:27 +0200 + +php4 (4.0.2-4) unstable; urgency=low + + * Tweak description a little bit more. + + -- Petr Cech Sun, 24 Sep 2000 23:58:15 +0200 + +php4 (4.0.2-3) unstable; urgency=low + + * Add info about what modules and why are enabled/disabled + into README.Debian. + * Install not so many docs (only in -dev now). + * Enable calendar and sockets modules. + * Rearange package descriptions so module-specific comments + go first. + * Create domxml module aka xmlv2. + * Fix spelling wan't -> want (closes: #70544). + * Add libraries for gd module only when linking this one + and not globaly (closes: #71623). + * Say that we wait for ENTER (closes: #71769). + * Fix logic in prerm script (closes: #71770). + + -- Petr Cech Sun, 24 Sep 2000 17:54:52 +0000 + +php4 (4.0.2-2) unstable; urgency=low + + * Add info about what modules and why are enabled/disabled + into README.Debian. + * Install not so many docs (only in -dev now). + * Enable calendar and sockets modules. + * Rearange package descriptions so module-specific comments + go first. + * Create domxml module aka xmlv2. + * Fix building (small typo). + * Compile with libmysqlclient9-dev installed. + + -- Petr Cech Mon, 18 Sep 2000 23:46:40 +0200 + +php4 (4.0.2-1) unstable; urgency=low + + * The "Back from vacation" release. + * New upstream fixed (and bugs). + * Correct postm script (only cosmetic) closes: #67350, #68541 + * build with libpcre3, libldap2 + * Use modified patch from -3 (remove #define XML_... php_XML_...) + + -- Petr Cech Thu, 7 Sep 2000 23:17:59 +0200 + +php4 (4.0.1pl2-3) unstable; urgency=low + + * UNRELEASED + * Fixed the XML packages. + + -- Norman Jordan Thu, 10 Aug 2000 21:45:15 +0000 + +php4 (4.0.1pl2-2) unstable; urgency=low + + * Fix source archive. + + -- Petr Cech Tue, 11 Jul 2000 11:04:48 +0000 + +php4 (4.0.1pl2-1) unstable; urgency=low + + * New upstream bug fix release (variation of the patches in -2) + * Build with new libgd1 library (maybe still in Incoming) + * Move PEAR stuff to php4 package (closes: #66897). + + -- Petr Cech Sun, 9 Jul 2000 09:01:06 +0000 + +php4 (4.0.1-2) unstable; urgency=low + + * Apply some CVS diffs in an attempt to fix opendir() problems. + + -- Petr Cech Fri, 30 Jun 2000 09:04:24 +0000 + +php4 (4.0.1-1) unstable; urgency=low + + * New upstream release (taken from CVS tag php_4_0_1). + * --with-regex=system else it plays havoc. Dunno why ... + * remove autoconf,automake,aclocal from configure rules. + * Fix description of XML --help message (no, it's not MySQL). + + -- Petr Cech Wed, 28 Jun 2000 22:55:16 +0200 + +php4 (4.0.0-4) unstable; urgency=low + + * Add -dev package (closes: #65907). + * Add -cgi and -cgi-* packages (closes: #51097, #52855). + * --enable-filepro + * Tweak copyright file a bit. + * Generate mhash module (closes part of 63186). + * Ask to remove libphp4 from httpd.conf upon remove/purge. + * Fixed build-depends, thanks to Roman Hodek (closes: #65938). + (I told you the first time it won't work :)) + * Mark /etc/php4/cgi/php.ini as conffile. + * Every module now ask if it should be enabled on install + (if it's not already) and disabled on remove/purge. + + -- Petr Cech Tue, 20 Jun 2000 14:29:01 +0200 + +php4 (4.0.0-3) unstable; urgency=low + + * Ship correct php.ini (extension_dir=/usr/lib/php4/apache). + * Don't use included libmysqlclient and use system one (fixes + wrong location of mysqld.sock) + * link XML module dynamicly with system xmlparse and xmltok. + + -- Petr Cech Wed, 14 Jun 2000 22:30:07 +0000 + +php4 (4.0.0-2) unstable; urgency=low + + * fix the IS_SLASH bug (closes: #65625 and probably others as well). + * Really change the maintainer field. + + -- Petr Cech Wed, 14 Jun 2000 07:44:05 +0000 + +php4 (4.0.0-1) unstable; urgency=low + + * New maintainer. + * New upstream release. + * Fix dynamic module loading. + * Added Build-Depends (I wonder, if I got them right) + * Standards-Version: 3.1.1 + + -- Petr Cech Tue, 13 Jun 2000 13:40:56 +0000 + +php4 (4.0rc1-2) unstable; urgency=low + + * Compile with latest apache and libraries from woody + (Closes: #62631, #62640) + + -- Gergely Madarasz Wed, 19 Apr 2000 14:39:25 +0200 + +php4 (4.0rc1-1) unstable; urgency=low + + * New upstream version + * Fix db2 support (Closes: #61709) + * Fix gd support (Closes: #61708) + * Remove ucd-snmp-hack from config options + + -- Gergely Madarasz Sun, 16 Apr 2000 17:04:05 +0200 + +php4 (4.0b4pl1-2) unstable; urgency=low + + * Build with --disable-debug so it should work with the zend + optimizer (Closes: #60265) + * Build with --enable-trans-sid (Closes: #60430) + * Write some more about php4/php3 differences in the description + (Closes: #60155) + + -- Gergely Madarasz Fri, 17 Mar 2000 17:35:29 +0100 + +php4 (4.0b4pl1-1) unstable; urgency=low + + * New upstream version + * Upstream reorganized the build system quite a bit, lots of patches + removed + + -- Gergely Madarasz Wed, 23 Feb 2000 17:16:00 +0100 + +php4 (4.0b3-4) unstable; urgency=low + + * Add /etc/php4/apache/php.ini to conffiles (Closes: #54194) + * Add info file for apacheconfig + * Offer to run apacheconfig and/or apache-sslconfig in postinst + * Comment out sendmail_path from php.ini so the default sendmail path + should work (Closes: #51355) + + -- Gergely Madarasz Thu, 6 Jan 2000 14:38:20 +0100 + +php4 (4.0b3-3) unstable; urgency=low + + * Compile with libgd instead of libgd-gif + + -- Gergely Madarasz Tue, 4 Jan 2000 18:07:56 +0100 + +php4 (4.0b3-2) unstable; urgency=low + + * Build imap and ldap modules + * Fix rm -f in rules file (Closes: #51623) + + -- Gergely Madarasz Mon, 3 Jan 2000 16:54:19 +0100 + +php4 (4.0b3-1) unstable; urgency=low + + * Initial Release. + + -- Gergely Madarasz Tue, 16 Nov 1999 19:33:42 +0100 + --- php5-5.4.6.orig/debian/php5-mysqlnd.postrm.extra +++ php5-5.4.6/debian/php5-mysqlnd.postrm.extra @@ -0,0 +1 @@ +dpkg-maintscript-helper mv_conffile /etc/php5/conf.d/10-mysqlnd.ini /etc/php5/mods-available/mysqlnd.ini 5.4.0~rc6-1 -- "$@"; --- php5-5.4.6.orig/debian/libapache2-mod-php5filter.conf +++ php5-5.4.6/debian/libapache2-mod-php5filter.conf @@ -0,0 +1,11 @@ + + + SetInputFilter PHP + SetOutputFilter PHP + + # Deny access to files without filename (e.g. '.php') + + Order Deny,Allow + Deny from all + + --- php5-5.4.6.orig/debian/php5-sqlite.postrm.extra +++ php5-5.4.6/debian/php5-sqlite.postrm.extra @@ -0,0 +1 @@ +dpkg-maintscript-helper rm_conffile /etc/php5/conf.d/sqlite.ini 5.3.9~ -- "$@" --- php5-5.4.6.orig/debian/php5-dev.prerm +++ php5-5.4.6/debian/php5-dev.prerm @@ -0,0 +1,15 @@ +#!/bin/sh + +set -e + +#DEBHELPER# + +if [ "$1" != "remove" -a "$1" != "purge" ]; then + exit 0 +fi + +for i in php-config phpize; do + update-alternatives --remove $i /usr/bin/"$i"5 +done + +exit 0 --- php5-5.4.6.orig/debian/libapache2-mod-php5.prerm +++ php5-5.4.6/debian/libapache2-mod-php5.prerm @@ -0,0 +1,18 @@ +#!/bin/sh + +set -e + +#DEBHELPER# + +case "$1" in + remove) + if [ -e /etc/apache2/apache2.conf -a -e /etc/apache2/mods-enabled/php5.load ]; then + # set a flag to remember the original state + # useful when reinstalling the same version. + touch /etc/php5/apache2/.start + fi + a2dismod php5 || true + ;; +esac + +exit 0 --- php5-5.4.6.orig/debian/php5-sqlite.postinst.extra +++ php5-5.4.6/debian/php5-sqlite.postinst.extra @@ -0,0 +1 @@ +dpkg-maintscript-helper rm_conffile /etc/php5/conf.d/sqlite.ini 5.3.9~ -- "$@" --- php5-5.4.6.orig/debian/php5-module.postrm +++ php5-5.4.6/debian/php5-module.postrm @@ -0,0 +1,36 @@ +#!/bin/sh + +set -e + +#EXTRA# +#DEBHELPER# + +inidir=/etc/php5/mods-available +for dsoname in @modules@; do + inifile=${dsoname}.ini + + dpkg-maintscript-helper mv_conffile /etc/php5/conf.d/${inifile} ${inidir}/${inifile} 5.4.0~rc6-1 -- "$@"; + + # Query which package has this conffile registered + if which ucfq >/dev/null; then + ucfp=$(ucfq -w ${inidir}/${inifile} | cut -f 2 -d:) + fi + + # Only work with the config file if it still belongs to us + if test "$ucfp" = php5-@package@; then + if [ "$1" = "purge" ]; then + for ext in '~' '%' .bak .ucf-new .ucf-old .ucf-dist; do + rm -f ${inidir}/${inifile}${ext} + done + rm -f ${inidir}/${inifile} + if which ucf >/dev/null; then + ucf --purge ${inidir}/${inifile} + fi + if which ucfr >/dev/null; then + ucfr --purge php5-@package@ ${inidir}/${inifile} + fi + fi + fi +done + +exit 0 --- php5-5.4.6.orig/debian/compat +++ php5-5.4.6/debian/compat @@ -0,0 +1 @@ +5 --- php5-5.4.6.orig/debian/libapache2-mod-php5filter.prerm +++ php5-5.4.6/debian/libapache2-mod-php5filter.prerm @@ -0,0 +1,18 @@ +#!/bin/sh + +set -e + +#DEBHELPER# + +case "$1" in + remove) + if [ -e /etc/apache2/apache2.conf -a -e /etc/apache2/mods-enabled/php5.load ]; then + # set a flag to remember the original state + # useful when reinstalling the same version. + touch /etc/php5/apache2filter/.start + fi + a2dismod php5filter || true + ;; +esac + +exit 0 --- php5-5.4.6.orig/debian/php-pear.dirs +++ php5-5.4.6/debian/php-pear.dirs @@ -0,0 +1,2 @@ +/usr/share/doc/php-pear/PEAR +/usr/share/lintian/overrides --- php5-5.4.6.orig/debian/php5-common.dirs +++ php5-5.4.6/debian/php5-common.dirs @@ -0,0 +1,9 @@ +/usr/lib/php5/libexec +/usr/share/lintian/overrides +/usr/share/doc/php5-common +/usr/share/php5 +/var/lib/php5 +/usr/lib/php5 +/etc/php5/conf.d +/etc/php5/mods-available +/usr/sbin --- php5-5.4.6.orig/debian/php5-cli.prerm +++ php5-5.4.6/debian/php5-cli.prerm @@ -0,0 +1,11 @@ +#!/bin/sh + +set -e + +#DEBHELPER# + +if [ "$1" = "remove" -o "$1" = "deconfigure" ]; then + update-alternatives --remove php /usr/bin/php5 +fi + +exit 0 --- php5-5.4.6.orig/debian/maxlifetime +++ php5-5.4.6/debian/maxlifetime @@ -0,0 +1,23 @@ +#!/bin/sh -e + +max=1440 + +if which php5 >/dev/null 2>&1; then + for sapi in apache2 apache2filter cgi fpm; do + if [ -e /etc/php5/${sapi}/php.ini ]; then + cur=$(php5 -c /etc/php5/${sapi}/php.ini -d "error_reporting='~E_ALL'" -r 'print ini_get("session.gc_maxlifetime");') + [ -z "$cur" ] && cur=0 + [ "$cur" -gt "$max" ] && max=$cur + fi + done +else + for ini in /etc/php5/*/php.ini /etc/php5/conf.d/*.ini; do + cur=$(sed -n -e 's/^[[:space:]]*session.gc_maxlifetime[[:space:]]*=[[:space:]]*\([0-9]\+\).*$/\1/p' $ini 2>/dev/null || true); + [ -z "$cur" ] && cur=0 + [ "$cur" -gt "$max" ] && max=$cur + done +fi + +echo $(($max/60)) + +exit 0 --- php5-5.4.6.orig/debian/gbp.conf +++ php5-5.4.6/debian/gbp.conf @@ -0,0 +1,9 @@ +[DEFAULT] +debian-branch = debian-sid +debian-tag = debian/%(version)s +upstream-branch = upstream-sid +upstream-tag = upstream/%(version)s +pristine-tar = True + +[git-dch] +meta = 1 --- php5-5.4.6.orig/debian/php5-sapi.links +++ php5-5.4.6/debian/php5-sapi.links @@ -0,0 +1 @@ +etc/php5/conf.d etc/php5/@sapi@/conf.d --- php5-5.4.6.orig/debian/php5-dev.dirs +++ php5-5.4.6/debian/php5-dev.dirs @@ -0,0 +1,2 @@ +/usr/bin +/usr/share/lintian/overrides --- php5-5.4.6.orig/debian/copyright.header +++ php5-5.4.6/debian/copyright.header @@ -0,0 +1,42 @@ +This package was debianized by Gergely Madarasz on +Tue, 16 Nov 1999 19:33:42 +0100. + +Previous maintainers of the package also include: + Petr Cech , who did a LOT of work on these packages. + Adam Conrad , who got a significant chunk of input and + help from Steve Langasek and + Andres Salomon . + +The current maintainers can be contacted via the debian php packaging list: + pkg-php-maint@lists.alioth.debian.org + +It was downloaded from www.php.net/version5/downloads +Changes: removed ext/dbase dir (non-free) + +Noteworthy/non-trivial patches: + patch: suhosin.patch + contributor: http://www.hardened-php.net/ + copyright © 2006-2007 Stefan Esser + may be used/modified/redistributed under the terms of PHP itself + + patch: use_embedded_timezonedb.patch + contributor: Joe Orton + copyright © 2008 Red Hat, Inc. + may be used/modified/redistributed under the terms of PHP itself + +Upstream Authors: The PHP group for PHP5, Andi Gutmans and Zeev Suraski +for libzend + +The file ext/standard/rand.c contains the following clause with a statement +that isn't compatible with the DFSG: + "The code as Shawn received it included the following notice: + + Copyright (C) 1997 Makoto Matsumoto and Takuji Nishimura. When + you use this, send an e-mail to with + an appropriate reference to your work." +However, this requirement has been rescinded by the copyright holder in +message <48E334A2.6050301@math.sci.hiroshima-u.ac.jp> to bug #498621. + +Two different licences apply to this package, one for PHP5, the other for +libzend. Both licences are shown here below. + --- php5-5.4.6.orig/debian/libapache2-mod-php5.triggers +++ php5-5.4.6/debian/libapache2-mod-php5.triggers @@ -0,0 +1 @@ +interest /etc/php5/conf.d --- php5-5.4.6.orig/debian/php5-sapi.lintian-overrides +++ php5-5.4.6/debian/php5-sapi.lintian-overrides @@ -0,0 +1,20 @@ +# The extensions directory must exist, even if empty +@sapi@: package-contains-empty-directory @extdir@/ +# Not a spelling mistake, just a compilation curiosity +@sapi@: spelling-error-in-binary * ment meant +# Not a spelling mistake, tz code for Tahiti +@sapi@: spelling-error-in-binary * taht that +libapache2-mod-php5: embedded-library usr/lib/apache2/modules/libphp5.so: file +libapache2-mod-php5filter: embedded-library usr/lib/apache2/modules/libphp5filter.so: file +php5-cgi: embedded-library usr/bin/php5-cgi: file +php5-cgi: embedded-library usr/lib/cgi-bin/php5: file +php5-cli: embedded-library usr/bin/php5: file +php5-fpm: embedded-library usr/sbin/php5-fpm: file +libphp5-embed: embedded-library usr/lib/libphp5.so: file +libapache2-mod-php5: embedded-library ./usr/lib/apache2/modules/libphp5.so: file +libapache2-mod-php5filter: embedded-library ./usr/lib/apache2/modules/libphp5filter.so: file +php5-cgi: embedded-library ./usr/bin/php5-cgi: file +php5-cgi: embedded-library ./usr/lib/cgi-bin/php5: file +php5-cli: embedded-library ./usr/bin/php5: file +php5-fpm: embedded-library ./usr/sbin/php5-fpm: file +libphp5-embed: embedded-library ./usr/lib/libphp5.so: file --- php5-5.4.6.orig/debian/php5enmod +++ php5-5.4.6/debian/php5enmod @@ -0,0 +1,126 @@ +#!/bin/sh +# +# php5enmod - a php5 module manager for Debian +# +# Copyright 2012 Canonical Ltd., All Rights Reserved. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# On Debian systems the full text of the GPL version 3 is available at +# /usr/share/common-licenses/GPL-3. +# +set -ue + +SCRIPT_NAME=${0##*/} +ENABLED=0 +DISABLED=0 +VERBOSE=no + +cleanup() { + if [ "${VERBOSE}" != "no" ]; then + if [ ${ENABLED} -gt 0 ] ; then + echo "Enabled ${ENABLED} module(s), you may need to restart any running PHP processes." + fi + if [ ${DISABLED} -gt 0 ] ; then + echo "Disabled ${DISABLED} module(s), you may need to restart any running PHP processes." + fi + fi +} + +trap cleanup EXIT + +usage() { + echo "usage: ${SCRIPT_NAME} module_name [ module_name_2 ]" + exit 1 +} + +error() { + echo "ERROR: ${1}" >&2 + shift + local ecode=${1:-1} + exit ${ecode} +} + +enmods() { + local modname="" + ENABLED=0 + for modname in ${@} ; do + enmod ${modname} + done +} + +dismods() { + DISABLED=0 + local modname="" + for modname in ${@} ; do + dismod "${modname}" + done +} + +enmod() { + local modname="$(basename "${1%/[0-9]*}")" + local priority="$(basename "${1#[a-z]*/}")" + [ "${modname}" = "${priority}" ] && priority=20 + # assert $modname is in /etc/php5/mods-available + local source_ini="/etc/php5/mods-available/${modname}.ini" + [ -e "${source_ini}" ] || error "${source_ini} does not exist" 2 + [ -z "${priority}" ] && priority=20 + + # assert $modname is not present in /etc/php5/conf.d, or already symlink to /etc/php5/mods-available + local live_link="/etc/php5/conf.d/$priority-$modname.ini" + local live_link_content="../mods-available/$modname.ini" + if [ -e "${live_link}" ] ; then + if [ -h "${live_link}" ] ; then + local content="$(readlink "${live_link}")" + if [ "${content}" = "${live_link_content}" ] ; then + return + fi + fi + error "${modname} module symlink already exists in /etc/php5/conf.d with different content" + fi + ln -s "${live_link_content}" "${live_link}" + ENABLED=$((${ENABLED}+1)) +} + +dismod() { + local modname="$(basename "${1%/[0-9]*}")" + local live_link="" + local live_link_content="../mods-available/${modname}.ini" + local FOUND=0 + for live_link in $(ls -1 /etc/php5/conf.d/*.ini); do + # assert $modname is in /etc/php5/conf.d + [ -e "${live_link}" ] || continue + [ -h "${live_link}" ] || continue + # assert $modname is a symlink to /etc/php5/mods-available + [ "$(readlink "${live_link}")" != "${live_link_content}" ] && continue + # remove the symlink + rm -f "${live_link}" + FOUND=1 + done + [ "${FOUND}" -gt 0 ] && DISABLED=$(($DISABLED+1)) +} + +# parse args +# modname +[ -n ${1:-""} ] || usage + +case "${SCRIPT_NAME}" in +php5enmod) + enmods $@ + ;; +php5dismod) + dismods $@ + ;; +*) + usage + ;; +esac +exit 0 --- php5-5.4.6.orig/debian/php5-module.preinst +++ php5-5.4.6/debian/php5-module.preinst @@ -0,0 +1,14 @@ +#!/bin/sh + +set -e + +#EXTRA# +#DEBHELPER# + +for dsoname in @modules@; do + inifile=${dsoname}.ini + + dpkg-maintscript-helper mv_conffile /etc/php5/conf.d/${inifile} /etc/php5/mods-available/${inifile} 5.4.0~rc6-1 -- "$@"; +done + +exit 0 --- php5-5.4.6.orig/debian/php5-cli.postinst +++ php5-5.4.6/debian/php5-cli.postinst @@ -0,0 +1,20 @@ +#!/bin/sh + +set -e + +#DEBHELPER# + +if [ "$1" != "configure" ]; then + exit 0 +fi + +phpini="/etc/php5/cli/php.ini" + +ucf /usr/share/php5/php.ini-production.cli $phpini +ucfr php5-cli $phpini + +update-alternatives \ + --install /usr/bin/php php /usr/bin/php5 50 \ + --slave /usr/share/man/man1/php.1.gz php.1.gz /usr/share/man/man1/php5.1.gz + +exit 0 --- php5-5.4.6.orig/debian/php5_cgi.load +++ php5-5.4.6/debian/php5_cgi.load @@ -0,0 +1,2 @@ +# Depends: actions +# This is just dummy load file to enable actions module --- php5-5.4.6.orig/debian/phpapi +++ php5-5.4.6/debian/phpapi @@ -0,0 +1 @@ +20100525 --- php5-5.4.6.orig/debian/source/format +++ php5-5.4.6/debian/source/format @@ -0,0 +1 @@ +1.0 --- php5-5.4.6.orig/debian/patches/suhosin.patch +++ php5-5.4.6/debian/patches/suhosin.patch @@ -0,0 +1,5683 @@ +suhosin hardening patch + +this patch was downloaded from: + + http://download.suhosin.org/suhosin-patch-5.3.4-0.9.10.patch.gz + +the following modifications have been made: + + * removed changes to ./configure & ./main/php_config.h.in since those + files are autogenerated + * "quilt refresh" has been run to clean up the offsets, etc +--- a/Zend/Makefile.am ++++ b/Zend/Makefile.am +@@ -17,7 +17,8 @@ libZend_la_SOURCES=\ + zend_objects_API.c zend_ts_hash.c zend_stream.c \ + zend_default_classes.c \ + zend_iterators.c zend_interfaces.c zend_exceptions.c \ +- zend_strtod.c zend_closures.c zend_float.c zend_string.c zend_signal.c ++ zend_strtod.c zend_closures.c zend_float.c zend_string.c zend_signal.c \ ++ zend_canary.c zend_alloc_canary.c + + libZend_la_LDFLAGS = + libZend_la_LIBADD = @ZEND_EXTRA_LIBS@ +--- a/Zend/Zend.dsp ++++ b/Zend/Zend.dsp +@@ -251,6 +251,14 @@ SOURCE=.\zend_strtod.c + # End Source File + # Begin Source File + ++SOURCE=.\zend_canary.c ++# End Source File ++# Begin Source File ++ ++SOURCE=.\zend_alloc_canary.c ++# End Source File ++# Begin Source File ++ + SOURCE=.\zend_ts_hash.c + # End Source File + # Begin Source File +--- a/Zend/ZendTS.dsp ++++ b/Zend/ZendTS.dsp +@@ -281,6 +281,14 @@ SOURCE=.\zend_strtod.c + # End Source File + # Begin Source File + ++SOURCE=.\zend_canary.c ++# End Source File ++# Begin Source File ++ ++SOURCE=.\zend_alloc_canary.c ++# End Source File ++# Begin Source File ++ + SOURCE=.\zend_ts_hash.c + # End Source File + # Begin Source File +--- a/Zend/zend.c ++++ b/Zend/zend.c +@@ -61,6 +61,10 @@ int (*zend_vspprintf)(char **pbuf, size_ + ZEND_API char *(*zend_getenv)(char *name, size_t name_len TSRMLS_DC); + ZEND_API char *(*zend_resolve_path)(const char *filename, int filename_len TSRMLS_DC); + ++#if SUHOSIN_PATCH ++ZEND_API void (*zend_suhosin_log)(int loglevel, char *fmt, ...); ++#endif ++ + void (*zend_on_timeout)(int seconds TSRMLS_DC); + + static void (*zend_message_dispatcher_p)(long message, const void *data TSRMLS_DC); +@@ -102,6 +106,74 @@ static ZEND_INI_MH(OnUpdateScriptEncodin + /* }}} */ + + ++#if SUHOSIN_PATCH ++static ZEND_INI_MH(OnUpdateSuhosin_log_syslog) ++{ ++ if (!new_value) { ++ SPG(log_syslog) = S_ALL & ~S_SQL | S_MEMORY; ++ } else { ++ SPG(log_syslog) = atoi(new_value) | S_MEMORY; ++ } ++ return SUCCESS; ++} ++static ZEND_INI_MH(OnUpdateSuhosin_log_syslog_facility) ++{ ++ if (!new_value) { ++ SPG(log_syslog_facility) = LOG_USER; ++ } else { ++ SPG(log_syslog_facility) = atoi(new_value); ++ } ++ return SUCCESS; ++} ++static ZEND_INI_MH(OnUpdateSuhosin_log_syslog_priority) ++{ ++ if (!new_value) { ++ SPG(log_syslog_priority) = LOG_ALERT; ++ } else { ++ SPG(log_syslog_priority) = atoi(new_value); ++ } ++ return SUCCESS; ++} ++static ZEND_INI_MH(OnUpdateSuhosin_log_sapi) ++{ ++ if (!new_value) { ++ SPG(log_sapi) = S_ALL & ~S_SQL; ++ } else { ++ SPG(log_sapi) = atoi(new_value); ++ } ++ return SUCCESS; ++} ++static ZEND_INI_MH(OnUpdateSuhosin_log_script) ++{ ++ if (!new_value) { ++ SPG(log_script) = S_ALL & ~S_MEMORY; ++ } else { ++ SPG(log_script) = atoi(new_value) & (~S_MEMORY) & (~S_INTERNAL); ++ } ++ return SUCCESS; ++} ++static ZEND_INI_MH(OnUpdateSuhosin_log_scriptname) ++{ ++ if (SPG(log_scriptname)) { ++ pefree(SPG(log_scriptname),1); ++ } ++ SPG(log_scriptname) = NULL; ++ if (new_value) { ++ SPG(log_scriptname) = pestrdup(new_value,1); ++ } ++ return SUCCESS; ++} ++static ZEND_INI_MH(OnUpdateSuhosin_log_phpscript) ++{ ++ if (!new_value) { ++ SPG(log_phpscript) = S_ALL & ~S_MEMORY; ++ } else { ++ SPG(log_phpscript) = atoi(new_value) & (~S_MEMORY) & (~S_INTERNAL); ++ } ++ return SUCCESS; ++} ++#endif ++ + ZEND_INI_BEGIN() + ZEND_INI_ENTRY("error_reporting", NULL, ZEND_INI_ALL, OnUpdateErrorReporting) + STD_ZEND_INI_BOOLEAN("zend.enable_gc", "1", ZEND_INI_ALL, OnUpdateGCEnabled, gc_enabled, zend_gc_globals, gc_globals) +--- a/Zend/zend.h ++++ b/Zend/zend.h +@@ -688,6 +688,9 @@ extern ZEND_API int (*zend_stream_open_f + extern int (*zend_vspprintf)(char **pbuf, size_t max_len, const char *format, va_list ap); + extern ZEND_API char *(*zend_getenv)(char *name, size_t name_len TSRMLS_DC); + extern ZEND_API char *(*zend_resolve_path)(const char *filename, int filename_len TSRMLS_DC); ++#if SUHOSIN_PATCH ++extern ZEND_API void (*zend_suhosin_log)(int loglevel, char *fmt, ...); ++#endif + + ZEND_API void zend_error(int type, const char *format, ...) ZEND_ATTRIBUTE_FORMAT(printf, 2, 3); + +@@ -849,6 +852,16 @@ ZEND_API void zend_restore_error_handlin + #define DEBUG_BACKTRACE_PROVIDE_OBJECT (1<<0) + #define DEBUG_BACKTRACE_IGNORE_ARGS (1<<1) + ++#if SUHOSIN_PATCH ++#include "suhosin_globals.h" ++#include "suhosin_patch.h" ++#include "php_syslog.h" ++ ++ZEND_API void zend_canary(void *buf, int len); ++ZEND_API char suhosin_get_config(int element); ++ ++#endif ++ + #endif /* ZEND_H */ + + /* +--- a/Zend/zend_alloc.c ++++ b/Zend/zend_alloc.c +@@ -32,6 +32,10 @@ + # include + #endif + ++#if SUHOSIN_PATCH ++#include "suhosin_patch.h" ++#endif ++ + #ifdef ZEND_WIN32 + # include + # include +@@ -59,6 +63,7 @@ + # define PTR_FMT "0x%0.8lx" + #endif + ++#ifndef SUHOSIN_MM_CLONE_FILE + #if ZEND_DEBUG + void zend_debug_alloc_output(char *format, ...) + { +@@ -76,6 +81,7 @@ void zend_debug_alloc_output(char *forma + #endif + } + #endif ++#endif + + #if (defined (__GNUC__) && __GNUC__ > 2 ) && !defined(__INTEL_COMPILER) && !defined(DARWIN) && !defined(__hpux) && !defined(_AIX) + static void zend_mm_panic(const char *message) __attribute__ ((noreturn)); +@@ -134,6 +140,8 @@ static void zend_mm_panic(const char *me + # endif + #endif + ++static zend_intptr_t SUHOSIN_POINTER_GUARD = 0; ++ + static zend_mm_storage* zend_mm_mem_dummy_init(void *params) + { + return malloc(sizeof(zend_mm_storage)); +@@ -332,13 +340,28 @@ static const zend_mm_mem_handlers mem_ha + #define MEM_BLOCK_GUARD 0x2A8FCC84 + #define MEM_BLOCK_LEAK 0x6C5E8F2D + ++#if SUHOSIN_MM_WITH_CANARY_PROTECTION ++# define CANARY_SIZE sizeof(size_t) ++#else ++# define CANARY_SIZE 0 ++#endif ++ + /* mm block type */ + typedef struct _zend_mm_block_info { + #if ZEND_MM_COOKIES + size_t _cookie; + #endif +- size_t _size; +- size_t _prev; ++#if SUHOSIN_MM_WITH_CANARY_PROTECTION ++ size_t canary_1; ++#endif ++ size_t _size; ++ size_t _prev; ++#if SUHOSIN_PATCH ++ size_t size; ++#if SUHOSIN_MM_WITH_CANARY_PROTECTION ++ size_t canary_2; ++#endif ++#endif + } zend_mm_block_info; + + #if ZEND_DEBUG +@@ -412,7 +435,7 @@ typedef struct _zend_mm_free_block { + # define ZEND_MM_CACHE_STAT 0 + #endif + +-struct _zend_mm_heap { ++typedef struct _zend_mm_heap { + int use_zend_alloc; + void *(*_malloc)(size_t); + void (*_free)(void*); +@@ -448,6 +471,9 @@ struct _zend_mm_heap { + int miss; + } cache_stat[ZEND_MM_NUM_BUCKETS+1]; + #endif ++#if SUHOSIN_PATCH ++ size_t canary_1,canary_2,canary_3; ++#endif + }; + + #define ZEND_MM_SMALL_FREE_BUCKET(heap, index) \ +@@ -525,18 +551,31 @@ static unsigned int _zend_mm_cookie = 0; + /* optimized access */ + #define ZEND_MM_FREE_BLOCK_SIZE(b) (b)->info._size + ++#ifndef ZEND_MM_ALIGNMENT ++# define ZEND_MM_ALIGNMENT 8 ++# define ZEND_MM_ALIGNMENT_LOG2 3 ++#elif ZEND_MM_ALIGNMENT < 4 ++# undef ZEND_MM_ALIGNMENT ++# undef ZEND_MM_ALIGNMENT_LOG2 ++# define ZEND_MM_ALIGNMENT 4 ++# define ZEND_MM_ALIGNMENT_LOG2 2 ++#endif ++ ++#define ZEND_MM_ALIGNMENT_MASK ~(ZEND_MM_ALIGNMENT-1) ++ + /* Aligned header size */ ++#define ZEND_MM_ALIGNED_SIZE(size) ((size + ZEND_MM_ALIGNMENT - 1) & ZEND_MM_ALIGNMENT_MASK) + #define ZEND_MM_ALIGNED_HEADER_SIZE ZEND_MM_ALIGNED_SIZE(sizeof(zend_mm_block)) + #define ZEND_MM_ALIGNED_FREE_HEADER_SIZE ZEND_MM_ALIGNED_SIZE(sizeof(zend_mm_small_free_block)) +-#define ZEND_MM_MIN_ALLOC_BLOCK_SIZE ZEND_MM_ALIGNED_SIZE(ZEND_MM_ALIGNED_HEADER_SIZE + END_MAGIC_SIZE) ++#define ZEND_MM_MIN_ALLOC_BLOCK_SIZE ZEND_MM_ALIGNED_SIZE(ZEND_MM_ALIGNED_HEADER_SIZE + END_MAGIC_SIZE + CANARY_SIZE) + #define ZEND_MM_ALIGNED_MIN_HEADER_SIZE (ZEND_MM_MIN_ALLOC_BLOCK_SIZE>ZEND_MM_ALIGNED_FREE_HEADER_SIZE?ZEND_MM_MIN_ALLOC_BLOCK_SIZE:ZEND_MM_ALIGNED_FREE_HEADER_SIZE) + #define ZEND_MM_ALIGNED_SEGMENT_SIZE ZEND_MM_ALIGNED_SIZE(sizeof(zend_mm_segment)) + +-#define ZEND_MM_MIN_SIZE ((ZEND_MM_ALIGNED_MIN_HEADER_SIZE>(ZEND_MM_ALIGNED_HEADER_SIZE+END_MAGIC_SIZE))?(ZEND_MM_ALIGNED_MIN_HEADER_SIZE-(ZEND_MM_ALIGNED_HEADER_SIZE+END_MAGIC_SIZE)):0) ++#define ZEND_MM_MIN_SIZE ((ZEND_MM_ALIGNED_MIN_HEADER_SIZE>(ZEND_MM_ALIGNED_HEADER_SIZE+END_MAGIC_SIZE+CANARY_SIZE))?(ZEND_MM_ALIGNED_MIN_HEADER_SIZE-(ZEND_MM_ALIGNED_HEADER_SIZE+END_MAGIC_SIZE+CANARY_SIZE)):0) + + #define ZEND_MM_MAX_SMALL_SIZE ((ZEND_MM_NUM_BUCKETS<>ZEND_MM_ALIGNMENT_LOG2)-(ZEND_MM_ALIGNED_MIN_HEADER_SIZE>>ZEND_MM_ALIGNMENT_LOG2)) + +@@ -598,6 +637,44 @@ static unsigned int _zend_mm_cookie = 0; + + #endif + ++#if SUHOSIN_MM_WITH_CANARY_PROTECTION ++ ++# define SUHOSIN_MM_CHECK_CANARIES(block, MFUNCTION) do { \ ++ char *p = SUHOSIN_MM_END_CANARY_PTR(block); size_t check; \ ++ if (((block)->info.canary_1 != heap->canary_1) || ((block)->info.canary_2 != heap->canary_2)) { \ ++ canary_mismatch: \ ++ zend_suhosin_log(S_MEMORY, "canary mismatch on " MFUNCTION " - heap overflow detected at %p", (block)); \ ++ if (SUHOSIN_CONFIG(SUHOSIN_MM_IGNORE_CANARY_VIOLATION) == 0) { _exit(1); } else { (block)->info.canary_1 = heap->canary_1; (block)->info.canary_2 = heap->canary_2; }\ ++ } \ ++ memcpy(&check, p, CANARY_SIZE); \ ++ if (check != heap->canary_3) { \ ++ zend_suhosin_log(S_MEMORY, "end canary mismatch on " MFUNCTION " - heap overflow detected at %p", (block)); \ ++ if (SUHOSIN_CONFIG(SUHOSIN_MM_IGNORE_CANARY_VIOLATION) == 0) { _exit(1); } else { memcpy(p, heap->canary_3, CANARY_SIZE); } \ ++ } \ ++ } while (0) ++ ++# define SUHOSIN_MM_SET_CANARIES(block) do { \ ++ (block)->info.canary_1 = heap->canary_1; \ ++ (block)->info.canary_2 = heap->canary_2; \ ++ } while (0) ++ ++# define SUHOSIN_MM_END_CANARY_PTR(block) \ ++ (char *)(((char*)(ZEND_MM_DATA_OF(block))) + ((zend_mm_block*)(block))->info.size + END_MAGIC_SIZE) ++ ++# define SUHOSIN_MM_SET_END_CANARY(block) do { \ ++ char *p = SUHOSIN_MM_END_CANARY_PTR(block); \ ++ memcpy(p, &heap->canary_3, CANARY_SIZE); \ ++ } while (0) ++ ++#else ++ ++# define SUHOSIN_MM_CHECK_CANARIES(block, MFUNCTION) ++# define SUHOSIN_MM_SET_CANARIES(block) ++# define SUHOSIN_MM_END_CANARY_PTR(block) ++# define SUHOSIN_MM_SET_END_CANARY(block) ++ ++#endif ++ + + #if ZEND_MM_HEAP_PROTECTION + +@@ -720,7 +797,7 @@ static inline unsigned int zend_mm_low_b + #endif + } + +-static inline void zend_mm_add_to_free_list(zend_mm_heap *heap, zend_mm_free_block *mm_block) ++static void zend_mm_add_to_free_list(zend_mm_heap *heap, zend_mm_free_block *mm_block) + { + size_t size; + size_t index; +@@ -737,7 +814,7 @@ static inline void zend_mm_add_to_free_l + if (!*p) { + *p = mm_block; + mm_block->parent = p; +- mm_block->prev_free_block = mm_block->next_free_block = mm_block; ++ mm_block->prev_free_block = mm_block->next_free_block = SUHOSIN_MANGLE_PTR(mm_block); + heap->large_free_bitmap |= (ZEND_MM_LONG_CONST(1) << index); + } else { + size_t m; +@@ -750,15 +827,15 @@ static inline void zend_mm_add_to_free_l + if (!*p) { + *p = mm_block; + mm_block->parent = p; +- mm_block->prev_free_block = mm_block->next_free_block = mm_block; ++ mm_block->prev_free_block = mm_block->next_free_block = SUHOSIN_MANGLE_PTR(mm_block); + break; + } + } else { +- zend_mm_free_block *next = prev->next_free_block; ++ zend_mm_free_block *next = SUHOSIN_MANGLE_PTR(prev->next_free_block); + +- prev->next_free_block = next->prev_free_block = mm_block; +- mm_block->next_free_block = next; +- mm_block->prev_free_block = prev; ++ prev->next_free_block = next->prev_free_block = SUHOSIN_MANGLE_PTR(mm_block); ++ mm_block->next_free_block = SUHOSIN_MANGLE_PTR(next); ++ mm_block->prev_free_block = SUHOSIN_MANGLE_PTR(prev); + mm_block->parent = NULL; + break; + } +@@ -770,14 +847,14 @@ static inline void zend_mm_add_to_free_l + index = ZEND_MM_BUCKET_INDEX(size); + + prev = ZEND_MM_SMALL_FREE_BUCKET(heap, index); +- if (prev->prev_free_block == prev) { ++ if (SUHOSIN_MANGLE_PTR(prev->prev_free_block) == prev) { + heap->free_bitmap |= (ZEND_MM_LONG_CONST(1) << index); + } +- next = prev->next_free_block; ++ next = SUHOSIN_MANGLE_PTR(prev->next_free_block); + +- mm_block->prev_free_block = prev; +- mm_block->next_free_block = next; +- prev->next_free_block = next->prev_free_block = mm_block; ++ mm_block->prev_free_block = SUHOSIN_MANGLE_PTR(prev); ++ mm_block->next_free_block = SUHOSIN_MANGLE_PTR(next); ++ prev->next_free_block = next->prev_free_block = SUHOSIN_MANGLE_PTR(mm_block); + } + } + +@@ -791,6 +868,12 @@ static inline void zend_mm_remove_from_f + if (EXPECTED(prev == mm_block)) { + zend_mm_free_block **rp, **cp; + ++#if SUHOSIN_PATCH ++ if (next != mm_block) { ++ zend_suhosin_log(S_MEMORY, "zend_mm_heap corrupted at %p", mm_block); ++ _exit(1); ++ } ++#endif + #if ZEND_MM_SAFE_UNLINKING + if (UNEXPECTED(next != mm_block)) { + zend_mm_panic("zend_mm_heap corrupted"); +@@ -829,14 +912,21 @@ subst_block: + } + } else { + ++#if SUHOSIN_PATCH ++ if (SUHOSIN_MANGLE_PTR(prev->next_free_block) != mm_block || SUHOSIN_MANGLE_PTR(next->prev_free_block) != mm_block) { ++ zend_suhosin_log(S_MEMORY, "zend_mm_head corrupted at %p", mm_block); ++ _exit(1); ++ } ++#endif ++ + #if ZEND_MM_SAFE_UNLINKING +- if (UNEXPECTED(prev->next_free_block != mm_block) || UNEXPECTED(next->prev_free_block != mm_block)) { ++ if (UNEXPECTED(SUHOSIN_MANGLE_PTR(prev->next_free_block) != mm_block) || UNEXPECTED(SUHOSIN_MANGLE_PTR(next->prev_free_block) != mm_block)) { + zend_mm_panic("zend_mm_heap corrupted"); + } + #endif + +- prev->next_free_block = next; +- next->prev_free_block = prev; ++ prev->next_free_block = SUHOSIN_MANGLE_PTR(next); ++ next->prev_free_block = SUHOSIN_MANGLE_PTR(prev); + + if (EXPECTED(ZEND_MM_SMALL_SIZE(ZEND_MM_FREE_BLOCK_SIZE(mm_block)))) { + if (EXPECTED(prev == next)) { +@@ -854,7 +944,7 @@ subst_block: + } + } + +-static inline void zend_mm_add_to_rest_list(zend_mm_heap *heap, zend_mm_free_block *mm_block) ++static void zend_mm_add_to_rest_list(zend_mm_heap *heap, zend_mm_free_block *mm_block) + { + zend_mm_free_block *prev, *next; + +@@ -878,14 +968,14 @@ static inline void zend_mm_add_to_rest_l + + ZEND_MM_SET_MAGIC(mm_block, MEM_BLOCK_FREED); + +- prev = heap->rest_buckets[0]; +- next = prev->next_free_block; +- mm_block->prev_free_block = prev; +- mm_block->next_free_block = next; +- prev->next_free_block = next->prev_free_block = mm_block; ++ prev = SUHOSIN_MANGLE_PTR(heap->rest_buckets[0]); ++ next = SUHOSIN_MANGLE_PTR(prev->next_free_block); ++ mm_block->prev_free_block = SUHOSIN_MANGLE_PTR(prev); ++ mm_block->next_free_block = SUHOSIN_MANGLE_PTR(next); ++ prev->next_free_block = next->prev_free_block = SUHOSIN_MANGLE_PTR(mm_block); + } + +-static inline void zend_mm_init(zend_mm_heap *heap) ++static void zend_mm_init(zend_mm_heap *heap) + { + zend_mm_free_block* p; + int i; +@@ -903,13 +993,21 @@ static inline void zend_mm_init(zend_mm_ + #endif + p = ZEND_MM_SMALL_FREE_BUCKET(heap, 0); + for (i = 0; i < ZEND_MM_NUM_BUCKETS; i++) { +- p->next_free_block = p; +- p->prev_free_block = p; ++ p->next_free_block = SUHOSIN_MANGLE_PTR(p); ++ p->prev_free_block = SUHOSIN_MANGLE_PTR(p); + p = (zend_mm_free_block*)((char*)p + sizeof(zend_mm_free_block*) * 2); + heap->large_free_buckets[i] = NULL; + } +- heap->rest_buckets[0] = heap->rest_buckets[1] = ZEND_MM_REST_BUCKET(heap); ++ heap->rest_buckets[0] = heap->rest_buckets[1] = SUHOSIN_MANGLE_PTR(ZEND_MM_REST_BUCKET(heap)); + heap->rest_count = 0; ++ ++#if SUHOSIN_PATCH ++ if (SUHOSIN_CONFIG(SUHOSIN_MM_USE_CANARY_PROTECTION)) { ++ zend_canary(&heap->canary_1, sizeof(heap->canary_1)); ++ zend_canary(&heap->canary_2, sizeof(heap->canary_2)); ++ zend_canary(&heap->canary_3, sizeof(heap->canary_3)); ++ } ++#endif + } + + static void zend_mm_del_segment(zend_mm_heap *heap, zend_mm_segment *segment) +@@ -930,12 +1028,13 @@ static void zend_mm_free_cache(zend_mm_h + int i; + + for (i = 0; i < ZEND_MM_NUM_BUCKETS; i++) { ++ /* NULL means NULL even MANGLED */ + if (heap->cache[i]) { +- zend_mm_free_block *mm_block = heap->cache[i]; ++ zend_mm_free_block *mm_block = SUHOSIN_MANGLE_PTR(heap->cache[i]); + + while (mm_block) { + size_t size = ZEND_MM_BLOCK_SIZE(mm_block); +- zend_mm_free_block *q = mm_block->prev_free_block; ++ zend_mm_free_block *q = SUHOSIN_MANGLE_PTR(mm_block->prev_free_block); + zend_mm_block *next_block = ZEND_MM_NEXT_BLOCK(mm_block); + + heap->cached -= size; +@@ -1031,14 +1130,20 @@ static void zend_mm_random(unsigned char + /* }}} */ + #endif + ++ + /* Notes: + * - This function may alter the block_sizes values to match platform alignment + * - This function does *not* perform sanity checks on the arguments + */ +-ZEND_API zend_mm_heap *zend_mm_startup_ex(const zend_mm_mem_handlers *handlers, size_t block_size, size_t reserve_size, int internal, void *params) ++#if SUHOSIN_MM_WITH_CANARY_PROTECTION ++zend_mm_heap *__zend_mm_startup_canary_ex(const zend_mm_mem_handlers *handlers, size_t block_size, size_t reserve_size, int internal, void *params) ++#else ++static zend_mm_heap *__zend_mm_startup_ex(const zend_mm_mem_handlers *handlers, size_t block_size, size_t reserve_size, int internal, void *params) ++#endif + { + zend_mm_storage *storage; + zend_mm_heap *heap; ++ zend_mm_free_block *tmp; + + #if 0 + int i; +@@ -1072,6 +1177,12 @@ ZEND_API zend_mm_heap *zend_mm_startup_e + } + #endif + ++ /* get the pointer guardian and ensure low 3 bits are 1 */ ++ if (SUHOSIN_POINTER_GUARD == 0) { ++ zend_canary(&SUHOSIN_POINTER_GUARD, sizeof(SUHOSIN_POINTER_GUARD)); ++ SUHOSIN_POINTER_GUARD |= 7; ++ } ++ + if (zend_mm_low_bit(block_size) != zend_mm_high_bit(block_size)) { + fprintf(stderr, "'block_size' must be a power of two\n"); + /* See http://support.microsoft.com/kb/190351 */ +@@ -1119,12 +1230,12 @@ ZEND_API zend_mm_heap *zend_mm_startup_e + heap->reserve = NULL; + heap->reserve_size = reserve_size; + if (reserve_size > 0) { +- heap->reserve = _zend_mm_alloc_int(heap, reserve_size ZEND_FILE_LINE_CC ZEND_FILE_LINE_EMPTY_CC); ++ heap->reserve = _zend_mm_alloc(heap, reserve_size ZEND_FILE_LINE_CC ZEND_FILE_LINE_EMPTY_CC); + } + if (internal) { + int i; + zend_mm_free_block *p, *q, *orig; +- zend_mm_heap *mm_heap = _zend_mm_alloc_int(heap, sizeof(zend_mm_heap) ZEND_FILE_LINE_CC ZEND_FILE_LINE_EMPTY_CC); ++ zend_mm_heap *mm_heap = _zend_mm_alloc(heap, sizeof(zend_mm_heap) ZEND_FILE_LINE_CC ZEND_FILE_LINE_EMPTY_CC); + + *mm_heap = *heap; + +@@ -1132,22 +1243,22 @@ ZEND_API zend_mm_heap *zend_mm_startup_e + orig = ZEND_MM_SMALL_FREE_BUCKET(heap, 0); + for (i = 0; i < ZEND_MM_NUM_BUCKETS; i++) { + q = p; +- while (q->prev_free_block != orig) { +- q = q->prev_free_block; ++ while (SUHOSIN_MANGLE_PTR(q->prev_free_block) != orig) { ++ q = SUHOSIN_MANGLE_PTR(q->prev_free_block); + } +- q->prev_free_block = p; ++ q->prev_free_block = SUHOSIN_MANGLE_PTR(p); + q = p; +- while (q->next_free_block != orig) { +- q = q->next_free_block; ++ while (SUHOSIN_MANGLE_PTR(q->next_free_block) != orig) { ++ q = SUHOSIN_MANGLE_PTR(q->next_free_block); + } +- q->next_free_block = p; ++ q->next_free_block = SUHOSIN_MANGLE_PTR(p); + p = (zend_mm_free_block*)((char*)p + sizeof(zend_mm_free_block*) * 2); + orig = (zend_mm_free_block*)((char*)orig + sizeof(zend_mm_free_block*) * 2); + if (mm_heap->large_free_buckets[i]) { + mm_heap->large_free_buckets[i]->parent = &mm_heap->large_free_buckets[i]; + } + } +- mm_heap->rest_buckets[0] = mm_heap->rest_buckets[1] = ZEND_MM_REST_BUCKET(mm_heap); ++ mm_heap->rest_buckets[0] = mm_heap->rest_buckets[1] = SUHOSIN_MANGLE_PTR(ZEND_MM_REST_BUCKET(mm_heap)); + mm_heap->rest_count = 0; + + free(heap); +@@ -1156,7 +1267,11 @@ ZEND_API zend_mm_heap *zend_mm_startup_e + return heap; + } + +-ZEND_API zend_mm_heap *zend_mm_startup(void) ++#if SUHOSIN_MM_WITH_CANARY_PROTECTION ++zend_mm_heap *__zend_mm_startup_canary(void) ++#else ++static zend_mm_heap *__zend_mm_startup(void) ++#endif + { + int i; + size_t seg_size; +@@ -1226,6 +1341,27 @@ ZEND_API zend_mm_heap *zend_mm_startup(v + return heap; + } + ++#ifndef SUHOSIN_MM_CLONE_FILE ++zend_mm_heap_canary *__zend_mm_startup_canary_ex(const zend_mm_mem_handlers *handlers, size_t block_size, size_t reserve_size, int internal, void *params); ++zend_mm_heap_canary *__zend_mm_startup_canary(void); ++ ++ZEND_API zend_mm_heap *zend_mm_startup_ex(const zend_mm_mem_handlers *handlers, size_t block_size, size_t reserve_size, int internal, void *params) ++{ ++ if (SUHOSIN_CONFIG(SUHOSIN_MM_USE_CANARY_PROTECTION)) { ++ return (zend_mm_heap *)__zend_mm_startup_canary_ex(handlers, block_size, reserve_size, internal, params); ++ } ++ return __zend_mm_startup_ex(handlers, block_size, reserve_size, internal, params); ++} ++ZEND_API zend_mm_heap *zend_mm_startup(void) ++{ ++ if (SUHOSIN_CONFIG(SUHOSIN_MM_USE_CANARY_PROTECTION)) { ++ return (zend_mm_heap *)__zend_mm_startup_canary(); ++ } ++ return __zend_mm_startup(); ++} ++ ++#endif ++ + #if ZEND_DEBUG + static long zend_mm_find_leaks(zend_mm_segment *segment, zend_mm_block *b) + { +@@ -1594,7 +1730,11 @@ static int zend_mm_check_heap(zend_mm_he + } + #endif + +-ZEND_API void zend_mm_shutdown(zend_mm_heap *heap, int full_shutdown, int silent TSRMLS_DC) ++#if SUHOSIN_MM_WITH_CANARY_PROTECTION ++void __zend_mm_shutdown_canary(zend_mm_heap *heap, int full_shutdown, int silent TSRMLS_DC) ++#else ++static void __zend_mm_shutdown(zend_mm_heap *heap, int full_shutdown, int silent TSRMLS_DC) ++#endif + { + zend_mm_storage *storage; + zend_mm_segment *segment; +@@ -1611,7 +1751,7 @@ ZEND_API void zend_mm_shutdown(zend_mm_h + if (heap->reserve) { + #if ZEND_DEBUG + if (!silent) { +- _zend_mm_free_int(heap, heap->reserve ZEND_FILE_LINE_CC ZEND_FILE_LINE_EMPTY_CC); ++ _zend_mm_free(heap, heap->reserve ZEND_FILE_LINE_CC ZEND_FILE_LINE_EMPTY_CC); + } + #endif + heap->reserve = NULL; +@@ -1730,12 +1870,23 @@ ZEND_API void zend_mm_shutdown(zend_mm_h + zend_mm_add_to_free_list(heap, b); + } + if (heap->reserve_size) { +- heap->reserve = _zend_mm_alloc_int(heap, heap->reserve_size ZEND_FILE_LINE_CC ZEND_FILE_LINE_EMPTY_CC); ++ heap->reserve = _zend_mm_alloc(heap, heap->reserve_size ZEND_FILE_LINE_CC ZEND_FILE_LINE_EMPTY_CC); + } + heap->overflow = 0; + } + } + ++#ifndef SUHOSIN_MM_CLONE_FILE ++ZEND_API void zend_mm_shutdown(zend_mm_heap *heap, int full_shutdown, int silent TSRMLS_DC) ++{ ++ if (SUHOSIN_CONFIG(SUHOSIN_MM_USE_CANARY_PROTECTION)) { ++ __zend_mm_shutdown_canary(heap, full_shutdown, silent TSRMLS_CC); ++ return; ++ } ++ __zend_mm_shutdown(heap, full_shutdown, silent TSRMLS_CC); ++} ++#endif ++ + static void zend_mm_safe_error(zend_mm_heap *heap, + const char *format, + size_t limit, +@@ -1746,7 +1897,11 @@ static void zend_mm_safe_error(zend_mm_h + size_t size) + { + if (heap->reserve) { ++#if SUHOSIN_MM_WITH_CANARY_PROTECTION ++ _zend_mm_free_canary_int(heap, heap->reserve ZEND_FILE_LINE_CC ZEND_FILE_LINE_EMPTY_CC); ++#else + _zend_mm_free_int(heap, heap->reserve ZEND_FILE_LINE_CC ZEND_FILE_LINE_EMPTY_CC); ++#endif + heap->reserve = NULL; + } + if (heap->overflow == 0) { +@@ -1821,7 +1976,7 @@ static zend_mm_free_block *zend_mm_searc + p = heap->large_free_buckets[index]; + for (m = true_size << (ZEND_MM_NUM_BUCKETS - index); ; m <<= 1) { + if (UNEXPECTED(ZEND_MM_FREE_BLOCK_SIZE(p) == true_size)) { +- return p->next_free_block; ++ return SUHOSIN_MANGLE_PTR(p->next_free_block); + } else if (ZEND_MM_FREE_BLOCK_SIZE(p) >= true_size && + ZEND_MM_FREE_BLOCK_SIZE(p) < best_size) { + best_size = ZEND_MM_FREE_BLOCK_SIZE(p); +@@ -1845,7 +2000,7 @@ static zend_mm_free_block *zend_mm_searc + + for (p = rst; p; p = p->child[p->child[0] != NULL]) { + if (UNEXPECTED(ZEND_MM_FREE_BLOCK_SIZE(p) == true_size)) { +- return p->next_free_block; ++ return SUHOSIN_MANGLE_PTR(p->next_free_block); + } else if (ZEND_MM_FREE_BLOCK_SIZE(p) > true_size && + ZEND_MM_FREE_BLOCK_SIZE(p) < best_size) { + best_size = ZEND_MM_FREE_BLOCK_SIZE(p); +@@ -1854,7 +2009,7 @@ static zend_mm_free_block *zend_mm_searc + } + + if (best_fit) { +- return best_fit->next_free_block; ++ return SUHOSIN_MANGLE_PTR(best_fit->next_free_block); + } + bitmap = bitmap >> 1; + if (!bitmap) { +@@ -1870,9 +2025,12 @@ static zend_mm_free_block *zend_mm_searc + best_fit = p; + } + } +- return best_fit->next_free_block; ++ return SUHOSIN_MANGLE_PTR(best_fit->next_free_block); + } + ++#if SUHOSIN_PATCH ++void *_zend_mm_alloc_canary_int(zend_mm_heap_canary *heap, size_t size ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC); ++#endif + static void *_zend_mm_alloc_int(zend_mm_heap *heap, size_t size ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC) + { + zend_mm_free_block *best_fit; +@@ -1902,9 +2060,14 @@ static void *_zend_mm_alloc_int(zend_mm_ + heap->cache_stat[index].count--; + heap->cache_stat[index].hit++; + #endif +- best_fit = heap->cache[index]; ++ best_fit = SUHOSIN_MANGLE_PTR(heap->cache[index]); + heap->cache[index] = best_fit->prev_free_block; + heap->cached -= true_size; ++#if SUHOSIN_PATCH ++ SUHOSIN_MM_SET_CANARIES(best_fit); ++ ((zend_mm_block*)best_fit)->info.size = size; ++ SUHOSIN_MM_SET_END_CANARY(best_fit); ++#endif + ZEND_MM_CHECK_MAGIC(best_fit, MEM_BLOCK_CACHED); + ZEND_MM_SET_DEBUG_INFO(best_fit, size, 1, 0); + HANDLE_UNBLOCK_INTERRUPTIONS(); +@@ -1919,7 +2082,7 @@ static void *_zend_mm_alloc_int(zend_mm_ + if (bitmap) { + /* Found some "small" free block that can be used */ + index += zend_mm_low_bit(bitmap); +- best_fit = heap->free_buckets[index*2]; ++ best_fit = SUHOSIN_MANGLE_PTR(heap->free_buckets[index*2]); + #if ZEND_MM_CACHE_STAT + heap->cache_stat[ZEND_MM_NUM_BUCKETS].hit++; + #endif +@@ -1934,7 +2097,7 @@ static void *_zend_mm_alloc_int(zend_mm_ + best_fit = zend_mm_search_large_block(heap, true_size); + + if (!best_fit && heap->real_size >= heap->limit - heap->block_size) { +- zend_mm_free_block *p = heap->rest_buckets[0]; ++ zend_mm_free_block *p = SUHOSIN_MANGLE_PTR(heap->rest_buckets[0]); + size_t best_size = -1; + + while (p != ZEND_MM_REST_BUCKET(heap)) { +@@ -1946,7 +2109,7 @@ static void *_zend_mm_alloc_int(zend_mm_ + best_size = ZEND_MM_FREE_BLOCK_SIZE(p); + best_fit = p; + } +- p = p->prev_free_block; ++ p = SUHOSIN_MANGLE_PTR(p->prev_free_block); + } + } + +@@ -2042,13 +2205,19 @@ zend_mm_finished_searching_for_block: + + ZEND_MM_SET_DEBUG_INFO(best_fit, size, 1, 1); + ++#if SUHOSIN_PATCH ++ SUHOSIN_MM_SET_CANARIES(best_fit); ++ ((zend_mm_block*)best_fit)->info.size = size; ++ SUHOSIN_MM_SET_END_CANARY(best_fit); ++#endif ++ + heap->size += true_size; + if (heap->peak < heap->size) { + heap->peak = heap->size; + } + + HANDLE_UNBLOCK_INTERRUPTIONS(); +- ++ + return ZEND_MM_DATA_OF(best_fit); + } + +@@ -2069,19 +2238,26 @@ static void _zend_mm_free_int(zend_mm_he + + mm_block = ZEND_MM_HEADER_OF(p); + size = ZEND_MM_BLOCK_SIZE(mm_block); ++#if SUHOSIN_PATCH ++ SUHOSIN_MM_CHECK_CANARIES(mm_block, "efree()"); ++#endif + ZEND_MM_CHECK_PROTECTION(mm_block); + + #if ZEND_DEBUG || ZEND_MM_HEAP_PROTECTION + memset(ZEND_MM_DATA_OF(mm_block), 0x5a, mm_block->debug.size); + #endif +- ++#if SUHOSIN_PATCH ++ if (UNEXPECTED(SUHOSIN_CONFIG(SUHOSIN_MM_DESTROY_FREE_MEMORY))) { ++ memset(ZEND_MM_DATA_OF(mm_block), 0x5a, mm_block->info.size); ++ } ++#endif + #if ZEND_MM_CACHE + if (EXPECTED(ZEND_MM_SMALL_SIZE(size)) && EXPECTED(heap->cached < ZEND_MM_CACHE_SIZE)) { + size_t index = ZEND_MM_BUCKET_INDEX(size); + zend_mm_free_block **cache = &heap->cache[index]; + + ((zend_mm_free_block*)mm_block)->prev_free_block = *cache; +- *cache = (zend_mm_free_block*)mm_block; ++ *cache = (zend_mm_free_block*)SUHOSIN_MANGLE_PTR(mm_block); + heap->cached += size; + ZEND_MM_SET_MAGIC(mm_block, MEM_BLOCK_CACHED); + #if ZEND_MM_CACHE_STAT +@@ -2116,6 +2292,9 @@ static void _zend_mm_free_int(zend_mm_he + HANDLE_UNBLOCK_INTERRUPTIONS(); + } + ++#if SUHOSIN_PATCH ++void *_zend_mm_realloc_canary_int(zend_mm_heap_canary *heap, void *p, size_t size ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC); ++#endif + static void *_zend_mm_realloc_int(zend_mm_heap *heap, void *p, size_t size ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC) + { + zend_mm_block *mm_block = ZEND_MM_HEADER_OF(p); +@@ -2127,7 +2306,11 @@ static void *_zend_mm_realloc_int(zend_m + TSRMLS_FETCH(); + #endif + if (UNEXPECTED(!p) || !ZEND_MM_VALID_PTR(p)) { ++#ifdef SUHOSIN_MM_WITH_CANARY_PROTECTION ++ return _zend_mm_alloc_canary_int(heap, size ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC); ++#else + return _zend_mm_alloc_int(heap, size ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC); ++#endif + } + + HANDLE_BLOCK_INTERRUPTIONS(); +@@ -2135,6 +2318,9 @@ static void *_zend_mm_realloc_int(zend_m + mm_block = ZEND_MM_HEADER_OF(p); + true_size = ZEND_MM_TRUE_SIZE(size); + orig_size = ZEND_MM_BLOCK_SIZE(mm_block); ++#if SUHOSIN_PATCH ++ SUHOSIN_MM_CHECK_CANARIES(mm_block, "erealloc()"); ++#endif + ZEND_MM_CHECK_PROTECTION(mm_block); + + if (UNEXPECTED(true_size < size)) { +@@ -2165,6 +2351,11 @@ static void *_zend_mm_realloc_int(zend_m + } + ZEND_MM_SET_DEBUG_INFO(mm_block, size, 0, 0); + HANDLE_UNBLOCK_INTERRUPTIONS(); ++#if SUHOSIN_PATCH ++ SUHOSIN_MM_SET_CANARIES(mm_block); ++ ((zend_mm_block*)mm_block)->info.size = size; ++ SUHOSIN_MM_SET_END_CANARY(mm_block); ++#endif + return p; + } + +@@ -2180,17 +2371,22 @@ static void *_zend_mm_realloc_int(zend_m + heap->cache_stat[index].count--; + heap->cache_stat[index].hit++; + #endif +- best_fit = heap->cache[index]; ++ best_fit = SUHOSIN_MANGLE_PTR(heap->cache[index]); + heap->cache[index] = best_fit->prev_free_block; + ZEND_MM_CHECK_MAGIC(best_fit, MEM_BLOCK_CACHED); +- ZEND_MM_SET_DEBUG_INFO(best_fit, size, 1, 0); +- ++ ZEND_MM_SET_DEBUG_INFO(best_fit, size, 1, 0); ++#if SUHOSIN_PATCH ++ SUHOSIN_MM_SET_CANARIES(best_fit); ++ ((zend_mm_block*)best_fit)->info.size = size; ++ SUHOSIN_MM_SET_END_CANARY(best_fit); ++#endif ++ + ptr = ZEND_MM_DATA_OF(best_fit); + + #if ZEND_DEBUG || ZEND_MM_HEAP_PROTECTION + memcpy(ptr, p, mm_block->debug.size); + #else +- memcpy(ptr, p, orig_size - ZEND_MM_ALIGNED_HEADER_SIZE); ++ memcpy(ptr, p, orig_size - ZEND_MM_ALIGNED_HEADER_SIZE - CANARY_SIZE); + #endif + + heap->cached -= true_size - orig_size; +@@ -2199,7 +2395,7 @@ static void *_zend_mm_realloc_int(zend_m + cache = &heap->cache[index]; + + ((zend_mm_free_block*)mm_block)->prev_free_block = *cache; +- *cache = (zend_mm_free_block*)mm_block; ++ *cache = (zend_mm_free_block*)SUHOSIN_MANGLE_PTR(mm_block); + ZEND_MM_SET_MAGIC(mm_block, MEM_BLOCK_CACHED); + #if ZEND_MM_CACHE_STAT + if (++heap->cache_stat[index].count > heap->cache_stat[index].max_count) { +@@ -2249,6 +2445,11 @@ static void *_zend_mm_realloc_int(zend_m + heap->peak = heap->size; + } + HANDLE_UNBLOCK_INTERRUPTIONS(); ++#if SUHOSIN_PATCH ++ SUHOSIN_MM_SET_CANARIES(mm_block); ++ ((zend_mm_block*)mm_block)->info.size = size; ++ SUHOSIN_MM_SET_END_CANARY(mm_block); ++#endif + return p; + } else if (ZEND_MM_IS_FIRST_BLOCK(mm_block) && + ZEND_MM_IS_GUARD_BLOCK(ZEND_MM_BLOCK_AT(next_block, ZEND_MM_FREE_BLOCK_SIZE(next_block)))) { +@@ -2349,39 +2550,75 @@ out_of_memory: + } + + HANDLE_UNBLOCK_INTERRUPTIONS(); ++#if SUHOSIN_PATCH ++ SUHOSIN_MM_SET_CANARIES(mm_block); ++ ((zend_mm_block*)mm_block)->info.size = size; ++ SUHOSIN_MM_SET_END_CANARY(mm_block); ++#endif + return ZEND_MM_DATA_OF(mm_block); + } + ++#ifdef SUHOSIN_MM_WITH_CANARY_PROTECTION ++ ptr = _zend_mm_alloc_canary_int(heap, size ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC); ++#else + ptr = _zend_mm_alloc_int(heap, size ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC); ++#endif + #if ZEND_DEBUG || ZEND_MM_HEAP_PROTECTION + memcpy(ptr, p, mm_block->debug.size); + #else +- memcpy(ptr, p, orig_size - ZEND_MM_ALIGNED_HEADER_SIZE); ++ memcpy(ptr, p, orig_size - ZEND_MM_ALIGNED_HEADER_SIZE - CANARY_SIZE); ++#endif ++#ifdef SUHOSIN_MM_WITH_CANARY_PROTECTION ++ _zend_mm_free_canary_int(heap, p ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC); ++#else ++ _zend_mm_free_int(heap, p ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC); + #endif +- _zend_mm_free_int(heap, p ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC); + HANDLE_UNBLOCK_INTERRUPTIONS(); + return ptr; + } + ++#ifndef SUHOSIN_MM_CLONE_FILE + ZEND_API void *_zend_mm_alloc(zend_mm_heap *heap, size_t size ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC) + { +- return _zend_mm_alloc_int(heap, size ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC); ++#if SUHOSIN_PATCH ++ if (UNEXPECTED(SUHOSIN_CONFIG(SUHOSIN_MM_USE_CANARY_PROTECTION) == 0)) ++#endif ++ return _zend_mm_alloc_int(heap, size ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC); ++#if SUHOSIN_PATCH ++ return _zend_mm_alloc_canary_int((zend_mm_heap_canary *)heap, size ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC); ++#endif + } + + ZEND_API void _zend_mm_free(zend_mm_heap *heap, void *p ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC) + { +- _zend_mm_free_int(heap, p ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC); ++#if SUHOSIN_PATCH ++ if (UNEXPECTED(SUHOSIN_CONFIG(SUHOSIN_MM_USE_CANARY_PROTECTION) == 0)) ++#endif ++ { _zend_mm_free_int(heap, p ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC); return; } ++#if SUHOSIN_PATCH ++ _zend_mm_free_canary_int((zend_mm_heap_canary *)heap, p ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC); ++#endif + } + + ZEND_API void *_zend_mm_realloc(zend_mm_heap *heap, void *ptr, size_t size ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC) + { +- return _zend_mm_realloc_int(heap, ptr, size ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC); ++#if SUHOSIN_PATCH ++ if (UNEXPECTED(SUHOSIN_CONFIG(SUHOSIN_MM_USE_CANARY_PROTECTION) == 0)) ++#endif ++ return _zend_mm_realloc_int(heap, ptr, size ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC); ++#if SUHOSIN_PATCH ++ return _zend_mm_realloc_canary_int((zend_mm_heap_canary *)heap, ptr, size ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC); ++#endif + } + + ZEND_API size_t _zend_mm_block_size(zend_mm_heap *heap, void *p ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC) + { + zend_mm_block *mm_block; + ++ if (SUHOSIN_CONFIG(SUHOSIN_MM_USE_CANARY_PROTECTION) != 0) { ++ return _zend_mm_block_size_canary((zend_mm_heap_canary *)heap, p ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC); ++ } ++ + if (!ZEND_MM_VALID_PTR(p)) { + return 0; + } +@@ -2393,6 +2630,24 @@ ZEND_API size_t _zend_mm_block_size(zend + return ZEND_MM_BLOCK_SIZE(mm_block); + #endif + } ++#else ++ZEND_API size_t _zend_mm_block_size_canary(zend_mm_heap *heap, void *p ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC) ++{ ++ zend_mm_block *mm_block; ++ ++ if (!ZEND_MM_VALID_PTR(p)) { ++ return 0; ++ } ++ mm_block = ZEND_MM_HEADER_OF(p); ++ ZEND_MM_CHECK_PROTECTION(mm_block); ++#if ZEND_DEBUG || ZEND_MM_HEAP_PROTECTION ++ return mm_block->debug.size; ++#else ++ return ZEND_MM_BLOCK_SIZE(mm_block); ++#endif ++} ++ ++#endif + + /**********************/ + /* Allocation Manager */ +@@ -2410,6 +2665,7 @@ static int alloc_globals_id; + static zend_alloc_globals alloc_globals; + #endif + ++#ifndef SUHOSIN_MM_CLONE_FILE + ZEND_API int is_zend_mm(TSRMLS_D) + { + return AG(mm_heap)->use_zend_alloc; +@@ -2422,7 +2678,13 @@ ZEND_API void *_emalloc(size_t size ZEND + if (UNEXPECTED(!AG(mm_heap)->use_zend_alloc)) { + return AG(mm_heap)->_malloc(size); + } ++#if SUHOSIN_PATCH ++ if (UNEXPECTED(SUHOSIN_CONFIG(SUHOSIN_MM_USE_CANARY_PROTECTION) == 0)) ++#endif + return _zend_mm_alloc_int(AG(mm_heap), size ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC); ++#if SUHOSIN_PATCH ++ return _zend_mm_alloc_canary_int((zend_mm_heap_canary *)AG(mm_heap), size ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC); ++#endif + } + + ZEND_API void _efree(void *ptr ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC) +@@ -2433,7 +2695,13 @@ ZEND_API void _efree(void *ptr ZEND_FILE + AG(mm_heap)->_free(ptr); + return; + } +- _zend_mm_free_int(AG(mm_heap), ptr ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC); ++#if SUHOSIN_PATCH ++ if (UNEXPECTED(SUHOSIN_CONFIG(SUHOSIN_MM_USE_CANARY_PROTECTION) == 0)) ++#endif ++ { _zend_mm_free_int(AG(mm_heap), ptr ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC); return; } ++#if SUHOSIN_PATCH ++ _zend_mm_free_canary_int((zend_mm_heap_canary *)AG(mm_heap), ptr ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC); ++#endif + } + + ZEND_API void *_erealloc(void *ptr, size_t size, int allow_failure ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC) +@@ -2443,7 +2711,13 @@ ZEND_API void *_erealloc(void *ptr, size + if (UNEXPECTED(!AG(mm_heap)->use_zend_alloc)) { + return AG(mm_heap)->_realloc(ptr, size); + } ++#if SUHOSIN_PATCH ++ if (UNEXPECTED(SUHOSIN_CONFIG(SUHOSIN_MM_USE_CANARY_PROTECTION) == 0)) ++#endif + return _zend_mm_realloc_int(AG(mm_heap), ptr, size ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC); ++#if SUHOSIN_PATCH ++ return _zend_mm_realloc_canary_int((zend_mm_heap_canary *)AG(mm_heap), ptr, size ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC); ++#endif + } + + ZEND_API size_t _zend_mem_block_size(void *ptr TSRMLS_DC ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC) +@@ -2451,8 +2725,15 @@ ZEND_API size_t _zend_mem_block_size(voi + if (UNEXPECTED(!AG(mm_heap)->use_zend_alloc)) { + return 0; + } +- return _zend_mm_block_size(AG(mm_heap), ptr ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC); ++#if SUHOSIN_PATCH ++ if (UNEXPECTED(SUHOSIN_CONFIG(SUHOSIN_MM_USE_CANARY_PROTECTION) == 0)) ++#endif ++ return _zend_mm_block_size(AG(mm_heap), ptr ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC); ++#if SUHOSIN_PATCH ++ return _zend_mm_block_size_canary((zend_mm_heap_canary *)AG(mm_heap), ptr ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC); ++#endif + } ++#endif + + #if defined(__GNUC__) && defined(i386) + +@@ -2523,7 +2804,7 @@ static inline size_t safe_address(size_t + } + #endif + +- ++#ifndef SUHOSIN_MM_CLONE_FILE + ZEND_API void *_safe_emalloc(size_t nmemb, size_t size, size_t offset ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC) + { + return emalloc_rel(safe_address(nmemb, size, offset)); +@@ -2663,6 +2944,7 @@ ZEND_API void shutdown_memory_manager(in + { + zend_mm_shutdown(AG(mm_heap), full_shutdown, silent TSRMLS_CC); + } ++#endif + + static void alloc_globals_ctor(zend_alloc_globals *alloc_globals TSRMLS_DC) + { +@@ -2687,6 +2969,7 @@ static void alloc_globals_dtor(zend_allo + } + #endif + ++#ifndef SUHOSIN_MM_CLONE_FILE + ZEND_API void start_memory_manager(TSRMLS_D) + { + #ifdef ZTS +@@ -2751,6 +3034,7 @@ ZEND_API void _full_mem_check(int silent + zend_debug_alloc_output("------------------------------------------------\n"); + } + #endif ++#endif + + /* + * Local variables: +--- a/Zend/zend_alloc.h ++++ b/Zend/zend_alloc.h +@@ -189,6 +189,8 @@ END_EXTERN_C() + + /* Heap functions */ + typedef struct _zend_mm_heap zend_mm_heap; ++typedef struct _zend_mm_heap_canary zend_mm_heap_canary; ++ + + ZEND_API zend_mm_heap *zend_mm_startup(void); + ZEND_API void zend_mm_shutdown(zend_mm_heap *heap, int full_shutdown, int silent TSRMLS_DC); +--- /dev/null ++++ b/Zend/zend_alloc_canary.c +@@ -0,0 +1,2498 @@ ++/* ++ +----------------------------------------------------------------------+ ++ | Suhosin-Patch for PHP | ++ +----------------------------------------------------------------------+ ++ | Copyright (c) 2004-2010 Stefan Esser | ++ +----------------------------------------------------------------------+ ++ | This source file is subject to version 2.02 of the PHP license, | ++ | that is bundled with this package in the file LICENSE, and is | ++ | available at through the world-wide-web at | ++ | http://www.php.net/license/2_02.txt. | ++ | If you did not receive a copy of the PHP license and are unable to | ++ | obtain it through the world-wide-web, please send a note to | ++ | license@php.net so we can mail you a copy immediately. | ++ +----------------------------------------------------------------------+ ++ | Author: Stefan Esser | ++ +----------------------------------------------------------------------+ ++ */ ++/* $Id: zend_alloc_canary.c, $ */ ++ ++#include "zend.h" ++#include "zend_alloc.h" ++#include "zend_globals.h" ++#include "zend_operators.h" ++ ++#ifdef HAVE_SIGNAL_H ++# include ++#endif ++#ifdef HAVE_UNISTD_H ++# include ++#endif ++ ++#if SUHOSIN_PATCH ++#include "suhosin_patch.h" ++#endif ++ ++#ifdef ZEND_WIN32 ++# include ++# include ++#endif ++ ++#ifndef ZEND_MM_HEAP_PROTECTION ++# define ZEND_MM_HEAP_PROTECTION ZEND_DEBUG ++#endif ++ ++#ifndef ZEND_MM_SAFE_UNLINKING ++# define ZEND_MM_SAFE_UNLINKING 1 ++#endif ++ ++#ifndef ZEND_MM_COOKIES ++# define ZEND_MM_COOKIES ZEND_DEBUG ++#endif ++ ++#ifdef _WIN64 ++# define PTR_FMT "0x%0.16I64x" ++/* ++#elif sizeof(long) == 8 ++# define PTR_FMT "0x%0.16lx" ++*/ ++#else ++# define PTR_FMT "0x%0.8lx" ++#endif ++ ++#define SUHOSIN_MM_WITH_CANARY_PROTECTION 1 ++ ++#if (defined (__GNUC__) && __GNUC__ > 2 ) && !defined(__INTEL_COMPILER) && !defined(DARWIN) && !defined(__hpux) && !defined(_AIX) ++static void zend_mm_panic(const char *message) __attribute__ ((noreturn)); ++#endif ++ ++static void zend_mm_panic(const char *message) ++{ ++ fprintf(stderr, "%s\n", message); ++/* See http://support.microsoft.com/kb/190351 */ ++#ifdef PHP_WIN32 ++ fflush(stderr); ++#endif ++#if ZEND_DEBUG && defined(HAVE_KILL) && defined(HAVE_GETPID) ++ kill(getpid(), SIGSEGV); ++#endif ++ exit(1); ++} ++ ++/*******************/ ++/* Storage Manager */ ++/*******************/ ++ ++#ifdef ZEND_WIN32 ++# define HAVE_MEM_WIN32 /* use VirtualAlloc() to allocate memory */ ++#endif ++#define HAVE_MEM_MALLOC /* use malloc() to allocate segments */ ++ ++#include ++#include ++#if HAVE_LIMITS_H ++#include ++#endif ++#include ++#include ++ ++#if defined(HAVE_MEM_MMAP_ANON) || defined(HAVE_MEM_MMAP_ZERO) ++# ifdef HAVE_MREMAP ++# ifndef _GNU_SOURCE ++# define _GNU_SOURCE ++# endif ++# ifndef __USE_GNU ++# define __USE_GNU ++# endif ++# endif ++# include ++# ifndef MAP_ANON ++# ifdef MAP_ANONYMOUS ++# define MAP_ANON MAP_ANONYMOUS ++# endif ++# endif ++# ifndef MREMAP_MAYMOVE ++# define MREMAP_MAYMOVE 0 ++# endif ++# ifndef MAP_FAILED ++# define MAP_FAILED ((void*)-1) ++# endif ++#endif ++ ++static zend_intptr_t SUHOSIN_POINTER_GUARD = 0; ++ ++static zend_mm_storage* zend_mm_mem_dummy_init(void *params) ++{ ++ return malloc(sizeof(zend_mm_storage)); ++} ++ ++static void zend_mm_mem_dummy_dtor(zend_mm_storage *storage) ++{ ++ free(storage); ++} ++ ++static void zend_mm_mem_dummy_compact(zend_mm_storage *storage) ++{ ++} ++ ++#if defined(HAVE_MEM_MMAP_ANON) || defined(HAVE_MEM_MMAP_ZERO) ++ ++static zend_mm_segment* zend_mm_mem_mmap_realloc(zend_mm_storage *storage, zend_mm_segment* segment, size_t size) ++{ ++ zend_mm_segment *ret; ++#ifdef HAVE_MREMAP ++#if defined(__NetBSD__) ++ /* NetBSD 5 supports mremap but takes an extra newp argument */ ++ ret = (zend_mm_segment*)mremap(segment, segment->size, segment, size, MREMAP_MAYMOVE); ++#else ++ ret = (zend_mm_segment*)mremap(segment, segment->size, size, MREMAP_MAYMOVE); ++#endif ++ if (ret == MAP_FAILED) { ++#endif ++ ret = storage->handlers->_alloc(storage, size); ++ if (ret) { ++ memcpy(ret, segment, size > segment->size ? segment->size : size); ++ storage->handlers->_free(storage, segment); ++ } ++#ifdef HAVE_MREMAP ++ } ++#endif ++ return ret; ++} ++ ++static void zend_mm_mem_mmap_free(zend_mm_storage *storage, zend_mm_segment* segment) ++{ ++ munmap((void*)segment, segment->size); ++} ++ ++#endif ++ ++#ifdef HAVE_MEM_MMAP_ANON ++ ++static zend_mm_segment* zend_mm_mem_mmap_anon_alloc(zend_mm_storage *storage, size_t size) ++{ ++ zend_mm_segment *ret = (zend_mm_segment*)mmap(NULL, size, PROT_READ | PROT_WRITE, MAP_PRIVATE | MAP_ANON, -1, 0); ++ if (ret == MAP_FAILED) { ++ ret = NULL; ++ } ++ return ret; ++} ++ ++# define ZEND_MM_MEM_MMAP_ANON_DSC {"mmap_anon", zend_mm_mem_dummy_init, zend_mm_mem_dummy_dtor, zend_mm_mem_dummy_compact, zend_mm_mem_mmap_anon_alloc, zend_mm_mem_mmap_realloc, zend_mm_mem_mmap_free} ++ ++#endif ++ ++#ifdef HAVE_MEM_MMAP_ZERO ++ ++static int zend_mm_dev_zero_fd = -1; ++ ++static zend_mm_storage* zend_mm_mem_mmap_zero_init(void *params) ++{ ++ if (zend_mm_dev_zero_fd != -1) { ++ zend_mm_dev_zero_fd = open("/dev/zero", O_RDWR, S_IRUSR | S_IWUSR); ++ } ++ if (zend_mm_dev_zero_fd >= 0) { ++ return malloc(sizeof(zend_mm_storage)); ++ } else { ++ return NULL; ++ } ++} ++ ++static void zend_mm_mem_mmap_zero_dtor(zend_mm_storage *storage) ++{ ++ close(zend_mm_dev_zero_fd); ++ free(storage); ++} ++ ++static zend_mm_segment* zend_mm_mem_mmap_zero_alloc(zend_mm_storage *storage, size_t size) ++{ ++ zend_mm_segment *ret = (zend_mm_segment*)mmap(NULL, size, PROT_READ | PROT_WRITE, MAP_PRIVATE, zend_mm_dev_zero_fd, 0); ++ if (ret == MAP_FAILED) { ++ ret = NULL; ++ } ++ return ret; ++} ++ ++# define ZEND_MM_MEM_MMAP_ZERO_DSC {"mmap_zero", zend_mm_mem_mmap_zero_init, zend_mm_mem_mmap_zero_dtor, zend_mm_mem_dummy_compact, zend_mm_mem_mmap_zero_alloc, zend_mm_mem_mmap_realloc, zend_mm_mem_mmap_free} ++ ++#endif ++ ++#ifdef HAVE_MEM_WIN32 ++ ++static zend_mm_storage* zend_mm_mem_win32_init(void *params) ++{ ++ HANDLE heap = HeapCreate(HEAP_NO_SERIALIZE, 0, 0); ++ zend_mm_storage* storage; ++ ++ if (heap == NULL) { ++ return NULL; ++ } ++ storage = (zend_mm_storage*)malloc(sizeof(zend_mm_storage)); ++ storage->data = (void*) heap; ++ return storage; ++} ++ ++static void zend_mm_mem_win32_dtor(zend_mm_storage *storage) ++{ ++ HeapDestroy((HANDLE)storage->data); ++ free(storage); ++} ++ ++static void zend_mm_mem_win32_compact(zend_mm_storage *storage) ++{ ++ HeapDestroy((HANDLE)storage->data); ++ storage->data = (void*)HeapCreate(HEAP_NO_SERIALIZE, 0, 0); ++} ++ ++static zend_mm_segment* zend_mm_mem_win32_alloc(zend_mm_storage *storage, size_t size) ++{ ++ return (zend_mm_segment*) HeapAlloc((HANDLE)storage->data, HEAP_NO_SERIALIZE, size); ++} ++ ++static void zend_mm_mem_win32_free(zend_mm_storage *storage, zend_mm_segment* segment) ++{ ++ HeapFree((HANDLE)storage->data, HEAP_NO_SERIALIZE, segment); ++} ++ ++static zend_mm_segment* zend_mm_mem_win32_realloc(zend_mm_storage *storage, zend_mm_segment* segment, size_t size) ++{ ++ return (zend_mm_segment*) HeapReAlloc((HANDLE)storage->data, HEAP_NO_SERIALIZE, segment, size); ++} ++ ++# define ZEND_MM_MEM_WIN32_DSC {"win32", zend_mm_mem_win32_init, zend_mm_mem_win32_dtor, zend_mm_mem_win32_compact, zend_mm_mem_win32_alloc, zend_mm_mem_win32_realloc, zend_mm_mem_win32_free} ++ ++#endif ++ ++#ifdef HAVE_MEM_MALLOC ++ ++static zend_mm_segment* zend_mm_mem_malloc_alloc(zend_mm_storage *storage, size_t size) ++{ ++ return (zend_mm_segment*)malloc(size); ++} ++ ++static zend_mm_segment* zend_mm_mem_malloc_realloc(zend_mm_storage *storage, zend_mm_segment *ptr, size_t size) ++{ ++ return (zend_mm_segment*)realloc(ptr, size); ++} ++ ++static void zend_mm_mem_malloc_free(zend_mm_storage *storage, zend_mm_segment *ptr) ++{ ++ free(ptr); ++} ++ ++# define ZEND_MM_MEM_MALLOC_DSC {"malloc", zend_mm_mem_dummy_init, zend_mm_mem_dummy_dtor, zend_mm_mem_dummy_compact, zend_mm_mem_malloc_alloc, zend_mm_mem_malloc_realloc, zend_mm_mem_malloc_free} ++ ++#endif ++ ++static const zend_mm_mem_handlers mem_handlers[] = { ++#ifdef HAVE_MEM_WIN32 ++ ZEND_MM_MEM_WIN32_DSC, ++#endif ++#ifdef HAVE_MEM_MALLOC ++ ZEND_MM_MEM_MALLOC_DSC, ++#endif ++#ifdef HAVE_MEM_MMAP_ANON ++ ZEND_MM_MEM_MMAP_ANON_DSC, ++#endif ++#ifdef HAVE_MEM_MMAP_ZERO ++ ZEND_MM_MEM_MMAP_ZERO_DSC, ++#endif ++ {NULL, NULL, NULL, NULL, NULL, NULL} ++}; ++ ++# define ZEND_MM_STORAGE_DTOR() heap->storage->handlers->dtor(heap->storage) ++# define ZEND_MM_STORAGE_ALLOC(size) heap->storage->handlers->_alloc(heap->storage, size) ++# define ZEND_MM_STORAGE_REALLOC(ptr, size) heap->storage->handlers->_realloc(heap->storage, ptr, size) ++# define ZEND_MM_STORAGE_FREE(ptr) heap->storage->handlers->_free(heap->storage, ptr) ++ ++/****************/ ++/* Heap Manager */ ++/****************/ ++ ++#define MEM_BLOCK_VALID 0x7312F8DC ++#define MEM_BLOCK_FREED 0x99954317 ++#define MEM_BLOCK_CACHED 0xFB8277DC ++#define MEM_BLOCK_GUARD 0x2A8FCC84 ++#define MEM_BLOCK_LEAK 0x6C5E8F2D ++ ++#if SUHOSIN_MM_WITH_CANARY_PROTECTION ++# define CANARY_SIZE sizeof(size_t) ++#else ++# define CANARY_SIZE 0 ++#endif ++ ++/* mm block type */ ++typedef struct _zend_mm_block_info_canary { ++#if ZEND_MM_COOKIES ++ size_t _cookie; ++#endif ++#if SUHOSIN_MM_WITH_CANARY_PROTECTION ++ size_t canary_1; ++#endif ++ size_t _size; ++ size_t _prev; ++#if SUHOSIN_PATCH ++ size_t size; ++#if SUHOSIN_MM_WITH_CANARY_PROTECTION ++ size_t canary_2; ++#endif ++#endif ++} zend_mm_block_info_canary; ++ ++#if ZEND_DEBUG ++ ++typedef struct _zend_mm_debug_info_canary { ++ char *filename; ++ uint lineno; ++ char *orig_filename; ++ uint orig_lineno; ++ size_t size; ++#if ZEND_MM_HEAP_PROTECTION ++ unsigned int start_magic; ++#endif ++} zend_mm_debug_info_canary; ++ ++#elif ZEND_MM_HEAP_PROTECTION ++ ++typedef struct _zend_mm_debug_info_canary { ++ size_t size; ++ unsigned int start_magic; ++} zend_mm_debug_info_canary; ++ ++#endif ++ ++typedef struct _zend_mm_block_canary { ++ zend_mm_block_info_canary info; ++#if ZEND_DEBUG ++ unsigned int magic; ++# ifdef ZTS ++ THREAD_T thread_id; ++# endif ++ zend_mm_debug_info_canary debug; ++#elif ZEND_MM_HEAP_PROTECTION ++ zend_mm_debug_info_canary debug; ++#endif ++} zend_mm_block_canary; ++ ++typedef struct _zend_mm_small_free_block_canary { ++ zend_mm_block_info_canary info; ++#if ZEND_DEBUG ++ unsigned int magic; ++# ifdef ZTS ++ THREAD_T thread_id; ++# endif ++#endif ++ struct _zend_mm_free_block_canary *prev_free_block; ++ struct _zend_mm_free_block_canary *next_free_block; ++} zend_mm_small_free_block_canary; ++ ++typedef struct _zend_mm_free_block_canary { ++ zend_mm_block_info_canary info; ++#if ZEND_DEBUG ++ unsigned int magic; ++# ifdef ZTS ++ THREAD_T thread_id; ++# endif ++#endif ++ struct _zend_mm_free_block_canary *prev_free_block; ++ struct _zend_mm_free_block_canary *next_free_block; ++ ++ struct _zend_mm_free_block_canary **parent; ++ struct _zend_mm_free_block_canary *child[2]; ++} zend_mm_free_block_canary; ++ ++#define ZEND_MM_NUM_BUCKETS (sizeof(size_t) << 3) ++ ++#define ZEND_MM_CACHE 1 ++#define ZEND_MM_CACHE_SIZE (ZEND_MM_NUM_BUCKETS * 4 * 1024) ++ ++#ifndef ZEND_MM_CACHE_STAT ++# define ZEND_MM_CACHE_STAT 0 ++#endif ++ ++typedef struct _zend_mm_heap_canary { ++ int use_zend_alloc; ++ void *(*_malloc)(size_t); ++ void (*_free)(void*); ++ void *(*_realloc)(void*, size_t); ++ size_t free_bitmap; ++ size_t large_free_bitmap; ++ size_t block_size; ++ size_t compact_size; ++ zend_mm_segment *segments_list; ++ zend_mm_storage *storage; ++ size_t real_size; ++ size_t real_peak; ++ size_t limit; ++ size_t size; ++ size_t peak; ++ size_t reserve_size; ++ void *reserve; ++ int overflow; ++ int internal; ++#if ZEND_MM_CACHE ++ unsigned int cached; ++ zend_mm_free_block_canary *cache[ZEND_MM_NUM_BUCKETS]; ++#endif ++ zend_mm_free_block_canary *free_buckets[ZEND_MM_NUM_BUCKETS*2]; ++ zend_mm_free_block_canary *large_free_buckets[ZEND_MM_NUM_BUCKETS]; ++ zend_mm_free_block_canary *rest_buckets[2]; ++#if ZEND_MM_CACHE_STAT ++ struct { ++ int count; ++ int max_count; ++ int hit; ++ int miss; ++ } cache_stat[ZEND_MM_NUM_BUCKETS+1]; ++#endif ++#if SUHOSIN_PATCH ++ size_t canary_1,canary_2,canary_3; ++#endif ++}; ++ ++#define ZEND_MM_SMALL_FREE_BUCKET(heap, index) \ ++ (zend_mm_free_block_canary*) ((char*)&heap->free_buckets[index * 2] + \ ++ sizeof(zend_mm_free_block_canary*) * 2 - \ ++ sizeof(zend_mm_small_free_block_canary)) ++ ++#define ZEND_MM_REST_BUCKET(heap) \ ++ (zend_mm_free_block_canary*)((char*)&heap->rest_buckets[0] + \ ++ sizeof(zend_mm_free_block_canary*) * 2 - \ ++ sizeof(zend_mm_small_free_block_canary)) ++ ++#if ZEND_MM_COOKIES ++ ++static unsigned int _zend_mm_cookie = 0; ++ ++# define ZEND_MM_COOKIE(block) \ ++ (((size_t)(block)) ^ _zend_mm_cookie) ++# define ZEND_MM_SET_COOKIE(block) \ ++ (block)->info._cookie = ZEND_MM_COOKIE(block) ++# define ZEND_MM_CHECK_COOKIE(block) \ ++ if (UNEXPECTED((block)->info._cookie != ZEND_MM_COOKIE(block))) { \ ++ zend_mm_panic("zend_mm_heap corrupted"); \ ++ } ++#else ++# define ZEND_MM_SET_COOKIE(block) ++# define ZEND_MM_CHECK_COOKIE(block) ++#endif ++ ++/* Default memory segment size */ ++#define ZEND_MM_SEG_SIZE (256 * 1024) ++ ++/* Reserved space for error reporting in case of memory overflow */ ++#define ZEND_MM_RESERVE_SIZE (8*1024) ++ ++#ifdef _WIN64 ++# define ZEND_MM_LONG_CONST(x) (x##i64) ++#else ++# define ZEND_MM_LONG_CONST(x) (x##L) ++#endif ++ ++#define ZEND_MM_TYPE_MASK ZEND_MM_LONG_CONST(0x3) ++ ++#define ZEND_MM_FREE_BLOCK ZEND_MM_LONG_CONST(0x0) ++#define ZEND_MM_USED_BLOCK ZEND_MM_LONG_CONST(0x1) ++#define ZEND_MM_GUARD_BLOCK ZEND_MM_LONG_CONST(0x3) ++ ++#define ZEND_MM_BLOCK(b, type, size) do { \ ++ size_t _size = (size); \ ++ (b)->info._size = (type) | _size; \ ++ ZEND_MM_BLOCK_AT(b, _size)->info._prev = (type) | _size; \ ++ ZEND_MM_SET_COOKIE(b); \ ++ } while (0); ++#define ZEND_MM_LAST_BLOCK(b) do { \ ++ (b)->info._size = ZEND_MM_GUARD_BLOCK | ZEND_MM_ALIGNED_HEADER_SIZE; \ ++ ZEND_MM_SET_MAGIC(b, MEM_BLOCK_GUARD); \ ++ } while (0); ++#define ZEND_MM_BLOCK_SIZE(b) ((b)->info._size & ~ZEND_MM_TYPE_MASK) ++#define ZEND_MM_IS_FREE_BLOCK(b) (!((b)->info._size & ZEND_MM_USED_BLOCK)) ++#define ZEND_MM_IS_USED_BLOCK(b) ((b)->info._size & ZEND_MM_USED_BLOCK) ++#define ZEND_MM_IS_GUARD_BLOCK(b) (((b)->info._size & ZEND_MM_TYPE_MASK) == ZEND_MM_GUARD_BLOCK) ++ ++#define ZEND_MM_NEXT_BLOCK(b) ZEND_MM_BLOCK_AT(b, ZEND_MM_BLOCK_SIZE(b)) ++#define ZEND_MM_PREV_BLOCK(b) ZEND_MM_BLOCK_AT(b, -(int)((b)->info._prev & ~ZEND_MM_TYPE_MASK)) ++ ++#define ZEND_MM_PREV_BLOCK_IS_FREE(b) (!((b)->info._prev & ZEND_MM_USED_BLOCK)) ++ ++#define ZEND_MM_MARK_FIRST_BLOCK(b) ((b)->info._prev = ZEND_MM_GUARD_BLOCK) ++#define ZEND_MM_IS_FIRST_BLOCK(b) ((b)->info._prev == ZEND_MM_GUARD_BLOCK) ++ ++/* optimized access */ ++#define ZEND_MM_FREE_BLOCK_SIZE(b) (b)->info._size ++ ++#ifndef ZEND_MM_ALIGNMENT ++# define ZEND_MM_ALIGNMENT 8 ++# define ZEND_MM_ALIGNMENT_LOG2 3 ++#elif ZEND_MM_ALIGNMENT < 4 ++# undef ZEND_MM_ALIGNMENT ++# undef ZEND_MM_ALIGNMENT_LOG2 ++# define ZEND_MM_ALIGNMENT 4 ++# define ZEND_MM_ALIGNMENT_LOG2 2 ++#endif ++ ++#define ZEND_MM_ALIGNMENT_MASK ~(ZEND_MM_ALIGNMENT-1) ++ ++/* Aligned header size */ ++#define ZEND_MM_ALIGNED_SIZE(size) ((size + ZEND_MM_ALIGNMENT - 1) & ZEND_MM_ALIGNMENT_MASK) ++#define ZEND_MM_ALIGNED_HEADER_SIZE ZEND_MM_ALIGNED_SIZE(sizeof(zend_mm_block_canary)) ++#define ZEND_MM_ALIGNED_FREE_HEADER_SIZE ZEND_MM_ALIGNED_SIZE(sizeof(zend_mm_small_free_block_canary)) ++#define ZEND_MM_MIN_ALLOC_BLOCK_SIZE ZEND_MM_ALIGNED_SIZE(ZEND_MM_ALIGNED_HEADER_SIZE + END_MAGIC_SIZE + CANARY_SIZE) ++#define ZEND_MM_ALIGNED_MIN_HEADER_SIZE (ZEND_MM_MIN_ALLOC_BLOCK_SIZE>ZEND_MM_ALIGNED_FREE_HEADER_SIZE?ZEND_MM_MIN_ALLOC_BLOCK_SIZE:ZEND_MM_ALIGNED_FREE_HEADER_SIZE) ++#define ZEND_MM_ALIGNED_SEGMENT_SIZE ZEND_MM_ALIGNED_SIZE(sizeof(zend_mm_segment)) ++ ++#define ZEND_MM_MIN_SIZE ((ZEND_MM_ALIGNED_MIN_HEADER_SIZE>(ZEND_MM_ALIGNED_HEADER_SIZE+END_MAGIC_SIZE+CANARY_SIZE))?(ZEND_MM_ALIGNED_MIN_HEADER_SIZE-(ZEND_MM_ALIGNED_HEADER_SIZE+END_MAGIC_SIZE+CANARY_SIZE)):0) ++ ++#define ZEND_MM_MAX_SMALL_SIZE ((ZEND_MM_NUM_BUCKETS<>ZEND_MM_ALIGNMENT_LOG2)-(ZEND_MM_ALIGNED_MIN_HEADER_SIZE>>ZEND_MM_ALIGNMENT_LOG2)) ++ ++#define ZEND_MM_SMALL_SIZE(true_size) (true_size < ZEND_MM_MAX_SMALL_SIZE) ++ ++/* Memory calculations */ ++#define ZEND_MM_BLOCK_AT(blk, offset) ((zend_mm_block_canary *) (((char *) (blk))+(offset))) ++#define ZEND_MM_DATA_OF(p) ((void *) (((char *) (p))+ZEND_MM_ALIGNED_HEADER_SIZE)) ++#define ZEND_MM_HEADER_OF(blk) ZEND_MM_BLOCK_AT(blk, -(int)ZEND_MM_ALIGNED_HEADER_SIZE) ++ ++/* Debug output */ ++#if ZEND_DEBUG ++ ++# ifdef ZTS ++# define ZEND_MM_SET_THREAD_ID(block) \ ++ ((zend_mm_block_canary*)(block))->thread_id = tsrm_thread_id() ++# define ZEND_MM_BAD_THREAD_ID(block) ((block)->thread_id != tsrm_thread_id()) ++# else ++# define ZEND_MM_SET_THREAD_ID(block) ++# define ZEND_MM_BAD_THREAD_ID(block) 0 ++# endif ++ ++# define ZEND_MM_VALID_PTR(block) \ ++ zend_mm_check_ptr(heap, block, 1 ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC) ++ ++# define ZEND_MM_SET_MAGIC(block, val) do { \ ++ (block)->magic = (val); \ ++ } while (0) ++ ++# define ZEND_MM_CHECK_MAGIC(block, val) do { \ ++ if ((block)->magic != (val)) { \ ++ zend_mm_panic("zend_mm_heap corrupted"); \ ++ } \ ++ } while (0) ++ ++# define ZEND_MM_SET_DEBUG_INFO(block, __size, set_valid, set_thread) do { \ ++ ((zend_mm_block_canary*)(block))->debug.filename = __zend_filename; \ ++ ((zend_mm_block_canary*)(block))->debug.lineno = __zend_lineno; \ ++ ((zend_mm_block_canary*)(block))->debug.orig_filename = __zend_orig_filename; \ ++ ((zend_mm_block_canary*)(block))->debug.orig_lineno = __zend_orig_lineno; \ ++ ZEND_MM_SET_BLOCK_SIZE(block, __size); \ ++ if (set_valid) { \ ++ ZEND_MM_SET_MAGIC(block, MEM_BLOCK_VALID); \ ++ } \ ++ if (set_thread) { \ ++ ZEND_MM_SET_THREAD_ID(block); \ ++ } \ ++ } while (0) ++ ++#else ++ ++# define ZEND_MM_VALID_PTR(ptr) EXPECTED(ptr != NULL) ++ ++# define ZEND_MM_SET_MAGIC(block, val) ++ ++# define ZEND_MM_CHECK_MAGIC(block, val) ++ ++# define ZEND_MM_SET_DEBUG_INFO(block, __size, set_valid, set_thread) ZEND_MM_SET_BLOCK_SIZE(block, __size) ++ ++#endif ++ ++#if SUHOSIN_MM_WITH_CANARY_PROTECTION ++ ++# define SUHOSIN_MM_CHECK_CANARIES(block, MFUNCTION) do { \ ++ char *p = SUHOSIN_MM_END_CANARY_PTR(block); size_t check; \ ++ if (((block)->info.canary_1 != heap->canary_1) || ((block)->info.canary_2 != heap->canary_2)) { \ ++ canary_mismatch: \ ++ zend_suhosin_log(S_MEMORY, "canary mismatch on " MFUNCTION " - heap overflow detected at %p", (block)); \ ++ if (SUHOSIN_CONFIG(SUHOSIN_MM_IGNORE_CANARY_VIOLATION) == 0) { _exit(1); } else { (block)->info.canary_1 = heap->canary_1; (block)->info.canary_2 = heap->canary_2; }\ ++ } \ ++ memcpy(&check, p, CANARY_SIZE); \ ++ if (check != heap->canary_3) { \ ++ zend_suhosin_log(S_MEMORY, "end canary mismatch on " MFUNCTION " - heap overflow detected at %p", (block)); \ ++ if (SUHOSIN_CONFIG(SUHOSIN_MM_IGNORE_CANARY_VIOLATION) == 0) { _exit(1); } else { memcpy(p, heap->canary_3, CANARY_SIZE); } \ ++ } \ ++ } while (0) ++ ++# define SUHOSIN_MM_SET_CANARIES(block) do { \ ++ (block)->info.canary_1 = heap->canary_1; \ ++ (block)->info.canary_2 = heap->canary_2; \ ++ } while (0) ++ ++# define SUHOSIN_MM_END_CANARY_PTR(block) \ ++ (char *)(((char*)(ZEND_MM_DATA_OF(block))) + ((zend_mm_block_canary*)(block))->info.size + END_MAGIC_SIZE) ++ ++# define SUHOSIN_MM_SET_END_CANARY(block) do { \ ++ char *p = SUHOSIN_MM_END_CANARY_PTR(block); \ ++ memcpy(p, &heap->canary_3, CANARY_SIZE); \ ++ } while (0) ++ ++#else ++ ++# define SUHOSIN_MM_CHECK_CANARIES(block, MFUNCTION) ++# define SUHOSIN_MM_SET_CANARIES(block) ++# define SUHOSIN_MM_END_CANARY_PTR(block) ++# define SUHOSIN_MM_SET_END_CANARY(block) ++ ++#endif ++ ++ ++#if ZEND_MM_HEAP_PROTECTION ++ ++# define ZEND_MM_CHECK_PROTECTION(block) \ ++ do { \ ++ if ((block)->debug.start_magic != _mem_block_start_magic || \ ++ memcmp(ZEND_MM_END_MAGIC_PTR(block), &_mem_block_end_magic, END_MAGIC_SIZE) != 0) { \ ++ zend_mm_panic("zend_mm_heap corrupted"); \ ++ } \ ++ } while (0) ++ ++# define ZEND_MM_END_MAGIC_PTR(block) \ ++ (((char*)(ZEND_MM_DATA_OF(block))) + ((zend_mm_block_canary*)(block))->debug.size) ++ ++# define END_MAGIC_SIZE sizeof(unsigned int) ++ ++# define ZEND_MM_SET_BLOCK_SIZE(block, __size) do { \ ++ char *p; \ ++ ((zend_mm_block_canary*)(block))->debug.size = (__size); \ ++ p = ZEND_MM_END_MAGIC_PTR(block); \ ++ ((zend_mm_block_canary*)(block))->debug.start_magic = _mem_block_start_magic; \ ++ memcpy(p, &_mem_block_end_magic, END_MAGIC_SIZE); \ ++ } while (0) ++ ++static unsigned int _mem_block_start_magic = 0; ++static unsigned int _mem_block_end_magic = 0; ++ ++#else ++ ++# if ZEND_DEBUG ++# define ZEND_MM_SET_BLOCK_SIZE(block, _size) \ ++ ((zend_mm_block_canary*)(block))->debug.size = (_size) ++# else ++# define ZEND_MM_SET_BLOCK_SIZE(block, _size) ++# endif ++ ++# define ZEND_MM_CHECK_PROTECTION(block) ++ ++# define END_MAGIC_SIZE 0 ++ ++#endif ++ ++#if ZEND_MM_SAFE_UNLINKING ++# define ZEND_MM_CHECK_BLOCK_LINKAGE(block) \ ++ if (UNEXPECTED((block)->info._size != ZEND_MM_BLOCK_AT(block, ZEND_MM_FREE_BLOCK_SIZE(block))->info._prev) || \ ++ UNEXPECTED(!UNEXPECTED(ZEND_MM_IS_FIRST_BLOCK(block)) && \ ++ UNEXPECTED(ZEND_MM_PREV_BLOCK(block)->info._size != (block)->info._prev))) { \ ++ zend_mm_panic("zend_mm_heap corrupted"); \ ++ } ++#define ZEND_MM_CHECK_TREE(block) \ ++ if (UNEXPECTED(*((block)->parent) != (block))) { \ ++ zend_mm_panic("zend_mm_heap corrupted"); \ ++ } ++#else ++# define ZEND_MM_CHECK_BLOCK_LINKAGE(block) ++# define ZEND_MM_CHECK_TREE(block) ++#endif ++ ++#define ZEND_MM_LARGE_BUCKET_INDEX(S) zend_mm_high_bit(S) ++ ++void *_zend_mm_alloc_canary_int(zend_mm_heap_canary *heap, size_t size ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC) ZEND_ATTRIBUTE_MALLOC; ++void _zend_mm_free_canary_int(zend_mm_heap_canary *heap, void *p ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC); ++void *_zend_mm_realloc_canary_int(zend_mm_heap_canary *heap, void *p, size_t size ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC); ++ ++ ++static inline unsigned int zend_mm_high_bit(size_t _size) ++{ ++#if defined(__GNUC__) && defined(i386) ++ unsigned int n; ++ ++ __asm__("bsrl %1,%0\n\t" : "=r" (n) : "rm" (_size)); ++ return n; ++#elif defined(__GNUC__) && defined(__x86_64__) ++ unsigned long n; ++ ++ __asm__("bsrq %1,%0\n\t" : "=r" (n) : "rm" (_size)); ++ return (unsigned int)n; ++#elif defined(_MSC_VER) && defined(_M_IX86) ++ __asm { ++ bsr eax, _size ++ } ++#else ++ unsigned int n = 0; ++ while (_size != 0) { ++ _size = _size >> 1; ++ n++; ++ } ++ return n-1; ++#endif ++} ++ ++static inline unsigned int zend_mm_low_bit(size_t _size) ++{ ++#if defined(__GNUC__) && defined(i386) ++ unsigned int n; ++ ++ __asm__("bsfl %1,%0\n\t" : "=r" (n) : "rm" (_size)); ++ return n; ++#elif defined(__GNUC__) && defined(__x86_64__) ++ unsigned long n; ++ ++ __asm__("bsfq %1,%0\n\t" : "=r" (n) : "rm" (_size)); ++ return (unsigned int)n; ++#elif defined(_MSC_VER) && defined(_M_IX86) ++ __asm { ++ bsf eax, _size ++ } ++#else ++ static const int offset[16] = {4,0,1,0,2,0,1,0,3,0,1,0,2,0,1,0}; ++ unsigned int n; ++ unsigned int index = 0; ++ ++ n = offset[_size & 15]; ++ while (n == 4) { ++ _size >>= 4; ++ index += n; ++ n = offset[_size & 15]; ++ } ++ ++ return index + n; ++#endif ++} ++ ++static void zend_mm_add_to_rest_list(zend_mm_heap_canary *heap, zend_mm_free_block_canary *mm_block) ++{ ++ zend_mm_free_block_canary *prev, *next; ++ ++ ZEND_MM_SET_MAGIC(mm_block, MEM_BLOCK_FREED); ++ ++ if (!ZEND_MM_SMALL_SIZE(ZEND_MM_FREE_BLOCK_SIZE(mm_block))) { ++ mm_block->parent = NULL; ++ } ++ ++ prev = SUHOSIN_MANGLE_PTR(heap->rest_buckets[0]); ++ next = SUHOSIN_MANGLE_PTR(prev->next_free_block); ++ mm_block->prev_free_block = SUHOSIN_MANGLE_PTR(prev); ++ mm_block->next_free_block = SUHOSIN_MANGLE_PTR(next); ++ prev->next_free_block = next->prev_free_block = SUHOSIN_MANGLE_PTR(mm_block); ++} ++ ++static void zend_mm_add_to_free_list(zend_mm_heap_canary *heap, zend_mm_free_block_canary *mm_block) ++{ ++ size_t size; ++ size_t index; ++ ++ ZEND_MM_SET_MAGIC(mm_block, MEM_BLOCK_FREED); ++ ++ size = ZEND_MM_FREE_BLOCK_SIZE(mm_block); ++ if (EXPECTED(!ZEND_MM_SMALL_SIZE(size))) { ++ zend_mm_free_block_canary **p; ++ ++ index = ZEND_MM_LARGE_BUCKET_INDEX(size); ++ p = &heap->large_free_buckets[index]; ++ mm_block->child[0] = mm_block->child[1] = NULL; ++ if (!*p) { ++ *p = mm_block; ++ mm_block->parent = p; ++ mm_block->prev_free_block = mm_block->next_free_block = SUHOSIN_MANGLE_PTR(mm_block); ++ heap->large_free_bitmap |= (ZEND_MM_LONG_CONST(1) << index); ++ } else { ++ size_t m; ++ ++ for (m = size << (ZEND_MM_NUM_BUCKETS - index); ; m <<= 1) { ++ zend_mm_free_block_canary *prev = *p; ++ ++ if (ZEND_MM_FREE_BLOCK_SIZE(prev) != size) { ++ p = &prev->child[(m >> (ZEND_MM_NUM_BUCKETS-1)) & 1]; ++ if (!*p) { ++ *p = mm_block; ++ mm_block->parent = p; ++ mm_block->prev_free_block = mm_block->next_free_block = SUHOSIN_MANGLE_PTR(mm_block); ++ break; ++ } ++ } else { ++ zend_mm_free_block_canary *next = SUHOSIN_MANGLE_PTR(prev->next_free_block); ++ ++ prev->next_free_block = next->prev_free_block = SUHOSIN_MANGLE_PTR(mm_block); ++ mm_block->next_free_block = SUHOSIN_MANGLE_PTR(next); ++ mm_block->prev_free_block = SUHOSIN_MANGLE_PTR(prev); ++ mm_block->parent = NULL; ++ break; ++ } ++ } ++ } ++ } else { ++ zend_mm_free_block_canary *prev, *next; ++ ++ index = ZEND_MM_BUCKET_INDEX(size); ++ ++ prev = ZEND_MM_SMALL_FREE_BUCKET(heap, index); ++ if (SUHOSIN_MANGLE_PTR(prev->prev_free_block) == prev) { ++ heap->free_bitmap |= (ZEND_MM_LONG_CONST(1) << index); ++ } ++ next = SUHOSIN_MANGLE_PTR(prev->next_free_block); ++ ++ mm_block->prev_free_block = SUHOSIN_MANGLE_PTR(prev); ++ mm_block->next_free_block = SUHOSIN_MANGLE_PTR(next); ++ prev->next_free_block = next->prev_free_block = SUHOSIN_MANGLE_PTR(mm_block); ++ } ++} ++ ++static void zend_mm_remove_from_free_list(zend_mm_heap_canary *heap, zend_mm_free_block_canary *mm_block) ++{ ++ zend_mm_free_block_canary *prev = SUHOSIN_MANGLE_PTR(mm_block->prev_free_block); ++ zend_mm_free_block_canary *next = SUHOSIN_MANGLE_PTR(mm_block->next_free_block); ++ ++ ZEND_MM_CHECK_MAGIC(mm_block, MEM_BLOCK_FREED); ++ ++ if (EXPECTED(prev == mm_block)) { ++ zend_mm_free_block_canary **rp, **cp; ++ ++#if SUHOSIN_PATCH ++ if (next != mm_block) { ++ zend_suhosin_log(S_MEMORY, "zend_mm_heap corrupted at %p", mm_block); ++ _exit(1); ++ } ++#endif ++#if ZEND_MM_SAFE_UNLINKING ++ if (UNEXPECTED(next != mm_block)) { ++ zend_mm_panic("zend_mm_heap corrupted"); ++ } ++#endif ++ ++ rp = &mm_block->child[mm_block->child[1] != NULL]; ++ prev = *rp; ++ if (EXPECTED(prev == NULL)) { ++ size_t index = ZEND_MM_LARGE_BUCKET_INDEX(ZEND_MM_FREE_BLOCK_SIZE(mm_block)); ++ ++ ZEND_MM_CHECK_TREE(mm_block); ++ *mm_block->parent = NULL; ++ if (mm_block->parent == &heap->large_free_buckets[index]) { ++ heap->large_free_bitmap &= ~(ZEND_MM_LONG_CONST(1) << index); ++ } ++ } else { ++ while (*(cp = &(prev->child[prev->child[1] != NULL])) != NULL) { ++ prev = *cp; ++ rp = cp; ++ } ++ *rp = NULL; ++ ++subst_block: ++ ZEND_MM_CHECK_TREE(mm_block); ++ *mm_block->parent = prev; ++ prev->parent = mm_block->parent; ++ if ((prev->child[0] = mm_block->child[0])) { ++ ZEND_MM_CHECK_TREE(prev->child[0]); ++ prev->child[0]->parent = &prev->child[0]; ++ } ++ if ((prev->child[1] = mm_block->child[1])) { ++ ZEND_MM_CHECK_TREE(prev->child[1]); ++ prev->child[1]->parent = &prev->child[1]; ++ } ++ } ++ } else { ++ ++#if SUHOSIN_PATCH ++ if (SUHOSIN_MANGLE_PTR(prev->next_free_block) != mm_block || SUHOSIN_MANGLE_PTR(next->prev_free_block) != mm_block) { ++ zend_suhosin_log(S_MEMORY, "zend_mm_head corrupted at %p", mm_block); ++ _exit(1); ++ } ++#endif ++ ++#if ZEND_MM_SAFE_UNLINKING ++ if (UNEXPECTED(SUHOSIN_MANGLE_PTR(prev->next_free_block) != mm_block) || UNEXPECTED(SUHOSIN_MANGLE_PTR(next->prev_free_block) != mm_block)) { ++ zend_mm_panic("zend_mm_heap corrupted"); ++ } ++#endif ++ ++ prev->next_free_block = SUHOSIN_MANGLE_PTR(next); ++ next->prev_free_block = SUHOSIN_MANGLE_PTR(prev); ++ ++ if (EXPECTED(ZEND_MM_SMALL_SIZE(ZEND_MM_FREE_BLOCK_SIZE(mm_block)))) { ++ if (EXPECTED(prev == next)) { ++ size_t index = ZEND_MM_BUCKET_INDEX(ZEND_MM_FREE_BLOCK_SIZE(mm_block)); ++ ++ if (EXPECTED(heap->free_buckets[index*2] == heap->free_buckets[index*2+1])) { ++ heap->free_bitmap &= ~(ZEND_MM_LONG_CONST(1) << index); ++ } ++ } ++ } else if (UNEXPECTED(mm_block->parent != NULL)) { ++ goto subst_block; ++ } ++ } ++} ++ ++static void zend_mm_init(zend_mm_heap_canary *heap) ++{ ++ zend_mm_free_block_canary* p; ++ int i; ++ ++ heap->free_bitmap = 0; ++ heap->large_free_bitmap = 0; ++#if ZEND_MM_CACHE ++ heap->cached = 0; ++ memset(heap->cache, 0, sizeof(heap->cache)); ++#endif ++#if ZEND_MM_CACHE_STAT ++ for (i = 0; i < ZEND_MM_NUM_BUCKETS; i++) { ++ heap->cache_stat[i].count = 0; ++ } ++#endif ++ p = ZEND_MM_SMALL_FREE_BUCKET(heap, 0); ++ for (i = 0; i < ZEND_MM_NUM_BUCKETS; i++) { ++ p->next_free_block = SUHOSIN_MANGLE_PTR(p); ++ p->prev_free_block = SUHOSIN_MANGLE_PTR(p); ++ p = (zend_mm_free_block_canary*)((char*)p + sizeof(zend_mm_free_block_canary*) * 2); ++ heap->large_free_buckets[i] = NULL; ++ } ++ heap->rest_buckets[0] = heap->rest_buckets[1] = SUHOSIN_MANGLE_PTR(ZEND_MM_REST_BUCKET(heap)); ++#if SUHOSIN_PATCH ++ if (SUHOSIN_CONFIG(SUHOSIN_MM_USE_CANARY_PROTECTION)) { ++ zend_canary(&heap->canary_1, sizeof(heap->canary_1)); ++ zend_canary(&heap->canary_2, sizeof(heap->canary_2)); ++ zend_canary(&heap->canary_3, sizeof(heap->canary_3)); ++ } ++#endif ++} ++ ++static void zend_mm_del_segment(zend_mm_heap_canary *heap, zend_mm_segment *segment) ++{ ++ zend_mm_segment **p = &heap->segments_list; ++ ++ while (*p != segment) { ++ p = &(*p)->next_segment; ++ } ++ *p = segment->next_segment; ++ heap->real_size -= segment->size; ++ ZEND_MM_STORAGE_FREE(segment); ++} ++ ++#if ZEND_MM_CACHE ++static void zend_mm_free_cache(zend_mm_heap_canary *heap) ++{ ++ int i; ++ ++ for (i = 0; i < ZEND_MM_NUM_BUCKETS; i++) { ++ /* SUHOSIN_MANGLE_PTR should NOT affect NULL pointers */ ++ if (heap->cache[i]) { ++ zend_mm_free_block_canary *mm_block = SUHOSIN_MANGLE_PTR(heap->cache[i]); ++ ++ while (mm_block) { ++ size_t size = ZEND_MM_BLOCK_SIZE(mm_block); ++ zend_mm_free_block_canary *q = SUHOSIN_MANGLE_PTR(mm_block->prev_free_block); ++ zend_mm_block_canary *next_block = ZEND_MM_NEXT_BLOCK(mm_block); ++ ++ heap->cached -= size; ++ ++ if (ZEND_MM_PREV_BLOCK_IS_FREE(mm_block)) { ++ mm_block = (zend_mm_free_block_canary*)ZEND_MM_PREV_BLOCK(mm_block); ++ size += ZEND_MM_FREE_BLOCK_SIZE(mm_block); ++ zend_mm_remove_from_free_list(heap, (zend_mm_free_block_canary *) mm_block); ++ } ++ if (ZEND_MM_IS_FREE_BLOCK(next_block)) { ++ size += ZEND_MM_FREE_BLOCK_SIZE(next_block); ++ zend_mm_remove_from_free_list(heap, (zend_mm_free_block_canary *) next_block); ++ } ++ ZEND_MM_BLOCK(mm_block, ZEND_MM_FREE_BLOCK, size); ++ ++ if (ZEND_MM_IS_FIRST_BLOCK(mm_block) && ++ ZEND_MM_IS_GUARD_BLOCK(ZEND_MM_NEXT_BLOCK(mm_block))) { ++ zend_mm_del_segment(heap, (zend_mm_segment *) ((char *)mm_block - ZEND_MM_ALIGNED_SEGMENT_SIZE)); ++ } else { ++ zend_mm_add_to_free_list(heap, (zend_mm_free_block_canary *) mm_block); ++ } ++ ++ mm_block = q; ++ } ++ heap->cache[i] = NULL; ++#if ZEND_MM_CACHE_STAT ++ heap->cache_stat[i].count = 0; ++#endif ++ } ++ } ++} ++#endif ++ ++#if ZEND_MM_HEAP_PROTECTION || ZEND_MM_COOKIES ++static void zend_mm_random(unsigned char *buf, size_t size) /* {{{ */ ++{ ++ size_t i = 0; ++ unsigned char t; ++ ++#ifdef ZEND_WIN32 ++ HCRYPTPROV hCryptProv; ++ int has_context = 0; ++ ++ if (!CryptAcquireContext(&hCryptProv, NULL, NULL, PROV_RSA_FULL, 0)) { ++ /* Could mean that the key container does not exist, let try ++ again by asking for a new one */ ++ if (GetLastError() == NTE_BAD_KEYSET) { ++ if (CryptAcquireContext(&hCryptProv, NULL, NULL, PROV_RSA_FULL, CRYPT_NEWKEYSET)) { ++ has_context = 1; ++ } ++ } ++ } else { ++ has_context = 1; ++ } ++ if (has_context) { ++ do { ++ BOOL ret = CryptGenRandom(hCryptProv, size, buf); ++ CryptReleaseContext(hCryptProv, 0); ++ if (ret) { ++ while (i < size && buf[i] != 0) { ++ i++; ++ } ++ if (i == size) { ++ return; ++ } ++ } ++ } while (0); ++ } ++#elif defined(HAVE_DEV_URANDOM) ++ int fd = open("/dev/urandom", 0); ++ ++ if (fd >= 0) { ++ if (read(fd, buf, size) == size) { ++ while (i < size && buf[i] != 0) { ++ i++; ++ } ++ if (i == size) { ++ close(fd); ++ return; ++ } ++ } ++ close(fd); ++ } ++#endif ++ t = (unsigned char)getpid(); ++ while (i < size) { ++ do { ++ buf[i] = ((unsigned char)rand()) ^ t; ++ } while (buf[i] == 0); ++ t = buf[i++] << 1; ++ } ++} ++/* }}} */ ++#endif ++ ++ ++/* Notes: ++ * - This function may alter the block_sizes values to match platform alignment ++ * - This function does *not* perform sanity checks on the arguments ++ */ ++zend_mm_heap_canary *__zend_mm_startup_canary_ex(const zend_mm_mem_handlers *handlers, size_t block_size, size_t reserve_size, int internal, void *params) ++{ ++ zend_mm_storage *storage; ++ zend_mm_heap_canary *heap; ++ zend_mm_free_block_canary *tmp; ++ ++#if 0 ++ int i; ++ ++ printf("ZEND_MM_ALIGNMENT=%d\n", ZEND_MM_ALIGNMENT); ++ printf("ZEND_MM_ALIGNMENT_LOG2=%d\n", ZEND_MM_ALIGNMENT_LOG2); ++ printf("ZEND_MM_MIN_SIZE=%d\n", ZEND_MM_MIN_SIZE); ++ printf("ZEND_MM_MAX_SMALL_SIZE=%d\n", ZEND_MM_MAX_SMALL_SIZE); ++ printf("ZEND_MM_ALIGNED_HEADER_SIZE=%d\n", ZEND_MM_ALIGNED_HEADER_SIZE); ++ printf("ZEND_MM_ALIGNED_FREE_HEADER_SIZE=%d\n", ZEND_MM_ALIGNED_FREE_HEADER_SIZE); ++ printf("ZEND_MM_MIN_ALLOC_BLOCK_SIZE=%d\n", ZEND_MM_MIN_ALLOC_BLOCK_SIZE); ++ printf("ZEND_MM_ALIGNED_MIN_HEADER_SIZE=%d\n", ZEND_MM_ALIGNED_MIN_HEADER_SIZE); ++ printf("ZEND_MM_ALIGNED_SEGMENT_SIZE=%d\n", ZEND_MM_ALIGNED_SEGMENT_SIZE); ++ for (i = 0; i < ZEND_MM_MAX_SMALL_SIZE; i++) { ++ printf("%3d%c: %3ld %d %2ld\n", i, (i == ZEND_MM_MIN_SIZE?'*':' '), (long)ZEND_MM_TRUE_SIZE(i), ZEND_MM_SMALL_SIZE(ZEND_MM_TRUE_SIZE(i)), (long)ZEND_MM_BUCKET_INDEX(ZEND_MM_TRUE_SIZE(i))); ++ } ++ exit(0); ++#endif ++ ++#if ZEND_MM_HEAP_PROTECTION ++ if (_mem_block_start_magic == 0) { ++ zend_mm_random((unsigned char*)&_mem_block_start_magic, sizeof(_mem_block_start_magic)); ++ } ++ if (_mem_block_end_magic == 0) { ++ zend_mm_random((unsigned char*)&_mem_block_end_magic, sizeof(_mem_block_end_magic)); ++ } ++#endif ++#if ZEND_MM_COOKIES ++ if (_zend_mm_cookie == 0) { ++ zend_mm_random((unsigned char*)&_zend_mm_cookie, sizeof(_zend_mm_cookie)); ++ } ++#endif ++ ++ /* get the pointer guardian and ensure low 3 bits are 1 */ ++ if (SUHOSIN_POINTER_GUARD == 0) { ++ zend_canary(&SUHOSIN_POINTER_GUARD, sizeof(SUHOSIN_POINTER_GUARD)); ++ SUHOSIN_POINTER_GUARD |= 7; ++ } ++ ++ if (zend_mm_low_bit(block_size) != zend_mm_high_bit(block_size)) { ++ fprintf(stderr, "'block_size' must be a power of two\n"); ++/* See http://support.microsoft.com/kb/190351 */ ++#ifdef PHP_WIN32 ++ fflush(stderr); ++#endif ++ exit(255); ++ } ++ storage = handlers->init(params); ++ if (!storage) { ++ fprintf(stderr, "Cannot initialize zend_mm storage [%s]\n", handlers->name); ++/* See http://support.microsoft.com/kb/190351 */ ++#ifdef PHP_WIN32 ++ fflush(stderr); ++#endif ++ exit(255); ++ } ++ storage->handlers = handlers; ++ ++ heap = malloc(sizeof(struct _zend_mm_heap_canary)); ++ ++ heap->storage = storage; ++ heap->block_size = block_size; ++ heap->compact_size = 0; ++ heap->segments_list = NULL; ++ zend_mm_init(heap); ++# if ZEND_MM_CACHE_STAT ++ memset(heap->cache_stat, 0, sizeof(heap->cache_stat)); ++# endif ++ ++ heap->use_zend_alloc = 1; ++ heap->real_size = 0; ++ heap->overflow = 0; ++ heap->real_peak = 0; ++ heap->limit = ZEND_MM_LONG_CONST(1)<<(ZEND_MM_NUM_BUCKETS-2); ++ heap->size = 0; ++ heap->peak = 0; ++ heap->internal = internal; ++ heap->reserve = NULL; ++ heap->reserve_size = reserve_size; ++ if (reserve_size > 0) { ++ heap->reserve = _zend_mm_alloc((zend_mm_heap *)heap, reserve_size ZEND_FILE_LINE_CC ZEND_FILE_LINE_EMPTY_CC); ++ } ++ if (internal) { ++ int i; ++ zend_mm_free_block_canary *p, *q, *orig; ++ zend_mm_heap_canary *mm_heap = _zend_mm_alloc((zend_mm_heap *)heap, sizeof(zend_mm_heap_canary) ZEND_FILE_LINE_CC ZEND_FILE_LINE_EMPTY_CC); ++ ++ *mm_heap = *heap; ++ ++ p = ZEND_MM_SMALL_FREE_BUCKET(mm_heap, 0); ++ orig = ZEND_MM_SMALL_FREE_BUCKET(heap, 0); ++ for (i = 0; i < ZEND_MM_NUM_BUCKETS; i++) { ++ q = p; ++ while (SUHOSIN_MANGLE_PTR(q->prev_free_block) != orig) { ++ q = SUHOSIN_MANGLE_PTR(q->prev_free_block); ++ } ++ q->prev_free_block = SUHOSIN_MANGLE_PTR(p); ++ q = p; ++ while (SUHOSIN_MANGLE_PTR(q->next_free_block) != orig) { ++ q = SUHOSIN_MANGLE_PTR(q->next_free_block); ++ } ++ q->next_free_block = SUHOSIN_MANGLE_PTR(p); ++ p = (zend_mm_free_block_canary*)((char*)p + sizeof(zend_mm_free_block_canary*) * 2); ++ orig = (zend_mm_free_block_canary*)((char*)orig + sizeof(zend_mm_free_block_canary*) * 2); ++ if (mm_heap->large_free_buckets[i]) { ++ mm_heap->large_free_buckets[i]->parent = &mm_heap->large_free_buckets[i]; ++ } ++ } ++ mm_heap->rest_buckets[0] = mm_heap->rest_buckets[1] = SUHOSIN_MANGLE_PTR(ZEND_MM_REST_BUCKET(mm_heap)); ++ ++ free(heap); ++ heap = mm_heap; ++ } ++ return heap; ++} ++ ++zend_mm_heap_canary *__zend_mm_startup_canary(void) ++{ ++ int i; ++ size_t seg_size; ++ char *mem_type = getenv("ZEND_MM_MEM_TYPE"); ++ char *tmp; ++ const zend_mm_mem_handlers *handlers; ++ zend_mm_heap_canary *heap; ++ ++ if (mem_type == NULL) { ++ i = 0; ++ } else { ++ for (i = 0; mem_handlers[i].name; i++) { ++ if (strcmp(mem_handlers[i].name, mem_type) == 0) { ++ break; ++ } ++ } ++ if (!mem_handlers[i].name) { ++ fprintf(stderr, "Wrong or unsupported zend_mm storage type '%s'\n", mem_type); ++ fprintf(stderr, " supported types:\n"); ++/* See http://support.microsoft.com/kb/190351 */ ++#ifdef PHP_WIN32 ++ fflush(stderr); ++#endif ++ for (i = 0; mem_handlers[i].name; i++) { ++ fprintf(stderr, " '%s'\n", mem_handlers[i].name); ++ } ++/* See http://support.microsoft.com/kb/190351 */ ++#ifdef PHP_WIN32 ++ fflush(stderr); ++#endif ++ exit(255); ++ } ++ } ++ handlers = &mem_handlers[i]; ++ ++ tmp = getenv("ZEND_MM_SEG_SIZE"); ++ if (tmp) { ++ seg_size = zend_atoi(tmp, 0); ++ if (zend_mm_low_bit(seg_size) != zend_mm_high_bit(seg_size)) { ++ fprintf(stderr, "ZEND_MM_SEG_SIZE must be a power of two\n"); ++/* See http://support.microsoft.com/kb/190351 */ ++#ifdef PHP_WIN32 ++ fflush(stderr); ++#endif ++ exit(255); ++ } else if (seg_size < ZEND_MM_ALIGNED_SEGMENT_SIZE + ZEND_MM_ALIGNED_HEADER_SIZE) { ++ fprintf(stderr, "ZEND_MM_SEG_SIZE is too small\n"); ++/* See http://support.microsoft.com/kb/190351 */ ++#ifdef PHP_WIN32 ++ fflush(stderr); ++#endif ++ exit(255); ++ } ++ } else { ++ seg_size = ZEND_MM_SEG_SIZE; ++ } ++ ++ heap = __zend_mm_startup_canary_ex(handlers, seg_size, ZEND_MM_RESERVE_SIZE, 0, NULL); ++ if (heap) { ++ tmp = getenv("ZEND_MM_COMPACT"); ++ if (tmp) { ++ heap->compact_size = zend_atoi(tmp, 0); ++ } else { ++ heap->compact_size = 2 * 1024 * 1024; ++ } ++ } ++ return heap; ++} ++ ++#if ZEND_DEBUG ++static long zend_mm_find_leaks(zend_mm_segment *segment, zend_mm_block_canary *b) ++{ ++ long leaks = 0; ++ zend_mm_block_canary *p, *q; ++ ++ p = ZEND_MM_NEXT_BLOCK(b); ++ while (1) { ++ if (ZEND_MM_IS_GUARD_BLOCK(p)) { ++ ZEND_MM_CHECK_MAGIC(p, MEM_BLOCK_GUARD); ++ segment = segment->next_segment; ++ if (!segment) { ++ break; ++ } ++ p = (zend_mm_block_canary *) ((char *) segment + ZEND_MM_ALIGNED_SEGMENT_SIZE); ++ continue; ++ } ++ q = ZEND_MM_NEXT_BLOCK(p); ++ if (q <= p || ++ (char*)q > (char*)segment + segment->size || ++ p->info._size != q->info._prev) { ++ zend_mm_panic("zend_mm_heap corrupted"); ++ } ++ if (!ZEND_MM_IS_FREE_BLOCK(p)) { ++ if (p->magic == MEM_BLOCK_VALID) { ++ if (p->debug.filename==b->debug.filename && p->debug.lineno==b->debug.lineno) { ++ ZEND_MM_SET_MAGIC(p, MEM_BLOCK_LEAK); ++ leaks++; ++ } ++#if ZEND_MM_CACHE ++ } else if (p->magic == MEM_BLOCK_CACHED) { ++ /* skip it */ ++#endif ++ } else if (p->magic != MEM_BLOCK_LEAK) { ++ zend_mm_panic("zend_mm_heap corrupted"); ++ } ++ } ++ p = q; ++ } ++ return leaks; ++} ++ ++static void zend_mm_check_leaks(zend_mm_heap_canary *heap TSRMLS_DC) ++{ ++ zend_mm_segment *segment = heap->segments_list; ++ zend_mm_block_canary *p, *q; ++ zend_uint total = 0; ++ ++ if (!segment) { ++ return; ++ } ++ p = (zend_mm_block_canary *) ((char *) segment + ZEND_MM_ALIGNED_SEGMENT_SIZE); ++ while (1) { ++ q = ZEND_MM_NEXT_BLOCK(p); ++ if (q <= p || ++ (char*)q > (char*)segment + segment->size || ++ p->info._size != q->info._prev) { ++ zend_mm_panic("zend_mm_heap corrupted"); ++ } ++ if (!ZEND_MM_IS_FREE_BLOCK(p)) { ++ if (p->magic == MEM_BLOCK_VALID) { ++ long repeated; ++ zend_leak_info leak; ++ ++ ZEND_MM_SET_MAGIC(p, MEM_BLOCK_LEAK); ++ ++ leak.addr = ZEND_MM_DATA_OF(p); ++ leak.size = p->debug.size; ++ leak.filename = p->debug.filename; ++ leak.lineno = p->debug.lineno; ++ leak.orig_filename = p->debug.orig_filename; ++ leak.orig_lineno = p->debug.orig_lineno; ++ ++ zend_message_dispatcher(ZMSG_LOG_SCRIPT_NAME, NULL TSRMLS_CC); ++ zend_message_dispatcher(ZMSG_MEMORY_LEAK_DETECTED, &leak TSRMLS_CC); ++ repeated = zend_mm_find_leaks(segment, p); ++ total += 1 + repeated; ++ if (repeated) { ++ zend_message_dispatcher(ZMSG_MEMORY_LEAK_REPEATED, (void *)(zend_uintptr_t)repeated TSRMLS_CC); ++ } ++#if ZEND_MM_CACHE ++ } else if (p->magic == MEM_BLOCK_CACHED) { ++ /* skip it */ ++#endif ++ } else if (p->magic != MEM_BLOCK_LEAK) { ++ zend_mm_panic("zend_mm_heap corrupted"); ++ } ++ } ++ if (ZEND_MM_IS_GUARD_BLOCK(q)) { ++ segment = segment->next_segment; ++ if (!segment) { ++ break; ++ } ++ q = (zend_mm_block_canary *) ((char *) segment + ZEND_MM_ALIGNED_SEGMENT_SIZE); ++ } ++ p = q; ++ } ++ if (total) { ++ zend_message_dispatcher(ZMSG_MEMORY_LEAKS_GRAND_TOTAL, &total TSRMLS_CC); ++ } ++} ++ ++static int zend_mm_check_ptr(zend_mm_heap_canary *heap, void *ptr, int silent ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC) ++{ ++ zend_mm_block_canary *p; ++ int no_cache_notice = 0; ++ int had_problems = 0; ++ int valid_beginning = 1; ++ ++ if (silent==2) { ++ silent = 1; ++ no_cache_notice = 1; ++ } else if (silent==3) { ++ silent = 0; ++ no_cache_notice = 1; ++ } ++ if (!silent) { ++ TSRMLS_FETCH(); ++ ++ zend_message_dispatcher(ZMSG_LOG_SCRIPT_NAME, NULL TSRMLS_CC); ++ zend_debug_alloc_output("---------------------------------------\n"); ++ zend_debug_alloc_output("%s(%d) : Block "PTR_FMT" status:\n" ZEND_FILE_LINE_RELAY_CC, ptr); ++ if (__zend_orig_filename) { ++ zend_debug_alloc_output("%s(%d) : Actual location (location was relayed)\n" ZEND_FILE_LINE_ORIG_RELAY_CC); ++ } ++ if (!ptr) { ++ zend_debug_alloc_output("NULL\n"); ++ zend_debug_alloc_output("---------------------------------------\n"); ++ return 0; ++ } ++ } ++ ++ if (!ptr) { ++ if (silent) { ++ return zend_mm_check_ptr(heap, ptr, 0 ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC); ++ } ++ } ++ ++ p = ZEND_MM_HEADER_OF(ptr); ++ ++#ifdef ZTS ++ if (ZEND_MM_BAD_THREAD_ID(p)) { ++ if (!silent) { ++ zend_debug_alloc_output("Invalid pointer: ((thread_id=0x%0.8X) != (expected=0x%0.8X))\n", (long)p->thread_id, (long)tsrm_thread_id()); ++ had_problems = 1; ++ } else { ++ return zend_mm_check_ptr(heap, ptr, 0 ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC); ++ } ++ } ++#endif ++ ++ if (p->info._size != ZEND_MM_NEXT_BLOCK(p)->info._prev) { ++ if (!silent) { ++ zend_debug_alloc_output("Invalid pointer: ((size="PTR_FMT") != (next.prev="PTR_FMT"))\n", p->info._size, ZEND_MM_NEXT_BLOCK(p)->info._prev); ++ had_problems = 1; ++ } else { ++ return zend_mm_check_ptr(heap, ptr, 0 ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC); ++ } ++ } ++ if (p->info._prev != ZEND_MM_GUARD_BLOCK && ++ ZEND_MM_PREV_BLOCK(p)->info._size != p->info._prev) { ++ if (!silent) { ++ zend_debug_alloc_output("Invalid pointer: ((prev="PTR_FMT") != (prev.size="PTR_FMT"))\n", p->info._prev, ZEND_MM_PREV_BLOCK(p)->info._size); ++ had_problems = 1; ++ } else { ++ return zend_mm_check_ptr(heap, ptr, 0 ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC); ++ } ++ } ++ ++ if (had_problems) { ++ zend_debug_alloc_output("---------------------------------------\n"); ++ return 0; ++ } ++ ++ if (!silent) { ++ zend_debug_alloc_output("%10s\t","Beginning: "); ++ } ++ ++ if (!ZEND_MM_IS_USED_BLOCK(p)) { ++ if (!silent) { ++ if (p->magic != MEM_BLOCK_FREED) { ++ zend_debug_alloc_output("Freed (magic=0x%0.8X, expected=0x%0.8X)\n", p->magic, MEM_BLOCK_FREED); ++ } else { ++ zend_debug_alloc_output("Freed\n"); ++ } ++ had_problems = 1; ++ } else { ++ return zend_mm_check_ptr(heap, ptr, 0 ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC); ++ } ++ } else if (ZEND_MM_IS_GUARD_BLOCK(p)) { ++ if (!silent) { ++ if (p->magic != MEM_BLOCK_FREED) { ++ zend_debug_alloc_output("Guard (magic=0x%0.8X, expected=0x%0.8X)\n", p->magic, MEM_BLOCK_FREED); ++ } else { ++ zend_debug_alloc_output("Guard\n"); ++ } ++ had_problems = 1; ++ } else { ++ return zend_mm_check_ptr(heap, ptr, 0 ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC); ++ } ++ } else { ++ switch (p->magic) { ++ case MEM_BLOCK_VALID: ++ case MEM_BLOCK_LEAK: ++ if (!silent) { ++ zend_debug_alloc_output("OK (allocated on %s:%d, %d bytes)\n", p->debug.filename, p->debug.lineno, (int)p->debug.size); ++ } ++ break; /* ok */ ++ case MEM_BLOCK_CACHED: ++ if (!no_cache_notice) { ++ if (!silent) { ++ zend_debug_alloc_output("Cached\n"); ++ had_problems = 1; ++ } else { ++ return zend_mm_check_ptr(heap, ptr, 0 ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC); ++ } ++ } ++ case MEM_BLOCK_FREED: ++ if (!silent) { ++ zend_debug_alloc_output("Freed (invalid)\n"); ++ had_problems = 1; ++ } else { ++ return zend_mm_check_ptr(heap, ptr, 0 ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC); ++ } ++ break; ++ case MEM_BLOCK_GUARD: ++ if (!silent) { ++ zend_debug_alloc_output("Guard (invalid)\n"); ++ had_problems = 1; ++ } else { ++ return zend_mm_check_ptr(heap, ptr, 0 ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC); ++ } ++ break; ++ default: ++ if (!silent) { ++ zend_debug_alloc_output("Unknown (magic=0x%0.8X, expected=0x%0.8X)\n", p->magic, MEM_BLOCK_VALID); ++ had_problems = 1; ++ valid_beginning = 0; ++ } else { ++ return zend_mm_check_ptr(heap, ptr, 0 ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC); ++ } ++ break; ++ } ++ } ++ ++#if ZEND_MM_HEAP_PROTECTION ++ if (!valid_beginning) { ++ if (!silent) { ++ zend_debug_alloc_output("%10s\t", "Start:"); ++ zend_debug_alloc_output("Unknown\n"); ++ zend_debug_alloc_output("%10s\t", "End:"); ++ zend_debug_alloc_output("Unknown\n"); ++ } ++ } else { ++ char *end_magic = ZEND_MM_END_MAGIC_PTR(p); ++ ++ if (p->debug.start_magic == _mem_block_start_magic) { ++ if (!silent) { ++ zend_debug_alloc_output("%10s\t", "Start:"); ++ zend_debug_alloc_output("OK\n"); ++ } ++ } else { ++ char *overflow_ptr, *magic_ptr=(char *) &_mem_block_start_magic; ++ int overflows=0; ++ int i; ++ ++ if (silent) { ++ return _mem_block_check(ptr, 0 ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC); ++ } ++ had_problems = 1; ++ overflow_ptr = (char *) &p->debug.start_magic; ++ i = END_MAGIC_SIZE; ++ while (--i >= 0) { ++ if (overflow_ptr[i]!=magic_ptr[i]) { ++ overflows++; ++ } ++ } ++ zend_debug_alloc_output("%10s\t", "Start:"); ++ zend_debug_alloc_output("Overflown (magic=0x%0.8X instead of 0x%0.8X)\n", p->debug.start_magic, _mem_block_start_magic); ++ zend_debug_alloc_output("%10s\t",""); ++ if (overflows >= END_MAGIC_SIZE) { ++ zend_debug_alloc_output("At least %d bytes overflown\n", END_MAGIC_SIZE); ++ } else { ++ zend_debug_alloc_output("%d byte(s) overflown\n", overflows); ++ } ++ } ++ if (memcmp(end_magic, &_mem_block_end_magic, END_MAGIC_SIZE)==0) { ++ if (!silent) { ++ zend_debug_alloc_output("%10s\t", "End:"); ++ zend_debug_alloc_output("OK\n"); ++ } ++ } else { ++ char *overflow_ptr, *magic_ptr=(char *) &_mem_block_end_magic; ++ int overflows=0; ++ int i; ++ ++ if (silent) { ++ return _mem_block_check(ptr, 0 ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC); ++ } ++ had_problems = 1; ++ overflow_ptr = (char *) end_magic; ++ ++ for (i=0; i < END_MAGIC_SIZE; i++) { ++ if (overflow_ptr[i]!=magic_ptr[i]) { ++ overflows++; ++ } ++ } ++ ++ zend_debug_alloc_output("%10s\t", "End:"); ++ zend_debug_alloc_output("Overflown (magic=0x%0.8X instead of 0x%0.8X)\n", *end_magic, _mem_block_end_magic); ++ zend_debug_alloc_output("%10s\t",""); ++ if (overflows >= END_MAGIC_SIZE) { ++ zend_debug_alloc_output("At least %d bytes overflown\n", END_MAGIC_SIZE); ++ } else { ++ zend_debug_alloc_output("%d byte(s) overflown\n", overflows); ++ } ++ } ++ } ++#endif ++ ++ if (!silent) { ++ zend_debug_alloc_output("---------------------------------------\n"); ++ } ++ return ((!had_problems) ? 1 : 0); ++} ++ ++static int zend_mm_check_heap(zend_mm_heap_canary *heap, int silent ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC) ++{ ++ zend_mm_segment *segment = heap->segments_list; ++ zend_mm_block_canary *p, *q; ++ int errors = 0; ++ ++ if (!segment) { ++ return 0; ++ } ++ p = (zend_mm_block_canary *) ((char *) segment + ZEND_MM_ALIGNED_SEGMENT_SIZE); ++ while (1) { ++ q = ZEND_MM_NEXT_BLOCK(p); ++ if (q <= p || ++ (char*)q > (char*)segment + segment->size || ++ p->info._size != q->info._prev) { ++ zend_mm_panic("zend_mm_heap corrupted"); ++ } ++ if (!ZEND_MM_IS_FREE_BLOCK(p)) { ++ if (p->magic == MEM_BLOCK_VALID || p->magic == MEM_BLOCK_LEAK) { ++ if (!zend_mm_check_ptr(heap, ZEND_MM_DATA_OF(p), (silent?2:3) ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC)) { ++ errors++; ++ } ++#if ZEND_MM_CACHE ++ } else if (p->magic == MEM_BLOCK_CACHED) { ++ /* skip it */ ++#endif ++ } else if (p->magic != MEM_BLOCK_LEAK) { ++ zend_mm_panic("zend_mm_heap corrupted"); ++ } ++ } ++ if (ZEND_MM_IS_GUARD_BLOCK(q)) { ++ segment = segment->next_segment; ++ if (!segment) { ++ return errors; ++ } ++ q = (zend_mm_block_canary *) ((char *) segment + ZEND_MM_ALIGNED_SEGMENT_SIZE); ++ } ++ p = q; ++ } ++} ++#endif ++ ++void __zend_mm_shutdown_canary(zend_mm_heap_canary *heap, int full_shutdown, int silent TSRMLS_DC) ++{ ++ zend_mm_storage *storage; ++ zend_mm_segment *segment; ++ zend_mm_segment *prev; ++ int internal; ++ ++ if (heap->reserve) { ++#if ZEND_DEBUG ++ if (!silent) { ++ _zend_mm_free(heap, heap->reserve ZEND_FILE_LINE_CC ZEND_FILE_LINE_EMPTY_CC); ++ } ++#endif ++ heap->reserve = NULL; ++ } ++ ++#if ZEND_MM_CACHE_STAT ++ if (full_shutdown) { ++ FILE *f; ++ ++ f = fopen("zend_mm.log", "w"); ++ if (f) { ++ int i,j; ++ size_t size, true_size, min_size, max_size; ++ int hit = 0, miss = 0; ++ ++ fprintf(f, "\nidx min_size max_size true_size max_len hits misses\n"); ++ size = 0; ++ while (1) { ++ true_size = ZEND_MM_TRUE_SIZE(size); ++ if (ZEND_MM_SMALL_SIZE(true_size)) { ++ min_size = size; ++ i = ZEND_MM_BUCKET_INDEX(true_size); ++ size++; ++ while (1) { ++ true_size = ZEND_MM_TRUE_SIZE(size); ++ if (ZEND_MM_SMALL_SIZE(true_size)) { ++ j = ZEND_MM_BUCKET_INDEX(true_size); ++ if (j > i) { ++ max_size = size-1; ++ break; ++ } ++ } else { ++ max_size = size-1; ++ break; ++ } ++ size++; ++ } ++ hit += heap->cache_stat[i].hit; ++ miss += heap->cache_stat[i].miss; ++ fprintf(f, "%2d %8d %8d %9d %8d %8d %8d\n", i, (int)min_size, (int)max_size, ZEND_MM_TRUE_SIZE(max_size), heap->cache_stat[i].max_count, heap->cache_stat[i].hit, heap->cache_stat[i].miss); ++ } else { ++ break; ++ } ++ } ++ fprintf(f, " %8d %8d\n", hit, miss); ++ fprintf(f, " %8d %8d\n", heap->cache_stat[ZEND_MM_NUM_BUCKETS].hit, heap->cache_stat[ZEND_MM_NUM_BUCKETS].miss); ++ fclose(f); ++ } ++ } ++#endif ++ ++#if ZEND_DEBUG ++ if (!silent) { ++ zend_mm_check_leaks(heap TSRMLS_CC); ++ } ++#endif ++ ++ internal = heap->internal; ++ storage = heap->storage; ++ segment = heap->segments_list; ++ while (segment) { ++ prev = segment; ++ segment = segment->next_segment; ++ ZEND_MM_STORAGE_FREE(prev); ++ } ++ if (full_shutdown) { ++ storage->handlers->dtor(storage); ++ if (!internal) { ++ free(heap); ++ } ++ } else { ++ if (heap->compact_size && ++ heap->real_peak > heap->compact_size) { ++ storage->handlers->compact(storage); ++ } ++ heap->segments_list = NULL; ++ zend_mm_init(heap); ++ heap->real_size = 0; ++ heap->real_peak = 0; ++ heap->size = 0; ++ heap->peak = 0; ++ if (heap->reserve_size) { ++ heap->reserve = _zend_mm_alloc((zend_mm_heap *)heap, heap->reserve_size ZEND_FILE_LINE_CC ZEND_FILE_LINE_EMPTY_CC); ++ } ++ heap->overflow = 0; ++ } ++} ++ ++static void zend_mm_safe_error(zend_mm_heap_canary *heap, ++ const char *format, ++ size_t limit, ++#if ZEND_DEBUG ++ const char *filename, ++ uint lineno, ++#endif ++ size_t size) ++{ ++ if (heap->reserve) { ++ _zend_mm_free_canary_int(heap, heap->reserve ZEND_FILE_LINE_CC ZEND_FILE_LINE_EMPTY_CC); ++ heap->reserve = NULL; ++ } ++ if (heap->overflow == 0) { ++ char *error_filename; ++ uint error_lineno; ++ TSRMLS_FETCH(); ++ if (zend_is_compiling(TSRMLS_C)) { ++ error_filename = zend_get_compiled_filename(TSRMLS_C); ++ error_lineno = zend_get_compiled_lineno(TSRMLS_C); ++ } else if (EG(in_execution)) { ++ error_filename = EG(active_op_array)?EG(active_op_array)->filename:NULL; ++ error_lineno = EG(opline_ptr)?(*EG(opline_ptr))->lineno:0; ++ } else { ++ error_filename = NULL; ++ error_lineno = 0; ++ } ++ if (!error_filename) { ++ error_filename = "Unknown"; ++ } ++ heap->overflow = 1; ++ zend_try { ++ zend_error_noreturn(E_ERROR, ++ format, ++ limit, ++#if ZEND_DEBUG ++ filename, ++ lineno, ++#endif ++ size); ++ } zend_catch { ++ if (heap->overflow == 2) { ++ fprintf(stderr, "\nFatal error: "); ++ fprintf(stderr, ++ format, ++ limit, ++#if ZEND_DEBUG ++ filename, ++ lineno, ++#endif ++ size); ++ fprintf(stderr, " in %s on line %d\n", error_filename, error_lineno); ++ } ++/* See http://support.microsoft.com/kb/190351 */ ++#ifdef PHP_WIN32 ++ fflush(stderr); ++#endif ++ } zend_end_try(); ++ } else { ++ heap->overflow = 2; ++ } ++ zend_bailout(); ++} ++ ++static zend_mm_free_block_canary *zend_mm_search_large_block(zend_mm_heap_canary *heap, size_t true_size) ++{ ++ zend_mm_free_block_canary *best_fit; ++ size_t index = ZEND_MM_LARGE_BUCKET_INDEX(true_size); ++ size_t bitmap = heap->large_free_bitmap >> index; ++ zend_mm_free_block_canary *p; ++ ++ if (bitmap == 0) { ++ return NULL; ++ } ++ ++ if (UNEXPECTED((bitmap & 1) != 0)) { ++ /* Search for best "large" free block */ ++ zend_mm_free_block_canary *rst = NULL; ++ size_t m; ++ size_t best_size = -1; ++ ++ best_fit = NULL; ++ p = heap->large_free_buckets[index]; ++ for (m = true_size << (ZEND_MM_NUM_BUCKETS - index); ; m <<= 1) { ++ if (UNEXPECTED(ZEND_MM_FREE_BLOCK_SIZE(p) == true_size)) { ++ return SUHOSIN_MANGLE_PTR(p->next_free_block); ++ } else if (ZEND_MM_FREE_BLOCK_SIZE(p) >= true_size && ++ ZEND_MM_FREE_BLOCK_SIZE(p) < best_size) { ++ best_size = ZEND_MM_FREE_BLOCK_SIZE(p); ++ best_fit = p; ++ } ++ if ((m & (ZEND_MM_LONG_CONST(1) << (ZEND_MM_NUM_BUCKETS-1))) == 0) { ++ if (p->child[1]) { ++ rst = p->child[1]; ++ } ++ if (p->child[0]) { ++ p = p->child[0]; ++ } else { ++ break; ++ } ++ } else if (p->child[1]) { ++ p = p->child[1]; ++ } else { ++ break; ++ } ++ } ++ ++ for (p = rst; p; p = p->child[p->child[0] != NULL]) { ++ if (UNEXPECTED(ZEND_MM_FREE_BLOCK_SIZE(p) == true_size)) { ++ return SUHOSIN_MANGLE_PTR(p->next_free_block); ++ } else if (ZEND_MM_FREE_BLOCK_SIZE(p) > true_size && ++ ZEND_MM_FREE_BLOCK_SIZE(p) < best_size) { ++ best_size = ZEND_MM_FREE_BLOCK_SIZE(p); ++ best_fit = p; ++ } ++ } ++ ++ if (best_fit) { ++ return SUHOSIN_MANGLE_PTR(best_fit->next_free_block); ++ } ++ bitmap = bitmap >> 1; ++ if (!bitmap) { ++ return NULL; ++ } ++ index++; ++ } ++ ++ /* Search for smallest "large" free block */ ++ best_fit = p = heap->large_free_buckets[index + zend_mm_low_bit(bitmap)]; ++ while ((p = p->child[p->child[0] != NULL])) { ++ if (ZEND_MM_FREE_BLOCK_SIZE(p) < ZEND_MM_FREE_BLOCK_SIZE(best_fit)) { ++ best_fit = p; ++ } ++ } ++ return SUHOSIN_MANGLE_PTR(best_fit->next_free_block); ++} ++ ++void *_zend_mm_alloc_canary_int(zend_mm_heap_canary *heap, size_t size ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC) ++{ ++ zend_mm_free_block_canary *best_fit; ++ size_t true_size = ZEND_MM_TRUE_SIZE(size); ++ size_t block_size; ++ size_t remaining_size; ++ size_t segment_size; ++ zend_mm_segment *segment; ++ int keep_rest = 0; ++ ++ if (EXPECTED(ZEND_MM_SMALL_SIZE(true_size))) { ++ size_t index = ZEND_MM_BUCKET_INDEX(true_size); ++ size_t bitmap; ++ ++ if (UNEXPECTED(true_size < size)) { ++ goto out_of_memory; ++ } ++#if ZEND_MM_CACHE ++ if (EXPECTED(heap->cache[index] != NULL)) { ++ /* Get block from cache */ ++#if ZEND_MM_CACHE_STAT ++ heap->cache_stat[index].count--; ++ heap->cache_stat[index].hit++; ++#endif ++ best_fit = SUHOSIN_MANGLE_PTR(heap->cache[index]); ++ heap->cache[index] = best_fit->prev_free_block; ++ heap->cached -= true_size; ++#if SUHOSIN_PATCH ++ SUHOSIN_MM_SET_CANARIES(best_fit); ++ ((zend_mm_block_canary*)best_fit)->info.size = size; ++ SUHOSIN_MM_SET_END_CANARY(best_fit); ++#endif ++ ZEND_MM_CHECK_MAGIC(best_fit, MEM_BLOCK_CACHED); ++ ZEND_MM_SET_DEBUG_INFO(best_fit, size, 1, 0); ++ return ZEND_MM_DATA_OF(best_fit); ++ } ++#if ZEND_MM_CACHE_STAT ++ heap->cache_stat[index].miss++; ++#endif ++#endif ++ ++ bitmap = heap->free_bitmap >> index; ++ if (bitmap) { ++ /* Found some "small" free block that can be used */ ++ index += zend_mm_low_bit(bitmap); ++ best_fit = SUHOSIN_MANGLE_PTR(heap->free_buckets[index*2]); ++#if ZEND_MM_CACHE_STAT ++ heap->cache_stat[ZEND_MM_NUM_BUCKETS].hit++; ++#endif ++ goto zend_mm_finished_searching_for_block; ++ } ++ } ++ ++#if ZEND_MM_CACHE_STAT ++ heap->cache_stat[ZEND_MM_NUM_BUCKETS].miss++; ++#endif ++ ++ best_fit = zend_mm_search_large_block(heap, true_size); ++ ++ if (!best_fit && heap->real_size >= heap->limit - heap->block_size) { ++ zend_mm_free_block_canary *p = SUHOSIN_MANGLE_PTR(heap->rest_buckets[0]); ++ size_t best_size = -1; ++ ++ while (p != ZEND_MM_REST_BUCKET(heap)) { ++ if (UNEXPECTED(ZEND_MM_FREE_BLOCK_SIZE(p) == true_size)) { ++ best_fit = p; ++ goto zend_mm_finished_searching_for_block; ++ } else if (ZEND_MM_FREE_BLOCK_SIZE(p) > true_size && ++ ZEND_MM_FREE_BLOCK_SIZE(p) < best_size) { ++ best_size = ZEND_MM_FREE_BLOCK_SIZE(p); ++ best_fit = p; ++ } ++ p = SUHOSIN_MANGLE_PTR(p->prev_free_block); ++ } ++ } ++ ++ if (!best_fit) { ++ if (true_size > heap->block_size - (ZEND_MM_ALIGNED_SEGMENT_SIZE + ZEND_MM_ALIGNED_HEADER_SIZE)) { ++ /* Make sure we add a memory block which is big enough, ++ segment must have header "size" and trailer "guard" block */ ++ segment_size = true_size + ZEND_MM_ALIGNED_SEGMENT_SIZE + ZEND_MM_ALIGNED_HEADER_SIZE; ++ segment_size = (segment_size + (heap->block_size-1)) & ~(heap->block_size-1); ++ keep_rest = 1; ++ } else { ++ segment_size = heap->block_size; ++ } ++ ++ HANDLE_BLOCK_INTERRUPTIONS(); ++ ++ if (segment_size < true_size || ++ heap->real_size + segment_size > heap->limit) { ++ /* Memory limit overflow */ ++#if ZEND_MM_CACHE ++ zend_mm_free_cache(heap); ++#endif ++ HANDLE_UNBLOCK_INTERRUPTIONS(); ++#if ZEND_DEBUG ++ zend_mm_safe_error(heap, "Allowed memory size of %ld bytes exhausted at %s:%d (tried to allocate %lu bytes)", heap->limit, __zend_filename, __zend_lineno, size); ++#else ++ zend_mm_safe_error(heap, "Allowed memory size of %ld bytes exhausted (tried to allocate %lu bytes)", heap->limit, size); ++#endif ++ } ++ ++ segment = (zend_mm_segment *) ZEND_MM_STORAGE_ALLOC(segment_size); ++ ++ if (!segment) { ++ /* Storage manager cannot allocate memory */ ++#if ZEND_MM_CACHE ++ zend_mm_free_cache(heap); ++#endif ++ HANDLE_UNBLOCK_INTERRUPTIONS(); ++out_of_memory: ++#if ZEND_DEBUG ++ zend_mm_safe_error(heap, "Out of memory (allocated %ld) at %s:%d (tried to allocate %lu bytes)", heap->real_size, __zend_filename, __zend_lineno, size); ++#else ++ zend_mm_safe_error(heap, "Out of memory (allocated %ld) (tried to allocate %lu bytes)", heap->real_size, size); ++#endif ++ return NULL; ++ } ++ ++ heap->real_size += segment_size; ++ if (heap->real_size > heap->real_peak) { ++ heap->real_peak = heap->real_size; ++ } ++ ++ segment->size = segment_size; ++ segment->next_segment = heap->segments_list; ++ heap->segments_list = segment; ++ ++ best_fit = (zend_mm_free_block_canary *) ((char *) segment + ZEND_MM_ALIGNED_SEGMENT_SIZE); ++ ZEND_MM_MARK_FIRST_BLOCK(best_fit); ++ ++ block_size = segment_size - ZEND_MM_ALIGNED_SEGMENT_SIZE - ZEND_MM_ALIGNED_HEADER_SIZE; ++ ++ ZEND_MM_LAST_BLOCK(ZEND_MM_BLOCK_AT(best_fit, block_size)); ++ ++ } else { ++zend_mm_finished_searching_for_block: ++ /* remove from free list */ ++ HANDLE_BLOCK_INTERRUPTIONS(); ++ ZEND_MM_CHECK_MAGIC(best_fit, MEM_BLOCK_FREED); ++ ZEND_MM_CHECK_COOKIE(best_fit); ++ ZEND_MM_CHECK_BLOCK_LINKAGE(best_fit); ++ zend_mm_remove_from_free_list(heap, best_fit); ++ ++ block_size = ZEND_MM_FREE_BLOCK_SIZE(best_fit); ++ } ++ ++ remaining_size = block_size - true_size; ++ ++ if (remaining_size < ZEND_MM_ALIGNED_MIN_HEADER_SIZE) { ++ true_size = block_size; ++ ZEND_MM_BLOCK(best_fit, ZEND_MM_USED_BLOCK, true_size); ++ } else { ++ zend_mm_free_block_canary *new_free_block; ++ ++ /* prepare new free block */ ++ ZEND_MM_BLOCK(best_fit, ZEND_MM_USED_BLOCK, true_size); ++ new_free_block = (zend_mm_free_block_canary *) ZEND_MM_BLOCK_AT(best_fit, true_size); ++ ZEND_MM_BLOCK(new_free_block, ZEND_MM_FREE_BLOCK, remaining_size); ++ ++ /* add the new free block to the free list */ ++ if (EXPECTED(!keep_rest)) { ++ zend_mm_add_to_free_list(heap, new_free_block); ++ } else { ++ zend_mm_add_to_rest_list(heap, new_free_block); ++ } ++ } ++ ++ ZEND_MM_SET_DEBUG_INFO(best_fit, size, 1, 1); ++ ++#if SUHOSIN_PATCH ++ SUHOSIN_MM_SET_CANARIES(best_fit); ++ ((zend_mm_block_canary*)best_fit)->info.size = size; ++ SUHOSIN_MM_SET_END_CANARY(best_fit); ++#endif ++ ++ heap->size += true_size; ++ if (heap->peak < heap->size) { ++ heap->peak = heap->size; ++ } ++ ++ HANDLE_UNBLOCK_INTERRUPTIONS(); ++ return ZEND_MM_DATA_OF(best_fit); ++} ++ ++ ++void _zend_mm_free_canary_int(zend_mm_heap_canary *heap, void *p ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC) ++{ ++ zend_mm_block_canary *mm_block; ++ zend_mm_block_canary *next_block; ++ size_t size; ++ ++ if (!ZEND_MM_VALID_PTR(p)) { ++ return; ++ } ++ ++ mm_block = ZEND_MM_HEADER_OF(p); ++ size = ZEND_MM_BLOCK_SIZE(mm_block); ++#if SUHOSIN_PATCH ++ SUHOSIN_MM_CHECK_CANARIES(mm_block, "efree()"); ++#endif ++ ZEND_MM_CHECK_PROTECTION(mm_block); ++ ++#if ZEND_DEBUG || ZEND_MM_HEAP_PROTECTION ++ memset(ZEND_MM_DATA_OF(mm_block), 0x5a, mm_block->debug.size); ++#endif ++#if SUHOSIN_PATCH ++ if (UNEXPECTED(SUHOSIN_CONFIG(SUHOSIN_MM_DESTROY_FREE_MEMORY))) { ++ memset(ZEND_MM_DATA_OF(mm_block), 0x5a, mm_block->info.size); ++ } ++#endif ++#if ZEND_MM_CACHE ++ if (EXPECTED(ZEND_MM_SMALL_SIZE(size)) && EXPECTED(heap->cached < ZEND_MM_CACHE_SIZE)) { ++ size_t index = ZEND_MM_BUCKET_INDEX(size); ++ zend_mm_free_block_canary **cache = &heap->cache[index]; ++ ++ ((zend_mm_free_block_canary*)mm_block)->prev_free_block = *cache; ++ *cache = (zend_mm_free_block_canary*)SUHOSIN_MANGLE_PTR(mm_block); ++ heap->cached += size; ++ ZEND_MM_SET_MAGIC(mm_block, MEM_BLOCK_CACHED); ++#if ZEND_MM_CACHE_STAT ++ if (++heap->cache_stat[index].count > heap->cache_stat[index].max_count) { ++ heap->cache_stat[index].max_count = heap->cache_stat[index].count; ++ } ++#endif ++ return; ++ } ++#endif ++ ++ HANDLE_BLOCK_INTERRUPTIONS(); ++ ++ heap->size -= size; ++ ++ next_block = ZEND_MM_BLOCK_AT(mm_block, size); ++ if (ZEND_MM_IS_FREE_BLOCK(next_block)) { ++ zend_mm_remove_from_free_list(heap, (zend_mm_free_block_canary *) next_block); ++ size += ZEND_MM_FREE_BLOCK_SIZE(next_block); ++ } ++ if (ZEND_MM_PREV_BLOCK_IS_FREE(mm_block)) { ++ mm_block = ZEND_MM_PREV_BLOCK(mm_block); ++ zend_mm_remove_from_free_list(heap, (zend_mm_free_block_canary *) mm_block); ++ size += ZEND_MM_FREE_BLOCK_SIZE(mm_block); ++ } ++ if (ZEND_MM_IS_FIRST_BLOCK(mm_block) && ++ ZEND_MM_IS_GUARD_BLOCK(ZEND_MM_BLOCK_AT(mm_block, size))) { ++ zend_mm_del_segment(heap, (zend_mm_segment *) ((char *)mm_block - ZEND_MM_ALIGNED_SEGMENT_SIZE)); ++ } else { ++ ZEND_MM_BLOCK(mm_block, ZEND_MM_FREE_BLOCK, size); ++ zend_mm_add_to_free_list(heap, (zend_mm_free_block_canary *) mm_block); ++ } ++ HANDLE_UNBLOCK_INTERRUPTIONS(); ++} ++ ++void *_zend_mm_realloc_canary_int(zend_mm_heap_canary *heap, void *p, size_t size ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC) ++{ ++ zend_mm_block_canary *mm_block = ZEND_MM_HEADER_OF(p); ++ zend_mm_block_canary *next_block; ++ size_t true_size; ++ size_t orig_size; ++ void *ptr; ++ ++ if (UNEXPECTED(!p) || !ZEND_MM_VALID_PTR(p)) { ++ return _zend_mm_alloc_canary_int(heap, size ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC); ++ } ++ mm_block = ZEND_MM_HEADER_OF(p); ++ true_size = ZEND_MM_TRUE_SIZE(size); ++ orig_size = ZEND_MM_BLOCK_SIZE(mm_block); ++#if SUHOSIN_PATCH ++ SUHOSIN_MM_CHECK_CANARIES(mm_block, "erealloc()"); ++#endif ++ ZEND_MM_CHECK_PROTECTION(mm_block); ++ ++ if (UNEXPECTED(true_size < size)) { ++ goto out_of_memory; ++ } ++ ++ if (true_size <= orig_size) { ++ size_t remaining_size = orig_size - true_size; ++ ++ if (remaining_size >= ZEND_MM_ALIGNED_MIN_HEADER_SIZE) { ++ zend_mm_free_block_canary *new_free_block; ++ ++ HANDLE_BLOCK_INTERRUPTIONS(); ++ next_block = ZEND_MM_BLOCK_AT(mm_block, orig_size); ++ if (ZEND_MM_IS_FREE_BLOCK(next_block)) { ++ remaining_size += ZEND_MM_FREE_BLOCK_SIZE(next_block); ++ zend_mm_remove_from_free_list(heap, (zend_mm_free_block_canary *) next_block); ++ } ++ ++ /* prepare new free block */ ++ ZEND_MM_BLOCK(mm_block, ZEND_MM_USED_BLOCK, true_size); ++ new_free_block = (zend_mm_free_block_canary *) ZEND_MM_BLOCK_AT(mm_block, true_size); ++ ++ ZEND_MM_BLOCK(new_free_block, ZEND_MM_FREE_BLOCK, remaining_size); ++ ++ /* add the new free block to the free list */ ++ zend_mm_add_to_free_list(heap, new_free_block); ++ heap->size += (true_size - orig_size); ++ HANDLE_UNBLOCK_INTERRUPTIONS(); ++ } ++ ZEND_MM_SET_DEBUG_INFO(mm_block, size, 0, 0); ++#if SUHOSIN_PATCH ++ SUHOSIN_MM_SET_CANARIES(mm_block); ++ ((zend_mm_block_canary*)mm_block)->info.size = size; ++ SUHOSIN_MM_SET_END_CANARY(mm_block); ++#endif ++ return p; ++ } ++ ++#if ZEND_MM_CACHE ++ if (ZEND_MM_SMALL_SIZE(true_size)) { ++ size_t index = ZEND_MM_BUCKET_INDEX(true_size); ++ ++ if (heap->cache[index] != NULL) { ++ zend_mm_free_block_canary *best_fit; ++ zend_mm_free_block_canary **cache; ++ ++#if ZEND_MM_CACHE_STAT ++ heap->cache_stat[index].count--; ++ heap->cache_stat[index].hit++; ++#endif ++ best_fit = SUHOSIN_MANGLE_PTR(heap->cache[index]); ++ heap->cache[index] = best_fit->prev_free_block; ++ ZEND_MM_CHECK_MAGIC(best_fit, MEM_BLOCK_CACHED); ++ ZEND_MM_SET_DEBUG_INFO(best_fit, size, 1, 0); ++#if SUHOSIN_PATCH ++ SUHOSIN_MM_SET_CANARIES(best_fit); ++ ((zend_mm_block_canary*)best_fit)->info.size = size; ++ SUHOSIN_MM_SET_END_CANARY(best_fit); ++#endif ++ ++ ptr = ZEND_MM_DATA_OF(best_fit); ++ ++#if ZEND_DEBUG || ZEND_MM_HEAP_PROTECTION ++ memcpy(ptr, p, mm_block->debug.size); ++#else ++ memcpy(ptr, p, orig_size - ZEND_MM_ALIGNED_HEADER_SIZE - CANARY_SIZE); ++#endif ++ ++ heap->cached -= true_size - orig_size; ++ ++ index = ZEND_MM_BUCKET_INDEX(orig_size); ++ cache = &heap->cache[index]; ++ ++ ((zend_mm_free_block_canary*)mm_block)->prev_free_block = *cache; ++ *cache = (zend_mm_free_block_canary*)SUHOSIN_MANGLE_PTR(mm_block); ++ ZEND_MM_SET_MAGIC(mm_block, MEM_BLOCK_CACHED); ++#if ZEND_MM_CACHE_STAT ++ if (++heap->cache_stat[index].count > heap->cache_stat[index].max_count) { ++ heap->cache_stat[index].max_count = heap->cache_stat[index].count; ++ } ++#endif ++ return ptr; ++ } ++ } ++#endif ++ ++ next_block = ZEND_MM_BLOCK_AT(mm_block, orig_size); ++ ++ if (ZEND_MM_IS_FREE_BLOCK(next_block)) { ++ ZEND_MM_CHECK_COOKIE(next_block); ++ ZEND_MM_CHECK_BLOCK_LINKAGE(next_block); ++ if (orig_size + ZEND_MM_FREE_BLOCK_SIZE(next_block) >= true_size) { ++ size_t block_size = orig_size + ZEND_MM_FREE_BLOCK_SIZE(next_block); ++ size_t remaining_size = block_size - true_size; ++ ++ HANDLE_BLOCK_INTERRUPTIONS(); ++ zend_mm_remove_from_free_list(heap, (zend_mm_free_block_canary *) next_block); ++ ++ if (remaining_size < ZEND_MM_ALIGNED_MIN_HEADER_SIZE) { ++ true_size = block_size; ++ ZEND_MM_BLOCK(mm_block, ZEND_MM_USED_BLOCK, true_size); ++ } else { ++ zend_mm_free_block_canary *new_free_block; ++ ++ /* prepare new free block */ ++ ZEND_MM_BLOCK(mm_block, ZEND_MM_USED_BLOCK, true_size); ++ new_free_block = (zend_mm_free_block_canary *) ZEND_MM_BLOCK_AT(mm_block, true_size); ++ ZEND_MM_BLOCK(new_free_block, ZEND_MM_FREE_BLOCK, remaining_size); ++ ++ /* add the new free block to the free list */ ++ if (ZEND_MM_IS_FIRST_BLOCK(mm_block) && ++ ZEND_MM_IS_GUARD_BLOCK(ZEND_MM_BLOCK_AT(new_free_block, remaining_size))) { ++ zend_mm_add_to_rest_list(heap, new_free_block); ++ } else { ++ zend_mm_add_to_free_list(heap, new_free_block); ++ } ++ } ++ ZEND_MM_SET_DEBUG_INFO(mm_block, size, 0, 0); ++ heap->size = heap->size + true_size - orig_size; ++ if (heap->peak < heap->size) { ++ heap->peak = heap->size; ++ } ++ HANDLE_UNBLOCK_INTERRUPTIONS(); ++#if SUHOSIN_PATCH ++ SUHOSIN_MM_SET_CANARIES(mm_block); ++ ((zend_mm_block_canary*)mm_block)->info.size = size; ++ SUHOSIN_MM_SET_END_CANARY(mm_block); ++#endif ++ return p; ++ } else if (ZEND_MM_IS_FIRST_BLOCK(mm_block) && ++ ZEND_MM_IS_GUARD_BLOCK(ZEND_MM_BLOCK_AT(next_block, ZEND_MM_FREE_BLOCK_SIZE(next_block)))) { ++ HANDLE_BLOCK_INTERRUPTIONS(); ++ zend_mm_remove_from_free_list(heap, (zend_mm_free_block_canary *) next_block); ++ goto realloc_segment; ++ } ++ } else if (ZEND_MM_IS_FIRST_BLOCK(mm_block) && ZEND_MM_IS_GUARD_BLOCK(next_block)) { ++ zend_mm_segment *segment; ++ zend_mm_segment *segment_copy; ++ size_t segment_size; ++ size_t block_size; ++ size_t remaining_size; ++ ++ HANDLE_BLOCK_INTERRUPTIONS(); ++realloc_segment: ++ /* segment size, size of block and size of guard block */ ++ if (true_size > heap->block_size - (ZEND_MM_ALIGNED_SEGMENT_SIZE + ZEND_MM_ALIGNED_HEADER_SIZE)) { ++ segment_size = true_size+ZEND_MM_ALIGNED_SEGMENT_SIZE+ZEND_MM_ALIGNED_HEADER_SIZE; ++ segment_size = (segment_size + (heap->block_size-1)) & ~(heap->block_size-1); ++ } else { ++ segment_size = heap->block_size; ++ } ++ ++ segment_copy = (zend_mm_segment *) ((char *)mm_block - ZEND_MM_ALIGNED_SEGMENT_SIZE); ++ if (segment_size < true_size || ++ heap->real_size + segment_size - segment_copy->size > heap->limit) { ++ if (ZEND_MM_IS_FREE_BLOCK(next_block)) { ++ zend_mm_add_to_free_list(heap, (zend_mm_free_block_canary *) next_block); ++ } ++#if ZEND_MM_CACHE ++ zend_mm_free_cache(heap); ++#endif ++ HANDLE_UNBLOCK_INTERRUPTIONS(); ++#if ZEND_DEBUG ++ zend_mm_safe_error(heap, "Allowed memory size of %ld bytes exhausted at %s:%d (tried to allocate %ld bytes)", heap->limit, __zend_filename, __zend_lineno, size); ++#else ++ zend_mm_safe_error(heap, "Allowed memory size of %ld bytes exhausted (tried to allocate %ld bytes)", heap->limit, size); ++#endif ++ return NULL; ++ } ++ ++ segment = ZEND_MM_STORAGE_REALLOC(segment_copy, segment_size); ++ if (!segment) { ++#if ZEND_MM_CACHE ++ zend_mm_free_cache(heap); ++#endif ++ HANDLE_UNBLOCK_INTERRUPTIONS(); ++out_of_memory: ++#if ZEND_DEBUG ++ zend_mm_safe_error(heap, "Out of memory (allocated %ld) at %s:%d (tried to allocate %ld bytes)", heap->real_size, __zend_filename, __zend_lineno, size); ++#else ++ zend_mm_safe_error(heap, "Out of memory (allocated %ld) (tried to allocate %ld bytes)", heap->real_size, size); ++#endif ++ return NULL; ++ } ++ heap->real_size += segment_size - segment->size; ++ if (heap->real_size > heap->real_peak) { ++ heap->real_peak = heap->real_size; ++ } ++ ++ segment->size = segment_size; ++ ++ if (segment != segment_copy) { ++ zend_mm_segment **seg = &heap->segments_list; ++ while (*seg != segment_copy) { ++ seg = &(*seg)->next_segment; ++ } ++ *seg = segment; ++ mm_block = (zend_mm_block_canary *) ((char *) segment + ZEND_MM_ALIGNED_SEGMENT_SIZE); ++ ZEND_MM_MARK_FIRST_BLOCK(mm_block); ++ } ++ ++ block_size = segment_size - ZEND_MM_ALIGNED_SEGMENT_SIZE - ZEND_MM_ALIGNED_HEADER_SIZE; ++ remaining_size = block_size - true_size; ++ ++ /* setup guard block */ ++ ZEND_MM_LAST_BLOCK(ZEND_MM_BLOCK_AT(mm_block, block_size)); ++ ++ if (remaining_size < ZEND_MM_ALIGNED_MIN_HEADER_SIZE) { ++ true_size = block_size; ++ ZEND_MM_BLOCK(mm_block, ZEND_MM_USED_BLOCK, true_size); ++ } else { ++ zend_mm_free_block_canary *new_free_block; ++ ++ /* prepare new free block */ ++ ZEND_MM_BLOCK(mm_block, ZEND_MM_USED_BLOCK, true_size); ++ new_free_block = (zend_mm_free_block_canary *) ZEND_MM_BLOCK_AT(mm_block, true_size); ++ ZEND_MM_BLOCK(new_free_block, ZEND_MM_FREE_BLOCK, remaining_size); ++ ++ /* add the new free block to the free list */ ++ zend_mm_add_to_rest_list(heap, new_free_block); ++ } ++ ++ ZEND_MM_SET_DEBUG_INFO(mm_block, size, 1, 1); ++ ++ heap->size = heap->size + true_size - orig_size; ++ if (heap->peak < heap->size) { ++ heap->peak = heap->size; ++ } ++ ++ HANDLE_UNBLOCK_INTERRUPTIONS(); ++#if SUHOSIN_PATCH ++ SUHOSIN_MM_SET_CANARIES(mm_block); ++ ((zend_mm_block_canary*)mm_block)->info.size = size; ++ SUHOSIN_MM_SET_END_CANARY(mm_block); ++#endif ++ return ZEND_MM_DATA_OF(mm_block); ++ } ++ ++ ptr = _zend_mm_alloc_canary_int(heap, size ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC); ++#if ZEND_DEBUG || ZEND_MM_HEAP_PROTECTION ++ memcpy(ptr, p, mm_block->debug.size); ++#else ++ memcpy(ptr, p, orig_size - ZEND_MM_ALIGNED_HEADER_SIZE - CANARY_SIZE); ++#endif ++ _zend_mm_free_canary_int(heap, p ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC); ++ return ptr; ++} ++ ++ZEND_API size_t _zend_mm_block_size_canary(zend_mm_heap_canary *heap, void *p ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC) ++{ ++ zend_mm_block_canary *mm_block; ++ ++ if (!ZEND_MM_VALID_PTR(p)) { ++ return 0; ++ } ++ mm_block = ZEND_MM_HEADER_OF(p); ++ ZEND_MM_CHECK_PROTECTION(mm_block); ++#if ZEND_DEBUG || ZEND_MM_HEAP_PROTECTION ++ return mm_block->debug.size; ++#else ++ return ZEND_MM_BLOCK_SIZE(mm_block); ++#endif ++} ++ ++#if defined(__GNUC__) && defined(i386) ++ ++static inline size_t safe_address(size_t nmemb, size_t size, size_t offset) ++{ ++ size_t res = nmemb; ++ unsigned long overflow = 0; ++ ++ __asm__ ("mull %3\n\taddl %4,%0\n\tadcl %1,%1" ++ : "=&a"(res), "=&d" (overflow) ++ : "%0"(res), ++ "rm"(size), ++ "rm"(offset)); ++ ++ if (UNEXPECTED(overflow)) { ++ zend_error_noreturn(E_ERROR, "Possible integer overflow in memory allocation (%zu * %zu + %zu)", nmemb, size, offset); ++ return 0; ++ } ++ return res; ++} ++ ++#elif defined(__GNUC__) && defined(__x86_64__) ++ ++static inline size_t safe_address(size_t nmemb, size_t size, size_t offset) ++{ ++ size_t res = nmemb; ++ unsigned long overflow = 0; ++ ++ __asm__ ("mulq %3\n\taddq %4,%0\n\tadcq %1,%1" ++ : "=&a"(res), "=&d" (overflow) ++ : "%0"(res), ++ "rm"(size), ++ "rm"(offset)); ++ ++ if (UNEXPECTED(overflow)) { ++ zend_error_noreturn(E_ERROR, "Possible integer overflow in memory allocation (%zu * %zu + %zu)", nmemb, size, offset); ++ return 0; ++ } ++ return res; ++} ++ ++#elif SIZEOF_SIZE_T == 4 && defined(HAVE_ZEND_LONG64) ++ ++static inline size_t safe_address(size_t nmemb, size_t size, size_t offset) ++{ ++ zend_ulong64 res = (zend_ulong64)nmemb * (zend_ulong64)size + (zend_ulong64)offset; ++ ++ if (UNEXPECTED(res > (zend_ulong64)0xFFFFFFFFL)) { ++ zend_error_noreturn(E_ERROR, "Possible integer overflow in memory allocation (%zu * %zu + %zu)", nmemb, size, offset); ++ return 0; ++ } ++ return (size_t) res; ++} ++ ++#else ++ ++static inline size_t safe_address(size_t nmemb, size_t size, size_t offset) ++{ ++ size_t res = nmemb * size + offset; ++ double _d = (double)nmemb * (double)size + (double)offset; ++ double _delta = (double)res - _d; ++ ++ if (UNEXPECTED((_d + _delta ) != _d)) { ++ zend_error_noreturn(E_ERROR, "Possible integer overflow in memory allocation (%zu * %zu + %zu)", nmemb, size, offset); ++ return 0; ++ } ++ return res; ++} ++#endif ++ ++/* ++ * Local variables: ++ * tab-width: 4 ++ * c-basic-offset: 4 ++ * indent-tabs-mode: t ++ * End: ++ */ ++ +--- /dev/null ++++ b/Zend/zend_canary.c +@@ -0,0 +1,66 @@ ++/* ++ +----------------------------------------------------------------------+ ++ | Suhosin-Patch for PHP | ++ +----------------------------------------------------------------------+ ++ | Copyright (c) 2004-2009 Stefan Esser | ++ +----------------------------------------------------------------------+ ++ | This source file is subject to version 2.02 of the PHP license, | ++ | that is bundled with this package in the file LICENSE, and is | ++ | available at through the world-wide-web at | ++ | http://www.php.net/license/2_02.txt. | ++ | If you did not receive a copy of the PHP license and are unable to | ++ | obtain it through the world-wide-web, please send a note to | ++ | license@php.net so we can mail you a copy immediately. | ++ +----------------------------------------------------------------------+ ++ | Author: Stefan Esser | ++ +----------------------------------------------------------------------+ ++ */ ++/* $Id: zend_canary.c,v 1.1 2004/11/26 12:45:41 ionic Exp $ */ ++ ++#include "zend.h" ++ ++#include ++#include ++ ++ ++#if SUHOSIN_PATCH ++ ++static size_t last_canary = 0x73625123; ++ ++/* will be replaced later with more compatible method */ ++ZEND_API void zend_canary(void *buf, int len) ++{ ++ time_t t; ++ size_t canary; ++ int fd; ++ ++#ifndef PHP_WIN32 ++ fd = open("/dev/urandom", 0); ++ if (fd != -1) { ++ int r = read(fd, buf, len); ++ close(fd); ++ if (r == len) { ++ return; ++ } ++ } ++#endif ++ /* not good but we never want to do this */ ++ time(&t); ++ canary = *(unsigned int *)&t + getpid() << 16 + last_canary; ++ last_canary ^= (canary << 5) | (canary >> (32-5)); ++ /* When we ensure full win32 compatibility in next version ++ we will replace this with the random number code from zend_alloc.c */ ++ memcpy(buf, &canary, len); ++} ++ ++#endif ++ ++ ++/* ++ * Local variables: ++ * tab-width: 4 ++ * c-basic-offset: 4 ++ * End: ++ * vim600: sw=4 ts=4 fdm=marker ++ * vim<600: sw=4 ts=4 ++ */ +--- a/Zend/zend_compile.c ++++ b/Zend/zend_compile.c +@@ -141,6 +141,11 @@ static void zend_destroy_property_info_i + } + /* }}} */ + ++#if SUHOSIN_PATCH ++void *suhosin_zend_destroy_property_info_internal = zend_destroy_property_info_internal; ++void *suhosin_zend_destroy_property_info = zend_destroy_property_info; ++#endif ++ + static void build_runtime_defined_function_key(zval *result, const char *name, int name_length TSRMLS_DC) /* {{{ */ + { + char char_pos_buf[32]; +--- a/Zend/zend_compile.h ++++ b/Zend/zend_compile.h +@@ -685,6 +685,11 @@ ZEND_API zend_bool zend_is_auto_global(c + ZEND_API zend_bool zend_is_auto_global_quick(const char *name, uint name_len, ulong hashval TSRMLS_DC); + ZEND_API size_t zend_dirname(char *path, size_t len); + ++#if SUHOSIN_PATCH ++extern void *suhosin_zend_destroy_property_info_internal; ++extern void *suhosin_zend_destroy_property_info; ++#endif ++ + int zendlex(znode *zendlval TSRMLS_DC); + + int zend_add_literal(zend_op_array *op_array, const zval *zv TSRMLS_DC); +--- a/Zend/zend_constants.c ++++ b/Zend/zend_constants.c +@@ -117,6 +117,76 @@ void zend_register_standard_constants(TS + + REGISTER_MAIN_LONG_CONSTANT("DEBUG_BACKTRACE_PROVIDE_OBJECT", DEBUG_BACKTRACE_PROVIDE_OBJECT, CONST_PERSISTENT | CONST_CS); + REGISTER_MAIN_LONG_CONSTANT("DEBUG_BACKTRACE_IGNORE_ARGS", DEBUG_BACKTRACE_IGNORE_ARGS, CONST_PERSISTENT | CONST_CS); ++#if SUHOSIN_PATCH ++ REGISTER_MAIN_LONG_CONSTANT("S_MEMORY", S_MEMORY, CONST_PERSISTENT | CONST_CS); ++ REGISTER_MAIN_LONG_CONSTANT("S_VARS", S_VARS, CONST_PERSISTENT | CONST_CS); ++ REGISTER_MAIN_LONG_CONSTANT("S_FILES", S_FILES, CONST_PERSISTENT | CONST_CS); ++ REGISTER_MAIN_LONG_CONSTANT("S_INCLUDE", S_INCLUDE, CONST_PERSISTENT | CONST_CS); ++ REGISTER_MAIN_LONG_CONSTANT("S_SQL", S_SQL, CONST_PERSISTENT | CONST_CS); ++ REGISTER_MAIN_LONG_CONSTANT("S_EXECUTOR", S_EXECUTOR, CONST_PERSISTENT | CONST_CS); ++ REGISTER_MAIN_LONG_CONSTANT("S_MAIL", S_MAIL, CONST_PERSISTENT | CONST_CS); ++ REGISTER_MAIN_LONG_CONSTANT("S_SESSION", S_SESSION, CONST_PERSISTENT | CONST_CS); ++ REGISTER_MAIN_LONG_CONSTANT("S_MISC", S_MISC, CONST_PERSISTENT | CONST_CS); ++ REGISTER_MAIN_LONG_CONSTANT("S_INTERNAL", S_INTERNAL, CONST_PERSISTENT | CONST_CS); ++ REGISTER_MAIN_LONG_CONSTANT("S_ALL", S_ALL, CONST_PERSISTENT | CONST_CS); ++ ++ /* error levels */ ++ REGISTER_MAIN_LONG_CONSTANT("LOG_EMERG", LOG_EMERG, CONST_CS | CONST_PERSISTENT); /* system unusable */ ++ REGISTER_MAIN_LONG_CONSTANT("LOG_ALERT", LOG_ALERT, CONST_CS | CONST_PERSISTENT); /* immediate action required */ ++ REGISTER_MAIN_LONG_CONSTANT("LOG_CRIT", LOG_CRIT, CONST_CS | CONST_PERSISTENT); /* critical conditions */ ++ REGISTER_MAIN_LONG_CONSTANT("LOG_ERR", LOG_ERR, CONST_CS | CONST_PERSISTENT); ++ REGISTER_MAIN_LONG_CONSTANT("LOG_WARNING", LOG_WARNING, CONST_CS | CONST_PERSISTENT); ++ REGISTER_MAIN_LONG_CONSTANT("LOG_NOTICE", LOG_NOTICE, CONST_CS | CONST_PERSISTENT); ++ REGISTER_MAIN_LONG_CONSTANT("LOG_INFO", LOG_INFO, CONST_CS | CONST_PERSISTENT); ++ REGISTER_MAIN_LONG_CONSTANT("LOG_DEBUG", LOG_DEBUG, CONST_CS | CONST_PERSISTENT); ++ /* facility: type of program logging the message */ ++ REGISTER_MAIN_LONG_CONSTANT("LOG_KERN", LOG_KERN, CONST_CS | CONST_PERSISTENT); ++ REGISTER_MAIN_LONG_CONSTANT("LOG_USER", LOG_USER, CONST_CS | CONST_PERSISTENT); /* generic user level */ ++ REGISTER_MAIN_LONG_CONSTANT("LOG_MAIL", LOG_MAIL, CONST_CS | CONST_PERSISTENT); /* log to email */ ++ REGISTER_MAIN_LONG_CONSTANT("LOG_DAEMON", LOG_DAEMON, CONST_CS | CONST_PERSISTENT); /* other system daemons */ ++ REGISTER_MAIN_LONG_CONSTANT("LOG_AUTH", LOG_AUTH, CONST_CS | CONST_PERSISTENT); ++ REGISTER_MAIN_LONG_CONSTANT("LOG_SYSLOG", LOG_SYSLOG, CONST_CS | CONST_PERSISTENT); ++ REGISTER_MAIN_LONG_CONSTANT("LOG_LPR", LOG_LPR, CONST_CS | CONST_PERSISTENT); ++#ifdef LOG_NEWS ++ /* No LOG_NEWS on HP-UX */ ++ REGISTER_MAIN_LONG_CONSTANT("LOG_NEWS", LOG_NEWS, CONST_CS | CONST_PERSISTENT); /* usenet new */ ++#endif ++#ifdef LOG_UUCP ++ /* No LOG_UUCP on HP-UX */ ++ REGISTER_MAIN_LONG_CONSTANT("LOG_UUCP", LOG_UUCP, CONST_CS | CONST_PERSISTENT); ++#endif ++#ifdef LOG_CRON ++ /* apparently some systems don't have this one */ ++ REGISTER_MAIN_LONG_CONSTANT("LOG_CRON", LOG_CRON, CONST_CS | CONST_PERSISTENT); ++#endif ++#ifdef LOG_AUTHPRIV ++ /* AIX doesn't have LOG_AUTHPRIV */ ++ REGISTER_MAIN_LONG_CONSTANT("LOG_AUTHPRIV", LOG_AUTHPRIV, CONST_CS | CONST_PERSISTENT); ++#endif ++#ifndef PHP_WIN32 ++ REGISTER_MAIN_LONG_CONSTANT("LOG_LOCAL0", LOG_LOCAL0, CONST_CS | CONST_PERSISTENT); ++ REGISTER_MAIN_LONG_CONSTANT("LOG_LOCAL1", LOG_LOCAL1, CONST_CS | CONST_PERSISTENT); ++ REGISTER_MAIN_LONG_CONSTANT("LOG_LOCAL2", LOG_LOCAL2, CONST_CS | CONST_PERSISTENT); ++ REGISTER_MAIN_LONG_CONSTANT("LOG_LOCAL3", LOG_LOCAL3, CONST_CS | CONST_PERSISTENT); ++ REGISTER_MAIN_LONG_CONSTANT("LOG_LOCAL4", LOG_LOCAL4, CONST_CS | CONST_PERSISTENT); ++ REGISTER_MAIN_LONG_CONSTANT("LOG_LOCAL5", LOG_LOCAL5, CONST_CS | CONST_PERSISTENT); ++ REGISTER_MAIN_LONG_CONSTANT("LOG_LOCAL6", LOG_LOCAL6, CONST_CS | CONST_PERSISTENT); ++ REGISTER_MAIN_LONG_CONSTANT("LOG_LOCAL7", LOG_LOCAL7, CONST_CS | CONST_PERSISTENT); ++#endif ++ /* options */ ++ REGISTER_MAIN_LONG_CONSTANT("LOG_PID", LOG_PID, CONST_CS | CONST_PERSISTENT); ++ REGISTER_MAIN_LONG_CONSTANT("LOG_CONS", LOG_CONS, CONST_CS | CONST_PERSISTENT); ++ REGISTER_MAIN_LONG_CONSTANT("LOG_ODELAY", LOG_ODELAY, CONST_CS | CONST_PERSISTENT); ++ REGISTER_MAIN_LONG_CONSTANT("LOG_NDELAY", LOG_NDELAY, CONST_CS | CONST_PERSISTENT); ++#ifdef LOG_NOWAIT ++ REGISTER_MAIN_LONG_CONSTANT("LOG_NOWAIT", LOG_NOWAIT, CONST_CS | CONST_PERSISTENT); ++#endif ++#ifdef LOG_PERROR ++ /* AIX doesn't have LOG_PERROR */ ++ REGISTER_MAIN_LONG_CONSTANT("LOG_PERROR", LOG_PERROR, CONST_CS | CONST_PERSISTENT); /*log to stderr*/ ++#endif ++#endif ++ + /* true/false constants */ + { + zend_constant c; +--- a/Zend/zend_errors.h ++++ b/Zend/zend_errors.h +@@ -41,6 +41,20 @@ + #define E_ALL (E_ERROR | E_WARNING | E_PARSE | E_NOTICE | E_CORE_ERROR | E_CORE_WARNING | E_COMPILE_ERROR | E_COMPILE_WARNING | E_USER_ERROR | E_USER_WARNING | E_USER_NOTICE | E_RECOVERABLE_ERROR | E_DEPRECATED | E_USER_DEPRECATED | E_STRICT) + #define E_CORE (E_CORE_ERROR | E_CORE_WARNING) + ++#if SUHOSIN_PATCH ++#define S_MEMORY (1<<0L) ++#define S_MISC (1<<1L) ++#define S_VARS (1<<2L) ++#define S_FILES (1<<3L) ++#define S_INCLUDE (1<<4L) ++#define S_SQL (1<<5L) ++#define S_EXECUTOR (1<<6L) ++#define S_MAIL (1<<7L) ++#define S_SESSION (1<<8L) ++#define S_INTERNAL (1<<29L) ++#define S_ALL (S_MEMORY | S_VARS | S_INCLUDE | S_FILES | S_MAIL | S_SESSION | S_MISC | S_SQL | S_EXECUTOR) ++#endif ++ + #endif /* ZEND_ERRORS_H */ + + /* +--- a/Zend/zend_hash.c ++++ b/Zend/zend_hash.c +@@ -21,6 +21,7 @@ + + #include "zend.h" + #include "zend_globals.h" ++#include "zend_compile.h" + + #define CONNECT_TO_BUCKET_DLLIST(element, list_head) \ + (element)->pNext = (list_head); \ +@@ -103,6 +104,199 @@ ZEND_API ulong zend_hash_func(const char + return zend_inline_hash_func(arKey, nKeyLength); + } + ++#if SUHOSIN_PATCH ++#ifdef ZTS ++static MUTEX_T zend_hash_dprot_mx_reader; ++static MUTEX_T zend_hash_dprot_mx_writer; ++static unsigned int zend_hash_dprot_reader; ++#endif ++static unsigned int zend_hash_dprot_counter; ++static unsigned int zend_hash_dprot_curmax; ++static dtor_func_t *zend_hash_dprot_table = NULL; ++ ++static void zend_hash_dprot_begin_read() ++{ ++#ifdef ZTS ++ tsrm_mutex_lock(zend_hash_dprot_mx_reader); ++ if ((++(zend_hash_dprot_reader)) == 1) { ++ tsrm_mutex_lock(zend_hash_dprot_mx_writer); ++ } ++ tsrm_mutex_unlock(zend_hash_dprot_mx_reader); ++#endif ++} ++ ++static void zend_hash_dprot_end_read() ++{ ++#ifdef ZTS ++ tsrm_mutex_lock(zend_hash_dprot_mx_reader); ++ if ((--(zend_hash_dprot_reader)) == 0) { ++ tsrm_mutex_unlock(zend_hash_dprot_mx_writer); ++ } ++ tsrm_mutex_unlock(zend_hash_dprot_mx_reader); ++#endif ++} ++ ++static void zend_hash_dprot_begin_write() ++{ ++#ifdef ZTS ++ tsrm_mutex_lock(zend_hash_dprot_mx_writer); ++#endif ++} ++ ++static void zend_hash_dprot_end_write() ++{ ++#ifdef ZTS ++ tsrm_mutex_unlock(zend_hash_dprot_mx_writer); ++#endif ++} ++ ++/*ZEND_API void zend_hash_dprot_dtor() ++{ ++#ifdef ZTS ++ tsrm_mutex_free(zend_hash_dprot_mx_reader); ++ tsrm_mutex_free(zend_hash_dprot_mx_writer); ++#endif ++ free(zend_hash_dprot_table); ++}*/ ++ ++static void zend_hash_add_destructor(dtor_func_t pDestructor) ++{ ++ int left, right, mid; ++ zend_bool found = 0; ++ unsigned long value; ++ ++ if (pDestructor == NULL || pDestructor == ZVAL_PTR_DTOR || pDestructor == ZVAL_INTERNAL_PTR_DTOR ++ || pDestructor == ZEND_FUNCTION_DTOR || pDestructor == ZEND_CLASS_DTOR) { ++ return; ++ } ++ ++ if (zend_hash_dprot_table == NULL) { ++#ifdef ZTS ++ zend_hash_dprot_mx_reader = tsrm_mutex_alloc(); ++ zend_hash_dprot_mx_writer = tsrm_mutex_alloc(); ++ zend_hash_dprot_reader = 0; ++#endif ++ zend_hash_dprot_counter = 0; ++ zend_hash_dprot_curmax = 256; ++ zend_hash_dprot_table = (dtor_func_t *) malloc(256 * sizeof(dtor_func_t)); ++ } ++ ++ zend_hash_dprot_begin_write(); ++ ++ if (zend_hash_dprot_counter == 0) { ++ zend_hash_dprot_counter++; ++ zend_hash_dprot_table[0] = pDestructor; ++ } else { ++ value = (unsigned long) pDestructor; ++ left = 0; ++ right = zend_hash_dprot_counter-1; ++ mid = 0; ++ ++ while (left < right) { ++ mid = (right - left) >> 1; ++ mid += left; ++ if ((unsigned long)zend_hash_dprot_table[mid] == value) { ++ found = 1; ++ break; ++ } ++ if (value < (unsigned long)zend_hash_dprot_table[mid]) { ++ right = mid-1; ++ } else { ++ left = mid+1; ++ } ++ } ++ if ((unsigned long)zend_hash_dprot_table[left] == value) { ++ found = 1; ++ } ++ ++ if (!found) { ++ ++ if (zend_hash_dprot_counter >= zend_hash_dprot_curmax) { ++ zend_hash_dprot_curmax += 256; ++ zend_hash_dprot_table = (dtor_func_t *) realloc(zend_hash_dprot_table, zend_hash_dprot_curmax * sizeof(dtor_func_t)); ++ } ++ ++ if ((unsigned long)zend_hash_dprot_table[left] < value) { ++ memmove(zend_hash_dprot_table+left+2, zend_hash_dprot_table+left+1, (zend_hash_dprot_counter-left-1)*sizeof(dtor_func_t)); ++ zend_hash_dprot_table[left+1] = pDestructor; ++ } else { ++ memmove(zend_hash_dprot_table+left+1, zend_hash_dprot_table+left, (zend_hash_dprot_counter-left)*sizeof(dtor_func_t)); ++ zend_hash_dprot_table[left] = pDestructor; ++ } ++ ++ zend_hash_dprot_counter++; ++ } ++ } ++ ++ zend_hash_dprot_end_write(); ++} ++ ++static void zend_hash_check_destructor(dtor_func_t pDestructor) ++{ ++ unsigned long value; ++ ++ if (pDestructor == NULL || pDestructor == ZVAL_PTR_DTOR || pDestructor == ZVAL_INTERNAL_PTR_DTOR ++#ifdef ZEND_ENGINE_2 ++ || pDestructor == suhosin_zend_destroy_property_info_internal || pDestructor == suhosin_zend_destroy_property_info ++#endif ++ || pDestructor == ZEND_FUNCTION_DTOR || pDestructor == ZEND_CLASS_DTOR) { ++ return; ++ } ++ ++ zend_hash_dprot_begin_read(); ++ ++ if (zend_hash_dprot_counter > 0) { ++ int left, right, mid; ++ zend_bool found = 0; ++ ++ value = (unsigned long) pDestructor; ++ left = 0; ++ right = zend_hash_dprot_counter-1; ++ ++ while (left < right) { ++ mid = (right - left) >> 1; ++ mid += left; ++ if ((unsigned long)zend_hash_dprot_table[mid] == value) { ++ found = 1; ++ break; ++ } ++ if (value < (unsigned long)zend_hash_dprot_table[mid]) { ++ right = mid-1; ++ } else { ++ left = mid+1; ++ } ++ } ++ if ((unsigned long)zend_hash_dprot_table[left] == value) { ++ found = 1; ++ } ++ ++ if (!found) { ++ zend_hash_dprot_end_read(); ++ ++ zend_suhosin_log(S_MEMORY, "possible memory corruption detected - unknown Hashtable destructor"); ++ if (SUHOSIN_CONFIG(SUHOSIN_HT_IGNORE_INVALID_DESTRUCTOR) == 0) { ++ _exit(1); ++ } ++ return; ++ } ++ ++ } else { ++ zend_hash_dprot_end_read(); ++ ++ zend_suhosin_log(S_MEMORY, "possible memory corruption detected - unknown Hashtable destructor"); ++ if (SUHOSIN_CONFIG(SUHOSIN_HT_IGNORE_INVALID_DESTRUCTOR) == 0) { ++ _exit(1); ++ } ++ return; ++ } ++ ++ zend_hash_dprot_end_read(); ++} ++ ++#else ++#define zend_hash_add_destructor(pDestructor) do {} while(0) ++#define zend_hash_check_destructor(pDestructor) do {} while(0) ++#endif + + #define UPDATE_DATA(ht, p, pData, nDataSize) \ + if (nDataSize == sizeof(void*)) { \ +@@ -163,6 +357,7 @@ ZEND_API int _zend_hash_init(HashTable * + + ht->nTableMask = 0; /* 0 means that ht->arBuckets is uninitialized */ + ht->pDestructor = pDestructor; ++ zend_hash_add_destructor(pDestructor); + ht->arBuckets = (Bucket**)&uninitialized_bucket; + ht->pListHead = NULL; + ht->pListTail = NULL; +@@ -230,6 +425,7 @@ ZEND_API int _zend_hash_add_or_update(Ha + return FAILURE; + } + #endif ++ zend_hash_check_destructor(ht->pDestructor); + if (ht->pDestructor) { + ht->pDestructor(p->pData); + } +@@ -307,6 +503,7 @@ ZEND_API int _zend_hash_quick_add_or_upd + return FAILURE; + } + #endif ++ zend_hash_check_destructor(ht->pDestructor); + if (ht->pDestructor) { + ht->pDestructor(p->pData); + } +@@ -394,6 +591,7 @@ ZEND_API int _zend_hash_index_update_or_ + return FAILURE; + } + #endif ++ zend_hash_check_destructor(ht->pDestructor); + if (ht->pDestructor) { + ht->pDestructor(p->pData); + } +@@ -527,6 +725,7 @@ ZEND_API int zend_hash_del_key_or_index( + if (ht->pInternalPointer == p) { + ht->pInternalPointer = p->pListNext; + } ++ zend_hash_check_destructor(ht->pDestructor); + if (ht->pDestructor) { + ht->pDestructor(p->pData); + } +@@ -553,6 +752,7 @@ ZEND_API void zend_hash_destroy(HashTabl + SET_INCONSISTENT(HT_IS_DESTROYING); + + p = ht->pListHead; ++ zend_hash_check_destructor(ht->pDestructor); + while (p != NULL) { + q = p; + p = p->pListNext; +@@ -646,6 +846,7 @@ static Bucket *zend_hash_apply_deleter(H + ht->nNumOfElements--; + HANDLE_UNBLOCK_INTERRUPTIONS(); + ++ zend_hash_check_destructor(ht->pDestructor); + if (ht->pDestructor) { + ht->pDestructor(p->pData); + } +@@ -666,6 +867,7 @@ ZEND_API void zend_hash_graceful_destroy + IS_CONSISTENT(ht); + + p = ht->pListHead; ++ zend_hash_check_destructor(ht->pDestructor); + while (p != NULL) { + p = zend_hash_apply_deleter(ht, p); + } +--- a/Zend/zend_llist.c ++++ b/Zend/zend_llist.c +@@ -23,6 +23,194 @@ + #include "zend_llist.h" + #include "zend_qsort.h" + ++#if SUHOSIN_PATCH ++#ifdef ZTS ++static MUTEX_T zend_llist_dprot_mx_reader; ++static MUTEX_T zend_llist_dprot_mx_writer; ++static unsigned int zend_llist_dprot_reader; ++#endif ++static unsigned int zend_llist_dprot_counter; ++static unsigned int zend_llist_dprot_curmax; ++static llist_dtor_func_t *zend_llist_dprot_table = NULL; ++ ++static void zend_llist_dprot_begin_read() ++{ ++#ifdef ZTS ++ tsrm_mutex_lock(zend_llist_dprot_mx_reader); ++ if ((++(zend_llist_dprot_reader)) == 1) { ++ tsrm_mutex_lock(zend_llist_dprot_mx_writer); ++ } ++ tsrm_mutex_unlock(zend_llist_dprot_mx_reader); ++#endif ++} ++ ++static void zend_llist_dprot_end_read() ++{ ++#ifdef ZTS ++ tsrm_mutex_lock(zend_llist_dprot_mx_reader); ++ if ((--(zend_llist_dprot_reader)) == 0) { ++ tsrm_mutex_unlock(zend_llist_dprot_mx_writer); ++ } ++ tsrm_mutex_unlock(zend_llist_dprot_mx_reader); ++#endif ++} ++ ++static void zend_llist_dprot_begin_write() ++{ ++#ifdef ZTS ++ tsrm_mutex_lock(zend_llist_dprot_mx_writer); ++#endif ++} ++ ++static void zend_llist_dprot_end_write() ++{ ++#ifdef ZTS ++ tsrm_mutex_unlock(zend_llist_dprot_mx_writer); ++#endif ++} ++ ++/*ZEND_API void zend_llist_dprot_dtor() ++{ ++#ifdef ZTS ++ tsrm_mutex_free(zend_llist_dprot_mx_reader); ++ tsrm_mutex_free(zend_llist_dprot_mx_writer); ++#endif ++ free(zend_llist_dprot_table); ++}*/ ++ ++static void zend_llist_add_destructor(llist_dtor_func_t pDestructor) ++{ ++ int left, right, mid; ++ zend_bool found = 0; ++ unsigned long value; ++ ++ if (pDestructor == NULL || pDestructor == ZVAL_PTR_DTOR) { ++ return; ++ } ++ ++ if (zend_llist_dprot_table == NULL) { ++#ifdef ZTS ++ zend_llist_dprot_mx_reader = tsrm_mutex_alloc(); ++ zend_llist_dprot_mx_writer = tsrm_mutex_alloc(); ++ zend_llist_dprot_reader = 0; ++#endif ++ zend_llist_dprot_counter = 0; ++ zend_llist_dprot_curmax = 256; ++ zend_llist_dprot_table = (llist_dtor_func_t *) malloc(256 * sizeof(llist_dtor_func_t)); ++ } ++ ++ zend_llist_dprot_begin_write(); ++ ++ if (zend_llist_dprot_counter == 0) { ++ zend_llist_dprot_counter++; ++ zend_llist_dprot_table[0] = pDestructor; ++ } else { ++ value = (unsigned long) pDestructor; ++ left = 0; ++ right = zend_llist_dprot_counter-1; ++ mid = 0; ++ ++ while (left < right) { ++ mid = (right - left) >> 1; ++ mid += left; ++ if ((unsigned long)zend_llist_dprot_table[mid] == value) { ++ found = 1; ++ break; ++ } ++ if (value < (unsigned long)zend_llist_dprot_table[mid]) { ++ right = mid-1; ++ } else { ++ left = mid+1; ++ } ++ } ++ if ((unsigned long)zend_llist_dprot_table[left] == value) { ++ found = 1; ++ } ++ ++ if (!found) { ++ ++ if (zend_llist_dprot_counter >= zend_llist_dprot_curmax) { ++ zend_llist_dprot_curmax += 256; ++ zend_llist_dprot_table = (llist_dtor_func_t *) realloc(zend_llist_dprot_table, zend_llist_dprot_curmax * sizeof(llist_dtor_func_t)); ++ } ++ ++ if ((unsigned long)zend_llist_dprot_table[left] < value) { ++ memmove(zend_llist_dprot_table+left+2, zend_llist_dprot_table+left+1, (zend_llist_dprot_counter-left-1)*sizeof(llist_dtor_func_t)); ++ zend_llist_dprot_table[left+1] = pDestructor; ++ } else { ++ memmove(zend_llist_dprot_table+left+1, zend_llist_dprot_table+left, (zend_llist_dprot_counter-left)*sizeof(llist_dtor_func_t)); ++ zend_llist_dprot_table[left] = pDestructor; ++ } ++ ++ zend_llist_dprot_counter++; ++ } ++ } ++ ++ zend_llist_dprot_end_write(); ++} ++ ++static void zend_llist_check_destructor(llist_dtor_func_t pDestructor) ++{ ++ unsigned long value; ++ ++ if (pDestructor == NULL || pDestructor == ZVAL_PTR_DTOR) { ++ return; ++ } ++ ++ zend_llist_dprot_begin_read(); ++ ++ if (zend_llist_dprot_counter > 0) { ++ int left, right, mid; ++ zend_bool found = 0; ++ ++ value = (unsigned long) pDestructor; ++ left = 0; ++ right = zend_llist_dprot_counter-1; ++ ++ while (left < right) { ++ mid = (right - left) >> 1; ++ mid += left; ++ if ((unsigned long)zend_llist_dprot_table[mid] == value) { ++ found = 1; ++ break; ++ } ++ if (value < (unsigned long)zend_llist_dprot_table[mid]) { ++ right = mid-1; ++ } else { ++ left = mid+1; ++ } ++ } ++ if ((unsigned long)zend_llist_dprot_table[left] == value) { ++ found = 1; ++ } ++ ++ if (!found) { ++ zend_llist_dprot_end_read(); ++ ++ zend_suhosin_log(S_MEMORY, "possible memory corruption detected - unknown llist destructor"); ++ if (SUHOSIN_CONFIG(SUHOSIN_LL_IGNORE_INVALID_DESTRUCTOR) == 0) { ++ _exit(1); ++ } ++ return; ++ } ++ ++ } else { ++ zend_llist_dprot_end_read(); ++ ++ zend_suhosin_log(S_MEMORY, "possible memory corruption detected - unknown llist destructor"); ++ if (SUHOSIN_CONFIG(SUHOSIN_LL_IGNORE_INVALID_DESTRUCTOR) == 0) { ++ _exit(1); ++ } ++ return; ++ } ++ ++ zend_llist_dprot_end_read(); ++} ++#else ++#define zend_llist_add_destructor(pDestructor) do {} while(0) ++#define zend_llist_check_destructor(pDestructor) do {} while(0) ++#endif ++ + ZEND_API void zend_llist_init(zend_llist *l, size_t size, llist_dtor_func_t dtor, unsigned char persistent) + { + l->head = NULL; +@@ -30,6 +218,7 @@ ZEND_API void zend_llist_init(zend_llist + l->count = 0; + l->size = size; + l->dtor = dtor; ++ zend_llist_add_destructor(dtor); + l->persistent = persistent; + } + +@@ -81,6 +270,7 @@ ZEND_API void zend_llist_prepend_element + } else {\ + (l)->tail = (current)->prev;\ + }\ ++ zend_llist_check_destructor((l)->dtor); \ + if ((l)->dtor) {\ + (l)->dtor((current)->data);\ + }\ +@@ -108,6 +298,7 @@ ZEND_API void zend_llist_destroy(zend_ll + { + zend_llist_element *current=l->head, *next; + ++ zend_llist_check_destructor(l->dtor); + while (current) { + next = current->next; + if (l->dtor) { +@@ -133,6 +324,7 @@ ZEND_API void *zend_llist_remove_tail(ze + zend_llist_element *old_tail; + void *data; + ++ zend_llist_check_destructor((l)->dtor); + if ((old_tail = l->tail)) { + if (old_tail->prev) { + old_tail->prev->next = NULL; +--- a/Zend/zend_operators.c ++++ b/Zend/zend_operators.c +@@ -150,9 +150,14 @@ ZEND_API void convert_scalar_to_number(z + case IS_STRING: + { + char *strval; ++ int strl; + + strval = Z_STRVAL_P(op); +- if ((Z_TYPE_P(op)=is_numeric_string(strval, Z_STRLEN_P(op), &Z_LVAL_P(op), &Z_DVAL_P(op), 1)) == 0) { ++ strl = Z_STRLEN_P(op); ++#if SUHOSIN_PATCH ++ Z_STRLEN_P(op) = 0; ++#endif ++ if ((Z_TYPE_P(op)=is_numeric_string(strval, strl, &Z_LVAL_P(op), &Z_DVAL_P(op), 1)) == 0) { + ZVAL_LONG(op, 0); + } + STR_FREE(strval); +@@ -184,7 +189,8 @@ ZEND_API void convert_scalar_to_number(z + } else { \ + switch (Z_TYPE_P(op)) { \ + case IS_STRING: \ +- { \ ++ { \ ++ Z_STRLEN(holder) = 0; \ + if ((Z_TYPE(holder)=is_numeric_string(Z_STRVAL_P(op), Z_STRLEN_P(op), &Z_LVAL(holder), &Z_DVAL(holder), 1)) == 0) { \ + ZVAL_LONG(&(holder), 0); \ + } \ +@@ -226,6 +232,7 @@ ZEND_API void convert_scalar_to_number(z + Z_LVAL(holder) = zend_dval_to_lval(Z_DVAL_P(op)); \ + break; \ + case IS_STRING: \ ++ Z_STRLEN(holder) = 0; \ + Z_LVAL(holder) = strtol(Z_STRVAL_P(op), NULL, 10); \ + break; \ + case IS_ARRAY: \ +@@ -268,6 +275,7 @@ ZEND_API void convert_scalar_to_number(z + Z_LVAL(holder) = (Z_DVAL_P(op) ? 1 : 0); \ + break; \ + case IS_STRING: \ ++ Z_STRLEN(holder) = 0; \ + if (Z_STRLEN_P(op) == 0 \ + || (Z_STRLEN_P(op)==1 && Z_STRVAL_P(op)[0]=='0')) { \ + Z_LVAL(holder) = 0; \ +@@ -353,6 +361,9 @@ ZEND_API void convert_to_long_base(zval + { + char *strval = Z_STRVAL_P(op); + ++#if SUHOSIN_PATCH ++ Z_STRLEN_P(op) = 0; ++#endif + Z_LVAL_P(op) = strtol(strval, NULL, base); + STR_FREE(strval); + } +@@ -413,6 +424,9 @@ ZEND_API void convert_to_double(zval *op + { + char *strval = Z_STRVAL_P(op); + ++#if SUHOSIN_PATCH ++ Z_STRLEN_P(op) = 0; ++#endif + Z_DVAL_P(op) = zend_strtod(strval, NULL); + STR_FREE(strval); + } +@@ -499,8 +513,14 @@ ZEND_API void convert_to_boolean(zval *o + + if (Z_STRLEN_P(op) == 0 + || (Z_STRLEN_P(op)==1 && Z_STRVAL_P(op)[0]=='0')) { ++#if SUHOSIN_PATCH ++ Z_STRLEN_P(op) = 0; ++#endif + Z_LVAL_P(op) = 0; + } else { ++#if SUHOSIN_PATCH ++ Z_STRLEN_P(op) = 0; ++#endif + Z_LVAL_P(op) = 1; + } + STR_FREE(strval); +@@ -614,6 +634,9 @@ static void convert_scalar_to_array(zval + *entry = *op; + INIT_PZVAL(entry); + ++#if SUHOSIN_PATCH ++ Z_STRLEN_P(op) = 0; ++#endif + switch (type) { + case IS_ARRAY: + ALLOC_HASHTABLE(Z_ARRVAL_P(op)); +--- a/Zend/zend_variables.c ++++ b/Zend/zend_variables.c +@@ -34,6 +34,9 @@ ZEND_API void _zval_dtor_func(zval *zval + case IS_CONSTANT: + CHECK_ZVAL_STRING_REL(zvalue); + STR_FREE_REL(zvalue->value.str.val); ++#if SUHOSIN_PATCH ++ zvalue->value.str.len = 0; ++#endif + break; + case IS_ARRAY: + case IS_CONSTANT_ARRAY: { +@@ -78,6 +81,9 @@ ZEND_API void _zval_internal_dtor(zval * + case IS_CONSTANT: + CHECK_ZVAL_STRING_REL(zvalue); + str_free(zvalue->value.str.val); ++#if SUHOSIN_PATCH ++ zvalue->value.str.len = 0; ++#endif + break; + case IS_ARRAY: + case IS_CONSTANT_ARRAY: +--- a/configure.in ++++ b/configure.in +@@ -359,6 +359,7 @@ case $host_alias in + ;; + esac + ++sinclude(main/suhosin_patch.m4) + + dnl Include Zend and TSRM configurations. + dnl ------------------------------------------------------------------------- +@@ -1440,7 +1441,7 @@ PHP_ADD_SOURCES(main, main.c snprintf.c + php_ini.c SAPI.c rfc1867.c php_content_types.c strlcpy.c \ + strlcat.c mergesort.c reentrancy.c php_variables.c php_ticks.c \ + network.c php_open_temporary_file.c php_logos.c \ +- output.c getopt.c) ++ output.c getopt.c suhosin_patch.c ) + + PHP_ADD_SOURCES(main/streams, streams.c cast.c memory.c filter.c \ + plain_wrapper.c userspace.c transports.c xp_socket.c mmap.c \ +@@ -1468,7 +1469,7 @@ PHP_ADD_SOURCES(Zend, \ + zend_list.c zend_indent.c zend_builtin_functions.c zend_sprintf.c \ + zend_ini.c zend_qsort.c zend_multibyte.c zend_ts_hash.c zend_stream.c \ + zend_iterators.c zend_interfaces.c zend_exceptions.c zend_strtod.c zend_gc.c \ +- zend_closures.c zend_float.c zend_string.c zend_signal.c) ++ zend_closures.c zend_float.c zend_string.c zend_signal.c zend_canary.c zend_alloc_canary.c ) + + if test -r "$abs_srcdir/Zend/zend_objects.c"; then + PHP_ADD_SOURCES(Zend, zend_objects.c zend_object_handlers.c zend_objects_API.c zend_default_classes.c) +--- a/ext/standard/dl.c ++++ b/ext/standard/dl.c +@@ -246,6 +246,23 @@ PHPAPI int php_load_extension(char *file + return FAILURE; + } + } ++ ++#if SUHOSIN_PATCH ++ if (strncmp("suhosin", module_entry->name, sizeof("suhosin")-1) == 0) { ++ void *log_func; ++ /* sucessfully loaded suhosin extension, now check for logging function replacement */ ++ log_func = (void *) DL_FETCH_SYMBOL(handle, "suhosin_log"); ++ if (log_func == NULL) { ++ log_func = (void *) DL_FETCH_SYMBOL(handle, "_suhosin_log"); ++ } ++ if (log_func != NULL) { ++ zend_suhosin_log = log_func; ++ } else { ++ zend_suhosin_log(S_MISC, "could not replace logging function"); ++ } ++ } ++#endif ++ + return SUCCESS; + } + /* }}} */ +--- a/ext/standard/info.c ++++ b/ext/standard/info.c +@@ -785,6 +785,33 @@ PHPAPI void php_print_info(int flag TSRM + + php_info_print_table_end(); + ++ /* Suhosin Patch */ ++ php_info_print_box_start(0); ++ if (expose_php && !sapi_module.phpinfo_as_text) { ++ PUTS("\"Suhosin\n"); ++ } ++ PUTS("This server is protected with the Suhosin Patch "); ++ if (sapi_module.phpinfo_as_text) { ++ PUTS(SUHOSIN_PATCH_VERSION); ++ } else { ++ zend_html_puts(SUHOSIN_PATCH_VERSION, strlen(SUHOSIN_PATCH_VERSION) TSRMLS_CC); ++ } ++ PUTS(!sapi_module.phpinfo_as_text?"
":"\n"); ++ if (sapi_module.phpinfo_as_text) { ++ PUTS("Copyright (c) 2006-2007 Hardened-PHP Project\n"); ++ PUTS("Copyright (c) 2007-2009 SektionEins GmbH\n"); ++ } else { ++ PUTS("Copyright (c) 2006-2007 Hardened-PHP Project\n"); ++ PUTS("Copyright (c) 2007-2009 SektionEins GmbH\n"); ++ } ++ php_info_print_box_end(); ++ + /* Zend Engine */ + php_info_print_box_start(0); + if (expose_php && !sapi_module.phpinfo_as_text) { +--- a/ext/standard/syslog.c ++++ b/ext/standard/syslog.c +@@ -40,6 +40,7 @@ + */ + PHP_MINIT_FUNCTION(syslog) + { ++#if !SUHOSIN_PATCH + /* error levels */ + REGISTER_LONG_CONSTANT("LOG_EMERG", LOG_EMERG, CONST_CS | CONST_PERSISTENT); /* system unusable */ + REGISTER_LONG_CONSTANT("LOG_ALERT", LOG_ALERT, CONST_CS | CONST_PERSISTENT); /* immediate action required */ +@@ -95,6 +96,7 @@ PHP_MINIT_FUNCTION(syslog) + /* AIX doesn't have LOG_PERROR */ + REGISTER_LONG_CONSTANT("LOG_PERROR", LOG_PERROR, CONST_CS | CONST_PERSISTENT); /*log to stderr*/ + #endif ++#endif + BG(syslog_device)=NULL; + + return SUCCESS; +--- a/main/fopen_wrappers.c ++++ b/main/fopen_wrappers.c +@@ -84,13 +84,8 @@ or a tightening during activation/runtim + PHPAPI ZEND_INI_MH(OnUpdateBaseDir) + { + char **p, *pathbuf, *ptr, *end; +-#ifndef ZTS +- char *base = (char *) mh_arg2; +-#else +- char *base = (char *) ts_resource(*((int *) mh_arg2)); +-#endif + +- p = (char **) (base + (size_t) mh_arg1); ++ p = &PG(open_basedir); + + if (stage == PHP_INI_STAGE_STARTUP || stage == PHP_INI_STAGE_SHUTDOWN || stage == PHP_INI_STAGE_ACTIVATE || stage == PHP_INI_STAGE_DEACTIVATE) { + /* We're in a PHP_INI_SYSTEM context, no restrictions */ +--- a/main/main.c ++++ b/main/main.c +@@ -92,6 +92,9 @@ + + #include "SAPI.h" + #include "rfc1867.h" ++#if SUHOSIN_PATCH ++#include "suhosin_globals.h" ++#endif + + #if HAVE_MMAP + # if HAVE_UNISTD_H +@@ -473,7 +476,7 @@ PHP_INI_BEGIN() + STD_PHP_INI_ENTRY("extension_dir", PHP_EXTENSION_DIR, PHP_INI_SYSTEM, OnUpdateStringUnempty, extension_dir, php_core_globals, core_globals) + STD_PHP_INI_ENTRY("include_path", PHP_INCLUDE_PATH, PHP_INI_ALL, OnUpdateStringUnempty, include_path, php_core_globals, core_globals) + PHP_INI_ENTRY("max_execution_time", "30", PHP_INI_ALL, OnUpdateTimeout) +- STD_PHP_INI_ENTRY("open_basedir", NULL, PHP_INI_ALL, OnUpdateBaseDir, open_basedir, php_core_globals, core_globals) ++ PHP_INI_ENTRY("open_basedir", NULL, PHP_INI_ALL, OnUpdateBaseDir) + + STD_PHP_INI_BOOLEAN("file_uploads", "1", PHP_INI_SYSTEM, OnUpdateBool, file_uploads, php_core_globals, core_globals) + STD_PHP_INI_ENTRY("upload_max_filesize", "2M", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateLong, upload_max_filesize, php_core_globals, core_globals) +@@ -1884,6 +1887,10 @@ void dummy_invalid_parameter_handler( + } + #endif + ++#if SUHOSIN_PATCH ++PHPAPI void suhosin_startup(); ++#endif ++ + /* {{{ php_module_startup + */ + int php_module_startup(sapi_module_struct *sf, zend_module_entry *additional_modules, uint num_additional_modules) +@@ -1927,6 +1934,10 @@ int php_module_startup(sapi_module_struc + php_win32_init_rng_lock(); + #endif + ++#if SUHOSIN_PATCH ++ suhosin_startup(); ++#endif ++ + module_shutdown = 0; + module_startup = 1; + sapi_initialize_empty_request(TSRMLS_C); +@@ -2051,7 +2062,11 @@ int php_module_startup(sapi_module_struc + REGISTER_MAIN_STRINGL_CONSTANT("PHP_CONFIG_FILE_SCAN_DIR", PHP_CONFIG_FILE_SCAN_DIR, sizeof(PHP_CONFIG_FILE_SCAN_DIR)-1, CONST_PERSISTENT | CONST_CS); + REGISTER_MAIN_STRINGL_CONSTANT("PHP_SHLIB_SUFFIX", PHP_SHLIB_SUFFIX, sizeof(PHP_SHLIB_SUFFIX)-1, CONST_PERSISTENT | CONST_CS); + REGISTER_MAIN_STRINGL_CONSTANT("PHP_EOL", PHP_EOL, sizeof(PHP_EOL)-1, CONST_PERSISTENT | CONST_CS); +- REGISTER_MAIN_LONG_CONSTANT("PHP_MAXPATHLEN", MAXPATHLEN, CONST_PERSISTENT | CONST_CS); ++#if SUHOSIN_PATCH ++ REGISTER_MAIN_LONG_CONSTANT("SUHOSIN_PATCH", 1, CONST_PERSISTENT | CONST_CS); ++ REGISTER_MAIN_STRINGL_CONSTANT("SUHOSIN_PATCH_VERSION", SUHOSIN_PATCH_VERSION, sizeof(SUHOSIN_PATCH_VERSION)-1, CONST_PERSISTENT | CONST_CS); ++#endif ++ REGISTER_MAIN_LONG_CONSTANT("PHP_MAXPATHLEN", MAXPATHLEN, CONST_PERSISTENT | CONST_CS); + REGISTER_MAIN_LONG_CONSTANT("PHP_INT_MAX", LONG_MAX, CONST_PERSISTENT | CONST_CS); + REGISTER_MAIN_LONG_CONSTANT("PHP_INT_SIZE", sizeof(long), CONST_PERSISTENT | CONST_CS); + +--- a/main/php.h ++++ b/main/php.h +@@ -453,6 +453,10 @@ END_EXTERN_C() + #endif + #endif /* !XtOffsetOf */ + ++#if SUHOSIN_PATCH ++#include "suhosin_patch.h" ++#endif ++ + #endif + + /* +--- a/main/php_logos.c ++++ b/main/php_logos.c +@@ -50,6 +50,10 @@ PHPAPI int php_unregister_info_logo(char + return zend_hash_del(&phpinfo_logo_hash, logo_string, strlen(logo_string)); + } + ++#if SUHOSIN_PATCH ++#include "suhosin_logo.h" ++#endif ++ + int php_init_info_logos(void) + { + if(zend_hash_init(&phpinfo_logo_hash, 0, NULL, NULL, 1)==FAILURE) +@@ -58,7 +62,9 @@ int php_init_info_logos(void) + php_register_info_logo(PHP_LOGO_GUID , "image/gif", php_logo , sizeof(php_logo)); + php_register_info_logo(PHP_EGG_LOGO_GUID, "image/gif", php_egg_logo, sizeof(php_egg_logo)); + php_register_info_logo(ZEND_LOGO_GUID , "image/gif", zend_logo , sizeof(zend_logo)); +- ++#if SUHOSIN_PATCH ++ php_register_info_logo(SUHOSIN_LOGO_GUID, "image/jpeg", suhosin_logo , sizeof(suhosin_logo)); ++#endif + return SUCCESS; + } + +--- a/main/snprintf.c ++++ b/main/snprintf.c +@@ -782,6 +782,10 @@ static int format_converter(register buf + */ + switch (*fmt) { + case 'Z': ++#if SUHOSIN_PATCH ++ zend_suhosin_log(S_MISC, "'Z' specifier within format string"); ++ goto skip_output; ++#else + zvp = (zval*) va_arg(ap, zval*); + zend_make_printable_zval(zvp, &zcopy, &free_zcopy); + if (free_zcopy) { +@@ -792,6 +796,7 @@ static int format_converter(register buf + if (adjust_precision && precision < s_len) { + s_len = precision; + } ++#endif + break; + case 'u': + switch(modifier) { +@@ -1093,7 +1098,11 @@ static int format_converter(register buf + + + case 'n': ++#if SUHOSIN_PATCH ++ zend_suhosin_log(S_MISC, "'n' specifier within format string"); ++#else + *(va_arg(ap, int *)) = cc; ++#endif + goto skip_output; + + /* +--- a/main/spprintf.c ++++ b/main/spprintf.c +@@ -390,6 +390,10 @@ static void xbuf_format_converter(smart_ + */ + switch (*fmt) { + case 'Z': ++#if SUHOSIN_PATCH ++ zend_suhosin_log(S_MISC, "'Z' specifier within format string"); ++ goto skip_output; ++#else + zvp = (zval*) va_arg(ap, zval*); + zend_make_printable_zval(zvp, &zcopy, &free_zcopy); + if (free_zcopy) { +@@ -400,6 +404,7 @@ static void xbuf_format_converter(smart_ + if (adjust_precision && precision < s_len) { + s_len = precision; + } ++#endif + break; + case 'u': + switch(modifier) { +@@ -700,7 +705,11 @@ static void xbuf_format_converter(smart_ + + + case 'n': ++#if SUHOSIN_PATCH ++ zend_suhosin_log(S_MISC, "'n' specifier within format string"); ++#else + *(va_arg(ap, int *)) = xbuf->len; ++#endif + goto skip_output; + + /* +--- /dev/null ++++ b/main/suhosin_globals.h +@@ -0,0 +1,61 @@ ++/* ++ +----------------------------------------------------------------------+ ++ | Suhosin-Patch for PHP | ++ +----------------------------------------------------------------------+ ++ | Copyright (c) 2004-2009 Stefan Esser | ++ +----------------------------------------------------------------------+ ++ | This source file is subject to version 2.02 of the PHP license, | ++ | that is bundled with this package in the file LICENSE, and is | ++ | available at through the world-wide-web at | ++ | http://www.php.net/license/2_02.txt. | ++ | If you did not receive a copy of the PHP license and are unable to | ++ | obtain it through the world-wide-web, please send a note to | ++ | license@php.net so we can mail you a copy immediately. | ++ +----------------------------------------------------------------------+ ++ | Author: Stefan Esser | ++ +----------------------------------------------------------------------+ ++ */ ++ ++#ifndef SUHOSIN_GLOBALS_H ++#define SUHOSIN_GLOBALS_H ++ ++typedef struct _suhosin_patch_globals suhosin_patch_globals_struct; ++ ++#ifdef ZTS ++# define SPG(v) TSRMG(suhosin_patch_globals_id, suhosin_patch_globals_struct *, v) ++extern int suhosin_patch_globals_id; ++#else ++# define SPG(v) (suhosin_patch_globals.v) ++extern struct _suhosin_patch_globals suhosin_patch_globals; ++#endif ++ ++ ++struct _suhosin_patch_globals { ++ /* logging */ ++ int log_syslog; ++ int log_syslog_facility; ++ int log_syslog_priority; ++ int log_sapi; ++ int log_script; ++ int log_phpscript; ++ char *log_scriptname; ++ char *log_phpscriptname; ++ zend_bool log_phpscript_is_safe; ++ zend_bool log_use_x_forwarded_for; ++ ++ /* memory manager canary protection */ ++ unsigned int canary_1; ++ unsigned int canary_2; ++ unsigned int canary_3; ++ unsigned int dummy; ++}; ++ ++ ++#endif /* SUHOSIN_GLOBALS_H */ ++ ++/* ++ * Local variables: ++ * tab-width: 4 ++ * c-basic-offset: 4 ++ * End: ++ */ +--- /dev/null ++++ b/main/suhosin_logo.h +@@ -0,0 +1,178 @@ ++static unsigned char suhosin_logo[] = ++ "\xff\xd8\xff\xe0\x00\x10\x4a\x46\x49\x46\x00\x01\x01\x01\x00\x48" ++ "\x00\x48\x00\x00\xff\xe1\x00\x16\x45\x78\x69\x66\x00\x00\x4d\x4d" ++ "\x00\x2a\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\xff\xdb\x00\x43" ++ "\x00\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01" ++ "\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01" ++ "\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01" ++ "\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01" ++ "\x01\xff\xc0\x00\x0b\x08\x00\x27\x00\x71\x01\x01\x22\x00\xff\xc4" ++ "\x00\x1e\x00\x00\x02\x02\x02\x03\x01\x01\x00\x00\x00\x00\x00\x00" ++ "\x00\x00\x00\x00\x09\x06\x08\x05\x07\x02\x03\x0a\x01\x04\xff\xc4" ++ "\x00\x32\x10\x00\x01\x04\x03\x00\x02\x00\x05\x01\x05\x09\x01\x00" ++ "\x00\x00\x00\x05\x02\x03\x04\x06\x01\x07\x08\x00\x09\x11\x12\x13" ++ "\x14\x21\x15\x0a\x16\x31\x56\x96\x17\x18\x19\x23\x32\x41\x58\x98" ++ "\xd4\xd6\xff\xda\x00\x08\x01\x01\x00\x00\x3f\x00\xf4\xc1\xe1\xe5" ++ "\x69\xe9\x3e\xb9\xd1\x7c\x8a\x2e\x9d\x66\xe8\x3b\x29\x4d\x7f\x46" ++ "\xba\x58\x55\x54\x8d\xb1\x5f\xaa\xd9\x8d\x51\x2b\xb6\x27\x5a\x69" ++ "\xd1\x43\xaf\x16\x1a\xf0\xb2\xb1\xe9\x6d\x9f\xc2\xa4\x36\x18\xb5" ++ "\x85\x10\x41\xbe\xfc\x09\xac\x49\x29\x11\xd4\x32\x97\xec\x08\x13" ++ "\xc1\x2d\x20\xc3\x59\xeb\x26\x05\xd8\x6b\x76\x31\x43\x8f\x57\xcf" ++ "\x84\x9f\x14\xa8\x53\x81\x0b\xc3\x64\x80\xa3\x02\x0a\x41\x75\xf8" ++ "\x44\x85\x93\x81\x22\x3c\xd8\x13\xe1\xbe\xf4\x59\x91\x1f\x6a\x44" ++ "\x77\x5c\x69\xc4\x2f\x39\x5f\x0f\x2a\x8d\xeb\xba\xf8\xc3\x56\x6c" ++ "\x3b\x36\xa7\xda\xbd\x4d\xa1\xb5\x4e\xc6\xa7\xa4\x3a\xec\x15\x2d" ++ "\xa5\xb3\xea\x5a\xdc\xac\x46\xac\x01\x60\xd8\x43\xc8\x8e\x8b\xb1" ++ "\x40\x4c\x95\x8b\x34\x41\x28\x52\x91\x28\x43\xd3\xa3\xb6\xa7\x55" ++ "\x15\xe7\x5a\x96\xcb\xf1\xda\xe5\x55\xee\xfe\x1e\xbd\xd9\x41\xd3" ++ "\x28\xfd\x97\xca\x57\x2b\x85\x9c\xa4\x30\x95\xaa\xa5\x57\xa2\x35" ++ "\x15\x86\xcb\x61\x34\x41\xe4\xc7\x80\x20\x18\x21\x17\x09\x85\x0b" ++ "\x14\x9d\x21\x68\x62\x1c\x08\x11\x64\x4b\x92\xf2\xd2\xd3\x2d\x2d" ++ "\x6a\xc2\x73\x6b\x3c\x3c\x8b\x9e\xbc\x52\xaa\xa4\xab\x81\x6c\xf6" ++ "\xfa\xbd\x70\xc5\xc6\x7b\xc2\xaa\x22\x4f\x58\x04\x87\x25\x6a\x27" ++ "\x1d\xa4\x3d\x20\x75\x72\x01\x09\x71\xe5\x1c\x9e\xc3\x2e\x36\xf3" ++ "\xd0\xc6\x35\x2a\x43\x4d\x2d\x0e\x2d\xb4\xa1\x49\xce\x65\x1e\x52" ++ "\x9e\xa1\xf6\x09\xcc\xdc\x63\x66\xa8\x01\xe9\x3b\x0d\xd7\x5a\x85" ++ "\xbb\xc5\x65\xc0\x7b\x2e\x46\xa9\xd9\x56\x1d\x4c\x92\x72\x26\x4e" ++ "\x86\xd5\x68\xae\xc4\xaa\x55\xce\xd7\x83\x59\xb3\x81\xee\xce\x74" ++ "\x39\x39\x31\x9f\x8a\x25\xe8\xa5\xa5\xe5\x81\xf2\x11\x23\xcb\xa1" ++ "\x1e\x43\x12\xe3\xb1\x2a\x2b\xcd\xc8\x8d\x25\x96\xa4\x47\x7d\x95" ++ "\xa5\xc6\x9f\x61\xe4\x25\xc6\x5e\x69\xc4\xe7\x29\x5b\x6e\xb6\xa4" ++ "\xad\x0b\x4e\x72\x95\x25\x58\x56\x33\x9c\x67\xce\xef\x0f\x17\xbf" ++ "\x4c\x7b\x2d\xe6\xfe\x76\x35\x27\x5a\x07\x97\x67\xe8\xae\x8d\x71" ++ "\x0f\xb2\x13\x99\xb9\xbc\x14\xad\xb3\xb7\xe6\x11\x6f\xe0\xda\x58" ++ "\xb1\x08\xac\xa6\x6c\x2d\x7f\x05\xb7\x56\xd2\xe6\xcf\xbb\x4d\x0c" ++ "\xe3\x50\xb2\xec\x91\xf0\x4a\xb8\xd6\x22\xb8\xa7\xf6\x67\xaf\xcf" ++ "\x63\x7e\xd7\xe7\x42\xd8\xbd\xc3\x71\xa1\xf2\x7e\x9b\xa8\x97\x83" ++ "\x6e\xd1\xdc\x4b\x06\x11\x2d\xae\x26\x61\x98\x72\x10\xf4\x42\x5d" ++ "\x20\x4a\xa3\x73\xd7\xf2\xcd\x3c\x48\x32\xe4\x03\x9f\x80\x37\x08" ++ "\x36\x11\xd0\xcb\x97\x6c\x08\xed\x6d\x33\x24\xa2\x1b\xb4\x77\xdf" ++ "\x61\x5d\x5f\xc1\x43\xc2\x82\xeb\x0f\x5d\x84\x08\x68\xaa\xa4\x01" ++ "\xe1\x19\xdf\xbc\x31\x65\xfe\xd1\xf5\x7d\x7a\xb2\x2a\x33\x50\x21" ++ "\x2a\x56\x9d\xb1\x81\xab\xdb\x35\x78\x30\x83\xd9\x89\x1d\x31\xac" ++ "\x96\x14\x07\x61\xbc\x20\x68\x42\x85\x33\x19\xac\xbe\xdb\x34\x56" ++ "\xf1\xd5\xfd\x29\xa9\x28\xdb\xcb\x4c\x5a\x23\xdc\xf5\x96\xc5\x10" ++ "\xa3\x35\x5b\x14\x68\xd3\x61\x62\x64\x76\x26\xcb\x17\x3e\x34\x98" ++ "\x04\xa3\xc4\x20\x38\x90\x92\xe3\xc8\x07\x2c\x36\x74\x66\x26\x0e" ++ "\x29\x02\x64\x29\x2d\x21\xe6\x16\x9c\x6b\xce\xa3\x89\xd9\x4f\xd3" ++ "\xc4\xbd\xc5\x87\x79\x9c\x65\xf6\x39\x45\x60\xe8\xce\x9e\xab\x6d" ++ "\x13\x15\x22\xe1\x5e\x4b\x38\x42\xc4\x1e\xd5\x76\xe0\xc5\xeb\x85" ++ "\x07\x2d\x0f\xb8\xb6\xa6\xd6\x6d\x71\x0d\xa2\x43\x4c\x25\xea\xfa" ++ "\xa1\xae\x4c\xe4\x7d\xbd\x76\xa9\xfb\x06\xc2\x83\x42\xeb\xad\xe7" ++ "\xe9\x5f\x68\x6f\xba\xfb\x2f\x07\xce\xb8\x13\xc1\x9b\xeb\xb0\x76" ++ "\x45\x57\x28\x7b\xea\xbe\x0f\xf4\x30\x7b\xa0\xed\xe4\x22\x93\x21" ++ "\xfc\xbc\xe0\xb9\x75\xc1\x4f\xfc\xef\xb6\xfa\xa1\xfc\x64\xa1\x4a" ++ "\x82\xc7\x33\xad\x75\xed\x82\xbd\x3d\xdb\xf7\xa8\xbe\x5e\xbb\x36" ++ "\x62\x04\x9a\x2e\xc5\xd9\x9e\x9c\x3a\x0b\x98\x0b\x57\xac\xf1\x24" ++ "\x62\x58\x83\x15\x5b\xa6\xf2\xda\x34\x70\x03\xce\x0f\x93\x1b\x12" ++ "\xc7\xce\x54\x87\x33\x15\xd6\x53\x25\x1f\x2a\x90\x87\x12\xe3\x78" ++ "\xef\x55\x77\x4d\x4a\xd8\x7e\xef\xd2\xfd\xd1\xaf\x3a\xaf\x55\xdb" ++ "\x6a\x2d\x3d\x42\xac\x51\x79\xee\x91\xab\xe1\x05\x2d\x3c\x80\xa2" ++ "\x43\xad\x22\x2e\xd5\x33\x13\xa4\x9e\x00\xe0\x04\x10\x84\xc8\xf2" ++ "\x19\x30\x92\x1f\xaa\xc3\x28\xc9\x76\x30\x3f\xe9\x10\x61\x5e\x79" ++ "\xd5\xf7\xdf\xd0\x54\xdb\xae\xb6\xae\xfa\xe8\xa3\x57\xe0\x6c\x2d" ++ "\xf7\xbd\x49\xd6\x6e\x76\x79\xcc\x54\x0c\x5f\xff\x00\xbb\x06\x98" ++ "\xa6\x9e\x89\x61\xb4\x6f\xc3\xe3\x6a\xc2\x4f\x59\x03\xc9\x80\x2c" ++ "\x59\x24\x44\x70\x38\xd5\x96\x6a\x9e\x8b\x81\x64\xe5\xbc\xa0\x3c" ++ "\x33\xaf\x17\x9d\xff\x00\x71\x1a\xd1\x3a\x80\x66\xb3\xd9\x31\x77" ++ "\x0d\x12\xbd\xae\x29\xb5\x6a\xd6\xcf\x8d\x68\x87\x75\xcd\xe8\x65" ++ "\x5a\xbe\x3c\x04\x7b\x34\xdb\x54\x19\xa4\x63\x9c\x2a\x5d\x23\xbe" ++ "\xf4\xb1\x1c\x4d\x90\xec\x92\x2f\x49\x71\xf7\x14\xf2\x97\x9f\x15" ++ "\x57\xed\x13\x21\x2a\xf5\x33\xd1\x2a\x52\x52\xac\xb7\x62\xd1\xcb" ++ "\x46\x73\x8c\x67\x28\x56\x77\x86\xbf\x6f\x2a\x4e\x73\xfe\x95\x65" ++ "\x0b\x5a\x3e\x38\xfc\xfc\xaa\x56\x3f\x86\x73\xe3\xb9\x4a\x52\x84" ++ "\xa5\x08\x4e\x12\x94\x27\x09\x4a\x53\x8c\x61\x29\x4a\x71\xf0\x4a" ++ "\x53\x8c\x7e\x31\x8c\x63\x18\xc6\x31\x8f\xc6\x31\xf8\xc7\x9f\x7c" ++ "\xd5\xbb\xae\x5e\xe2\x1f\xab\x6e\x24\x34\x00\x8a\x25\x83\x70\x40" ++ "\x1c\xcc\xda\x45\x7f\x66\x4e\x30\x2e\x94\x7e\x74\x49\xf0\xe4\x4e" ++ "\x06\x5c\xa8\x2f\x89\x21\x2e\x98\x0e\xd9\x21\xc2\x0b\x21\x0f\xc4" ++ "\x16\x6e\x48\xd9\xe4\xe3\x4a\x19\x1e\x64\x67\x54\xff\x00\x3a\x6d" ++ "\x4f\x62\xb5\x00\x4a\xaa\x51\xfd\x2d\xe8\x0e\x6c\xaf\xc6\x7d\x6d" ++ "\xc8\x88\xc7\x67\xea\x8a\x58\x02\x73\xe3\x65\x4d\xc9\x24\xc0\x3d" ++ "\x57\xa3\x2e\x53\x16\x99\x4f\xe5\xe7\x19\x97\x3e\x3b\xcf\xc9\x4b" ++ "\x99\x7f\x33\x25\xa5\xdf\xba\x77\x2b\xd3\x3e\xc2\x7b\x8b\x94\x07" ++ "\xe9\x52\x5b\x43\x87\x34\x14\x86\x37\xcf\x41\x6b\x8e\x6a\xa5\x22" ++ "\xab\xdb\x96\xa2\xcf\x46\xd8\x9b\x45\x93\xef\xd6\xdf\x3e\x99\x9c" ++ "\x7e\x29\x10\x6b\x6c\xa2\xb8\x43\x05\x09\x44\x70\x8c\xb8\xaa\x54" ++ "\x7c\x30\x36\x5e\x1c\x5e\x5b\x9f\x6c\x0d\x81\xee\xa0\x93\x8d\x67" ++ "\x55\xf3\x87\xaf\xaa\x6b\x58\xf9\xbe\xb2\x36\x07\x42\x6e\xbd\x96" ++ "\xe3\x9f\x1f\x8f\xc9\xf4\x9d\xae\x6a\x7d\x4c\x96\xbe\x5f\xc7\xcd" ++ "\xf3\xb2\xf7\xcd\xf0\xcf\xc3\xe4\xf8\xfe\x37\x4f\x1c\x4d\xf6\x40" ++ "\xf1\x6b\x7c\x4e\xe0\xa6\x71\xad\x56\xa7\x1c\x5c\x15\x6b\xfc\xf3" ++ "\x01\x5d\xac\xf1\x75\x9a\x72\x6b\xaa\x28\xc5\x88\x6d\xfb\x33\x85" ++ "\xe0\x4e\x61\xab\xeb\x31\x2c\x71\x08\x73\x11\x3b\xfc\xb5\xc0\x96" ++ "\xcc\x87\x24\x44\xb5\x9b\x9e\xb3\x71\xba\xe9\xed\xb1\x4e\xd7\x76" ++ "\x6c\xd2\xb6\x05\xb7\x5a\xde\xeb\x34\x5b\x96\x16\xfb\x59\xa9\x5c" ++ "\x4f\x55\xca\x8a\xac\x59\xb0\xe4\x54\x39\x25\xbc\x81\x37\x2a\x09" ++ "\x5f\x9e\x3b\x6b\x7d\x1f\x69\xf3\x34\x85\x39\x84\xa7\x28\x0b\xd3" ++ "\xfd\xfb\x4b\x7a\xea\xe7\xd2\x3c\xd3\xda\x15\x68\xbc\x73\xd3\x22" ++ "\x6f\xd7\x72\x5b\x2b\x66\xee\xa8\x0d\x54\xe8\x5b\xf9\x92\x96\x92" ++ "\x93\xea\x97\x4a\xc7\x43\x10\x46\x35\xc5\xc0\x60\x8a\xe4\xc1\xb5" ++ "\x36\xc6\xae\xed\xf7\x70\xa5\x86\x99\x3d\x91\xf8\xfd\x4e\x53\xeb" ++ "\xbb\xbd\x6d\xec\x8f\xd7\x89\x3d\x31\x7f\xd7\x78\xba\x50\xbb\x74" ++ "\x9d\xf6\xac\x4e\xb9\x03\x9c\x79\xd5\xe1\xbd\x17\x68\xd9\x13\x0b" ++ "\x45\x75\x88\x00\x1d\x1f\xae\x73\x6a\x1d\x5c\x6e\x44\x9f\xa6\xfa" ++ "\x4e\xd8\x25\x8b\xc0\xbc\xb2\x99\xe3\x17\x24\xb3\x23\xe2\x48\x8b" ++ "\xfa\x22\xe7\x7e\x8f\xe6\x3f\x5f\x55\x0d\x75\xd3\x51\x0b\xd7\xed" ++ "\xd3\x6f\x97\x3b\x85\x42\x80\x7e\x5f\xdc\x1b\xd6\xba\xee\xc4\x80" ++ "\xce\x06\xa9\x15\x8c\x97\x5f\x40\x69\xb2\x4d\xc5\xb2\x5c\x1e\x01" ++ "\x87\x7e\xe0\x36\x6d\x78\x80\x4e\x3c\x02\xec\x90\x1d\x11\x81\x74" ++ "\xa5\x8b\xa4\xa0\x56\x06\xd5\x79\x72\x85\x57\x3b\xb2\x2e\xae\x90" ++ "\x18\x8d\x91\xb2\x0e\x44\x19\xaa\xb4\xcc\x08\xed\x46\xfa\xd7\x2b" ++ "\x78\x58\x72\x5d\xbb\x5e\x49\xe7\xee\xf3\x8a\x9d\x22\xa4\x19\xc8" ++ "\xe7\x08\xc3\x90\x9b\x35\x9a\xa4\x25\x8c\x4b\x9b\xa7\xf8\xbf\x81" ++ "\xf5\xdf\x22\x66\xf1\x7e\x9f\x66\x3d\xbb\xfa\x73\x73\x4d\xfd\x67" ++ "\x7b\xf4\xce\xc3\x62\x2e\x6f\xbb\x0c\xa2\xdc\x69\xfc\x8a\x17\x0e" ++ "\x3a\x9e\x83\x46\xd7\xe3\x5e\x65\x86\xc0\x51\x00\xbb\x91\xe3\xe1" ++ "\xc1\x16\xc4\xe9\x65\x5c\x14\x3e\x44\x6a\x6b\xd1\x1e\xb0\x36\xdd" ++ "\x0b\x7d\x8a\xeb\xaf\x58\x5b\x64\x3f\x38\xed\x52\x76\xe8\x46\xf7" ++ "\x86\x84\xb3\x93\xb1\x0b\xe5\xfd\xfd\x0d\xe9\x6d\xe4\xf1\x1b\x1d" ++ "\x56\xb4\x34\xe4\x6a\xf5\xa4\x9c\x2c\xc9\x64\x94\xc1\xf5\x79\x6d" ++ "\x12\x96\xf3\x47\xc5\x48\xa8\xdb\xd8\x95\x64\x29\xcf\xf6\x88\xf1" ++ "\x95\x7a\x98\xe8\xbc\x27\x19\xce\x73\x61\xd1\xb8\xc6\x31\x8c\xe7" ++ "\x39\xce\x77\x9e\xbc\xc6\x31\x8c\x63\xf3\x9c\xe7\x39\xc6\x31\x8f" ++ "\xf7\xce\x7e\x1e\x3b\x7f\x0f\x0f\x0f\x13\x57\xb9\x0a\xe1\x0b\x64" ++ "\x5f\x58\x40\xc6\xc7\x7a\x4b\xf2\x3d\xbc\x71\xf4\xa7\xd2\xca\x14" ++ "\xe2\x98\x1a\x30\x1e\xe0\x26\x5a\x6a\xf0\x9c\x67\x38\x66\x00\xb8" ++ "\x72\xe6\xbe\xac\xfe\x12\xd3\x0b\x56\x73\x8c\x63\xc7\x2b\xe1\xe2" ++ "\xe8\xdd\x7b\xff\x00\xd8\xe5\x23\x6c\xce\xa8\x69\xcf\x5e\x3a\xef" ++ "\x77\xea\xe5\xab\x0e\x82\xdb\xd9\xed\x7a\x9e\xb8\x6d\x51\x32\xdb" ++ "\x79\xc3\x36\x9a\x2d\xa3\x50\x39\x65\x0a\x63\x0e\xe5\xd4\x39\x12" ++ "\xbf\x8b\x98\xa4\xa1\x2d\xad\xb3\xcf\x65\x6a\x43\x78\xb3\x3b\x07" ++ "\xd8\xd5\xea\xae\x76\xad\x6f\xf5\xff\x00\xca\x93\xab\x96\xb0\x64" ++ "\xeb\xd6\x4a\xd5\x87\xba\xec\x24\x60\x97\x06\x76\x03\xe3\x4c\x07" ++ "\x29\x11\x8e\x34\x25\x02\x64\x29\xf0\x25\x48\x85\x3a\x33\x8b\x7a" ++ "\x3c\x86\x1e\x75\xa5\x61\xc6\x97\x9f\x8d\x25\xf5\xc9\xcd\xde\xc9" ++ "\x7d\x77\xf2\xc8\x7e\x70\xaf\x73\x5f\x2d\xec\xa2\x51\x2d\x96\xfb" ++ "\x89\xad\x80\x57\xb2\x36\x1d\x7d\x83\x45\xac\xf3\xdb\xcc\x6c\x31" ++ "\x4f\xcf\x30\x58\xd0\x12\x28\x90\x50\x42\x86\xfb\x48\x16\x3c\xc5" ++ "\x9c\xf8\xe7\xcc\x29\x88\xb3\x4a\x4b\x4e\x6c\xbc\xdb\xc7\xbb\xe9" ++ "\xb6\xa0\x8b\x11\xa1\x7d\x73\xd7\xe9\xbf\x7e\xc2\x6c\x10\x8d\xee" ++ "\x9d\xef\x63\x3a\xe0\xf5\xbe\x8c\x3e\xa1\xc7\xc5\xd1\x00\x44\x1e" ++ "\xf3\x51\xf2\xe2\xb0\xe3\xb5\x13\x7f\x32\xf1\x8c\xa6\x22\xfe\x1f" ++ "\x49\x4d\xbb\xcf\x3a\x5d\xed\x4c\xd2\xfc\x85\xed\x23\xd6\xc7\x50" ++ "\xb6\x5b\x3a\x16\x83\xb8\x6f\xfd\x32\x3f\xaa\x36\x34\xbb\xf5\x96" ++ "\xa9\xab\xcf\x9f\x8f\xac\xc3\xca\xd5\x8b\xd8\x48\x9e\x79\xaa\x30" ++ "\x87\xca\x58\x4d\x59\x96\xb9\x4f\xc5\x1b\x1c\xd2\xda\x5b\xe6\x57" ++ "\x29\xa1\x28\x7a\x2b\x5b\xff\x00\x12\x2f\x5e\x3f\xf3\xbb\x8e\x7f" ++ "\xec\xc6\x98\xff\x00\xed\x3c\xa6\xdd\xa9\xdc\x7e\xa0\xf7\xd6\x99" ++ "\x31\xa2\xf7\xaf\x6b\xe9\x82\x74\x4b\x3d\x8f\x5e\x58\x0b\x33\xab" ++ "\xef\xc3\xaf\x84\x64\xb9\xae\xb6\x25\x5f\x62\x8f\x1c\xe3\xf4\x51" ++ "\xb7\x96\xe3\x0e\x30\x42\xa9\x18\x39\xbf\x9e\x2a\x1f\x74\x19\x02" ++ "\x2d\x43\x93\x06\x63\xb1\xa7\x47\x6a\xfa\x9b\x6c\xeb\xbd\xe9\xae" ++ "\x6a\x7b\x6f\x53\x5a\x60\x5d\xb5\xcd\xe8\x67\xeb\x35\x3b\x48\xc6" ++ "\xa6\xb3\x04\xc8\xdf\xb8\x7e\x26\x64\xb0\xc9\x18\xb0\xa7\x33\xf2" ++ "\x4a\x8b\x22\x3b\x8d\x4b\x89\x1d\xf6\x9d\x65\xc4\x38\xd2\x54\x9c" ++ "\xe3\xcd\x89\xe1\xe1\xe6\x3e\x70\x81\x45\x1d\x18\xf9\x31\x83\xc8" ++ "\xbe\x14\x82\x4b\x87\x7a\x74\x28\xd2\xdd\x12\x55\x30\xe6\x0e\x49" ++ "\x31\x8e\x48\x69\xc5\xc0\x20\x91\xe4\x48\x41\x4c\xd8\xb9\x6a\x4e" ++ "\x21\xce\x99\x1b\x0e\xfd\x09\x4f\xa1\x79\x0f\x0f\x0f\x0f\x0f\x0f" ++ "\x0f\x3f\x3c\xb8\x71\x27\xc7\x72\x24\xe8\xb1\xa6\xc5\x7b\x18\xc3" ++ "\xb1\xa5\xb0\xd4\x98\xee\xe3\x19\xc6\x71\x87\x19\x79\x2b\x6d\x78" ++ "\xc6\x71\x8c\xe3\x0a\x4e\x71\x8c\xe3\x19\xfe\x38\xf2\x3b\xfb\x8b" ++ "\x48\xfe\x4e\xaa\xff\x00\x4f\x08\xff\x00\xc7\xe1\xfb\x8b\x48\xfe" ++ "\x4e\xaa\xff\x00\x4f\x08\xff\x00\xc7\xe4\x95\x86\x18\x8a\xcb\x31" ++ "\xa3\x32\xd4\x78\xf1\xdb\x43\x2c\x47\x61\xb4\x32\xcb\x2c\xb4\x9c" ++ "\x21\xb6\x99\x69\xbc\x25\xb6\xdb\x6d\x18\xc2\x10\xda\x12\x94\xa1" ++ "\x38\xc2\x53\x8c\x63\x18\xc7\x9d\xbe\x7f\xff\xd9" ++ ; +--- /dev/null ++++ b/main/suhosin_patch.c +@@ -0,0 +1,470 @@ ++/* ++ +----------------------------------------------------------------------+ ++ | Suhosin Patch for PHP | ++ +----------------------------------------------------------------------+ ++ | Copyright (c) 2004-2010 Stefan Esser | ++ +----------------------------------------------------------------------+ ++ | This source file is subject to version 2.02 of the PHP license, | ++ | that is bundled with this package in the file LICENSE, and is | ++ | available at through the world-wide-web at | ++ | http://www.php.net/license/2_02.txt. | ++ | If you did not receive a copy of the PHP license and are unable to | ++ | obtain it through the world-wide-web, please send a note to | ++ | license@php.net so we can mail you a copy immediately. | ++ +----------------------------------------------------------------------+ ++ | Author: Stefan Esser | ++ +----------------------------------------------------------------------+ ++ */ ++/* $Id: suhosin_patch.c,v 1.2 2004/11/21 09:38:52 ionic Exp $ */ ++ ++#include "php.h" ++ ++#include ++#include ++#include ++ ++#if HAVE_UNISTD_H ++#include ++#endif ++#include "SAPI.h" ++#include "php_globals.h" ++ ++#if SUHOSIN_PATCH ++ ++#ifdef HAVE_SYS_SOCKET_H ++#include ++#endif ++ ++#if defined(PHP_WIN32) || defined(__riscos__) || defined(NETWARE) ++#undef AF_UNIX ++#endif ++ ++#if defined(AF_UNIX) ++#include ++#endif ++ ++#define SYSLOG_PATH "/dev/log" ++ ++#ifdef PHP_WIN32 ++static HANDLE log_source = 0; ++#endif ++ ++#include "snprintf.h" ++ ++#include "suhosin_patch.h" ++ ++#ifdef ZTS ++#include "suhosin_globals.h" ++int suhosin_patch_globals_id; ++#else ++struct _suhosin_patch_globals suhosin_patch_globals; ++#endif ++ ++static char *suhosin_config = NULL; ++ ++static zend_intptr_t SUHOSIN_POINTER_GUARD = 0; ++ ++static void php_security_log(int loglevel, char *fmt, ...); ++ ++static void suhosin_patch_globals_ctor(suhosin_patch_globals_struct *suhosin_patch_globals TSRMLS_DC) ++{ ++ memset(suhosin_patch_globals, 0, sizeof(*suhosin_patch_globals)); ++} ++ ++ZEND_API char suhosin_get_config(int element) ++{ ++ return ((char *)SUHOSIN_MANGLE_PTR(suhosin_config))[element]; ++} ++ ++static void suhosin_set_config(int element, char value) ++{ ++ ((char *)SUHOSIN_MANGLE_PTR(suhosin_config))[element] = value; ++} ++ ++static void suhosin_read_configuration_from_environment() ++{ ++ char *tmp; ++ ++ /* check if canary protection should be activated or not */ ++ tmp = getenv("SUHOSIN_MM_USE_CANARY_PROTECTION"); ++ /* default to activated */ ++ suhosin_set_config(SUHOSIN_MM_USE_CANARY_PROTECTION, 1); ++ if (tmp) { ++ int flag = zend_atoi(tmp, 0); ++ suhosin_set_config(SUHOSIN_MM_USE_CANARY_PROTECTION, flag); ++ } ++ ++ /* check if free memory should be overwritten with 0xFF or not */ ++ tmp = getenv("SUHOSIN_MM_DESTROY_FREE_MEMORY"); ++ /* default to deactivated */ ++ suhosin_set_config(SUHOSIN_MM_DESTROY_FREE_MEMORY, 0); ++ if (tmp) { ++ int flag = zend_atoi(tmp, 0); ++ suhosin_set_config(SUHOSIN_MM_DESTROY_FREE_MEMORY, flag); ++ } ++ ++ /* check if canary violations should be ignored */ ++ tmp = getenv("SUHOSIN_MM_IGNORE_CANARY_VIOLATION"); ++ /* default to NOT ignore */ ++ suhosin_set_config(SUHOSIN_MM_IGNORE_CANARY_VIOLATION, 0); ++ if (tmp) { ++ int flag = zend_atoi(tmp, 0); ++ suhosin_set_config(SUHOSIN_MM_IGNORE_CANARY_VIOLATION, flag); ++ } ++ ++ /* check if invalid hashtable destructors should be ignored */ ++ tmp = getenv("SUHOSIN_HT_IGNORE_INVALID_DESTRUCTOR"); ++ /* default to NOT ignore */ ++ suhosin_set_config(SUHOSIN_HT_IGNORE_INVALID_DESTRUCTOR, 0); ++ if (tmp) { ++ int flag = zend_atoi(tmp, 0); ++ suhosin_set_config(SUHOSIN_HT_IGNORE_INVALID_DESTRUCTOR, flag); ++ } ++ ++ /* check if invalid linkedlist destructors should be ignored */ ++ tmp = getenv("SUHOSIN_LL_IGNORE_INVALID_DESTRUCTOR"); ++ /* default to NOT ignore */ ++ suhosin_set_config(SUHOSIN_LL_IGNORE_INVALID_DESTRUCTOR, 0); ++ if (tmp) { ++ int flag = zend_atoi(tmp, 0); ++ suhosin_set_config(SUHOSIN_LL_IGNORE_INVALID_DESTRUCTOR, flag); ++ } ++ ++ suhosin_set_config(SUHOSIN_CONFIG_SET, 1); ++} ++ ++static void suhosin_write_protect_configuration() ++{ ++ /* check return value of mprotect() to ensure memory is read only now */ ++ if (mprotect(SUHOSIN_MANGLE_PTR(suhosin_config), sysconf(_SC_PAGESIZE), PROT_READ) != 0) { ++ perror("suhosin"); ++ _exit(1); ++ } ++} ++ ++PHPAPI void suhosin_startup() ++{ ++#ifdef ZTS ++ ts_allocate_id(&suhosin_patch_globals_id, sizeof(suhosin_patch_globals_struct), (ts_allocate_ctor) suhosin_patch_globals_ctor, NULL); ++#else ++ suhosin_patch_globals_ctor(&suhosin_patch_globals TSRMLS_CC); ++#endif ++ zend_suhosin_log = php_security_log; ++ ++ /* get the pointer guardian and ensure low 3 bits are 1 */ ++ if (SUHOSIN_POINTER_GUARD == 0) { ++ zend_canary(&SUHOSIN_POINTER_GUARD, sizeof(SUHOSIN_POINTER_GUARD)); ++ SUHOSIN_POINTER_GUARD |= 7; ++ } ++ ++ if (!suhosin_config) { ++#ifndef MAP_ANONYMOUS ++#define MAP_ANONYMOUS MAP_ANON ++#endif ++ suhosin_config = mmap(NULL, sysconf(_SC_PAGESIZE), PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0); ++ if (suhosin_config == MAP_FAILED) { ++ perror("suhosin"); ++ _exit(1); ++ } ++ suhosin_config = SUHOSIN_MANGLE_PTR(suhosin_config); ++ } ++ if (!SUHOSIN_CONFIG(SUHOSIN_CONFIG_SET)) { ++ suhosin_read_configuration_from_environment(); ++ suhosin_write_protect_configuration(); ++ } ++} ++ ++static char *loglevel2string(int loglevel) ++{ ++ switch (loglevel) { ++ case S_FILES: ++ return "FILES"; ++ case S_INCLUDE: ++ return "INCLUDE"; ++ case S_MEMORY: ++ return "MEMORY"; ++ case S_MISC: ++ return "MISC"; ++ case S_SESSION: ++ return "SESSION"; ++ case S_SQL: ++ return "SQL"; ++ case S_EXECUTOR: ++ return "EXECUTOR"; ++ case S_VARS: ++ return "VARS"; ++ default: ++ return "UNKNOWN"; ++ } ++} ++ ++static void php_security_log(int loglevel, char *fmt, ...) ++{ ++ int s, r, i=0; ++#if defined(AF_UNIX) ++ struct sockaddr_un saun; ++#endif ++#ifdef PHP_WIN32 ++ LPTSTR strs[2]; ++ unsigned short etype; ++ DWORD evid; ++#endif ++ char buf[4096+64]; ++ char error[4096+100]; ++ char *ip_address; ++ char *fname; ++ char *alertstring; ++ int lineno; ++ va_list ap; ++ TSRMLS_FETCH(); ++ ++ /*SDEBUG("(suhosin_log) loglevel: %d log_syslog: %u - log_sapi: %u - log_script: %u", loglevel, SPG(log_syslog), SPG(log_sapi), SPG(log_script));*/ ++ ++ if (SPG(log_use_x_forwarded_for)) { ++ ip_address = sapi_getenv("HTTP_X_FORWARDED_FOR", 20 TSRMLS_CC); ++ if (ip_address == NULL) { ++ ip_address = "X-FORWARDED-FOR not set"; ++ } ++ } else { ++ ip_address = sapi_getenv("REMOTE_ADDR", 11 TSRMLS_CC); ++ if (ip_address == NULL) { ++ ip_address = "REMOTE_ADDR not set"; ++ } ++ } ++ ++ ++ va_start(ap, fmt); ++ ap_php_vsnprintf(error, sizeof(error), fmt, ap); ++ va_end(ap); ++ while (error[i]) { ++ if (error[i] < 32) error[i] = '.'; ++ i++; ++ } ++ ++/* if (SPG(simulation)) { ++ alertstring = "ALERT-SIMULATION"; ++ } else { */ ++ alertstring = "ALERT"; ++/* }*/ ++ ++ if (zend_is_executing(TSRMLS_C)) { ++ if (EG(current_execute_data)) { ++ lineno = EG(current_execute_data)->opline->lineno; ++ fname = EG(current_execute_data)->op_array->filename; ++ } else { ++ lineno = zend_get_executed_lineno(TSRMLS_C); ++ fname = zend_get_executed_filename(TSRMLS_C); ++ } ++ ap_php_snprintf(buf, sizeof(buf), "%s - %s (attacker '%s', file '%s', line %u)", alertstring, error, ip_address, fname, lineno); ++ } else { ++ fname = sapi_getenv("SCRIPT_FILENAME", 15 TSRMLS_CC); ++ if (fname==NULL) { ++ fname = "unknown"; ++ } ++ ap_php_snprintf(buf, sizeof(buf), "%s - %s (attacker '%s', file '%s')", alertstring, error, ip_address, fname); ++ } ++ ++ /* Syslog-Logging disabled? */ ++ if (((SPG(log_syslog)|S_INTERNAL) & loglevel)==0) { ++ goto log_sapi; ++ } ++ ++#if defined(AF_UNIX) ++ ap_php_snprintf(error, sizeof(error), "<%u>suhosin[%u]: %s\n", (unsigned int)(SPG(log_syslog_facility)|SPG(log_syslog_priority)),getpid(),buf); ++ ++ s = socket(AF_UNIX, SOCK_DGRAM, 0); ++ if (s == -1) { ++ goto log_sapi; ++ } ++ ++ memset(&saun, 0, sizeof(saun)); ++ saun.sun_family = AF_UNIX; ++ strcpy(saun.sun_path, SYSLOG_PATH); ++ /*saun.sun_len = sizeof(saun);*/ ++ ++ r = connect(s, (struct sockaddr *)&saun, sizeof(saun)); ++ if (r) { ++ close(s); ++ s = socket(AF_UNIX, SOCK_STREAM, 0); ++ if (s == -1) { ++ goto log_sapi; ++ } ++ ++ memset(&saun, 0, sizeof(saun)); ++ saun.sun_family = AF_UNIX; ++ strcpy(saun.sun_path, SYSLOG_PATH); ++ /*saun.sun_len = sizeof(saun);*/ ++ ++ r = connect(s, (struct sockaddr *)&saun, sizeof(saun)); ++ if (r) { ++ close(s); ++ goto log_sapi; ++ } ++ } ++ send(s, error, strlen(error), 0); ++ ++ close(s); ++#endif ++#ifdef PHP_WIN32 ++ ap_php_snprintf(error, sizeof(error), "suhosin[%u]: %s", getpid(),buf); ++ ++ switch (SPG(log_syslog_priority)) { /* translate UNIX type into NT type */ ++ case 1: /*LOG_ALERT:*/ ++ etype = EVENTLOG_ERROR_TYPE; ++ break; ++ case 6: /*LOG_INFO:*/ ++ etype = EVENTLOG_INFORMATION_TYPE; ++ break; ++ default: ++ etype = EVENTLOG_WARNING_TYPE; ++ } ++ evid = loglevel; ++ strs[0] = error; ++ /* report the event */ ++ if (log_source == NULL) { ++ log_source = RegisterEventSource(NULL, "Suhosin-Patch-" SUHOSIN_PATCH_VERSION); ++ } ++ ReportEvent(log_source, etype, (unsigned short) SPG(log_syslog_priority), evid, NULL, 1, 0, strs, NULL); ++ ++#endif ++log_sapi: ++ /* SAPI Logging activated? */ ++ /*SDEBUG("(suhosin_log) log_syslog: %u - log_sapi: %u - log_script: %u - log_phpscript: %u", SPG(log_syslog), SPG(log_sapi), SPG(log_script), SPG(log_phpscript));*/ ++ if (((SPG(log_sapi)|S_INTERNAL) & loglevel)!=0) { ++ sapi_module.log_message(buf); ++ } ++ ++/*log_script:*/ ++ /* script logging activaed? */ ++ if (((SPG(log_script) & loglevel)!=0) && SPG(log_scriptname)!=NULL) { ++ char cmd[8192], *cmdpos, *bufpos; ++ FILE *in; ++ int space; ++ ++ ap_php_snprintf(cmd, sizeof(cmd), "%s %s \'", SPG(log_scriptname), loglevel2string(loglevel)); ++ space = sizeof(cmd) - strlen(cmd); ++ cmdpos = cmd + strlen(cmd); ++ bufpos = buf; ++ if (space <= 1) return; ++ while (space > 2 && *bufpos) { ++ if (*bufpos == '\'') { ++ if (space<=5) break; ++ *cmdpos++ = '\''; ++ *cmdpos++ = '\\'; ++ *cmdpos++ = '\''; ++ *cmdpos++ = '\''; ++ bufpos++; ++ space-=4; ++ } else { ++ *cmdpos++ = *bufpos++; ++ space--; ++ } ++ } ++ *cmdpos++ = '\''; ++ *cmdpos = 0; ++ ++ if ((in=VCWD_POPEN(cmd, "r"))==NULL) { ++ php_security_log(S_INTERNAL, "Unable to execute logging shell script: %s", SPG(log_scriptname)); ++ return; ++ } ++ /* read and forget the result */ ++ while (1) { ++ int readbytes = fread(cmd, 1, sizeof(cmd), in); ++ if (readbytes<=0) { ++ break; ++ } ++ } ++ pclose(in); ++ } ++/*log_phpscript:*/ ++ if ((SPG(log_phpscript) & loglevel)!=0 && EG(in_execution) && SPG(log_phpscriptname) && SPG(log_phpscriptname)[0]) { ++ zend_file_handle file_handle; ++ zend_op_array *new_op_array; ++ zval *result = NULL; ++ ++ /*long orig_execution_depth = SPG(execution_depth);*/ ++ /*zend_bool orig_safe_mode = PG(safe_mode);*/ ++ char *orig_basedir = PG(open_basedir); ++ ++ char *phpscript = SPG(log_phpscriptname); ++/*SDEBUG("scriptname %s", SPG(log_phpscriptname));`*/ ++#ifdef ZEND_ENGINE_2 ++ if (zend_stream_open(phpscript, &file_handle TSRMLS_CC) == SUCCESS) { ++#else ++ if (zend_open(phpscript, &file_handle) == SUCCESS && ZEND_IS_VALID_FILE_HANDLE(&file_handle)) { ++ file_handle.filename = phpscript; ++ file_handle.free_filename = 0; ++#endif ++ if (!file_handle.opened_path) { ++ file_handle.opened_path = estrndup(phpscript, strlen(phpscript)); ++ } ++ new_op_array = zend_compile_file(&file_handle, ZEND_REQUIRE TSRMLS_CC); ++ zend_destroy_file_handle(&file_handle TSRMLS_CC); ++ if (new_op_array) { ++ HashTable *active_symbol_table = EG(active_symbol_table); ++ zval *zerror, *zerror_class; ++ ++ if (active_symbol_table == NULL) { ++ active_symbol_table = &EG(symbol_table); ++ } ++ EG(return_value_ptr_ptr) = &result; ++ EG(active_op_array) = new_op_array; ++ ++ MAKE_STD_ZVAL(zerror); ++ MAKE_STD_ZVAL(zerror_class); ++ ZVAL_STRING(zerror, buf, 1); ++ ZVAL_LONG(zerror_class, loglevel); ++ ++ zend_hash_update(active_symbol_table, "SUHOSIN_ERROR", sizeof("SUHOSIN_ERROR"), (void **)&zerror, sizeof(zval *), NULL); ++ zend_hash_update(active_symbol_table, "SUHOSIN_ERRORCLASS", sizeof("SUHOSIN_ERRORCLASS"), (void **)&zerror_class, sizeof(zval *), NULL); ++ ++ /*SPG(execution_depth) = 0;*/ ++ if (SPG(log_phpscript_is_safe)) { ++ /*PG(safe_mode) = 0;*/ ++ PG(open_basedir) = NULL; ++ } ++ ++ zend_execute(new_op_array TSRMLS_CC); ++ ++ /*SPG(execution_depth) = orig_execution_depth;*/ ++ /*PG(safe_mode) = orig_safe_mode;*/ ++ PG(open_basedir) = orig_basedir; ++ ++#ifdef ZEND_ENGINE_2 ++ destroy_op_array(new_op_array TSRMLS_CC); ++#else ++ destroy_op_array(new_op_array); ++#endif ++ efree(new_op_array); ++#ifdef ZEND_ENGINE_2 ++ if (!EG(exception)) ++#endif ++ { ++ if (EG(return_value_ptr_ptr)) { ++ zval_ptr_dtor(EG(return_value_ptr_ptr)); ++ EG(return_value_ptr_ptr) = NULL; ++ } ++ } ++ } else { ++ php_security_log(S_INTERNAL, "Unable to execute logging PHP script: %s", SPG(log_phpscriptname)); ++ return; ++ } ++ } else { ++ php_security_log(S_INTERNAL, "Unable to execute logging PHP script: %s", SPG(log_phpscriptname)); ++ return; ++ } ++ } ++ ++} ++ ++ ++#endif ++ ++/* ++ * Local variables: ++ * tab-width: 4 ++ * c-basic-offset: 4 ++ * End: ++ * vim600: sw=4 ts=4 fdm=marker ++ * vim<600: sw=4 ts=4 ++ */ +--- /dev/null ++++ b/main/suhosin_patch.h +@@ -0,0 +1,59 @@ ++/* ++ +----------------------------------------------------------------------+ ++ | Suhosin Patch for PHP | ++ +----------------------------------------------------------------------+ ++ | Copyright (c) 2004-2010 Stefan Esser | ++ +----------------------------------------------------------------------+ ++ | This source file is subject to version 2.02 of the PHP license, | ++ | that is bundled with this package in the file LICENSE, and is | ++ | available at through the world-wide-web at | ++ | http://www.php.net/license/2_02.txt. | ++ | If you did not receive a copy of the PHP license and are unable to | ++ | obtain it through the world-wide-web, please send a note to | ++ | license@php.net so we can mail you a copy immediately. | ++ +----------------------------------------------------------------------+ ++ | Author: Stefan Esser | ++ +----------------------------------------------------------------------+ ++ */ ++ ++#ifndef SUHOSIN_PATCH_H ++#define SUHOSIN_PATCH_H ++ ++#if SUHOSIN_PATCH ++ ++#include "zend.h" ++ ++#define SUHOSIN_PATCH_VERSION "0.9.10" ++ ++#define SUHOSIN_LOGO_GUID "SUHO8567F54-D428-14d2-A769-00DA302A5F18" ++ ++#define SUHOSIN_CONFIG(idx) (suhosin_get_config(idx)) ++ ++#define SUHOSIN_MM_USE_CANARY_PROTECTION 0 ++#define SUHOSIN_MM_DESTROY_FREE_MEMORY 1 ++#define SUHOSIN_MM_IGNORE_CANARY_VIOLATION 2 ++#define SUHOSIN_HT_IGNORE_INVALID_DESTRUCTOR 3 ++#define SUHOSIN_LL_IGNORE_INVALID_DESTRUCTOR 4 ++ ++#define SUHOSIN_CONFIG_SET 100 ++ ++#include ++#include ++#include ++ ++#if defined(DARWIN) ++#include ++#endif ++ ++#define SUHOSIN_MANGLE_PTR(ptr) (ptr==NULL?NULL:((void *)((zend_intptr_t)(ptr)^SUHOSIN_POINTER_GUARD))) ++ ++#endif ++ ++#endif /* SUHOSIN_PATCH_H */ ++ ++/* ++ * Local variables: ++ * tab-width: 4 ++ * c-basic-offset: 4 ++ * End: ++ */ +--- /dev/null ++++ b/main/suhosin_patch.m4 +@@ -0,0 +1,8 @@ ++dnl ++dnl $Id: suhosin_patch.m4,v 1.1 2004/11/14 13:24:24 ionic Exp $ ++dnl ++dnl This file contains Suhosin Patch for PHP specific autoconf functions. ++dnl ++ ++AC_DEFINE(SUHOSIN_PATCH, 1, [Suhosin Patch]) ++ +--- a/sapi/apache/mod_php5.c ++++ b/sapi/apache/mod_php5.c +@@ -965,7 +965,11 @@ static void php_init_handler(server_rec + { + TSRMLS_FETCH(); + if (PG(expose_php)) { ++#if SUHOSIN_PATCH ++ ap_add_version_component("PHP/" PHP_VERSION " with Suhosin-Patch"); ++#else + ap_add_version_component("PHP/" PHP_VERSION); ++#endif + } + } + #endif +--- a/sapi/apache2filter/sapi_apache2.c ++++ b/sapi/apache2filter/sapi_apache2.c +@@ -581,7 +581,11 @@ static void php_apache_add_version(apr_p + { + TSRMLS_FETCH(); + if (PG(expose_php)) { ++#if SUHOSIN_PATCH ++ ap_add_version_component(p, "PHP/" PHP_VERSION " with Suhosin-Patch"); ++#else + ap_add_version_component(p, "PHP/" PHP_VERSION); ++#endif + } + } + +--- a/sapi/apache2handler/sapi_apache2.c ++++ b/sapi/apache2handler/sapi_apache2.c +@@ -406,7 +406,11 @@ static void php_apache_add_version(apr_p + { + TSRMLS_FETCH(); + if (PG(expose_php)) { ++#if SUHOSIN_PATCH ++ ap_add_version_component(p, "PHP/" PHP_VERSION " with Suhosin-Patch"); ++#else + ap_add_version_component(p, "PHP/" PHP_VERSION); ++#endif + } + } + +--- a/sapi/apache_hooks/mod_php5.c ++++ b/sapi/apache_hooks/mod_php5.c +@@ -1251,7 +1251,11 @@ static void php_init_handler(server_rec + { + TSRMLS_FETCH(); + if (PG(expose_php)) { ++#if SUHOSIN_PATCH ++ ap_add_version_component("PHP/" PHP_VERSION " with Suhosin-Patch"); ++#else + ap_add_version_component("PHP/" PHP_VERSION); ++#endif + } + } + #endif +--- a/sapi/cgi/cgi_main.c ++++ b/sapi/cgi/cgi_main.c +@@ -2188,10 +2188,18 @@ consult the installation file that came + SG(headers_sent) = 1; + SG(request_info).no_headers = 1; + } ++#if SUHOSIN_PATCH + #if ZEND_DEBUG +- php_printf("PHP %s (%s) (built: %s %s) (DEBUG)\nCopyright (c) 1997-2011 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version()); ++ php_printf("PHP %s with Suhosin-Patch (%s) (built: %s %s) (DEBUG)\nCopyright (c) 1997-2011 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version()); + #else +- php_printf("PHP %s (%s) (built: %s %s)\nCopyright (c) 1997-2011 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version()); ++ php_printf("PHP %s with Suhosin-Patch (%s) (built: %s %s)\nCopyright (c) 1997-2011 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version()); ++#endif ++#else ++ #if ZEND_DEBUG ++ php_printf("PHP %s (%s) (built: %s %s) (DEBUG)\nCopyright (c) 1997-2011 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version()); ++ #else ++ php_printf("PHP %s (%s) (built: %s %s)\nCopyright (c) 1997-2011 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version()); ++ #endif + #endif + php_request_shutdown((void *) 0); + fcgi_shutdown(); +--- a/sapi/cli/php_cli.c ++++ b/sapi/cli/php_cli.c +@@ -687,7 +687,11 @@ static int do_cli(int argc, char **argv + goto out; + + case 'v': /* show php version & quit */ ++#if SUHOSIN_PATCH ++ php_printf("PHP %s with Suhosin-Patch (%s) (built: %s %s) %s\nCopyright (c) 1997-2011 The PHP Group\n%s", ++#else + php_printf("PHP %s (%s) (built: %s %s) %s\nCopyright (c) 1997-2011 The PHP Group\n%s", ++#endif + PHP_VERSION, cli_sapi_module.name, __DATE__, __TIME__, + #if ZEND_DEBUG && defined(HAVE_GCOV) + "(DEBUG GCOV)", +--- a/sapi/litespeed/lsapi_main.c ++++ b/sapi/litespeed/lsapi_main.c +@@ -546,11 +546,19 @@ static int cli_main( int argc, char * ar + break; + case 'v': + if (php_request_startup(TSRMLS_C) != FAILURE) { ++#if SUHOSIN_PATCH ++#if ZEND_DEBUG ++ php_printf("PHP %s with Suhosin-Patch (%s) (built: %s %s) (DEBUG)\nCopyright (c) 1997-2004 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version()); ++#else ++ php_printf("PHP %s with Suhosin-Patch (%s) (built: %s %s)\nCopyright (c) 1997-2004 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version()); ++#endif ++#else + #if ZEND_DEBUG + php_printf("PHP %s (%s) (built: %s %s) (DEBUG)\nCopyright (c) 1997-2004 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version()); + #else + php_printf("PHP %s (%s) (built: %s %s)\nCopyright (c) 1997-2004 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version()); + #endif ++#endif + #ifdef PHP_OUTPUT_NEWAPI + php_output_end_all(TSRMLS_C); + #else +--- a/sapi/milter/php_milter.c ++++ b/sapi/milter/php_milter.c +@@ -1109,7 +1109,11 @@ int main(int argc, char *argv[]) + } + SG(headers_sent) = 1; + SG(request_info).no_headers = 1; ++#if SUHOSIN_PATCH ++ php_printf("PHP with Suhosin-Patch %s (%s) (built: %s %s)\nCopyright (c) 1997-2011 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version()); ++#else + php_printf("PHP %s (%s) (built: %s %s)\nCopyright (c) 1997-2011 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version()); ++#endif + php_output_teardown(); + exit(1); + break; +--- a/win32/build/config.w32 ++++ b/win32/build/config.w32 +@@ -333,7 +333,7 @@ ADD_SOURCES("Zend", "zend_language_parse + zend_stream.c zend_iterators.c zend_interfaces.c zend_objects.c \ + zend_object_handlers.c zend_objects_API.c \ + zend_default_classes.c zend_execute.c zend_strtod.c zend_gc.c zend_closures.c \ +- zend_float.c zend_string.c"); ++ zend_float.c zend_string.c zend_canary.c zend_alloc_canary.c"); + + if (VCVERS == 1200) { + AC_DEFINE('ZEND_DVAL_TO_LVAL_CAST_OK', 1); +@@ -385,6 +385,7 @@ ADD_FLAG("CFLAGS", "/D FD_SETSIZE=" + pa + + AC_DEFINE('HAVE_USLEEP', 1); + AC_DEFINE('HAVE_STRCOLL', 1); ++AC_DEFINE('SUHOSIN_PATCH', 1); + + /* For snapshot builders, where can we find the additional + * files that make up the snapshot template? */ +--- a/win32/build/config.w32.h.in ++++ b/win32/build/config.w32.h.in +@@ -150,6 +150,9 @@ + /* Win32 supports strcoll */ + #define HAVE_STRCOLL 1 + ++/* Suhosin Patch support */ ++#define SUHOSIN_PATCH 1 ++ + /* Win32 supports socketpair by the emulation in win32/sockets.c */ + #define HAVE_SOCKETPAIR 1 + #define HAVE_SOCKLEN_T 1 --- php5-5.4.6.orig/debian/patches/033-we_WANT_libtool.patch +++ php5-5.4.6/debian/patches/033-we_WANT_libtool.patch @@ -0,0 +1,25 @@ +Description: + upstream ships an out of date version of libtool. this ensures that + we build against an up-to-date version of libtool by running libtoolize + as part of our build process (this is called indirectly via ./buildconf.sh + from debian/rules) + . + note that we don't touch the libtool.m4 that they ship here, and this file + gets included in the build process as part of the phpize stuff. however, + this is solved in ./debian/rules where it's overwritten with a symlink. +Origin: vendor +Forwarded: no +Last-Update: 2010-01-18 + +--- a/build/build2.mk ++++ b/build/build2.mk +@@ -46,7 +46,8 @@ $(TOUCH_FILES): + + aclocal.m4: configure.in acinclude.m4 + @echo rebuilding $@ +- cat acinclude.m4 ./build/libtool.m4 > $@ ++ libtoolize --copy --install --automake --force ++ aclocal + + configure: aclocal.m4 configure.in $(config_m4_files) + @echo rebuilding $@ --- php5-5.4.6.orig/debian/patches/mssql-null-exception.patch +++ php5-5.4.6/debian/patches/mssql-null-exception.patch @@ -0,0 +1,13 @@ +--- a/ext/pdo_dblib/dblib_driver.c ++++ b/ext/pdo_dblib/dblib_driver.c +@@ -308,8 +308,10 @@ static int pdo_dblib_handle_factory(pdo_ + goto cleanup; + } + ++#if PHP_DBLIB_IS_MSSQL + /* dblib do not return more than this length from text/image */ + DBSETOPT(H->link, DBTEXTLIMIT, "2147483647"); ++#endif + + /* limit text/image from network */ + DBSETOPT(H->link, DBTEXTSIZE, "2147483647"); --- php5-5.4.6.orig/debian/patches/116-posixness_fix.patch +++ php5-5.4.6/debian/patches/116-posixness_fix.patch @@ -0,0 +1,52 @@ +--- a/TSRM/tsrm_config_common.h ++++ b/TSRM/tsrm_config_common.h +@@ -1,6 +1,10 @@ + #ifndef TSRM_CONFIG_COMMON_H + #define TSRM_CONFIG_COMMON_H + ++#ifndef PATH_MAX ++#define PATH_MAX 4096 ++#endif ++ + #ifndef __CYGWIN__ + # if WINNT|WIN32 + # define TSRM_WIN32 +--- a/ext/date/lib/parse_tz.c ++++ b/ext/date/lib/parse_tz.c +@@ -18,6 +18,10 @@ + + /* $Id$ */ + ++#ifndef PATH_MAX ++#define PATH_MAX 4096 ++#endif ++ + #include "timelib.h" + + #include +--- a/ext/standard/proc_open.c ++++ b/ext/standard/proc_open.c +@@ -24,6 +24,10 @@ + # define __EXTENSIONS__ 1 /* Solaris: uint */ + #endif + ++#ifndef PATH_MAX ++#define PATH_MAX 4096 ++#endif ++ + #include "php.h" + #include + #include +--- a/main/php.h ++++ b/main/php.h +@@ -245,6 +245,10 @@ END_EXTERN_C() + /* macros */ + #define STR_PRINT(str) ((str)?(str):"") + ++#ifndef PATH_MAX ++#define PATH_MAX 4096 ++#endif ++ + #ifndef MAXPATHLEN + # ifdef PATH_MAX + # define MAXPATHLEN PATH_MAX --- php5-5.4.6.orig/debian/patches/php-5.4.0-dlopen.patch +++ php5-5.4.6/debian/patches/php-5.4.0-dlopen.patch @@ -0,0 +1,17 @@ +--- a/Zend/zend.h ++++ b/Zend/zend.h +@@ -90,11 +90,11 @@ + # endif + + # if defined(RTLD_GROUP) && defined(RTLD_WORLD) && defined(RTLD_PARENT) +-# define DL_LOAD(libname) dlopen(libname, RTLD_LAZY | RTLD_GLOBAL | RTLD_GROUP | RTLD_WORLD | RTLD_PARENT) ++# define DL_LOAD(libname) dlopen(libname, RTLD_NOW | RTLD_GLOBAL | RTLD_GROUP | RTLD_WORLD | RTLD_PARENT) + # elif defined(RTLD_DEEPBIND) +-# define DL_LOAD(libname) dlopen(libname, RTLD_LAZY | RTLD_GLOBAL | RTLD_DEEPBIND) ++# define DL_LOAD(libname) dlopen(libname, RTLD_NOW | RTLD_GLOBAL | RTLD_DEEPBIND) + # else +-# define DL_LOAD(libname) dlopen(libname, RTLD_LAZY | RTLD_GLOBAL) ++# define DL_LOAD(libname) dlopen(libname, RTLD_NOW | RTLD_GLOBAL) + # endif + # define DL_UNLOAD dlclose + # if defined(DLSYM_NEEDS_UNDERSCORE) --- php5-5.4.6.orig/debian/patches/php-fpm-m68k.patch +++ php5-5.4.6/debian/patches/php-fpm-m68k.patch @@ -0,0 +1,55 @@ +Description: add Linux/m68k atomic code +Origin: libgcc 4.7 +Bug: https://bugs.php.net/bug.php?id=60925 +Author: Thorsten Glaser + +--- a/sapi/fpm/fpm/fpm_atomic.h ++++ b/sapi/fpm/fpm/fpm_atomic.h +@@ -5,6 +5,12 @@ + #ifndef FPM_ATOMIC_H + #define FPM_ATOMIC_H 1 + ++#if defined(__m68k__) ++#define _GNU_SOURCE ++#include ++#include ++#endif ++ + #if HAVE_INTTYPES_H + # include + #else +@@ -137,6 +143,34 @@ static inline atomic_uint_t atomic_cmp_s + #error Sparc v8 and predecessors are not and will not be supported (see bug report 53310) + #endif /* #if (__sparcv9 || __sparcv9__) */ + ++#elif defined(__m68k__) && defined(__linux__) ++ ++typedef signed int atomic_int_t __attribute__((__aligned__(4))); ++typedef unsigned int atomic_uint_t __attribute__((__aligned__(4))); ++typedef volatile unsigned int atomic_t __attribute__((__aligned__(4))); ++ ++#ifndef SYS_atomic_cmpxchg_32 ++#define SYS_atomic_cmpxchg_32 335 ++#endif ++ ++static inline atomic_uint_t atomic_cas_32(atomic_t *lock, atomic_uint_t old, atomic_uint_t new) /* {{{ */ ++{ ++ register atomic_t *a0 asm("a0") = lock; ++ register atomic_uint_t d2 asm("d2") = old; ++ register atomic_uint_t d1 asm("d1") = new; ++ register atomic_uint_t d0 asm("d0") = SYS_atomic_cmpxchg_32; ++ ++ asm volatile("trap #0" : "+r" (d0), "+r" (d1), "+r" (a0) : "r" (d2) : "memory", "a1"); ++ return (d0); ++} ++/* }}} */ ++ ++static inline atomic_uint_t atomic_cmp_set(atomic_t *lock, atomic_uint_t old, atomic_uint_t set) /* {{{ */ ++{ ++ return (atomic_cas_32(lock, old, set) == old); ++} ++/* }}} */ ++ + #else + + #error Unsupported processor. Please open a bug report (bugs.php.net). --- php5-5.4.6.orig/debian/patches/lp564920-fix-big-files.patch +++ php5-5.4.6/debian/patches/lp564920-fix-big-files.patch @@ -0,0 +1,22 @@ +Description: don't mmap large files +Author: Marc Deslauriers +Bug: http://bugs.php.net/bug.php?id=52102 +Ubuntu-Bug: https://bugs.edge.launchpad.net/ubuntu/+source/php5/+bug/564920 + +--- a/main/streams/plain_wrapper.c ++++ b/main/streams/plain_wrapper.c +@@ -631,7 +631,13 @@ static int php_stdiop_set_option(php_str + + switch (value) { + case PHP_STREAM_MMAP_SUPPORTED: +- return fd == -1 ? PHP_STREAM_OPTION_RETURN_ERR : PHP_STREAM_OPTION_RETURN_OK; ++ if (fd == -1) ++ return PHP_STREAM_OPTION_RETURN_ERR; ++ /* Don't mmap large files */ ++ do_fstat(data, 1); ++ if (data->sb.st_size > 4 * 1024 * 1024) ++ return PHP_STREAM_OPTION_RETURN_ERR; ++ return PHP_STREAM_OPTION_RETURN_OK; + + case PHP_STREAM_MMAP_MAP_RANGE: + do_fstat(data, 1); --- php5-5.4.6.orig/debian/patches/002-static_openssl.patch +++ php5-5.4.6/debian/patches/002-static_openssl.patch @@ -0,0 +1,13 @@ +--- a/acinclude.m4 ++++ b/acinclude.m4 +@@ -2390,9 +2390,7 @@ AC_DEFUN([PHP_SETUP_OPENSSL],[ + + PHP_ADD_INCLUDE($OPENSSL_INCDIR) + +- PHP_CHECK_LIBRARY(crypto, CRYPTO_free, [ +- PHP_ADD_LIBRARY(crypto,,$1) +- ],[ ++ PHP_CHECK_LIBRARY(crypto, CRYPTO_free, [:],[ + AC_MSG_ERROR([libcrypto not found!]) + ],[ + -L$OPENSSL_LIBDIR --- php5-5.4.6.orig/debian/patches/hurd-noptrace.diff +++ php5-5.4.6/debian/patches/hurd-noptrace.diff @@ -0,0 +1,14 @@ +--- a/sapi/fpm/config.m4 ++++ b/sapi/fpm/config.m4 +@@ -147,6 +147,11 @@ AC_DEFUN([AC_FPM_TRACE], + pid_t child; + int status; + ++ /* broken ptrace on Hurd, avoid hanging */ ++ #ifdef __GNU__ ++ return 10; ++ #endif ++ + if ( (child = fork()) ) { /* parent */ + int ret = 0; + --- php5-5.4.6.orig/debian/patches/strcmp_null-OnUpdateErrorLog.patch +++ php5-5.4.6/debian/patches/strcmp_null-OnUpdateErrorLog.patch @@ -0,0 +1,13 @@ +--- /dev/null ++++ b/tests/func/null-new_val.phpt +@@ -0,0 +1,10 @@ ++--TEST-- ++ini_restore strcmp NULL new_val ++--FILE-- ++ ++--EXPECT-- --- php5-5.4.6.orig/debian/patches/fix_broken_sha2_test.patch +++ php5-5.4.6/debian/patches/fix_broken_sha2_test.patch @@ -0,0 +1,39 @@ +--- a/ext/standard/config.m4 ++++ b/ext/standard/config.m4 +@@ -182,12 +182,12 @@ AC_TRY_RUN([ + + main() { + #if HAVE_CRYPT +- char salt[30], answer[80]; +- +- salt[0]='$'; salt[1]='6'; salt[2]='$'; salt[3]='$'; salt[4]='b'; salt[5]='a'; salt[6]='r'; salt[7]='\0'; ++ char salt[21], answer[21+86]; ++ ++ strcpy(salt,"\$6\$rasmuslerdorf\$"); + strcpy(answer, salt); +- strcpy(&answer[29],"$6$$QMXjqd7rHQZPQ1yHsXkQqC1FBzDiVfTHXL.LaeDAeVV.IzMaV9VU4MQ8kPuZa2SOP1A0RPm772EaFYjpEJtdu."); +- exit (strcmp((char *)crypt("foo",salt),answer)); ++ strcat(answer, "EeHCRjm0bljalWuALHSTs1NB9ipEiLEXLhYeXdOpx22gmlmVejnVXFhd84cEKbYxCo.XuUTrW.RLraeEnsvWs/"); ++ exit (strcmp((char *)crypt("rasmuslerdorf",salt),answer)); + #else + exit(0); + #endif +@@ -211,12 +211,13 @@ AC_TRY_RUN([ + + main() { + #if HAVE_CRYPT +- char salt[30], answer[80]; +- salt[0]='$'; salt[1]='5'; salt[2]='$'; salt[3]='$'; salt[4]='s'; salt[5]='a'; salt[6]='l'; salt[7]='t'; salt[8]='s'; salt[9]='t'; salt[10]='r'; salt[11]='i'; salt[12]='n'; salt[13]='g'; salt[14]='\0'; +- strcat(salt,""); ++ char salt[21], answer[21+43]; ++ ++ strcpy(salt,"\$5\$rasmuslerdorf\$"); + strcpy(answer, salt); +- strcpy(&answer[29], "$5$saltstring$5B8vYYiY.CVt1RlTTf8KbXBH3hsxY/GNooZaBBGWEc5"); +- exit (strcmp((char *)crypt("foo",salt),answer)); ++ strcat(answer, "cFAm2puLCujQ9t.0CxiFIIvFi4JyQx5UncCt/xRIX23"); ++ exit (strcmp((char *)crypt("rasmuslerdorf",salt),answer)); ++ + #else + exit(0); + #endif --- php5-5.4.6.orig/debian/patches/php-5.3.9-gnusrc.patch +++ php5-5.4.6/debian/patches/php-5.3.9-gnusrc.patch @@ -0,0 +1,105 @@ +--- a/configure.in ++++ b/configure.in +@@ -136,6 +136,8 @@ AC_DEFUN([PHP_EXT_DIR],[ext/$1])dnl + AC_DEFUN([PHP_EXT_SRCDIR],[$abs_srcdir/ext/$1])dnl + AC_DEFUN([PHP_ALWAYS_SHARED],[])dnl + ++AC_DEFINE([_GNU_SOURCE], 1, [Define to enable GNU C Library extensions]) ++ + dnl Setting up the PHP version based on the information above. + dnl ------------------------------------------------------------------------- + +--- a/ext/interbase/interbase.c ++++ b/ext/interbase/interbase.c +@@ -24,7 +24,6 @@ + #include "config.h" + #endif + +-#define _GNU_SOURCE + + #include "php.h" + +--- a/ext/pdo_firebird/firebird_driver.c ++++ b/ext/pdo_firebird/firebird_driver.c +@@ -22,7 +22,6 @@ + #include "config.h" + #endif + +-#define _GNU_SOURCE + + #include "php.h" + #ifdef ZEND_ENGINE_2 +--- a/ext/standard/file.c ++++ b/ext/standard/file.c +@@ -112,9 +112,6 @@ php_file_globals file_globals; + #endif + + #if defined(HAVE_FNMATCH) && !defined(PHP_WIN32) +-# ifndef _GNU_SOURCE +-# define _GNU_SOURCE +-# endif + # include + #endif + +--- a/ext/zlib/zlib_fopen_wrapper.c ++++ b/ext/zlib/zlib_fopen_wrapper.c +@@ -19,8 +19,6 @@ + + /* $Id$ */ + +-#define _GNU_SOURCE +- + #include "php.h" + #include "php_zlib.h" + #include "fopen_wrappers.h" +--- a/main/php.h ++++ b/main/php.h +@@ -30,6 +30,7 @@ + #define PHP_HAVE_STREAMS + #define YYDEBUG 0 + ++#include "php_config.h" + #include "php_version.h" + #include "zend.h" + #include "zend_qsort.h" +--- a/main/streams/cast.c ++++ b/main/streams/cast.c +@@ -18,7 +18,6 @@ + + /* $Id$ */ + +-#define _GNU_SOURCE + #include "php.h" + #include "php_globals.h" + #include "php_network.h" +--- a/main/streams/memory.c ++++ b/main/streams/memory.c +@@ -18,7 +18,6 @@ + + /* $Id$ */ + +-#define _GNU_SOURCE + #include "php.h" + + PHPAPI int php_url_decode(char *str, int len); +--- a/main/streams/streams.c ++++ b/main/streams/streams.c +@@ -21,7 +21,6 @@ + + /* $Id$ */ + +-#define _GNU_SOURCE + #include "php.h" + #include "php_globals.h" + #include "php_network.h" +--- a/Zend/zend_language_parser.c ++++ b/Zend/zend_language_parser.c +@@ -67,6 +67,8 @@ + #define yydebug zenddebug + #define yynerrs zendnerrs + ++#include ++ + + /* Tokens. */ + #ifndef YYTOKENTYPE --- php5-5.4.6.orig/debian/patches/php-5.2.4-norpath.patch +++ php5-5.4.6/debian/patches/php-5.2.4-norpath.patch @@ -0,0 +1,18 @@ +--- a/acinclude.m4 ++++ b/acinclude.m4 +@@ -432,6 +432,7 @@ AC_DEFUN([PHP_EVAL_INCLINE],[ + dnl internal, don't use + AC_DEFUN([_PHP_ADD_LIBPATH_GLOBAL],[ + PHP_RUN_ONCE(LIBPATH, $1, [ ++ test "x$PHP_RPATH" != "xno" && + test -n "$ld_runpath_switch" && LDFLAGS="$LDFLAGS $ld_runpath_switch$1" + LDFLAGS="$LDFLAGS -L$1" + PHP_RPATHS="$PHP_RPATHS $1" +@@ -451,6 +452,7 @@ AC_DEFUN([PHP_ADD_LIBPATH],[ + ],[ + if test "$ext_shared" = "yes"; then + $2="-L$ai_p [$]$2" ++ test "x$PHP_RPATH" != "xno" && \ + test -n "$ld_runpath_switch" && $2="$ld_runpath_switch$ai_p [$]$2" + else + _PHP_ADD_LIBPATH_GLOBAL([$ai_p]) --- php5-5.4.6.orig/debian/patches/013-force_getaddrinfo.patch +++ php5-5.4.6/debian/patches/013-force_getaddrinfo.patch @@ -0,0 +1,103 @@ +Description: Always use getaddrinfo + . + The patch should probably be dropped and the configure check verified. +Origin: vendor +Forwarded: no +Last-Update: 2010-01-18 + +--- a/configure.in ++++ b/configure.in +@@ -692,50 +692,50 @@ PHP_CHECK_FUNC_LIB(nanosleep, rt) + + dnl Check for getaddrinfo, should be a better way, but... + dnl Also check for working getaddrinfo +-AC_CACHE_CHECK([for getaddrinfo], ac_cv_func_getaddrinfo, +-[AC_TRY_LINK([#include ], +- [struct addrinfo *g,h;g=&h;getaddrinfo("","",g,&g);], +- AC_TRY_RUN([ +-#include +-#include +-#ifndef AF_INET +-# include +-#endif +-int main(void) { +- struct addrinfo *ai, *pai, hints; +- +- memset(&hints, 0, sizeof(hints)); +- hints.ai_flags = AI_NUMERICHOST; +- +- if (getaddrinfo("127.0.0.1", 0, &hints, &ai) < 0) { +- exit(1); +- } +- +- if (ai == 0) { +- exit(1); +- } +- +- pai = ai; +- +- while (pai) { +- if (pai->ai_family != AF_INET) { +- /* 127.0.0.1/NUMERICHOST should only resolve ONE way */ +- exit(1); +- } +- if (pai->ai_addr->sa_family != AF_INET) { +- /* 127.0.0.1/NUMERICHOST should only resolve ONE way */ +- exit(1); +- } +- pai = pai->ai_next; +- } +- freeaddrinfo(ai); +- exit(0); +-} +- ],ac_cv_func_getaddrinfo=yes, ac_cv_func_getaddrinfo=no, ac_cv_func_getaddrinfo=no), +-ac_cv_func_getaddrinfo=no)]) +-if test "$ac_cv_func_getaddrinfo" = yes; then ++dnl AC_CACHE_CHECK([for getaddrinfo], ac_cv_func_getaddrinfo, ++dnl [AC_TRY_LINK([#include ], ++dnl [struct addrinfo *g,h;g=&h;getaddrinfo("","",g,&g);], ++dnl AC_TRY_RUN([ ++dnl #include ++dnl #include ++dnl #ifndef AF_INET ++dnl # include ++dnl #endif ++dnl int main(void) { ++dnl struct addrinfo *ai, *pai, hints; ++dnl ++dnl memset(&hints, 0, sizeof(hints)); ++dnl hints.ai_flags = AI_NUMERICHOST; ++dnl ++dnl if (getaddrinfo("127.0.0.1", 0, &hints, &ai) < 0) { ++dnl exit(1); ++dnl } ++dnl ++dnl if (ai == 0) { ++dnl exit(1); ++dnl } ++dnl ++dnl pai = ai; ++dnl ++dnl while (pai) { ++dnl if (pai->ai_family != AF_INET) { ++dnl /* 127.0.0.1/NUMERICHOST should only resolve ONE way */ ++dnl exit(1); ++dnl } ++dnl if (pai->ai_addr->sa_family != AF_INET) { ++dnl /* 127.0.0.1/NUMERICHOST should only resolve ONE way */ ++dnl exit(1); ++dnl } ++dnl pai = pai->ai_next; ++dnl } ++dnl freeaddrinfo(ai); ++dnl exit(0); ++dnl } ++dnl ],ac_cv_func_getaddrinfo=yes, ac_cv_func_getaddrinfo=no, ac_cv_func_getaddrinfo=no), ++dnl ac_cv_func_getaddrinfo=no)]) ++dnl if test "$ac_cv_func_getaddrinfo" = yes; then + AC_DEFINE(HAVE_GETADDRINFO,1,[Define if you have the getaddrinfo function]) +-fi ++dnl fi + + dnl Check for the __sync_fetch_and_add builtin + AC_CACHE_CHECK([for __sync_fetch_and_add], ac_cv_func_sync_fetch_and_add, --- php5-5.4.6.orig/debian/patches/100-recode_is_shared.patch +++ php5-5.4.6/debian/patches/100-recode_is_shared.patch @@ -0,0 +1,16 @@ +Description: Turn recode conflicts error message into a warning. The + recode extension is packaged as a shared library in Debian. +Origin: vendor +Forwarded: no +Last-Update: 2010-01-18 + +--- a/ext/recode/config9.m4 ++++ b/ext/recode/config9.m4 +@@ -13,6 +13,6 @@ if test "$PHP_RECODE" != "no"; then + fi + + if test -n "$recode_conflict"; then +- AC_MSG_ERROR([recode extension can not be configured together with:$recode_conflict]) ++ AC_MSG_WARN([recode extension can not be used together with:$recode_conflict]) + fi + fi --- php5-5.4.6.orig/debian/patches/dont-gitclean-in-build.patch +++ php5-5.4.6/debian/patches/dont-gitclean-in-build.patch @@ -0,0 +1,18 @@ +Author: Sean Finney +Description: Don't run git-clean via buildconf + Calling buildconf indirectly invokes vcsclean, which calls the gitclean-work + target of build/build.mk, which calls among other things git clean -X -f -d, + which in turn nukes the quilt .pc directory making life quite difficult for + us. + . + This patch doesn't need to go upstream, as they likely don't want to support + having a patch system on top of their source. +--- a/build/build.mk ++++ b/build/build.mk +@@ -75,6 +75,5 @@ gitclean-work: + @if (test ! -f '.git/info/exclude' || grep -s "git-ls-files" .git/info/exclude); then \ + (echo "Rebuild .git/info/exclude" && echo '*.o' > .git/info/exclude && git svn propget svn:ignore | grep -v config.nice >> .git/info/exclude); \ + fi; \ +- git clean -X -f -d; + + .PHONY: $(ALWAYS) snapshot --- php5-5.4.6.orig/debian/patches/fix_broken_upstream_tests.patch +++ php5-5.4.6/debian/patches/fix_broken_upstream_tests.patch @@ -0,0 +1,25 @@ +Description: Add missing settings to fix upstream tests +Origin: vendor +Forwarded: http://bugs.php.net/50796 +Last-Update: 2010-01-18 + +--- a/ext/soap/tests/server009.phpt ++++ b/ext/soap/tests/server009.phpt +@@ -10,6 +10,7 @@ SOAP Server 9: setclass and setpersisten + --INI-- + session.auto_start=1 + session.save_handler=files ++session.save_path=temp_session_store + --FILE-- + + --FILE-- + +Date: Thu, 9 Aug 2012 14:02:33 -0400 +Subject: [PATCH] Update to work with libxml 2.9.0 + +--- + ext/dom/documenttype.c | 4 ++++ + ext/dom/node.c | 8 ++++++++ + ext/simplexml/simplexml.c | 4 ++++ + 3 files changed, 16 insertions(+) + +Index: php5-5.4.6/ext/dom/documenttype.c +=================================================================== +--- php5-5.4.6.orig/ext/dom/documenttype.c 2012-08-15 00:26:05.000000000 -0400 ++++ php5-5.4.6/ext/dom/documenttype.c 2012-11-07 11:54:40.737441165 -0500 +@@ -205,7 +205,11 @@ + if (buff != NULL) { + xmlNodeDumpOutput (buff, NULL, (xmlNodePtr) intsubset, 0, 0, NULL); + xmlOutputBufferFlush(buff); ++#ifdef LIBXML2_NEW_BUFFER ++ ZVAL_STRINGL(*retval, xmlOutputBufferGetContent(buff), xmlOutputBufferGetSize(buff), 1); ++#else + ZVAL_STRINGL(*retval, buff->buffer->content, buff->buffer->use, 1); ++#endif + (void)xmlOutputBufferClose(buff); + return SUCCESS; + } +Index: php5-5.4.6/ext/dom/node.c +=================================================================== +--- php5-5.4.6.orig/ext/dom/node.c 2012-08-15 00:26:05.000000000 -0400 ++++ php5-5.4.6/ext/dom/node.c 2012-11-07 11:54:40.737441165 -0500 +@@ -1895,9 +1895,17 @@ + RETVAL_FALSE; + } else { + if (mode == 0) { ++#ifdef LIBXML2_NEW_BUFFER ++ ret = xmlOutputBufferGetSize(buf); ++#else + ret = buf->buffer->use; ++#endif + if (ret > 0) { ++#ifdef LIBXML2_NEW_BUFFER ++ RETVAL_STRINGL((char *) xmlOutputBufferGetContent(buf), ret, 1); ++#else + RETVAL_STRINGL((char *) buf->buffer->content, ret, 1); ++#endif + } else { + RETVAL_EMPTY_STRING(); + } +Index: php5-5.4.6/ext/simplexml/simplexml.c +=================================================================== +--- php5-5.4.6.orig/ext/simplexml/simplexml.c 2012-08-15 00:26:05.000000000 -0400 ++++ php5-5.4.6/ext/simplexml/simplexml.c 2012-11-07 11:54:40.737441165 -0500 +@@ -1417,7 +1417,11 @@ + + xmlNodeDumpOutput(outbuf, (xmlDocPtr) sxe->document->ptr, node, 0, 0, ((xmlDocPtr) sxe->document->ptr)->encoding); + xmlOutputBufferFlush(outbuf); ++#ifdef LIBXML2_NEW_BUFFER ++ RETVAL_STRINGL((char *)xmlOutputBufferGetContent(outbuf), xmlOutputBufferGetSize(outbuf), 1); ++#else + RETVAL_STRINGL((char *)outbuf->buffer->content, outbuf->buffer->use, 1); ++#endif + xmlOutputBufferClose(outbuf); + } + } else { --- php5-5.4.6.orig/debian/patches/php-fpm-sysconfdir.patch +++ php5-5.4.6/debian/patches/php-fpm-sysconfdir.patch @@ -0,0 +1,11 @@ +--- a/sapi/fpm/fpm/fpm_conf.c ++++ b/sapi/fpm/fpm/fpm_conf.c +@@ -1604,7 +1604,7 @@ int fpm_conf_init_main(int test_conf) /* + char *tmp; + + if (fpm_globals.prefix == NULL) { +- spprintf(&tmp, 0, "%s/php-fpm.conf", PHP_SYSCONFDIR); ++ spprintf(&tmp, 0, "%s/php5/fpm/php-fpm.conf", PHP_SYSCONFDIR); + } else { + spprintf(&tmp, 0, "%s/etc/php-fpm.conf", fpm_globals.prefix); + } --- php5-5.4.6.orig/debian/patches/php-fpm-man-section-and-cleanup.patch +++ php5-5.4.6/debian/patches/php-fpm-man-section-and-cleanup.patch @@ -0,0 +1,38 @@ +Description: Fix php-fpm's manpage section to match location of binary + (/usr/sbin,) additionally, remove some stuff that is useless or + doesn't apply to Debian. +Origin: vendor +Forwarded: http://bugs.php.net/52476 +Last-Update: 2010-07-29 + +--- a/sapi/fpm/php-fpm.8.in ++++ b/sapi/fpm/php-fpm.8.in +@@ -112,15 +112,8 @@ The configuration file for the php-fpm d + .TP + .B php.ini + The standard php configuration file. +-.SH EXAMPLES +-You should use the init script provided to start and stop the php-fpm daemon. This situation applies for any unix systems which use init.d for their main process manager. +-.P +-.PD 1 +-.RS +-sudo /etc/init.d/php-fpm start +-.RE +-.TP +-If your installation has no appropriate init script, launch php-fpm with no arguments. It will launch as a daemon (background process) by default. The file @php_fpm_localstatedir@/run/php-fpm.pid determines whether php-fpm is already up and running. Once started, php-fpm then responds to several POSIX signals: ++.SH SIGNAL ++Once started, php-fpm then responds to several POSIX signals: + .P + .PD 0 + .RS +@@ -134,10 +127,6 @@ If your installation has no appropriate + .RE + .PD 1 + .P +-.SH TIPS +-The PHP-FPM CGI daemon will work well with most popular webservers, including Apache2, lighttpd and nginx. +-.PD 1 +-.P + .SH SEE ALSO + The PHP-FPM website: + .PD 0 --- php5-5.4.6.orig/debian/patches/series +++ php5-5.4.6/debian/patches/series @@ -0,0 +1,63 @@ +001-libtool_fixes.patch +002-static_openssl.patch +004-ldap_fix.patch +006-debian_quirks.patch +libtool2.2.patch +013-force_getaddrinfo.patch +017-pread_pwrite_disable.patch +019-z_off_t_as_long.patch +033-we_WANT_libtool.patch +034-apache2_umask_fix.patch +036-fd_setsize_fix.patch +043-recode_size_t.patch +044-strtod_arm_fix.patch +045-exif_nesting_level.patch +047-zts_with_dl.patch +052-phpinfo_no_configure.patch +053-extension_api.patch +057-no_apache_installed.patch +100-recode_is_shared.patch +108-64_bit_datetime.patch +112-proc_open.patch +113-php.ini_securitynotes.patch +116-posixness_fix.patch +libdb_is_-ldb +fix_broken_upstream_tests.patch +use_embedded_timezonedb.patch +force_libmysqlclient_r.patch +mssql-null-exception.patch +sybase-alias.patch +strcmp_null-OnUpdateErrorLog.patch +#deprecate_short_open_tag +fix_broken_5.3_tests.patch +dont-gitclean-in-build.patch +#broken_5.3_test-posix_uname.patch +shtool_mkdir_-p_-race-condition.patch +qdbm-is-usr_include_qdbm.patch +zend_int_overflow.patch +use_embedded_timezonedb_fixes.patch +fix_broken_sha2_test.patch +php_crypt_revamped.patch +use_system_crypt_fixes.patch +session_save_path.patch +#install-programs_parallel_FTBFS.patch +php-fpm-man-section-and-cleanup.patch +fpm-config.patch +fix_crash_in__php_mssql_get_column_content_without_type.patch +php-fpm-sysconfdir.patch +lp564920-fix-big-files.patch +backport-upstream-lp592442.patch +temporary-path-fixes-for-multiarch.patch +gdIOCtx.patch +hurd-noptrace.diff +php-5.3.9-mysqlnd.patch +php-5.3.9-gnusrc.patch +php-5.3.3-macropen.patch +php-5.2.4-norpath.patch +php-fpm-listen-on-unix-socket.patch +0001-Add-information-about-which-INI-file-is-which-inside.patch +php-5.2.4-embed.patch +php-5.4.0-dlopen.patch +php-fpm-m68k.patch +libxml-reset-the-handler.patch +libxml290.patch --- php5-5.4.6.orig/debian/patches/php-5.3.9-mysqlnd.patch +++ php5-5.4.6/debian/patches/php-5.3.9-mysqlnd.patch @@ -0,0 +1,22 @@ +--- a/ext/mysqlnd/mysqlnd.c ++++ b/ext/mysqlnd/mysqlnd.c +@@ -695,7 +695,7 @@ MYSQLND_METHOD(mysqlnd_conn_data, connec + if (host_len == sizeof("localhost") - 1 && !strncasecmp(host, "localhost", host_len)) { + DBG_INF_FMT("socket=%s", socket_or_pipe? socket_or_pipe:"n/a"); + if (!socket_or_pipe) { +- socket_or_pipe = "/tmp/mysql.sock"; ++ socket_or_pipe = "/var/run/mysqld/mysqld.sock"; + } + transport_len = mnd_sprintf(&transport, 0, "unix://%s", socket_or_pipe); + unix_socket = TRUE; +--- a/ext/pdo_mysql/pdo_mysql.c ++++ b/ext/pdo_mysql/pdo_mysql.c +@@ -50,7 +50,7 @@ ZEND_DECLARE_MODULE_GLOBALS(pdo_mysql) + # define PDO_MYSQL_UNIX_ADDR PHP_MYSQL_UNIX_SOCK_ADDR + # else + # if !PHP_WIN32 +-# define PDO_MYSQL_UNIX_ADDR "/tmp/mysql.sock" ++# define PDO_MYSQL_UNIX_ADDR "/var/run/mysqld/mysqld.sock" + # else + # define PDO_MYSQL_UNIX_ADDR NULL + # endif --- php5-5.4.6.orig/debian/patches/session_save_path.patch +++ php5-5.4.6/debian/patches/session_save_path.patch @@ -0,0 +1,40 @@ +Description: Set the default session.save_path dir to /var/lib/php5. + This is the directory that has been used in Debian to store the + session files and is partially protected by dir permissions. +Origin: vendor +Forwarded: not-needed +Last-Update: 2010-05-01 + +--- a/ext/session/session.c ++++ b/ext/session/session.c +@@ -705,7 +705,7 @@ static ZEND_INI_MH(OnUpdateSmartStr) /* + /* {{{ PHP_INI + */ + PHP_INI_BEGIN() +- STD_PHP_INI_ENTRY("session.save_path", "", PHP_INI_ALL, OnUpdateSaveDir,save_path, php_ps_globals, ps_globals) ++ STD_PHP_INI_ENTRY("session.save_path", "/var/lib/php5", PHP_INI_ALL, OnUpdateSaveDir,save_path, php_ps_globals, ps_globals) + STD_PHP_INI_ENTRY("session.name", "PHPSESSID", PHP_INI_ALL, OnUpdateString, session_name, php_ps_globals, ps_globals) + PHP_INI_ENTRY("session.save_handler", "files", PHP_INI_ALL, OnUpdateSaveHandler) + STD_PHP_INI_BOOLEAN("session.auto_start", "0", PHP_INI_ALL, OnUpdateBool, auto_start, php_ps_globals, ps_globals) +--- a/php.ini-development ++++ b/php.ini-development +@@ -1399,7 +1399,7 @@ session.save_handler = files + ; where MODE is the octal representation of the mode. Note that this + ; does not overwrite the process's umask. + ; http://php.net/session.save-path +-;session.save_path = "/tmp" ++;session.save_path = "/var/lib/php5" + + ; Whether to use cookies. + ; http://php.net/session.use-cookies +--- a/php.ini-production ++++ b/php.ini-production +@@ -1348,7 +1348,7 @@ session.save_handler = files + ; where MODE is the octal representation of the mode. Note that this + ; does not overwrite the process's umask. + ; http://php.net/session.save-path +-;session.save_path = "/tmp" ++;session.save_path = "/var/lib/php5" + + ; Whether to use cookies. + ; http://php.net/session.use-cookies --- php5-5.4.6.orig/debian/patches/zend_int_overflow.patch +++ php5-5.4.6/debian/patches/zend_int_overflow.patch @@ -0,0 +1,110 @@ +Author: Sean Finney +Description: Another integer overflow/underflow logic fix. + Once again, don't rely on undefined behavior and instead detect + the overflow/underflow conditions intelligently. +Bug: http://bugs.php.net/bug.php?id=51008 +Bug-Debian: http://bugs.debian.org/570144 +--- a/Zend/zend_hash.h ++++ b/Zend/zend_hash.h +@@ -306,9 +306,11 @@ END_EXTERN_C() + + #define ZEND_HANDLE_NUMERIC_EX(key, length, idx, func) do { \ + register const char *tmp = key; \ ++ int negative = 0; \ + \ + if (*tmp == '-') { \ + tmp++; \ ++ negative = 1; \ + } \ + if (*tmp >= '0' && *tmp <= '9') { /* possibly a numeric index */ \ + const char *end = key + length - 1; \ +@@ -321,19 +323,19 @@ END_EXTERN_C() + *tmp > '2')) { /* overflow */ \ + break; \ + } \ +- idx = (*tmp - '0'); \ ++ idx = ((negative)?-1:1) * (*tmp - '0'); \ + while (++tmp != end && *tmp >= '0' && *tmp <= '9') { \ +- idx = (idx * 10) + (*tmp - '0'); \ +- } \ +- if (tmp == end) { \ +- if (*key == '-') { \ +- if (idx-1 > LONG_MAX) { /* overflow */ \ +- break; \ +- } \ +- idx = 0 - idx; \ +- } else if (idx > LONG_MAX) { /* overflow */ \ ++ int digit = (*tmp - '0'); \ ++ if ( (!negative) && idx <= (LONG_MAX-digit)/10 ) { \ ++ idx = (idx * 10) + digit; \ ++ } else if ( (negative) && idx >= (LONG_MIN+digit)/10 ) { \ ++ idx = (idx * 10) - digit; \ ++ } else { \ ++ --tmp; /* overflow or underflow, make sure tmp != end */ \ + break; \ + } \ ++ } \ ++ if (tmp == end) { \ + func; \ + } \ + } \ +--- a/Zend/tests/bug45877.phpt ++++ b/Zend/tests/bug45877.phpt +@@ -1,23 +1,40 @@ + --TEST-- + Bug #45877 (Array key '2147483647' left as string) +---INI-- +-precision=16 + --FILE-- + +---EXPECTF-- +-array(3) { +- [%d7]=> +- int(1) +- [-%d8]=> +- int(1) +- ["%s"]=> +- int(1) ++function test_value($val, $msg) { ++ $a = array($val => 1); ++ $keys = array_keys($a); ++ if ($val == $keys[0]) $result = "ok"; ++ else $result = "failed ($val != $keys[0])"; ++ echo "$msg: $result\n"; + } ++ ++test_value($max, "max"); ++test_value($overflow, "overflow"); ++test_value($min, "min"); ++test_value($underflow, "underflow"); ++ ++?> ++--EXPECT-- ++max: ok ++overflow: ok ++min: ok ++underflow: ok --- php5-5.4.6.orig/debian/patches/fix_broken_5.3_tests.patch +++ php5-5.4.6/debian/patches/fix_broken_5.3_tests.patch @@ -0,0 +1,30 @@ +Author: Sean Finney +Description: Fix another small batch of broken test cases + * ext/standard/tests/php_ini_loaded_file.phpt: this test only works if + you call run-tests directly, but the included Makefile invokes the + test in such a way that it fails (it explicitly loads an ini file, + and the test assumes that none are loaded). since it therefore seems + like a somewhat useless test it has been removed. + * cli/tests/006.phpt: $subject is according to the docs for + the two pcre functions that report it as such, so the expected string has + been updated to match the output. + * php.orig/ext/posix/tests/posix_errno_variation2.phpt: SIGKILL is not + a defined constant unless the pcntl extension is loaded. As was + done elsewhere (posix_kill_basic.phpt, which oddly seems to do the + same *incredibly sketchy* test that's done here), it's passed as a + variable hardcoded to 9 instead. Did i mention that this test is + sketchy? +Origin: vendor +--- a/ext/posix/tests/posix_errno_variation2.phpt ++++ b/ext/posix/tests/posix_errno_variation2.phpt +@@ -21,7 +21,9 @@ do { + $result = shell_exec("ps -p " . $pid); + } while (strstr($pid, $result)); + +-posix_kill($pid, SIGKILL); ++/* don't depend on SIGKILL being defined (pcntl might not not be loaded) */ ++$SIGKILL = 9; ++posix_kill($pid, $SIGKILL); + var_dump(posix_errno()); + + ?> --- php5-5.4.6.orig/debian/patches/libxml-reset-the-handler.patch +++ php5-5.4.6/debian/patches/libxml-reset-the-handler.patch @@ -0,0 +1,23 @@ +--- a/ext/libxml/libxml.c ++++ b/ext/libxml/libxml.c +@@ -860,7 +860,6 @@ static PHP_MSHUTDOWN_FUNCTION(libxml) + { + if (!_php_libxml_per_request_initialization) { + xmlSetGenericErrorFunc(NULL, NULL); +- xmlSetStructuredErrorFunc(NULL, NULL); + + xmlParserInputBufferCreateFilenameDefault(NULL); + xmlOutputBufferCreateFilenameDefault(NULL); +@@ -876,11 +875,11 @@ static int php_libxml_post_deactivate() + /* reset libxml generic error handling */ + if (_php_libxml_per_request_initialization) { + xmlSetGenericErrorFunc(NULL, NULL); +- xmlSetStructuredErrorFunc(NULL, NULL); + + xmlParserInputBufferCreateFilenameDefault(NULL); + xmlOutputBufferCreateFilenameDefault(NULL); + } ++ xmlSetStructuredErrorFunc(NULL, NULL); + + if (LIBXML(stream_context)) { + /* the steam_context resource will be released by resource list destructor */ --- php5-5.4.6.orig/debian/patches/047-zts_with_dl.patch +++ php5-5.4.6/debian/patches/047-zts_with_dl.patch @@ -0,0 +1,15 @@ +--- a/ext/standard/dl.c ++++ b/ext/standard/dl.c +@@ -74,12 +74,7 @@ PHPAPI PHP_FUNCTION(dl) + (strcmp(sapi_module.name, "cli") != 0) && + (strncmp(sapi_module.name, "embed", 5) != 0) + ) { +-#ifdef ZTS +- php_error_docref(NULL TSRMLS_CC, E_WARNING, "Not supported in multithreaded Web servers - use extension=%s in your php.ini", filename); +- RETURN_FALSE; +-#else + php_error_docref(NULL TSRMLS_CC, E_DEPRECATED, "dl() is deprecated - use extension=%s in your php.ini", filename); +-#endif + } + + php_dl(filename, MODULE_TEMPORARY, return_value, 0 TSRMLS_CC); --- php5-5.4.6.orig/debian/patches/php-fpm-error-reporting.patch +++ php5-5.4.6/debian/patches/php-fpm-error-reporting.patch @@ -0,0 +1,107 @@ +--- a/sapi/fpm/fpm/fpm_main.c ++++ b/sapi/fpm/fpm/fpm_main.c +@@ -646,12 +646,38 @@ static void sapi_cgi_register_variables( + } + } + +-static void sapi_cgi_log_message(char *message TSRMLS_DC) ++/* {{{ sapi_cgi_log_fastcgi ++ * ++ * Ignore level, we want to send all messages through fastcgi ++ */ ++void sapi_cgi_log_fastcgi(int level, char *message, size_t len) + { +- if (CGIG(fcgi_logging)) { +- zlog(ZLOG_NOTICE, "PHP message: %s", message); ++ TSRMLS_FETCH(); ++ ++ fcgi_request *request = (fcgi_request*) SG(server_context); ++ ++ /* ensure we want: ++ * - to log (fastcgi.logging in php.ini) ++ * - we are currently dealing with a request ++ * - the message is not empty ++ */ ++ if (CGIG(fcgi_logging) && request && message && len > 0) { ++ char *buf = malloc(len + 2); ++ memcpy(buf, message, len); ++ memcpy(buf + len, "\n", sizeof("\n")); ++ fcgi_write(request, FCGI_STDERR, buf, len+1); ++ free(buf); + } + } ++/* }}} */ ++ ++/* {{{ sapi_cgi_log_message ++ */ ++static void sapi_cgi_log_message(char *message) ++{ ++ zlog(ZLOG_NOTICE, "PHP message: %s", message); ++} ++/* }}} */ + + /* {{{ php_cgi_ini_activate_user_config + */ +@@ -1772,6 +1798,9 @@ consult the installation file that came + fcgi_fd = fpm_run(&max_requests); + parent = 0; + ++ /* onced forked tell zlog to also send messages through sapi_cgi_log_fastcgi() */ ++ zlog_set_external_logger(sapi_cgi_log_fastcgi); ++ + /* make php call us to get _ENV vars */ + php_php_import_environment_variables = php_import_environment_variables; + php_import_environment_variables = cgi_php_import_environment_variables; +--- a/sapi/fpm/fpm/zlog.c ++++ b/sapi/fpm/fpm/zlog.c +@@ -22,6 +22,7 @@ + static int zlog_fd = -1; + static int zlog_level = ZLOG_NOTICE; + static int launched = 0; ++static void (*external_logger)(int, char *, size_t) = NULL; + + static const char *level_names[] = { + [ZLOG_DEBUG] = "DEBUG", +@@ -41,6 +42,12 @@ const int syslog_priorities[] = { + }; + #endif + ++void zlog_set_external_logger(void (*logger)(int, char *, size_t)) /* {{{ */ ++{ ++ external_logger = logger; ++} ++/* }}} */ ++ + const char *zlog_get_level_name(int log_level) /* {{{ */ + { + if (log_level < 0) { +@@ -101,6 +108,19 @@ void zlog_ex(const char *function, int l + int truncated = 0; + int saved_errno; + ++ if (external_logger) { ++ va_start(args, fmt); ++ len = vsnprintf(buf, buf_size, fmt, args); ++ va_end(args); ++ if (len >= buf_size) { ++ memcpy(buf + buf_size - sizeof("..."), "...", sizeof("...") - 1); ++ len = buf_size - 1; ++ } ++ external_logger(flags & ZLOG_LEVEL_MASK, buf, len); ++ len = 0; ++ memset(buf, '\0', buf_size); ++ } ++ + if ((flags & ZLOG_LEVEL_MASK) < zlog_level) { + return; + } +--- a/sapi/fpm/fpm/zlog.h ++++ b/sapi/fpm/fpm/zlog.h +@@ -9,6 +9,7 @@ + + struct timeval; + ++void zlog_set_external_logger(void (*logger)(int, char *, size_t)); + int zlog_set_fd(int new_fd); + int zlog_set_level(int new_value); + const char *zlog_get_level_name(int log_level); --- php5-5.4.6.orig/debian/patches/use_embedded_timezonedb_fixes.patch +++ php5-5.4.6/debian/patches/use_embedded_timezonedb_fixes.patch @@ -0,0 +1,19 @@ +Author: Sean Finney +Forwarded: no (upstream doesn't want it) +Description: Silence warnings about using the default system timezone info + In vanilla upstream php, this is considered an error (i.e. the user must + set the timezone explicitly), though with our use of the system timezonedb + patch, we actually feel quite comfortable using the default timezone info. +Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=571762 +--- a/ext/date/tests/date_default_timezone_set-1.phpt ++++ b/ext/date/tests/date_default_timezone_set-1.phpt +@@ -22,9 +22,6 @@ date.timezone= + echo date(DATE_ISO8601, $date4), "\n"; + ?> + --EXPECTF-- +-Warning: strtotime(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone. in %sdate_default_timezone_set-1.php on line 3 +- +-Warning: strtotime(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone. in %sdate_default_timezone_set-1.php on line 4 + America/Indiana/Knox + 2005-01-12T03:00:00-0500 + 2005-07-12T03:00:00-0500 --- php5-5.4.6.orig/debian/patches/php-5.3.3-macropen.patch +++ php5-5.4.6/debian/patches/php-5.3.3-macropen.patch @@ -0,0 +1,36 @@ +--- a/ext/dba/dba.c ++++ b/ext/dba/dba.c +@@ -907,7 +907,7 @@ static void php_dba_open(INTERNAL_FUNCTI + } + } + +- if (error || hptr->open(info, &error TSRMLS_CC) != SUCCESS) { ++ if (error || (hptr->open)(info, &error TSRMLS_CC) != SUCCESS) { + dba_close(info TSRMLS_CC); + php_error_docref2(NULL TSRMLS_CC, Z_STRVAL_PP(args[0]), Z_STRVAL_PP(args[1]), E_WARNING, "Driver initialization failed for handler: %s%s%s", hptr->name, error?": ":"", error?error:""); + FREENOW; +--- a/ext/dba/dba_db3.c ++++ b/ext/dba/dba_db3.c +@@ -91,7 +91,7 @@ DBA_OPEN_FUNC(db3) + + if ((err=db_create(&dbp, NULL, 0)) == 0) { + dbp->set_errcall(dbp, php_dba_db3_errcall_fcn); +- if ((err=dbp->open(dbp, info->path, NULL, type, gmode, filemode)) == 0) { ++ if ((err=(dbp->open)(dbp, info->path, NULL, type, gmode, filemode)) == 0) { + dba_db3_data *data; + + data = pemalloc(sizeof(*data), info->flags&DBA_PERSISTENT); +--- a/ext/dba/dba_db4.c ++++ b/ext/dba/dba_db4.c +@@ -126,9 +126,9 @@ DBA_OPEN_FUNC(db4) + dbp->set_errcall(dbp, php_dba_db4_errcall_fcn); + if ( + #if (DB_VERSION_MAJOR > 4 || (DB_VERSION_MAJOR == 4 && DB_VERSION_MINOR >= 1)) +- (err=dbp->open(dbp, 0, info->path, NULL, type, gmode, filemode)) == 0) { ++ (err=(dbp->open)(dbp, 0, info->path, NULL, type, gmode, filemode)) == 0) { + #else +- (err=dbp->open(dbp, info->path, NULL, type, gmode, filemode)) == 0) { ++ (err=(dbp->open)(dbp, info->path, NULL, type, gmode, filemode)) == 0) { + #endif + dba_db4_data *data; + --- php5-5.4.6.orig/debian/patches/libtool2.2.patch +++ php5-5.4.6/debian/patches/libtool2.2.patch @@ -0,0 +1,31 @@ +--- a/scripts/phpize.in ++++ b/scripts/phpize.in +@@ -6,10 +6,16 @@ datarootdir='@datarootdir@' + exec_prefix="`eval echo @exec_prefix@`" + phpdir="$prefix/lib/php5/build" + includedir="$prefix/include/php5" ++aclocaldir="$prefix/share/aclocal" + builddir="`pwd`" + SED="@SED@" + +-FILES_BUILD="mkdep.awk scan_makefile_in.awk shtool libtool.m4" ++FILES_BUILD="mkdep.awk scan_makefile_in.awk shtool" ++if [ -f "$aclocaldir/ltsugar.m4" ]; then ++ LIBTOOL_FILES="libtool.m4 ltoptions.m4 ltsugar.m4 ltversion.m4 lt~obsolete.m4" ++else ++ LIBTOOL_FILES="libtool.m4" ++fi + FILES="acinclude.m4 Makefile.global config.sub config.guess ltmain.sh run-tests*.php" + CLEAN_FILES="$FILES *.o *.lo *.la .deps .libs/ build/ include/ modules/ install-sh \ + mkinstalldirs missing config.nice config.sub config.guess configure configure.in \ +@@ -145,8 +151,9 @@ phpize_copy_files() + test -d build || mkdir build + + (cd "$phpdir" && cp $FILES_BUILD "$builddir"/build) ++ (cd "$aclocaldir" && cp $LIBTOOL_FILES "$builddir"/build) + (cd "$phpdir" && cp $FILES "$builddir") +- (cd "$builddir" && cat acinclude.m4 ./build/libtool.m4 > aclocal.m4) ++ (cd "$builddir/build" && cat ../acinclude.m4 $LIBTOOL_FILES > ../aclocal.m4) + } + + phpize_replace_prefix() --- php5-5.4.6.orig/debian/patches/qdbm-is-usr_include_qdbm.patch +++ php5-5.4.6/debian/patches/qdbm-is-usr_include_qdbm.patch @@ -0,0 +1,20 @@ +Description: Look for qdbm under $prefix/include/qdbm too. + The Debian package ships the header files under that directory, for + unknown reasons. +Origin: vendor +Forwarded: not-needed +Last-Update: 2010-02-21 + +--- a/ext/dba/config.m4 ++++ b/ext/dba/config.m4 +@@ -113,6 +113,10 @@ if test "$PHP_QDBM" != "no"; then + THIS_PREFIX=$i + THIS_INCLUDE=$i/include/depot.h + break ++ elif test -f "$i/include/qdbm/depot.h"; then ++ THIS_PREFIX=$i ++ THIS_INCLUDE=$i/include/qdbm/depot.h ++ break + fi + done + --- php5-5.4.6.orig/debian/patches/php-5.2.4-embed.patch +++ php5-5.4.6/debian/patches/php-5.2.4-embed.patch @@ -0,0 +1,12 @@ +--- a/sapi/embed/config.m4 ++++ b/sapi/embed/config.m4 +@@ -12,7 +12,8 @@ if test "$PHP_EMBED" != "no"; then + case "$PHP_EMBED" in + yes|shared) + PHP_EMBED_TYPE=shared +- INSTALL_IT="\$(mkinstalldirs) \$(INSTALL_ROOT)\$(prefix)/lib; \$(INSTALL) -m 0755 $SAPI_SHARED \$(INSTALL_ROOT)\$(prefix)/lib" ++ EXTRA_LDFLAGS="$EXTRA_LDFLAGS -release \$(PHP_VERSION)" ++ INSTALL_IT="\$(mkinstalldirs) \$(INSTALL_ROOT)\$(libdir); \$(LIBTOOL) --mode=install \$(INSTALL) -m 0755 \$(OVERALL_TARGET) \$(INSTALL_ROOT)\$(libdir)" + ;; + static) + PHP_EMBED_TYPE=static --- php5-5.4.6.orig/debian/patches/112-proc_open.patch +++ php5-5.4.6/debian/patches/112-proc_open.patch @@ -0,0 +1,11 @@ +--- a/ext/standard/proc_open.c ++++ b/ext/standard/proc_open.c +@@ -61,7 +61,7 @@ + * */ + #ifdef PHP_CAN_SUPPORT_PROC_OPEN + +-#if 0 && HAVE_PTSNAME && HAVE_GRANTPT && HAVE_UNLOCKPT && HAVE_SYS_IOCTL_H && HAVE_TERMIOS_H ++#if HAVE_PTSNAME && HAVE_GRANTPT && HAVE_UNLOCKPT && HAVE_SYS_IOCTL_H && HAVE_TERMIOS_H + # include + # include + # define PHP_CAN_DO_PTS 1 --- php5-5.4.6.orig/debian/patches/broken_5.3_test-posix_uname.patch +++ php5-5.4.6/debian/patches/broken_5.3_test-posix_uname.patch @@ -0,0 +1,53 @@ +Author: Sean Finney +Description: Fix two failing tests + * ext/posix/tests/posix_uname.phpt: removed + * ext/posix/tests/posix_uname_basic.phpt: backported fix from upstream. +Bug: http://bugs.php.net/bug.php?id=50982 +Bug-Debian: http://bugs.debian.org/570286 +--- a/ext/posix/tests/posix_uname.phpt ++++ /dev/null +@@ -1,35 +0,0 @@ +---TEST-- +-Test posix_uname() +---DESCRIPTION-- +-Gets information about the system. +-Source code: ext/posix/posix.c +---CREDITS-- +-Falko Menge, mail at falko-menge dot de +-PHP Testfest Berlin 2009-05-10 +---SKIPIF-- +- +---FILE-- +- +-===DONE=== +---EXPECTF-- +-array(5) { +- ["sysname"]=> +- string(%d) "%s" +- ["nodename"]=> +- string(%d) "%s" +- ["release"]=> +- string(%d) "%s" +- ["version"]=> +- string(%d) "%s" +- ["machine"]=> +- string(%d) "%s" +-} +-===DONE=== +--- a/ext/posix/tests/posix_uname_basic.phpt ++++ b/ext/posix/tests/posix_uname_basic.phpt +@@ -25,4 +25,4 @@ Array + [machine] => %s + ) + ===DONE==== +- +\ No newline at end of file ++ --- php5-5.4.6.orig/debian/patches/0001-Add-information-about-which-INI-file-is-which-inside.patch +++ php5-5.4.6/debian/patches/0001-Add-information-about-which-INI-file-is-which-inside.patch @@ -0,0 +1,32 @@ +From d2852f2e53437f5f2cfda4d6f623a5c97faf1408 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Ond=C5=99ej=20Sur=C3=BD?= +Date: Fri, 6 Apr 2012 14:30:10 +0200 +Subject: [PATCH] Add information about which INI file is which inside respective files + +--- + php.ini-development | 2 ++ + php.ini-production | 2 ++ + 2 files changed, 4 insertions(+), 0 deletions(-) + +--- a/php.ini-development ++++ b/php.ini-development +@@ -83,6 +83,8 @@ + ; development version only in development environments as errors shown to + ; application users can inadvertently leak otherwise secure information. + ++; This is php.ini-development INI file. ++ + ;;;;;;;;;;;;;;;;;;; + ; Quick Reference ; + ;;;;;;;;;;;;;;;;;;; +--- a/php.ini-production ++++ b/php.ini-production +@@ -83,6 +83,8 @@ + ; development version only in development environments as errors shown to + ; application users can inadvertently leak otherwise secure information. + ++; This is php.ini-production INI file. ++ + ;;;;;;;;;;;;;;;;;;; + ; Quick Reference ; + ;;;;;;;;;;;;;;;;;;; --- php5-5.4.6.orig/debian/patches/017-pread_pwrite_disable.patch +++ php5-5.4.6/debian/patches/017-pread_pwrite_disable.patch @@ -0,0 +1,28 @@ +Description: Completely disable the usage of pread/pwrite + . + This is an old patch and should be re-checked. +Origin: vendor +Bug-Debian: http://bugs.debian.org/261311 +Forwarded: no +Last-Update: 2010-01-18 + +--- a/acinclude.m4 ++++ b/acinclude.m4 +@@ -1235,7 +1235,7 @@ $1 + } + + ],[ +- ac_cv_pwrite=yes ++ ac_cv_pwrite=no + ],[ + ac_cv_pwrite=no + ],[ +@@ -1264,7 +1264,7 @@ $1 + exit(0); + } + ],[ +- ac_cv_pread=yes ++ ac_cv_pread=no + ],[ + ac_cv_pread=no + ],[ --- php5-5.4.6.orig/debian/patches/006-debian_quirks.patch +++ php5-5.4.6/debian/patches/006-debian_quirks.patch @@ -0,0 +1,220 @@ +Description: Changes to make php use versioned paths and other minor + cleanup changes. +Origin: vendor +Forwarded: not-needed +Last-Update: 2010-01-18 + +--- a/configure.in ++++ b/configure.in +@@ -1068,7 +1068,7 @@ if test "$PHP_CLI" = "no"; then + fi + + PHP_ARG_WITH(pear, [whether to install PEAR], +-[ --with-pear=DIR Install PEAR in DIR @<:@PREFIX/lib/php@:>@ ++[ --with-pear=DIR Install PEAR in DIR @<:@PREFIX/lib/php5@:>@ + --without-pear Do not install PEAR], DEFAULT, yes) + + if test "$PHP_PEAR" != "no"; then +@@ -1098,7 +1098,7 @@ dnl + if test "$PHP_PEAR" = "DEFAULT" || test "$PHP_PEAR" = "yes"; then + case $PHP_LAYOUT in + GNU) PEAR_INSTALLDIR=$datadir/pear;; +- *) PEAR_INSTALLDIR=$libdir/php;; ++ *) PEAR_INSTALLDIR=$libdir/php5;; + esac + fi + +@@ -1153,12 +1153,12 @@ test "$program_suffix" = "NONE" && progr + + case $libdir in + '${exec_prefix}/lib') +- libdir=$libdir/php ++ libdir=$libdir/php5 + ;; + esac + case $datadir in + '${prefix}/share') +- datadir=$datadir/php ++ datadir=$datadir/php5 + ;; + esac + +@@ -1225,7 +1225,7 @@ EXPANDED_SYSCONFDIR=`eval echo $sysconfd + EXPANDED_DATADIR=$datadir + EXPANDED_PHP_CONFIG_FILE_PATH=`eval echo "$PHP_CONFIG_FILE_PATH"` + EXPANDED_PHP_CONFIG_FILE_SCAN_DIR=`eval echo "$PHP_CONFIG_FILE_SCAN_DIR"` +-INCLUDE_PATH=.:$EXPANDED_PEAR_INSTALLDIR ++INCLUDE_PATH=.:$EXPANDED_PEAR_INSTALLDIR:/usr/share/pear + + exec_prefix=$old_exec_prefix + libdir=$old_libdir +--- a/ext/ext_skel ++++ b/ext/ext_skel +@@ -70,7 +70,7 @@ if test -d "$extname" ; then + fi + + if test -z "$skel_dir"; then +- skel_dir="skeleton" ++ skel_dir="/usr/lib/php5/skeleton" + fi + + ## convert skel_dir to full path +--- a/php.ini-development ++++ b/php.ini-development +@@ -702,7 +702,7 @@ default_mimetype = "text/html" + ;;;;;;;;;;;;;;;;;;;;;;;;; + + ; UNIX: "/path1:/path2" +-;include_path = ".:/php/includes" ++;include_path = ".:/usr/share/php" + ; + ; Windows: "\path1;\path2" + ;include_path = ".;c:\php\includes" +--- a/php.ini-production ++++ b/php.ini-production +@@ -702,7 +702,7 @@ default_mimetype = "text/html" + ;;;;;;;;;;;;;;;;;;;;;;;;; + + ; UNIX: "/path1:/path2" +-;include_path = ".:/php/includes" ++;include_path = ".:/usr/share/php" + ; + ; Windows: "\path1;\path2" + ;include_path = ".;c:\php\includes" +@@ -859,51 +859,6 @@ default_socket_timeout = 60 + ; If you only provide the name of the extension, PHP will look for it in its + ; default extension directory. + ; +-; Windows Extensions +-; Note that ODBC support is built in, so no dll is needed for it. +-; Note that many DLL files are located in the extensions/ (PHP 4) ext/ (PHP 5) +-; extension folders as well as the separate PECL DLL download (PHP 5). +-; Be sure to appropriately set the extension_dir directive. +-; +-;extension=php_bz2.dll +-;extension=php_curl.dll +-;extension=php_fileinfo.dll +-;extension=php_gd2.dll +-;extension=php_gettext.dll +-;extension=php_gmp.dll +-;extension=php_intl.dll +-;extension=php_imap.dll +-;extension=php_interbase.dll +-;extension=php_ldap.dll +-;extension=php_mbstring.dll +-;extension=php_exif.dll ; Must be after mbstring as it depends on it +-;extension=php_mysql.dll +-;extension=php_mysqli.dll +-;extension=php_oci8.dll ; Use with Oracle 10gR2 Instant Client +-;extension=php_oci8_11g.dll ; Use with Oracle 11gR2 Instant Client +-;extension=php_openssl.dll +-;extension=php_pdo_firebird.dll +-;extension=php_pdo_mysql.dll +-;extension=php_pdo_oci.dll +-;extension=php_pdo_odbc.dll +-;extension=php_pdo_pgsql.dll +-;extension=php_pdo_sqlite.dll +-;extension=php_pgsql.dll +-;extension=php_pspell.dll +-;extension=php_shmop.dll +- +-; The MIBS data available in the PHP distribution must be installed. +-; See http://www.php.net/manual/en/snmp.installation.php +-;extension=php_snmp.dll +- +-;extension=php_soap.dll +-;extension=php_sockets.dll +-;extension=php_sqlite3.dll +-;extension=php_sybase_ct.dll +-;extension=php_tidy.dll +-;extension=php_xmlrpc.dll +-;extension=php_xsl.dll +-;extension=php_zip.dll + + ;;;;;;;;;;;;;;;;;;; + ; Module Settings ; +--- a/sapi/caudium/config.m4 ++++ b/sapi/caudium/config.m4 +@@ -26,8 +26,8 @@ if test "$PHP_CAUDIUM" != "no"; then + AC_MSG_ERROR([Could not find a pike in $PHP_CAUDIUM/bin/]) + fi + if $PIKE -e 'float v; int rel;sscanf(version(), "Pike v%f release %d", v, rel);v += rel/10000.0; if(v < 7.0268) exit(1); exit(0);'; then +- PIKE_MODULE_DIR=`$PIKE --show-paths 2>&1| grep '^Module' | sed -e 's/.*: //'` +- PIKE_INCLUDE_DIR=`echo $PIKE_MODULE_DIR | sed -e 's,lib/pike/modules,include/pike,' -e 's,lib/modules,include/pike,' ` ++ PIKE_MODULE_DIR=`$PIKE --show-paths 2>&1| grep '^Master file' | sed -e 's/.*: //' -e 's/master.pike/modules/'` ++ PIKE_INCLUDE_DIR=`echo $PIKE_MODULE_DIR | sed -e 's,lib/modules,,' -e 's,modules,include,' ` + if test -z "$PIKE_INCLUDE_DIR" || test -z "$PIKE_MODULE_DIR"; then + AC_MSG_ERROR(Failed to figure out Pike module and include directories) + fi +@@ -84,7 +84,9 @@ if test "$PHP_CAUDIUM" != "no"; then + PIKE_VERSION=`$PIKE -e 'string v; int rel;sscanf(version(), "Pike v%s release %d", v, rel); write(v+"."+rel);'` + AC_DEFINE(HAVE_CAUDIUM,1,[Whether to compile with Caudium support]) + PHP_SELECT_SAPI(caudium, shared, caudium.c) +- INSTALL_IT="\$(INSTALL) -m 0755 $SAPI_SHARED $PHP_CAUDIUM/lib/$PIKE_VERSION/PHP5.so" ++ dnl FIXME: This is the ugliest hack in the world! ++ dnl INSTALL_IT="\$(mkinstalldirs) \$(INSTALL_ROOT)$PHP_CAUDIUM/lib/$PIKE_VERSION/ && \$(INSTALL) -m 0755 $SAPI_SHARED \$(INSTALL_ROOT)$PHP_CAUDIUM/lib/$PIKE_VERSION/php5.so" ++ INSTALL_IT="\$(mkinstalldirs) \$(INSTALL_ROOT)$PHP_CAUDIUM/lib/$PIKE_VERSION/ && \$(INSTALL) -m 0755 .$SAPI_SHARED \$(INSTALL_ROOT)$PHP_CAUDIUM/lib/$PIKE_VERSION/PHP5.so" + RESULT=" *** Pike binary used: $PIKE + *** Pike include dir(s) used: $PIKE_INCLUDE_DIR + *** Pike version: $PIKE_VERSION" +--- a/sapi/cli/php.1.in ++++ b/sapi/cli/php.1.in +@@ -346,13 +346,14 @@ Shows configuration for extension + Show configuration file names + .SH FILES + .TP 15 +-.B php\-cli.ini ++.B /etc/php5/cli/php.ini + The configuration file for the CLI version of PHP. + .TP +-.B php.ini +-The standard configuration file will only be used when +-.B php\-cli.ini +-cannot be found. ++.B /etc/php5/cgi/php.ini ++The configuration file for the CGI version of PHP. ++.TP ++.B /etc/php5/apache2/php.ini ++The configuration file for the version of PHP that apache2 uses. + .SH EXAMPLES + .TP 5 + \fIphp \-r 'echo "Hello World\\n";'\fP +--- a/scripts/Makefile.frag ++++ b/scripts/Makefile.frag +@@ -3,8 +3,8 @@ + # Build environment install + # + +-phpincludedir = $(includedir)/php +-phpbuilddir = $(libdir)/build ++phpincludedir = $(includedir)/php5 ++phpbuilddir = $(prefix)/lib/php5/build + + BUILD_FILES = \ + scripts/phpize.m4 \ +--- a/scripts/php-config.in ++++ b/scripts/php-config.in +@@ -6,8 +6,8 @@ datarootdir="@datarootdir@" + exec_prefix="@exec_prefix@" + version="@PHP_VERSION@" + vernum="@PHP_VERSION_ID@" +-include_dir="@includedir@/php" +-includes="-I$include_dir -I$include_dir/main -I$include_dir/TSRM -I$include_dir/Zend -I$include_dir/ext -I$include_dir/ext/date/lib" ++include_dir="@includedir@/php5" ++includes="-I$include_dir -I$include_dir/main -I$include_dir/TSRM -I$include_dir/Zend -I$include_dir/ext -I$include_dir/ext/date/lib $(getconf LFS_CFLAGS)" + ldflags="@PHP_LDFLAGS@" + libs="@EXTRA_LIBS@" + extension_dir='@EXTENSION_DIR@' +--- a/scripts/phpize.in ++++ b/scripts/phpize.in +@@ -4,8 +4,8 @@ + prefix='@prefix@' + datarootdir='@datarootdir@' + exec_prefix="`eval echo @exec_prefix@`" +-phpdir="`eval echo @libdir@`/build" +-includedir="`eval echo @includedir@`/php" ++phpdir="$prefix/lib/php5/build" ++includedir="$prefix/include/php5" + builddir="`pwd`" + SED="@SED@" + --- php5-5.4.6.orig/debian/patches/034-apache2_umask_fix.patch +++ php5-5.4.6/debian/patches/034-apache2_umask_fix.patch @@ -0,0 +1,50 @@ +Description: Save and restore umask across requests correctly. + . + Check if this is still an issue not addressed by upstream in some + other way already. +Origin: other +Bug-Debian: http://bugs.debian.org/286225 +Forwarded: no +Last-Update: 2010-01-18 + +--- a/sapi/apache2handler/sapi_apache2.c ++++ b/sapi/apache2handler/sapi_apache2.c +@@ -468,6 +468,19 @@ static apr_status_t php_server_context_c + return APR_SUCCESS; + } + ++static int saved_umask; ++ ++static void php_save_umask(void) ++{ ++ saved_umask = umask(077); ++ umask(saved_umask); ++} ++ ++static void php_restore_umask(void) ++{ ++ umask(saved_umask); ++} ++ + static int php_apache_request_ctor(request_rec *r, php_struct *ctx TSRMLS_DC) + { + char *content_length; +@@ -658,6 +671,8 @@ zend_first_try { + } else { + zend_file_handle zfd; + ++ php_save_umask(); ++ + zfd.type = ZEND_HANDLE_FILENAME; + zfd.filename = (char *) r->filename; + zfd.free_filename = 0; +@@ -669,6 +684,9 @@ zend_first_try { + zend_execute_scripts(ZEND_INCLUDE TSRMLS_CC, NULL, 1, &zfd); + } + ++ php_restore_umask(); ++ ++ + apr_table_set(r->notes, "mod_php_memory_usage", + apr_psprintf(ctx->r->pool, "%zu", zend_memory_peak_usage(1 TSRMLS_CC))); + } --- php5-5.4.6.orig/debian/patches/043-recode_size_t.patch +++ php5-5.4.6/debian/patches/043-recode_size_t.patch @@ -0,0 +1,17 @@ +Description: Check for possible overflows in recode_string() +Origin: vendor +Bug-Debian: http://bugs.debian.org/294986, http://bugs.debian.org/459020 +Forwarded: no +Last-Update: 2010-01-18 + +--- a/ext/recode/recode.c ++++ b/ext/recode/recode.c +@@ -149,7 +149,7 @@ PHP_FUNCTION(recode_string) + int req_len, str_len; + char *req, *str; + +- if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "ss", &req, &req_len, &str, &str_len) == FAILURE) { ++ if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "ss", &req, &req_len, &str, &str_len) == FAILURE || str_len < 0) { + return; + } + --- php5-5.4.6.orig/debian/patches/001-libtool_fixes.patch +++ php5-5.4.6/debian/patches/001-libtool_fixes.patch @@ -0,0 +1,24 @@ +--- a/TSRM/configure.in ++++ b/TSRM/configure.in +@@ -17,9 +17,6 @@ TSRM_BASIC_CHECKS + TSRM_THREADS_CHECKS + + AM_PROG_LIBTOOL +-if test "$enable_debug" != "yes"; then +- AM_SET_LIBTOOL_VARIABLE([--silent]) +-fi + + dnl TSRM_PTHREAD + +--- a/configure.in ++++ b/configure.in +@@ -1399,9 +1399,6 @@ AC_PROVIDE_IFELSE([PHP_REQUIRE_CXX], [], + ]) + AC_PROG_LIBTOOL + +-if test "$enable_debug" != "yes"; then +- PHP_SET_LIBTOOL_VARIABLE([--silent]) +-fi + + dnl libtool 1.4.3 needs this. + PHP_SET_LIBTOOL_VARIABLE([--preserve-dup-deps]) --- php5-5.4.6.orig/debian/patches/045-exif_nesting_level.patch +++ php5-5.4.6/debian/patches/045-exif_nesting_level.patch @@ -0,0 +1,16 @@ +Description: Increase maximum exif nesting level. +Origin: vendor +Forwarded: no +Last-Update: 2010-01-18 + +--- a/ext/exif/exif.c ++++ b/ext/exif/exif.c +@@ -99,7 +99,7 @@ typedef unsigned char uchar; + + #define EFREE_IF(ptr) if (ptr) efree(ptr) + +-#define MAX_IFD_NESTING_LEVEL 100 ++#define MAX_IFD_NESTING_LEVEL 250 + + /* {{{ arginfo */ + ZEND_BEGIN_ARG_INFO(arginfo_exif_tagname, 0) --- php5-5.4.6.orig/debian/patches/057-no_apache_installed.patch +++ php5-5.4.6/debian/patches/057-no_apache_installed.patch @@ -0,0 +1,89 @@ +Description: Disable installed-apache configure check +Origin: vendor +Forwarded: no +Last-Update: 2010-01-18 + +--- a/sapi/apache2handler/config.m4 ++++ b/sapi/apache2handler/config.m4 +@@ -58,13 +58,13 @@ if test "$PHP_APXS2" != "no"; then + + APACHE_CFLAGS="$APACHE_CPPFLAGS -I$APXS_INCLUDEDIR $APR_CFLAGS $APU_CFLAGS" + +- # Test that we're trying to configure with apache 2.x +- PHP_AP_EXTRACT_VERSION($APXS_HTTPD) +- if test "$APACHE_VERSION" -le 2000000; then +- AC_MSG_ERROR([You have enabled Apache 2 support while your server is Apache 1.3. Please use the appropiate switch --with-apxs (without the 2)]) +- elif test "$APACHE_VERSION" -lt 2000044; then +- AC_MSG_ERROR([Please note that Apache version >= 2.0.44 is required]) +- fi ++dnl # Test that we're trying to configure with apache 2.x ++dnl PHP_AP_EXTRACT_VERSION($APXS_HTTPD) ++dnl if test "$APACHE_VERSION" -le 2000000; then ++dnl AC_MSG_ERROR([You have enabled Apache 2 support while your server is Apache 1.3. Please use the appropiate switch --with-apxs (without the 2)]) ++dnl elif test "$APACHE_VERSION" -lt 2000044; then ++dnl AC_MSG_ERROR([Please note that Apache version >= 2.0.44 is required]) ++dnl fi + + APXS_LIBEXECDIR='$(INSTALL_ROOT)'`$APXS -q LIBEXECDIR` + if test -z `$APXS -q SYSCONFDIR`; then +--- a/sapi/apache/config.m4 ++++ b/sapi/apache/config.m4 +@@ -56,11 +56,11 @@ if test "$PHP_APXS" != "no"; then + APXS_HTTPD=`$APXS -q SBINDIR`/`$APXS -q TARGET` + APACHE_INCLUDE=-I$APXS_INCLUDEDIR + +- # Test that we're trying to configure with apache 1.x +- PHP_AP_EXTRACT_VERSION($APXS_HTTPD) +- if test "$APACHE_VERSION" -ge 2000000; then +- AC_MSG_ERROR([You have enabled Apache 1.3 support while your server is Apache 2. Please use the appropiate switch --with-apxs2]) +- fi ++dnl # Test that we're trying to configure with apache 1.x ++dnl PHP_AP_EXTRACT_VERSION($APXS_HTTPD) ++dnl if test "$APACHE_VERSION" -ge 2000000; then ++dnl AC_MSG_ERROR([You have enabled Apache 1.3 support while your server is Apache 2. Please use the appropiate switch --with-apxs2]) ++dnl fi + + for flag in $APXS_CFLAGS; do + case $flag in +--- a/sapi/apache2filter/config.m4 ++++ b/sapi/apache2filter/config.m4 +@@ -59,13 +59,13 @@ if test "$PHP_APXS2FILTER" != "no"; then + + APACHE_CFLAGS="$APACHE_CPPFLAGS -I$APXS_INCLUDEDIR $APR_CFLAGS $APU_CFLAGS" + +- # Test that we're trying to configure with apache 2.x +- PHP_AP_EXTRACT_VERSION($APXS_HTTPD) +- if test "$APACHE_VERSION" -le 2000000; then +- AC_MSG_ERROR([You have enabled Apache 2 support while your server is Apache 1.3. Please use the appropiate switch --with-apxs (without the 2)]) +- elif test "$APACHE_VERSION" -lt 2000040; then +- AC_MSG_ERROR([Please note that Apache version >= 2.0.40 is required]) +- fi ++dnl # Test that we're trying to configure with apache 2.x ++dnl PHP_AP_EXTRACT_VERSION($APXS_HTTPD) ++dnl if test "$APACHE_VERSION" -le 2000000; then ++dnl AC_MSG_ERROR([You have enabled Apache 2 support while your server is Apache 1.3. Please use the appropiate switch --with-apxs (without the 2)]) ++dnl elif test "$APACHE_VERSION" -lt 2000040; then ++dnl AC_MSG_ERROR([Please note that Apache version >= 2.0.40 is required]) ++dnl fi + + APXS_LIBEXECDIR='$(INSTALL_ROOT)'`$APXS -q LIBEXECDIR` + if test -z `$APXS -q SYSCONFDIR`; then +--- a/sapi/apache_hooks/config.m4 ++++ b/sapi/apache_hooks/config.m4 +@@ -57,11 +57,11 @@ if test "$PHP_APACHE_HOOKS" != "no"; the + APXS_HTTPD=`$APXS -q SBINDIR`/`$APXS -q TARGET` + APACHE_INCLUDE=-I$APXS_INCLUDEDIR + +- # Test that we're trying to configure with apache 1.x +- PHP_AP_EXTRACT_VERSION($APXS_HTTPD) +- if test "$APACHE_VERSION" -ge 2000000; then +- AC_MSG_ERROR([You have enabled Apache 1.3 support while your server is Apache 2. Please use the appropiate switch --with-apxs2]) +- fi ++dnl # Test that we're trying to configure with apache 1.x ++dnl PHP_AP_EXTRACT_VERSION($APXS_HTTPD) ++dnl if test "$APACHE_VERSION" -ge 2000000; then ++dnl AC_MSG_ERROR([You have enabled Apache 1.3 support while your server is Apache 2. Please use the appropiate switch --with-apxs2]) ++dnl fi + + for flag in $APXS_CFLAGS; do + case $flag in --- php5-5.4.6.orig/debian/patches/shtool_mkdir_-p_-race-condition.patch +++ php5-5.4.6/debian/patches/shtool_mkdir_-p_-race-condition.patch @@ -0,0 +1,25 @@ +Description: Workaround a race condition in shtool's mkdir -p + This workaround can be affected by another race condition where a + different process running under a different user creates the directory, + which would make the chown/chmod calls fail. + . + This is the version of the patch sent to shtool upstream. +Origin: vendor +Forwarded: yes +Last-Update: 2010-02-18 + +--- a/build/shtool ++++ b/build/shtool +@@ -1003,7 +1003,11 @@ mkdir ) + if [ ".$opt_t" = .yes ]; then + echo "mkdir $pathcomp" 1>&2 + fi +- mkdir $pathcomp || errstatus=$? ++ mkdir $pathcomp || { ++ _errstatus=$? ++ [ -d "$pathcomp" ] || errstatus=${_errstatus} ++ unset _errstatus ++ } + if [ ".$opt_o" != . ]; then + if [ ".$opt_t" = .yes ]; then + echo "chown $opt_o $pathcomp" 1>&2 --- php5-5.4.6.orig/debian/patches/019-z_off_t_as_long.patch +++ php5-5.4.6/debian/patches/019-z_off_t_as_long.patch @@ -0,0 +1,1541 @@ +Description: Include some zlib headers to make sure z_off_t is a long on + the gzip file functions. Issue caused by LFS support. + . + Needs to be re-checked. +Origin: vendor +Bug-Debian: http://bugs.debian.org/208608 +Forwarded: no +Last-Update: 2010-01-18 + +--- /dev/null ++++ b/ext/zlib/zconf.h +@@ -0,0 +1,326 @@ ++/* zconf.h -- configuration of the zlib compression library ++ * Copyright (C) 1995-2003 Jean-loup Gailly. ++ * For conditions of distribution and use, see copyright notice in zlib.h ++ */ ++ ++/* @(#) $Id: 019-z_off_t_as_long.patch.disabled,v 1.3 2004/08/23 07:48:56 adconrad Exp $ */ ++ ++#ifndef ZCONF_H ++#define ZCONF_H ++ ++#warning Including local zconf.h instead of system zconf.h ++ ++/* ++ * If you *really* need a unique prefix for all types and library functions, ++ * compile with -DZ_PREFIX. The "standard" zlib should be compiled without it. ++ */ ++#ifdef Z_PREFIX ++# define deflateInit_ z_deflateInit_ ++# define deflate z_deflate ++# define deflateEnd z_deflateEnd ++# define inflateInit_ z_inflateInit_ ++# define inflate z_inflate ++# define inflateEnd z_inflateEnd ++# define deflateInit2_ z_deflateInit2_ ++# define deflateSetDictionary z_deflateSetDictionary ++# define deflateCopy z_deflateCopy ++# define deflateReset z_deflateReset ++# define deflatePrime z_deflatePrime ++# define deflateParams z_deflateParams ++# define deflateBound z_deflateBound ++# define inflateInit2_ z_inflateInit2_ ++# define inflateSetDictionary z_inflateSetDictionary ++# define inflateSync z_inflateSync ++# define inflateSyncPoint z_inflateSyncPoint ++# define inflateCopy z_inflateCopy ++# define inflateReset z_inflateReset ++# define compress z_compress ++# define compress2 z_compress2 ++# define compressBound z_compressBound ++# define uncompress z_uncompress ++# define adler32 z_adler32 ++# define crc32 z_crc32 ++# define get_crc_table z_get_crc_table ++ ++# define Byte z_Byte ++# define uInt z_uInt ++# define uLong z_uLong ++# define Bytef z_Bytef ++# define charf z_charf ++# define intf z_intf ++# define uIntf z_uIntf ++# define uLongf z_uLongf ++# define voidpf z_voidpf ++# define voidp z_voidp ++#endif ++ ++#if defined(__MSDOS__) && !defined(MSDOS) ++# define MSDOS ++#endif ++#if (defined(OS_2) || defined(__OS2__)) && !defined(OS2) ++# define OS2 ++#endif ++#if defined(_WINDOWS) && !defined(WINDOWS) ++# define WINDOWS ++#endif ++#if (defined(_WIN32) || defined(__WIN32__)) && !defined(WIN32) ++# define WIN32 ++#endif ++#if (defined(MSDOS) || defined(OS2) || defined(WINDOWS)) && !defined(WIN32) ++# if !defined(__GNUC__) && !defined(__FLAT__) && !defined(__386__) ++# ifndef SYS16BIT ++# define SYS16BIT ++# endif ++# endif ++#endif ++ ++/* ++ * Compile with -DMAXSEG_64K if the alloc function cannot allocate more ++ * than 64k bytes at a time (needed on systems with 16-bit int). ++ */ ++#ifdef SYS16BIT ++# define MAXSEG_64K ++#endif ++#ifdef MSDOS ++# define UNALIGNED_OK ++#endif ++ ++#ifdef __STDC_VERSION__ ++# ifndef STDC ++# define STDC ++# endif ++# if __STDC_VERSION__ >= 199901L ++# ifndef STDC99 ++# define STDC99 ++# endif ++# endif ++#endif ++#if !defined(STDC) && (defined(__STDC__) || defined(__cplusplus)) ++# define STDC ++#endif ++#if !defined(STDC) && (defined(__GNUC__) || defined(__BORLANDC__)) ++# define STDC ++#endif ++#if !defined(STDC) && (defined(MSDOS) || defined(WINDOWS) || defined(WIN32)) ++# define STDC ++#endif ++#if !defined(STDC) && (defined(OS2) || defined(__HOS_AIX__)) ++# define STDC ++#endif ++ ++#if defined(__OS400__) && !defined(STDC) /* iSeries (formerly AS/400). */ ++# define STDC ++#endif ++ ++#ifndef STDC ++# ifndef const /* cannot use !defined(STDC) && !defined(const) on Mac */ ++# define const /* note: need a more gentle solution here */ ++# endif ++#endif ++ ++/* Some Mac compilers merge all .h files incorrectly: */ ++#if defined(__MWERKS__)||defined(applec)||defined(THINK_C)||defined(__SC__) ++# define NO_DUMMY_DECL ++#endif ++ ++/* Maximum value for memLevel in deflateInit2 */ ++#ifndef MAX_MEM_LEVEL ++# ifdef MAXSEG_64K ++# define MAX_MEM_LEVEL 8 ++# else ++# define MAX_MEM_LEVEL 9 ++# endif ++#endif ++ ++/* Maximum value for windowBits in deflateInit2 and inflateInit2. ++ * WARNING: reducing MAX_WBITS makes minigzip unable to extract .gz files ++ * created by gzip. (Files created by minigzip can still be extracted by ++ * gzip.) ++ */ ++#ifndef MAX_WBITS ++# define MAX_WBITS 15 /* 32K LZ77 window */ ++#endif ++ ++/* The memory requirements for deflate are (in bytes): ++ (1 << (windowBits+2)) + (1 << (memLevel+9)) ++ that is: 128K for windowBits=15 + 128K for memLevel = 8 (default values) ++ plus a few kilobytes for small objects. For example, if you want to reduce ++ the default memory requirements from 256K to 128K, compile with ++ make CFLAGS="-O -DMAX_WBITS=14 -DMAX_MEM_LEVEL=7" ++ Of course this will generally degrade compression (there's no free lunch). ++ ++ The memory requirements for inflate are (in bytes) 1 << windowBits ++ that is, 32K for windowBits=15 (default value) plus a few kilobytes ++ for small objects. ++*/ ++ ++ /* Type declarations */ ++ ++#ifndef OF /* function prototypes */ ++# ifdef STDC ++# define OF(args) args ++# else ++# define OF(args) () ++# endif ++#endif ++ ++/* The following definitions for FAR are needed only for MSDOS mixed ++ * model programming (small or medium model with some far allocations). ++ * This was tested only with MSC; for other MSDOS compilers you may have ++ * to define NO_MEMCPY in zutil.h. If you don't need the mixed model, ++ * just define FAR to be empty. ++ */ ++#ifdef SYS16BIT ++# if defined(M_I86SM) || defined(M_I86MM) ++ /* MSC small or medium model */ ++# define SMALL_MEDIUM ++# ifdef _MSC_VER ++# define FAR _far ++# else ++# define FAR far ++# endif ++# endif ++# if (defined(__SMALL__) || defined(__MEDIUM__)) ++ /* Turbo C small or medium model */ ++# define SMALL_MEDIUM ++# ifdef __BORLANDC__ ++# define FAR _far ++# else ++# define FAR far ++# endif ++# endif ++#endif ++ ++#if defined(WINDOWS) || defined(WIN32) ++ /* If building or using zlib as a DLL, define ZLIB_DLL. ++ * This is not mandatory, but it offers a little performance increase. ++ */ ++# ifdef ZLIB_DLL ++# if defined(WIN32) && (!defined(__BORLANDC__) || (__BORLANDC__ >= 0x500)) ++# ifdef ZLIB_INTERNAL ++# define ZEXTERN extern __declspec(dllexport) ++# else ++# define ZEXTERN extern __declspec(dllimport) ++# endif ++# endif ++# endif /* ZLIB_DLL */ ++ /* If building or using zlib with the WINAPI/WINAPIV calling convention, ++ * define ZLIB_WINAPI. ++ * Caution: the standard ZLIB1.DLL is NOT compiled using ZLIB_WINAPI. ++ */ ++# ifdef ZLIB_WINAPI ++# ifdef FAR ++# undef FAR ++# endif ++# include ++ /* No need for _export, use ZLIB.DEF instead. */ ++ /* For complete Windows compatibility, use WINAPI, not __stdcall. */ ++# define ZEXPORT WINAPI ++# ifdef WIN32 ++# define ZEXPORTVA WINAPIV ++# else ++# define ZEXPORTVA FAR CDECL ++# endif ++# endif ++#endif ++ ++#if defined (__BEOS__) ++# ifdef ZLIB_DLL ++# ifdef ZLIB_INTERNAL ++# define ZEXPORT __declspec(dllexport) ++# define ZEXPORTVA __declspec(dllexport) ++# else ++# define ZEXPORT __declspec(dllimport) ++# define ZEXPORTVA __declspec(dllimport) ++# endif ++# endif ++#endif ++ ++#ifndef ZEXTERN ++# define ZEXTERN extern ++#endif ++#ifndef ZEXPORT ++# define ZEXPORT ++#endif ++#ifndef ZEXPORTVA ++# define ZEXPORTVA ++#endif ++ ++#ifndef FAR ++# define FAR ++#endif ++ ++#if !defined(__MACTYPES__) ++typedef unsigned char Byte; /* 8 bits */ ++#endif ++typedef unsigned int uInt; /* 16 bits or more */ ++typedef unsigned long uLong; /* 32 bits or more */ ++ ++#ifdef SMALL_MEDIUM ++ /* Borland C/C++ and some old MSC versions ignore FAR inside typedef */ ++# define Bytef Byte FAR ++#else ++ typedef Byte FAR Bytef; ++#endif ++typedef char FAR charf; ++typedef int FAR intf; ++typedef uInt FAR uIntf; ++typedef uLong FAR uLongf; ++ ++#ifdef STDC ++ typedef void const *voidpc; ++ typedef void FAR *voidpf; ++ typedef void *voidp; ++#else ++ typedef Byte const *voidpc; ++ typedef Byte FAR *voidpf; ++ typedef Byte *voidp; ++#endif ++ ++#if 1 /* HAVE_UNISTD_H -- this line is updated by ./configure */ ++# include /* for off_t */ ++# include /* for SEEK_* and off_t */ ++# ifdef VMS ++# include /* for off_t */ ++# endif ++/* # define z_off_t off_t */ ++#endif ++#ifndef SEEK_SET ++# define SEEK_SET 0 /* Seek from beginning of file. */ ++# define SEEK_CUR 1 /* Seek from current position. */ ++# define SEEK_END 2 /* Set file pointer to EOF plus "offset" */ ++#endif ++#ifndef z_off_t ++# warning Defining z_off_t as 'long' rather than 'off_t' ++# define z_off_t long ++#endif ++ ++#if defined(__OS400__) ++#define NO_vsnprintf ++#endif ++ ++#if defined(__MVS__) ++# define NO_vsnprintf ++# ifdef FAR ++# undef FAR ++# endif ++#endif ++ ++/* MVS linker does not support external names larger than 8 bytes */ ++#if defined(__MVS__) ++# pragma map(deflateInit_,"DEIN") ++# pragma map(deflateInit2_,"DEIN2") ++# pragma map(deflateEnd,"DEEND") ++# pragma map(deflateBound,"DEBND") ++# pragma map(inflateInit_,"ININ") ++# pragma map(inflateInit2_,"ININ2") ++# pragma map(inflateEnd,"INEND") ++# pragma map(inflateSync,"INSY") ++# pragma map(inflateSetDictionary,"INSEDI") ++# pragma map(compressBound,"CMBND") ++# pragma map(inflate_table,"INTABL") ++# pragma map(inflate_fast,"INFA") ++# pragma map(inflate_copyright,"INCOPY") ++#endif ++ ++#endif /* ZCONF_H */ +--- /dev/null ++++ b/ext/zlib/zlib.h +@@ -0,0 +1,1200 @@ ++/* zlib.h -- interface of the 'zlib' general purpose compression library ++ version 1.2.1.1, January 9th, 2004 ++ ++ Copyright (C) 1995-2004 Jean-loup Gailly and Mark Adler ++ ++ This software is provided 'as-is', without any express or implied ++ warranty. In no event will the authors be held liable for any damages ++ arising from the use of this software. ++ ++ Permission is granted to anyone to use this software for any purpose, ++ including commercial applications, and to alter it and redistribute it ++ freely, subject to the following restrictions: ++ ++ 1. The origin of this software must not be misrepresented; you must not ++ claim that you wrote the original software. If you use this software ++ in a product, an acknowledgment in the product documentation would be ++ appreciated but is not required. ++ 2. Altered source versions must be plainly marked as such, and must not be ++ misrepresented as being the original software. ++ 3. This notice may not be removed or altered from any source distribution. ++ ++ Jean-loup Gailly Mark Adler ++ jloup@gzip.org madler@alumni.caltech.edu ++ ++ ++ The data format used by the zlib library is described by RFCs (Request for ++ Comments) 1950 to 1952 in the files http://www.ietf.org/rfc/rfc1950.txt ++ (zlib format), rfc1951.txt (deflate format) and rfc1952.txt (gzip format). ++*/ ++ ++#ifndef ZLIB_H ++#define ZLIB_H ++ ++#include "zconf.h" ++ ++#ifdef __cplusplus ++extern "C" { ++#endif ++ ++#define ZLIB_VERSION "1.2.1.1" ++#define ZLIB_VERNUM 0x1211 ++ ++/* ++ The 'zlib' compression library provides in-memory compression and ++ decompression functions, including integrity checks of the uncompressed ++ data. This version of the library supports only one compression method ++ (deflation) but other algorithms will be added later and will have the same ++ stream interface. ++ ++ Compression can be done in a single step if the buffers are large ++ enough (for example if an input file is mmap'ed), or can be done by ++ repeated calls of the compression function. In the latter case, the ++ application must provide more input and/or consume the output ++ (providing more output space) before each call. ++ ++ The compressed data format used by the in-memory functions is the zlib ++ format, which is a zlib wrapper documented in RFC 1950, wrapped around a ++ deflate stream, which is itself documented in RFC 1951. ++ ++ The library also supports reading and writing files in gzip (.gz) format ++ with an interface similar to that of stdio using the functions that start ++ with "gz". The gzip format is different from the zlib format. gzip is a ++ gzip wrapper, documented in RFC 1952, wrapped around a deflate stream. ++ ++ The zlib format was designed to be compact and fast for use in memory ++ and on communications channels. The gzip format was designed for single- ++ file compression on file systems, has a larger header than zlib to maintain ++ directory information, and uses a different, slower check method than zlib. ++ ++ This library does not provide any functions to write gzip files in memory. ++ However such functions could be easily written using zlib's deflate function, ++ the documentation in the gzip RFC, and the examples in gzio.c. ++ ++ The library does not install any signal handler. The decoder checks ++ the consistency of the compressed data, so the library should never ++ crash even in case of corrupted input. ++*/ ++ ++typedef voidpf (*alloc_func) OF((voidpf opaque, uInt items, uInt size)); ++typedef void (*free_func) OF((voidpf opaque, voidpf address)); ++ ++struct internal_state; ++ ++typedef struct z_stream_s { ++ Bytef *next_in; /* next input byte */ ++ uInt avail_in; /* number of bytes available at next_in */ ++ uLong total_in; /* total nb of input bytes read so far */ ++ ++ Bytef *next_out; /* next output byte should be put there */ ++ uInt avail_out; /* remaining free space at next_out */ ++ uLong total_out; /* total nb of bytes output so far */ ++ ++ char *msg; /* last error message, NULL if no error */ ++ struct internal_state FAR *state; /* not visible by applications */ ++ ++ alloc_func zalloc; /* used to allocate the internal state */ ++ free_func zfree; /* used to free the internal state */ ++ voidpf opaque; /* private data object passed to zalloc and zfree */ ++ ++ int data_type; /* best guess about the data type: ascii or binary */ ++ uLong adler; /* adler32 value of the uncompressed data */ ++ uLong reserved; /* reserved for future use */ ++} z_stream; ++ ++typedef z_stream FAR *z_streamp; ++ ++/* ++ The application must update next_in and avail_in when avail_in has ++ dropped to zero. It must update next_out and avail_out when avail_out ++ has dropped to zero. The application must initialize zalloc, zfree and ++ opaque before calling the init function. All other fields are set by the ++ compression library and must not be updated by the application. ++ ++ The opaque value provided by the application will be passed as the first ++ parameter for calls of zalloc and zfree. This can be useful for custom ++ memory management. The compression library attaches no meaning to the ++ opaque value. ++ ++ zalloc must return Z_NULL if there is not enough memory for the object. ++ If zlib is used in a multi-threaded application, zalloc and zfree must be ++ thread safe. ++ ++ On 16-bit systems, the functions zalloc and zfree must be able to allocate ++ exactly 65536 bytes, but will not be required to allocate more than this ++ if the symbol MAXSEG_64K is defined (see zconf.h). WARNING: On MSDOS, ++ pointers returned by zalloc for objects of exactly 65536 bytes *must* ++ have their offset normalized to zero. The default allocation function ++ provided by this library ensures this (see zutil.c). To reduce memory ++ requirements and avoid any allocation of 64K objects, at the expense of ++ compression ratio, compile the library with -DMAX_WBITS=14 (see zconf.h). ++ ++ The fields total_in and total_out can be used for statistics or ++ progress reports. After compression, total_in holds the total size of ++ the uncompressed data and may be saved for use in the decompressor ++ (particularly if the decompressor wants to decompress everything in ++ a single step). ++*/ ++ ++ /* constants */ ++ ++#define Z_NO_FLUSH 0 ++#define Z_PARTIAL_FLUSH 1 /* will be removed, use Z_SYNC_FLUSH instead */ ++#define Z_SYNC_FLUSH 2 ++#define Z_FULL_FLUSH 3 ++#define Z_FINISH 4 ++#define Z_BLOCK 5 ++/* Allowed flush values; see deflate() and inflate() below for details */ ++ ++#define Z_OK 0 ++#define Z_STREAM_END 1 ++#define Z_NEED_DICT 2 ++#define Z_ERRNO (-1) ++#define Z_STREAM_ERROR (-2) ++#define Z_DATA_ERROR (-3) ++#define Z_MEM_ERROR (-4) ++#define Z_BUF_ERROR (-5) ++#define Z_VERSION_ERROR (-6) ++/* Return codes for the compression/decompression functions. Negative ++ * values are errors, positive values are used for special but normal events. ++ */ ++ ++#define Z_NO_COMPRESSION 0 ++#define Z_BEST_SPEED 1 ++#define Z_BEST_COMPRESSION 9 ++#define Z_DEFAULT_COMPRESSION (-1) ++/* compression levels */ ++ ++#define Z_FILTERED 1 ++#define Z_HUFFMAN_ONLY 2 ++#define Z_RLE 3 ++#define Z_DEFAULT_STRATEGY 0 ++/* compression strategy; see deflateInit2() below for details */ ++ ++#define Z_BINARY 0 ++#define Z_ASCII 1 ++#define Z_UNKNOWN 2 ++/* Possible values of the data_type field (though see inflate()) */ ++ ++#define Z_DEFLATED 8 ++/* The deflate compression method (the only one supported in this version) */ ++ ++#define Z_NULL 0 /* for initializing zalloc, zfree, opaque */ ++ ++#define zlib_version zlibVersion() ++/* for compatibility with versions < 1.0.2 */ ++ ++ /* basic functions */ ++ ++ZEXTERN const char * ZEXPORT zlibVersion OF((void)); ++/* The application can compare zlibVersion and ZLIB_VERSION for consistency. ++ If the first character differs, the library code actually used is ++ not compatible with the zlib.h header file used by the application. ++ This check is automatically made by deflateInit and inflateInit. ++ */ ++ ++/* ++ZEXTERN int ZEXPORT deflateInit OF((z_streamp strm, int level)); ++ ++ Initializes the internal stream state for compression. The fields ++ zalloc, zfree and opaque must be initialized before by the caller. ++ If zalloc and zfree are set to Z_NULL, deflateInit updates them to ++ use default allocation functions. ++ ++ The compression level must be Z_DEFAULT_COMPRESSION, or between 0 and 9: ++ 1 gives best speed, 9 gives best compression, 0 gives no compression at ++ all (the input data is simply copied a block at a time). ++ Z_DEFAULT_COMPRESSION requests a default compromise between speed and ++ compression (currently equivalent to level 6). ++ ++ deflateInit returns Z_OK if success, Z_MEM_ERROR if there was not ++ enough memory, Z_STREAM_ERROR if level is not a valid compression level, ++ Z_VERSION_ERROR if the zlib library version (zlib_version) is incompatible ++ with the version assumed by the caller (ZLIB_VERSION). ++ msg is set to null if there is no error message. deflateInit does not ++ perform any compression: this will be done by deflate(). ++*/ ++ ++ ++ZEXTERN int ZEXPORT deflate OF((z_streamp strm, int flush)); ++/* ++ deflate compresses as much data as possible, and stops when the input ++ buffer becomes empty or the output buffer becomes full. It may introduce some ++ output latency (reading input without producing any output) except when ++ forced to flush. ++ ++ The detailed semantics are as follows. deflate performs one or both of the ++ following actions: ++ ++ - Compress more input starting at next_in and update next_in and avail_in ++ accordingly. If not all input can be processed (because there is not ++ enough room in the output buffer), next_in and avail_in are updated and ++ processing will resume at this point for the next call of deflate(). ++ ++ - Provide more output starting at next_out and update next_out and avail_out ++ accordingly. This action is forced if the parameter flush is non zero. ++ Forcing flush frequently degrades the compression ratio, so this parameter ++ should be set only when necessary (in interactive applications). ++ Some output may be provided even if flush is not set. ++ ++ Before the call of deflate(), the application should ensure that at least ++ one of the actions is possible, by providing more input and/or consuming ++ more output, and updating avail_in or avail_out accordingly; avail_out ++ should never be zero before the call. The application can consume the ++ compressed output when it wants, for example when the output buffer is full ++ (avail_out == 0), or after each call of deflate(). If deflate returns Z_OK ++ and with zero avail_out, it must be called again after making room in the ++ output buffer because there might be more output pending. ++ ++ If the parameter flush is set to Z_SYNC_FLUSH, all pending output is ++ flushed to the output buffer and the output is aligned on a byte boundary, so ++ that the decompressor can get all input data available so far. (In particular ++ avail_in is zero after the call if enough output space has been provided ++ before the call.) Flushing may degrade compression for some compression ++ algorithms and so it should be used only when necessary. ++ ++ If flush is set to Z_FULL_FLUSH, all output is flushed as with ++ Z_SYNC_FLUSH, and the compression state is reset so that decompression can ++ restart from this point if previous compressed data has been damaged or if ++ random access is desired. Using Z_FULL_FLUSH too often can seriously degrade ++ the compression. ++ ++ If deflate returns with avail_out == 0, this function must be called again ++ with the same value of the flush parameter and more output space (updated ++ avail_out), until the flush is complete (deflate returns with non-zero ++ avail_out). In the case of a Z_FULL_FLUSH or Z_SYNC_FLUSH, make sure that ++ avail_out is greater than six to avoid repeated flush markers due to ++ avail_out == 0 on return. ++ ++ If the parameter flush is set to Z_FINISH, pending input is processed, ++ pending output is flushed and deflate returns with Z_STREAM_END if there ++ was enough output space; if deflate returns with Z_OK, this function must be ++ called again with Z_FINISH and more output space (updated avail_out) but no ++ more input data, until it returns with Z_STREAM_END or an error. After ++ deflate has returned Z_STREAM_END, the only possible operations on the ++ stream are deflateReset or deflateEnd. ++ ++ Z_FINISH can be used immediately after deflateInit if all the compression ++ is to be done in a single step. In this case, avail_out must be at least ++ the value returned by deflateBound (see below). If deflate does not return ++ Z_STREAM_END, then it must be called again as described above. ++ ++ deflate() sets strm->adler to the adler32 checksum of all input read ++ so far (that is, total_in bytes). ++ ++ deflate() may update data_type if it can make a good guess about ++ the input data type (Z_ASCII or Z_BINARY). In doubt, the data is considered ++ binary. This field is only for information purposes and does not affect ++ the compression algorithm in any manner. ++ ++ deflate() returns Z_OK if some progress has been made (more input ++ processed or more output produced), Z_STREAM_END if all input has been ++ consumed and all output has been produced (only when flush is set to ++ Z_FINISH), Z_STREAM_ERROR if the stream state was inconsistent (for example ++ if next_in or next_out was NULL), Z_BUF_ERROR if no progress is possible ++ (for example avail_in or avail_out was zero). Note that Z_BUF_ERROR is not ++ fatal, and deflate() can be called again with more input and more output ++ space to continue compressing. ++*/ ++ ++ ++ZEXTERN int ZEXPORT deflateEnd OF((z_streamp strm)); ++/* ++ All dynamically allocated data structures for this stream are freed. ++ This function discards any unprocessed input and does not flush any ++ pending output. ++ ++ deflateEnd returns Z_OK if success, Z_STREAM_ERROR if the ++ stream state was inconsistent, Z_DATA_ERROR if the stream was freed ++ prematurely (some input or output was discarded). In the error case, ++ msg may be set but then points to a static string (which must not be ++ deallocated). ++*/ ++ ++ ++/* ++ZEXTERN int ZEXPORT inflateInit OF((z_streamp strm)); ++ ++ Initializes the internal stream state for decompression. The fields ++ next_in, avail_in, zalloc, zfree and opaque must be initialized before by ++ the caller. If next_in is not Z_NULL and avail_in is large enough (the exact ++ value depends on the compression method), inflateInit determines the ++ compression method from the zlib header and allocates all data structures ++ accordingly; otherwise the allocation will be deferred to the first call of ++ inflate. If zalloc and zfree are set to Z_NULL, inflateInit updates them to ++ use default allocation functions. ++ ++ inflateInit returns Z_OK if success, Z_MEM_ERROR if there was not enough ++ memory, Z_VERSION_ERROR if the zlib library version is incompatible with the ++ version assumed by the caller. msg is set to null if there is no error ++ message. inflateInit does not perform any decompression apart from reading ++ the zlib header if present: this will be done by inflate(). (So next_in and ++ avail_in may be modified, but next_out and avail_out are unchanged.) ++*/ ++ ++ ++ZEXTERN int ZEXPORT inflate OF((z_streamp strm, int flush)); ++/* ++ inflate decompresses as much data as possible, and stops when the input ++ buffer becomes empty or the output buffer becomes full. It may introduce ++ some output latency (reading input without producing any output) except when ++ forced to flush. ++ ++ The detailed semantics are as follows. inflate performs one or both of the ++ following actions: ++ ++ - Decompress more input starting at next_in and update next_in and avail_in ++ accordingly. If not all input can be processed (because there is not ++ enough room in the output buffer), next_in is updated and processing ++ will resume at this point for the next call of inflate(). ++ ++ - Provide more output starting at next_out and update next_out and avail_out ++ accordingly. inflate() provides as much output as possible, until there ++ is no more input data or no more space in the output buffer (see below ++ about the flush parameter). ++ ++ Before the call of inflate(), the application should ensure that at least ++ one of the actions is possible, by providing more input and/or consuming ++ more output, and updating the next_* and avail_* values accordingly. ++ The application can consume the uncompressed output when it wants, for ++ example when the output buffer is full (avail_out == 0), or after each ++ call of inflate(). If inflate returns Z_OK and with zero avail_out, it ++ must be called again after making room in the output buffer because there ++ might be more output pending. ++ ++ The flush parameter of inflate() can be Z_NO_FLUSH, Z_SYNC_FLUSH, ++ Z_FINISH, or Z_BLOCK. Z_SYNC_FLUSH requests that inflate() flush as much ++ output as possible to the output buffer. Z_BLOCK requests that inflate() stop ++ if and when it get to the next deflate block boundary. When decoding the zlib ++ or gzip format, this will cause inflate() to return immediately after the ++ header and before the first block. When doing a raw inflate, inflate() will ++ go ahead and process the first block, and will return when it gets to the end ++ of that block, or when it runs out of data. ++ ++ The Z_BLOCK option assists in appending to or combining deflate streams. ++ Also to assist in this, on return inflate() will set strm->data_type to the ++ number of unused bits in the last byte taken from strm->next_in, plus 64 ++ if inflate() is currently decoding the last block in the deflate stream, ++ plus 128 if inflate() returned immediately after decoding an end-of-block ++ code or decoding the complete header up to just before the first byte of the ++ deflate stream. The end-of-block will not be indicated until all of the ++ uncompressed data from that block has been written to strm->next_out. The ++ number of unused bits may in general be greater than seven, except when ++ bit 7 of data_type is set, in which case the number of unused bits will be ++ less than eight. ++ ++ inflate() should normally be called until it returns Z_STREAM_END or an ++ error. However if all decompression is to be performed in a single step ++ (a single call of inflate), the parameter flush should be set to ++ Z_FINISH. In this case all pending input is processed and all pending ++ output is flushed; avail_out must be large enough to hold all the ++ uncompressed data. (The size of the uncompressed data may have been saved ++ by the compressor for this purpose.) The next operation on this stream must ++ be inflateEnd to deallocate the decompression state. The use of Z_FINISH ++ is never required, but can be used to inform inflate that a faster approach ++ may be used for the single inflate() call. ++ ++ In this implementation, inflate() always flushes as much output as ++ possible to the output buffer, and always uses the faster approach on the ++ first call. So the only effect of the flush parameter in this implementation ++ is on the return value of inflate(), as noted below, or when it returns early ++ because Z_BLOCK is used. ++ ++ If a preset dictionary is needed after this call (see inflateSetDictionary ++ below), inflate sets strm-adler to the adler32 checksum of the dictionary ++ chosen by the compressor and returns Z_NEED_DICT; otherwise it sets ++ strm->adler to the adler32 checksum of all output produced so far (that is, ++ total_out bytes) and returns Z_OK, Z_STREAM_END or an error code as described ++ below. At the end of the stream, inflate() checks that its computed adler32 ++ checksum is equal to that saved by the compressor and returns Z_STREAM_END ++ only if the checksum is correct. ++ ++ inflate() will decompress and check either zlib-wrapped or gzip-wrapped ++ deflate data. The header type is detected automatically. Any information ++ contained in the gzip header is not retained, so applications that need that ++ information should instead use raw inflate, see inflateInit2() below, or ++ inflateBack() and perform their own processing of the gzip header and ++ trailer. ++ ++ inflate() returns Z_OK if some progress has been made (more input processed ++ or more output produced), Z_STREAM_END if the end of the compressed data has ++ been reached and all uncompressed output has been produced, Z_NEED_DICT if a ++ preset dictionary is needed at this point, Z_DATA_ERROR if the input data was ++ corrupted (input stream not conforming to the zlib format or incorrect check ++ value), Z_STREAM_ERROR if the stream structure was inconsistent (for example ++ if next_in or next_out was NULL), Z_MEM_ERROR if there was not enough memory, ++ Z_BUF_ERROR if no progress is possible or if there was not enough room in the ++ output buffer when Z_FINISH is used. Note that Z_BUF_ERROR is not fatal, and ++ inflate() can be called again with more input and more output space to ++ continue decompressing. If Z_DATA_ERROR is returned, the application may then ++ call inflateSync() to look for a good compression block if a partial recovery ++ of the data is desired. ++*/ ++ ++ ++ZEXTERN int ZEXPORT inflateEnd OF((z_streamp strm)); ++/* ++ All dynamically allocated data structures for this stream are freed. ++ This function discards any unprocessed input and does not flush any ++ pending output. ++ ++ inflateEnd returns Z_OK if success, Z_STREAM_ERROR if the stream state ++ was inconsistent. In the error case, msg may be set but then points to a ++ static string (which must not be deallocated). ++*/ ++ ++ /* Advanced functions */ ++ ++/* ++ The following functions are needed only in some special applications. ++*/ ++ ++/* ++ZEXTERN int ZEXPORT deflateInit2 OF((z_streamp strm, ++ int level, ++ int method, ++ int windowBits, ++ int memLevel, ++ int strategy)); ++ ++ This is another version of deflateInit with more compression options. The ++ fields next_in, zalloc, zfree and opaque must be initialized before by ++ the caller. ++ ++ The method parameter is the compression method. It must be Z_DEFLATED in ++ this version of the library. ++ ++ The windowBits parameter is the base two logarithm of the window size ++ (the size of the history buffer). It should be in the range 8..15 for this ++ version of the library. Larger values of this parameter result in better ++ compression at the expense of memory usage. The default value is 15 if ++ deflateInit is used instead. ++ ++ windowBits can also be -8..-15 for raw deflate. In this case, -windowBits ++ determines the window size. deflate() will then generate raw deflate data ++ with no zlib header or trailer, and will not compute an adler32 check value. ++ ++ windowBits can also be greater than 15 for optional gzip encoding. Add ++ 16 to windowBits to write a simple gzip header and trailer around the ++ compressed data instead of a zlib wrapper. The gzip header will have no ++ file name, no extra data, no comment, no modification time (set to zero), ++ no header crc, and the operating system will be set to 255 (unknown). ++ ++ The memLevel parameter specifies how much memory should be allocated ++ for the internal compression state. memLevel=1 uses minimum memory but ++ is slow and reduces compression ratio; memLevel=9 uses maximum memory ++ for optimal speed. The default value is 8. See zconf.h for total memory ++ usage as a function of windowBits and memLevel. ++ ++ The strategy parameter is used to tune the compression algorithm. Use the ++ value Z_DEFAULT_STRATEGY for normal data, Z_FILTERED for data produced by a ++ filter (or predictor), Z_HUFFMAN_ONLY to force Huffman encoding only (no ++ string match), or Z_RLE to limit match distances to one (run-length ++ encoding). Filtered data consists mostly of small values with a somewhat ++ random distribution. In this case, the compression algorithm is tuned to ++ compress them better. The effect of Z_FILTERED is to force more Huffman ++ coding and less string matching; it is somewhat intermediate between ++ Z_DEFAULT and Z_HUFFMAN_ONLY. Z_RLE is designed to be almost as fast as ++ Z_HUFFMAN_ONLY, but give better compression for PNG image data. The strategy ++ parameter only affects the compression ratio but not the correctness of the ++ compressed output even if it is not set appropriately. ++ ++ deflateInit2 returns Z_OK if success, Z_MEM_ERROR if there was not enough ++ memory, Z_STREAM_ERROR if a parameter is invalid (such as an invalid ++ method). msg is set to null if there is no error message. deflateInit2 does ++ not perform any compression: this will be done by deflate(). ++*/ ++ ++ZEXTERN int ZEXPORT deflateSetDictionary OF((z_streamp strm, ++ const Bytef *dictionary, ++ uInt dictLength)); ++/* ++ Initializes the compression dictionary from the given byte sequence ++ without producing any compressed output. This function must be called ++ immediately after deflateInit, deflateInit2 or deflateReset, before any ++ call of deflate. The compressor and decompressor must use exactly the same ++ dictionary (see inflateSetDictionary). ++ ++ The dictionary should consist of strings (byte sequences) that are likely ++ to be encountered later in the data to be compressed, with the most commonly ++ used strings preferably put towards the end of the dictionary. Using a ++ dictionary is most useful when the data to be compressed is short and can be ++ predicted with good accuracy; the data can then be compressed better than ++ with the default empty dictionary. ++ ++ Depending on the size of the compression data structures selected by ++ deflateInit or deflateInit2, a part of the dictionary may in effect be ++ discarded, for example if the dictionary is larger than the window size in ++ deflate or deflate2. Thus the strings most likely to be useful should be ++ put at the end of the dictionary, not at the front. ++ ++ Upon return of this function, strm->adler is set to the adler32 value ++ of the dictionary; the decompressor may later use this value to determine ++ which dictionary has been used by the compressor. (The adler32 value ++ applies to the whole dictionary even if only a subset of the dictionary is ++ actually used by the compressor.) If a raw deflate was requested, then the ++ adler32 value is not computed and strm->adler is not set. ++ ++ deflateSetDictionary returns Z_OK if success, or Z_STREAM_ERROR if a ++ parameter is invalid (such as NULL dictionary) or the stream state is ++ inconsistent (for example if deflate has already been called for this stream ++ or if the compression method is bsort). deflateSetDictionary does not ++ perform any compression: this will be done by deflate(). ++*/ ++ ++ZEXTERN int ZEXPORT deflateCopy OF((z_streamp dest, ++ z_streamp source)); ++/* ++ Sets the destination stream as a complete copy of the source stream. ++ ++ This function can be useful when several compression strategies will be ++ tried, for example when there are several ways of pre-processing the input ++ data with a filter. The streams that will be discarded should then be freed ++ by calling deflateEnd. Note that deflateCopy duplicates the internal ++ compression state which can be quite large, so this strategy is slow and ++ can consume lots of memory. ++ ++ deflateCopy returns Z_OK if success, Z_MEM_ERROR if there was not ++ enough memory, Z_STREAM_ERROR if the source stream state was inconsistent ++ (such as zalloc being NULL). msg is left unchanged in both source and ++ destination. ++*/ ++ ++ZEXTERN int ZEXPORT deflateReset OF((z_streamp strm)); ++/* ++ This function is equivalent to deflateEnd followed by deflateInit, ++ but does not free and reallocate all the internal compression state. ++ The stream will keep the same compression level and any other attributes ++ that may have been set by deflateInit2. ++ ++ deflateReset returns Z_OK if success, or Z_STREAM_ERROR if the source ++ stream state was inconsistent (such as zalloc or state being NULL). ++*/ ++ ++ZEXTERN int ZEXPORT deflateParams OF((z_streamp strm, ++ int level, ++ int strategy)); ++/* ++ Dynamically update the compression level and compression strategy. The ++ interpretation of level and strategy is as in deflateInit2. This can be ++ used to switch between compression and straight copy of the input data, or ++ to switch to a different kind of input data requiring a different ++ strategy. If the compression level is changed, the input available so far ++ is compressed with the old level (and may be flushed); the new level will ++ take effect only at the next call of deflate(). ++ ++ Before the call of deflateParams, the stream state must be set as for ++ a call of deflate(), since the currently available input may have to ++ be compressed and flushed. In particular, strm->avail_out must be non-zero. ++ ++ deflateParams returns Z_OK if success, Z_STREAM_ERROR if the source ++ stream state was inconsistent or if a parameter was invalid, Z_BUF_ERROR ++ if strm->avail_out was zero. ++*/ ++ ++ZEXTERN uLong ZEXPORT deflateBound OF((z_streamp strm, ++ uLong sourceLen)); ++/* ++ deflateBound() returns an upper bound on the compressed size after ++ deflation of sourceLen bytes. It must be called after deflateInit() ++ or deflateInit2(). This would be used to allocate an output buffer ++ for deflation in a single pass, and so would be called before deflate(). ++*/ ++ ++ZEXTERN int ZEXPORT deflatePrime OF((z_streamp strm, ++ int bits, ++ int value)); ++/* ++ deflatePrime() inserts bits in the deflate output stream. The intent ++ is that this function is used to start off the deflate output with the ++ bits leftover from a previous deflate stream when appending to it. As such, ++ this function can only be used for raw deflate, and must be used before the ++ first deflate() call after a deflateInit2() or deflateReset(). bits must be ++ less than or equal to 16, and that many of the least significant bits of ++ value will be inserted in the output. ++ ++ deflatePrime returns Z_OK if success, or Z_STREAM_ERROR if the source ++ stream state was inconsistent. ++*/ ++ ++/* ++ZEXTERN int ZEXPORT inflateInit2 OF((z_streamp strm, ++ int windowBits)); ++ ++ This is another version of inflateInit with an extra parameter. The ++ fields next_in, avail_in, zalloc, zfree and opaque must be initialized ++ before by the caller. ++ ++ The windowBits parameter is the base two logarithm of the maximum window ++ size (the size of the history buffer). It should be in the range 8..15 for ++ this version of the library. The default value is 15 if inflateInit is used ++ instead. windowBits must be greater than or equal to the windowBits value ++ provided to deflateInit2() while compressing, or it must be equal to 15 if ++ deflateInit2() was not used. If a compressed stream with a larger window ++ size is given as input, inflate() will return with the error code ++ Z_DATA_ERROR instead of trying to allocate a larger window. ++ ++ windowBits can also be -8..-15 for raw inflate. In this case, -windowBits ++ determines the window size. inflate() will then process raw deflate data, ++ not looking for a zlib or gzip header, not generating a check value, and not ++ looking for any check values for comparison at the end of the stream. This ++ is for use with other formats that use the deflate compressed data format ++ such as zip. Those formats provide their own check values. If a custom ++ format is developed using the raw deflate format for compressed data, it is ++ recommended that a check value such as an adler32 or a crc32 be applied to ++ the uncompressed data as is done in the zlib, gzip, and zip formats. For ++ most applications, the zlib format should be used as is. Note that comments ++ above on the use in deflateInit2() applies to the magnitude of windowBits. ++ ++ windowBits can also be greater than 15 for optional gzip decoding. Add ++ 32 to windowBits to enable zlib and gzip decoding with automatic header ++ detection, or add 16 to decode only the gzip format (the zlib format will ++ return a Z_DATA_ERROR). ++ ++ inflateInit2 returns Z_OK if success, Z_MEM_ERROR if there was not enough ++ memory, Z_STREAM_ERROR if a parameter is invalid (such as a negative ++ memLevel). msg is set to null if there is no error message. inflateInit2 ++ does not perform any decompression apart from reading the zlib header if ++ present: this will be done by inflate(). (So next_in and avail_in may be ++ modified, but next_out and avail_out are unchanged.) ++*/ ++ ++ZEXTERN int ZEXPORT inflateSetDictionary OF((z_streamp strm, ++ const Bytef *dictionary, ++ uInt dictLength)); ++/* ++ Initializes the decompression dictionary from the given uncompressed byte ++ sequence. This function must be called immediately after a call of inflate ++ if this call returned Z_NEED_DICT. The dictionary chosen by the compressor ++ can be determined from the adler32 value returned by this call of ++ inflate. The compressor and decompressor must use exactly the same ++ dictionary (see deflateSetDictionary). ++ ++ inflateSetDictionary returns Z_OK if success, Z_STREAM_ERROR if a ++ parameter is invalid (such as NULL dictionary) or the stream state is ++ inconsistent, Z_DATA_ERROR if the given dictionary doesn't match the ++ expected one (incorrect adler32 value). inflateSetDictionary does not ++ perform any decompression: this will be done by subsequent calls of ++ inflate(). ++*/ ++ ++ZEXTERN int ZEXPORT inflateSync OF((z_streamp strm)); ++/* ++ Skips invalid compressed data until a full flush point (see above the ++ description of deflate with Z_FULL_FLUSH) can be found, or until all ++ available input is skipped. No output is provided. ++ ++ inflateSync returns Z_OK if a full flush point has been found, Z_BUF_ERROR ++ if no more input was provided, Z_DATA_ERROR if no flush point has been found, ++ or Z_STREAM_ERROR if the stream structure was inconsistent. In the success ++ case, the application may save the current current value of total_in which ++ indicates where valid compressed data was found. In the error case, the ++ application may repeatedly call inflateSync, providing more input each time, ++ until success or end of the input data. ++*/ ++ ++ZEXTERN int ZEXPORT inflateCopy OF((z_streamp dest, ++ z_streamp source)); ++/* ++ Sets the destination stream as a complete copy of the source stream. ++ ++ This function can be useful when randomly accessing a large stream. The ++ first pass through the stream can periodically record the inflate state, ++ allowing restarting inflate at those points when randomly accessing the ++ stream. ++ ++ inflateCopy returns Z_OK if success, Z_MEM_ERROR if there was not ++ enough memory, Z_STREAM_ERROR if the source stream state was inconsistent ++ (such as zalloc being NULL). msg is left unchanged in both source and ++ destination. ++*/ ++ ++ZEXTERN int ZEXPORT inflateReset OF((z_streamp strm)); ++/* ++ This function is equivalent to inflateEnd followed by inflateInit, ++ but does not free and reallocate all the internal decompression state. ++ The stream will keep attributes that may have been set by inflateInit2. ++ ++ inflateReset returns Z_OK if success, or Z_STREAM_ERROR if the source ++ stream state was inconsistent (such as zalloc or state being NULL). ++*/ ++ ++/* ++ZEXTERN int ZEXPORT inflateBackInit OF((z_stream FAR *strm, int windowBits, ++ unsigned char FAR *window)); ++ ++ Initialize the internal stream state for decompression using inflateBack() ++ calls. The fields zalloc, zfree and opaque in strm must be initialized ++ before the call. If zalloc and zfree are Z_NULL, then the default library- ++ derived memory allocation routines are used. windowBits is the base two ++ logarithm of the window size, in the range 8..15. window is a caller ++ supplied buffer of that size. Except for special applications where it is ++ assured that deflate was used with small window sizes, windowBits must be 15 ++ and a 32K byte window must be supplied to be able to decompress general ++ deflate streams. ++ ++ See inflateBack() for the usage of these routines. ++ ++ inflateBackInit will return Z_OK on success, Z_STREAM_ERROR if any of ++ the paramaters are invalid, Z_MEM_ERROR if the internal state could not ++ be allocated, or Z_VERSION_ERROR if the version of the library does not ++ match the version of the header file. ++*/ ++ ++typedef unsigned (*in_func) OF((void FAR *, unsigned char FAR * FAR *)); ++typedef int (*out_func) OF((void FAR *, unsigned char FAR *, unsigned)); ++ ++ZEXTERN int ZEXPORT inflateBack OF((z_stream FAR *strm, ++ in_func in, void FAR *in_desc, ++ out_func out, void FAR *out_desc)); ++/* ++ inflateBack() does a raw inflate with a single call using a call-back ++ interface for input and output. This is more efficient than inflate() for ++ file i/o applications in that it avoids copying between the output and the ++ sliding window by simply making the window itself the output buffer. This ++ function trusts the application to not change the output buffer passed by ++ the output function, at least until inflateBack() returns. ++ ++ inflateBackInit() must be called first to allocate the internal state ++ and to initialize the state with the user-provided window buffer. ++ inflateBack() may then be used multiple times to inflate a complete, raw ++ deflate stream with each call. inflateBackEnd() is then called to free ++ the allocated state. ++ ++ A raw deflate stream is one with no zlib or gzip header or trailer. ++ This routine would normally be used in a utility that reads zip or gzip ++ files and writes out uncompressed files. The utility would decode the ++ header and process the trailer on its own, hence this routine expects ++ only the raw deflate stream to decompress. This is different from the ++ normal behavior of inflate(), which expects either a zlib or gzip header and ++ trailer around the deflate stream. ++ ++ inflateBack() uses two subroutines supplied by the caller that are then ++ called by inflateBack() for input and output. inflateBack() calls those ++ routines until it reads a complete deflate stream and writes out all of the ++ uncompressed data, or until it encounters an error. The function's ++ parameters and return types are defined above in the in_func and out_func ++ typedefs. inflateBack() will call in(in_desc, &buf) which should return the ++ number of bytes of provided input, and a pointer to that input in buf. If ++ there is no input available, in() must return zero--buf is ignored in that ++ case--and inflateBack() will return a buffer error. inflateBack() will call ++ out(out_desc, buf, len) to write the uncompressed data buf[0..len-1]. out() ++ should return zero on success, or non-zero on failure. If out() returns ++ non-zero, inflateBack() will return with an error. Neither in() nor out() ++ are permitted to change the contents of the window provided to ++ inflateBackInit(), which is also the buffer that out() uses to write from. ++ The length written by out() will be at most the window size. Any non-zero ++ amount of input may be provided by in(). ++ ++ For convenience, inflateBack() can be provided input on the first call by ++ setting strm->next_in and strm->avail_in. If that input is exhausted, then ++ in() will be called. Therefore strm->next_in must be initialized before ++ calling inflateBack(). If strm->next_in is Z_NULL, then in() will be called ++ immediately for input. If strm->next_in is not Z_NULL, then strm->avail_in ++ must also be initialized, and then if strm->avail_in is not zero, input will ++ initially be taken from strm->next_in[0 .. strm->avail_in - 1]. ++ ++ The in_desc and out_desc parameters of inflateBack() is passed as the ++ first parameter of in() and out() respectively when they are called. These ++ descriptors can be optionally used to pass any information that the caller- ++ supplied in() and out() functions need to do their job. ++ ++ On return, inflateBack() will set strm->next_in and strm->avail_in to ++ pass back any unused input that was provided by the last in() call. The ++ return values of inflateBack() can be Z_STREAM_END on success, Z_BUF_ERROR ++ if in() or out() returned an error, Z_DATA_ERROR if there was a format ++ error in the deflate stream (in which case strm->msg is set to indicate the ++ nature of the error), or Z_STREAM_ERROR if the stream was not properly ++ initialized. In the case of Z_BUF_ERROR, an input or output error can be ++ distinguished using strm->next_in which will be Z_NULL only if in() returned ++ an error. If strm->next is not Z_NULL, then the Z_BUF_ERROR was due to ++ out() returning non-zero. (in() will always be called before out(), so ++ strm->next_in is assured to be defined if out() returns non-zero.) Note ++ that inflateBack() cannot return Z_OK. ++*/ ++ ++ZEXTERN int ZEXPORT inflateBackEnd OF((z_stream FAR *strm)); ++/* ++ All memory allocated by inflateBackInit() is freed. ++ ++ inflateBackEnd() returns Z_OK on success, or Z_STREAM_ERROR if the stream ++ state was inconsistent. ++*/ ++ ++ZEXTERN uLong ZEXPORT zlibCompileFlags OF((void)); ++/* Return flags indicating compile-time options. ++ ++ Type sizes, two bits each, 00 = 16 bits, 01 = 32, 10 = 64, 11 = other: ++ 1.0: size of uInt ++ 3.2: size of uLong ++ 5.4: size of voidpf (pointer) ++ 7.6: size of z_off_t ++ ++ Compiler, assembler, and debug options: ++ 8: DEBUG ++ 9: ASMV or ASMINF -- use ASM code ++ 10: ZLIB_WINAPI -- exported functions use the WINAPI calling convention ++ 11: 0 (reserved) ++ ++ One-time table building (smaller code, but not thread-safe if true): ++ 12: BUILDFIXED -- build static block decoding tables when needed ++ 13: DYNAMIC_CRC_TABLE -- build CRC calculation tables when needed ++ 14,15: 0 (reserved) ++ ++ Library content (indicates missing functionality): ++ 16: NO_GZCOMPRESS -- gz* functions cannot compress (to avoid linking ++ deflate code when not needed) ++ 17: NO_GZIP -- deflate can't write gzip streams, and inflate can't detect ++ and decode gzip streams (to avoid linking crc code) ++ 18-19: 0 (reserved) ++ ++ Operation variations (changes in library functionality): ++ 20: PKZIP_BUG_WORKAROUND -- slightly more permissive inflate ++ 21: FASTEST -- deflate algorithm with only one, lowest compression level ++ 22,23: 0 (reserved) ++ ++ The sprintf variant used by gzprintf (zero is best): ++ 24: 0 = vs*, 1 = s* -- 1 means limited to 20 arguments after the format ++ 25: 0 = *nprintf, 1 = *printf -- 1 means gzprintf() not secure! ++ 26: 0 = returns value, 1 = void -- 1 means inferred string length returned ++ ++ Remainder: ++ 27-31: 0 (reserved) ++ */ ++ ++ ++ /* utility functions */ ++ ++/* ++ The following utility functions are implemented on top of the ++ basic stream-oriented functions. To simplify the interface, some ++ default options are assumed (compression level and memory usage, ++ standard memory allocation functions). The source code of these ++ utility functions can easily be modified if you need special options. ++*/ ++ ++ZEXTERN int ZEXPORT compress OF((Bytef *dest, uLongf *destLen, ++ const Bytef *source, uLong sourceLen)); ++/* ++ Compresses the source buffer into the destination buffer. sourceLen is ++ the byte length of the source buffer. Upon entry, destLen is the total ++ size of the destination buffer, which must be at least the value returned ++ by compressBound(sourceLen). Upon exit, destLen is the actual size of the ++ compressed buffer. ++ This function can be used to compress a whole file at once if the ++ input file is mmap'ed. ++ compress returns Z_OK if success, Z_MEM_ERROR if there was not ++ enough memory, Z_BUF_ERROR if there was not enough room in the output ++ buffer. ++*/ ++ ++ZEXTERN int ZEXPORT compress2 OF((Bytef *dest, uLongf *destLen, ++ const Bytef *source, uLong sourceLen, ++ int level)); ++/* ++ Compresses the source buffer into the destination buffer. The level ++ parameter has the same meaning as in deflateInit. sourceLen is the byte ++ length of the source buffer. Upon entry, destLen is the total size of the ++ destination buffer, which must be at least the value returned by ++ compressBound(sourceLen). Upon exit, destLen is the actual size of the ++ compressed buffer. ++ ++ compress2 returns Z_OK if success, Z_MEM_ERROR if there was not enough ++ memory, Z_BUF_ERROR if there was not enough room in the output buffer, ++ Z_STREAM_ERROR if the level parameter is invalid. ++*/ ++ ++ZEXTERN uLong ZEXPORT compressBound OF((uLong sourceLen)); ++/* ++ compressBound() returns an upper bound on the compressed size after ++ compress() or compress2() on sourceLen bytes. It would be used before ++ a compress() or compress2() call to allocate the destination buffer. ++*/ ++ ++ZEXTERN int ZEXPORT uncompress OF((Bytef *dest, uLongf *destLen, ++ const Bytef *source, uLong sourceLen)); ++/* ++ Decompresses the source buffer into the destination buffer. sourceLen is ++ the byte length of the source buffer. Upon entry, destLen is the total ++ size of the destination buffer, which must be large enough to hold the ++ entire uncompressed data. (The size of the uncompressed data must have ++ been saved previously by the compressor and transmitted to the decompressor ++ by some mechanism outside the scope of this compression library.) ++ Upon exit, destLen is the actual size of the compressed buffer. ++ This function can be used to decompress a whole file at once if the ++ input file is mmap'ed. ++ ++ uncompress returns Z_OK if success, Z_MEM_ERROR if there was not ++ enough memory, Z_BUF_ERROR if there was not enough room in the output ++ buffer, or Z_DATA_ERROR if the input data was corrupted or incomplete. ++*/ ++ ++ ++typedef voidp gzFile; ++ ++ZEXTERN gzFile ZEXPORT gzopen OF((const char *path, const char *mode)); ++/* ++ Opens a gzip (.gz) file for reading or writing. The mode parameter ++ is as in fopen ("rb" or "wb") but can also include a compression level ++ ("wb9") or a strategy: 'f' for filtered data as in "wb6f", 'h' for ++ Huffman only compression as in "wb1h", or 'R' for run-length encoding ++ as in "wb1R". (See the description of deflateInit2 for more information ++ about the strategy parameter.) ++ ++ gzopen can be used to read a file which is not in gzip format; in this ++ case gzread will directly read from the file without decompression. ++ ++ gzopen returns NULL if the file could not be opened or if there was ++ insufficient memory to allocate the (de)compression state; errno ++ can be checked to distinguish the two cases (if errno is zero, the ++ zlib error is Z_MEM_ERROR). */ ++ ++ZEXTERN gzFile ZEXPORT gzdopen OF((int fd, const char *mode)); ++/* ++ gzdopen() associates a gzFile with the file descriptor fd. File ++ descriptors are obtained from calls like open, dup, creat, pipe or ++ fileno (in the file has been previously opened with fopen). ++ The mode parameter is as in gzopen. ++ The next call of gzclose on the returned gzFile will also close the ++ file descriptor fd, just like fclose(fdopen(fd), mode) closes the file ++ descriptor fd. If you want to keep fd open, use gzdopen(dup(fd), mode). ++ gzdopen returns NULL if there was insufficient memory to allocate ++ the (de)compression state. ++*/ ++ ++ZEXTERN int ZEXPORT gzsetparams OF((gzFile file, int level, int strategy)); ++/* ++ Dynamically update the compression level or strategy. See the description ++ of deflateInit2 for the meaning of these parameters. ++ gzsetparams returns Z_OK if success, or Z_STREAM_ERROR if the file was not ++ opened for writing. ++*/ ++ ++ZEXTERN int ZEXPORT gzread OF((gzFile file, voidp buf, unsigned len)); ++/* ++ Reads the given number of uncompressed bytes from the compressed file. ++ If the input file was not in gzip format, gzread copies the given number ++ of bytes into the buffer. ++ gzread returns the number of uncompressed bytes actually read (0 for ++ end of file, -1 for error). */ ++ ++ZEXTERN int ZEXPORT gzwrite OF((gzFile file, ++ voidpc buf, unsigned len)); ++/* ++ Writes the given number of uncompressed bytes into the compressed file. ++ gzwrite returns the number of uncompressed bytes actually written ++ (0 in case of error). ++*/ ++ ++ZEXTERN int ZEXPORTVA gzprintf OF((gzFile file, const char *format, ...)); ++/* ++ Converts, formats, and writes the args to the compressed file under ++ control of the format string, as in fprintf. gzprintf returns the number of ++ uncompressed bytes actually written (0 in case of error). The number of ++ uncompressed bytes written is limited to 4095. The caller should assure that ++ this limit is not exceeded. If it is exceeded, then gzprintf() will return ++ return an error (0) with nothing written. In this case, there may also be a ++ buffer overflow with unpredictable consequences, which is possible only if ++ zlib was compiled with the insecure functions sprintf() or vsprintf() ++ because the secure snprintf() or vsnprintf() functions were not available. ++*/ ++ ++ZEXTERN int ZEXPORT gzputs OF((gzFile file, const char *s)); ++/* ++ Writes the given null-terminated string to the compressed file, excluding ++ the terminating null character. ++ gzputs returns the number of characters written, or -1 in case of error. ++*/ ++ ++ZEXTERN char * ZEXPORT gzgets OF((gzFile file, char *buf, int len)); ++/* ++ Reads bytes from the compressed file until len-1 characters are read, or ++ a newline character is read and transferred to buf, or an end-of-file ++ condition is encountered. The string is then terminated with a null ++ character. ++ gzgets returns buf, or Z_NULL in case of error. ++*/ ++ ++ZEXTERN int ZEXPORT gzputc OF((gzFile file, int c)); ++/* ++ Writes c, converted to an unsigned char, into the compressed file. ++ gzputc returns the value that was written, or -1 in case of error. ++*/ ++ ++ZEXTERN int ZEXPORT gzgetc OF((gzFile file)); ++/* ++ Reads one byte from the compressed file. gzgetc returns this byte ++ or -1 in case of end of file or error. ++*/ ++ ++ZEXTERN int ZEXPORT gzungetc OF((int c, gzFile file)); ++/* ++ Push one character back onto the stream to be read again later. ++ Only one character of push-back is allowed. gzungetc() returns the ++ character pushed, or -1 on failure. gzungetc() will fail if a ++ character has been pushed but not read yet, or if c is -1. The pushed ++ character will be discarded if the stream is repositioned with gzseek() ++ or gzrewind(). ++*/ ++ ++ZEXTERN int ZEXPORT gzflush OF((gzFile file, int flush)); ++/* ++ Flushes all pending output into the compressed file. The parameter ++ flush is as in the deflate() function. The return value is the zlib ++ error number (see function gzerror below). gzflush returns Z_OK if ++ the flush parameter is Z_FINISH and all output could be flushed. ++ gzflush should be called only when strictly necessary because it can ++ degrade compression. ++*/ ++ ++ZEXTERN z_off_t ZEXPORT gzseek OF((gzFile file, ++ z_off_t offset, int whence)); ++/* ++ Sets the starting position for the next gzread or gzwrite on the ++ given compressed file. The offset represents a number of bytes in the ++ uncompressed data stream. The whence parameter is defined as in lseek(2); ++ the value SEEK_END is not supported. ++ If the file is opened for reading, this function is emulated but can be ++ extremely slow. If the file is opened for writing, only forward seeks are ++ supported; gzseek then compresses a sequence of zeroes up to the new ++ starting position. ++ ++ gzseek returns the resulting offset location as measured in bytes from ++ the beginning of the uncompressed stream, or -1 in case of error, in ++ particular if the file is opened for writing and the new starting position ++ would be before the current position. ++*/ ++ ++ZEXTERN int ZEXPORT gzrewind OF((gzFile file)); ++/* ++ Rewinds the given file. This function is supported only for reading. ++ ++ gzrewind(file) is equivalent to (int)gzseek(file, 0L, SEEK_SET) ++*/ ++ ++ZEXTERN z_off_t ZEXPORT gztell OF((gzFile file)); ++/* ++ Returns the starting position for the next gzread or gzwrite on the ++ given compressed file. This position represents a number of bytes in the ++ uncompressed data stream. ++ ++ gztell(file) is equivalent to gzseek(file, 0L, SEEK_CUR) ++*/ ++ ++ZEXTERN int ZEXPORT gzeof OF((gzFile file)); ++/* ++ Returns 1 when EOF has previously been detected reading the given ++ input stream, otherwise zero. ++*/ ++ ++ZEXTERN int ZEXPORT gzclose OF((gzFile file)); ++/* ++ Flushes all pending output if necessary, closes the compressed file ++ and deallocates all the (de)compression state. The return value is the zlib ++ error number (see function gzerror below). ++*/ ++ ++ZEXTERN const char * ZEXPORT gzerror OF((gzFile file, int *errnum)); ++/* ++ Returns the error message for the last error which occurred on the ++ given compressed file. errnum is set to zlib error number. If an ++ error occurred in the file system and not in the compression library, ++ errnum is set to Z_ERRNO and the application may consult errno ++ to get the exact error code. ++*/ ++ ++ZEXTERN void ZEXPORT gzclearerr OF((gzFile file)); ++/* ++ Clears the error and end-of-file flags for file. This is analogous to the ++ clearerr() function in stdio. This is useful for continuing to read a gzip ++ file that is being written concurrently. ++*/ ++ ++ /* checksum functions */ ++ ++/* ++ These functions are not related to compression but are exported ++ anyway because they might be useful in applications using the ++ compression library. ++*/ ++ ++ZEXTERN uLong ZEXPORT adler32 OF((uLong adler, const Bytef *buf, uInt len)); ++ ++/* ++ Update a running Adler-32 checksum with the bytes buf[0..len-1] and ++ return the updated checksum. If buf is NULL, this function returns ++ the required initial value for the checksum. ++ An Adler-32 checksum is almost as reliable as a CRC32 but can be computed ++ much faster. Usage example: ++ ++ uLong adler = adler32(0L, Z_NULL, 0); ++ ++ while (read_buffer(buffer, length) != EOF) { ++ adler = adler32(adler, buffer, length); ++ } ++ if (adler != original_adler) error(); ++*/ ++ ++ZEXTERN uLong ZEXPORT crc32 OF((uLong crc, const Bytef *buf, uInt len)); ++/* ++ Update a running crc with the bytes buf[0..len-1] and return the updated ++ crc. If buf is NULL, this function returns the required initial value ++ for the crc. Pre- and post-conditioning (one's complement) is performed ++ within this function so it shouldn't be done by the application. ++ Usage example: ++ ++ uLong crc = crc32(0L, Z_NULL, 0); ++ ++ while (read_buffer(buffer, length) != EOF) { ++ crc = crc32(crc, buffer, length); ++ } ++ if (crc != original_crc) error(); ++*/ ++ ++ ++ /* various hacks, don't look :) */ ++ ++/* deflateInit and inflateInit are macros to allow checking the zlib version ++ * and the compiler's view of z_stream: ++ */ ++ZEXTERN int ZEXPORT deflateInit_ OF((z_streamp strm, int level, ++ const char *version, int stream_size)); ++ZEXTERN int ZEXPORT inflateInit_ OF((z_streamp strm, ++ const char *version, int stream_size)); ++ZEXTERN int ZEXPORT deflateInit2_ OF((z_streamp strm, int level, int method, ++ int windowBits, int memLevel, ++ int strategy, const char *version, ++ int stream_size)); ++ZEXTERN int ZEXPORT inflateInit2_ OF((z_streamp strm, int windowBits, ++ const char *version, int stream_size)); ++ZEXTERN int ZEXPORT inflateBackInit_ OF((z_stream FAR *strm, int windowBits, ++ unsigned char FAR *window, ++ const char *version, ++ int stream_size)); ++#define deflateInit(strm, level) \ ++ deflateInit_((strm), (level), ZLIB_VERSION, sizeof(z_stream)) ++#define inflateInit(strm) \ ++ inflateInit_((strm), ZLIB_VERSION, sizeof(z_stream)) ++#define deflateInit2(strm, level, method, windowBits, memLevel, strategy) \ ++ deflateInit2_((strm),(level),(method),(windowBits),(memLevel),\ ++ (strategy), ZLIB_VERSION, sizeof(z_stream)) ++#define inflateInit2(strm, windowBits) \ ++ inflateInit2_((strm), (windowBits), ZLIB_VERSION, sizeof(z_stream)) ++#define inflateBackInit(strm, windowBits, window) \ ++ inflateBackInit_((strm), (windowBits), (window), \ ++ ZLIB_VERSION, sizeof(z_stream)) ++ ++ ++#if !defined(ZUTIL_H) && !defined(NO_DUMMY_DECL) ++ struct internal_state {int dummy;}; /* hack for buggy compilers */ ++#endif ++ ++ZEXTERN const char * ZEXPORT zError OF((int err)); ++ZEXTERN int ZEXPORT inflateSyncPoint OF((z_streamp z)); ++ZEXTERN const uLongf * ZEXPORT get_crc_table OF((void)); ++ ++#ifdef __cplusplus ++} ++#endif ++ ++#endif /* ZLIB_H */ --- php5-5.4.6.orig/debian/patches/053-extension_api.patch +++ php5-5.4.6/debian/patches/053-extension_api.patch @@ -0,0 +1,59 @@ +Description: Adds --phpapi argument to php-config(1) + . + TODO: make it more generic and add it to the man page. +Origin: vendor +Forwarded: no +Last-Update: 2010-01-18 + +--- a/configure.in ++++ b/configure.in +@@ -1177,8 +1177,13 @@ dnl Build extension directory path + + ZEND_MODULE_API_NO=`$EGREP '#define ZEND_MODULE_API_NO ' $srcdir/Zend/zend_modules.h|$SED 's/#define ZEND_MODULE_API_NO //'` + ++DEBIAN_PHP_API=$ZEND_MODULE_API_NO ++if echo "$CPPFLAGS $CFLAGS" | grep -q -- -D_FILE_OFFSET_BITS=64; then ++ DEBIAN_PHP_API="${DEBIAN_PHP_API}+lfs" ++fi ++ + if test -z "$EXTENSION_DIR"; then +- extbasedir=$ZEND_MODULE_API_NO ++ extbasedir=$DEBIAN_PHP_API + if test "$oldstyleextdir" = "yes"; then + if test "$PHP_DEBUG" = "1"; then + part1=debug +@@ -1321,6 +1326,7 @@ PHP_SUBST(CXX) + PHP_SUBST(CXXFLAGS) + PHP_SUBST(CXXFLAGS_CLEAN) + PHP_SUBST_OLD(DEBUG_CFLAGS) ++PHP_SUBST_OLD(DEBIAN_PHP_API) + PHP_SUBST_OLD(EXTENSION_DIR) + PHP_SUBST_OLD(EXTRA_LDFLAGS) + PHP_SUBST_OLD(EXTRA_LDFLAGS_PROGRAM) +--- a/scripts/php-config.in ++++ b/scripts/php-config.in +@@ -19,6 +19,7 @@ php_cli_binary=NONE + php_cgi_binary=NONE + configure_options="@CONFIGURE_OPTIONS@" + php_sapis="@PHP_INSTALLED_SAPIS@" ++phpapi="@DEBIAN_PHP_API@" + + # Set php_cli_binary and php_cgi_binary if available + for sapi in $php_sapis; do +@@ -57,6 +58,8 @@ case "$1" in + echo $include_dir;; + --php-binary) + echo $php_binary;; ++--phpapi) ++ echo $phpapi;; + --php-sapis) + echo $php_sapis;; + --configure-options) +@@ -80,6 +83,7 @@ Options: + --man-dir [$man_dir] + --php-binary [$php_binary] + --php-sapis [$php_sapis] ++ --phpapi [$phpapi] + --configure-options [$configure_options] + --version [$version] + --vernum [$vernum] --- php5-5.4.6.orig/debian/patches/php-fpm-listen-on-unix-socket.patch +++ php5-5.4.6/debian/patches/php-fpm-listen-on-unix-socket.patch @@ -0,0 +1,11 @@ +--- a/sapi/fpm/php-fpm.conf.in ++++ b/sapi/fpm/php-fpm.conf.in +@@ -152,7 +152,7 @@ group = @php_fpm_group@ + ; specific port; + ; '/path/to/unix/socket' - to listen on a unix socket. + ; Note: This value is mandatory. +-listen = 127.0.0.1:9000 ++listen = /var/run/php5-fpm.sock + + ; Set listen(2) backlog. + ; Default Value: 128 (-1 on FreeBSD and OpenBSD) --- php5-5.4.6.orig/debian/patches/deprecate_short_open_tag +++ php5-5.4.6/debian/patches/deprecate_short_open_tag @@ -0,0 +1,36 @@ +--- a/Zend/zend_language_scanner.l ++++ b/Zend/zend_language_scanner.l +@@ -1513,6 +1513,7 @@ NEWLINE ("\r"|"\n"|"\r\n") + + "value.str.val = yytext; /* no copying - intentional */ + zendlval->value.str.len = yyleng; + zendlval->type = IS_STRING; +@@ -1549,6 +1550,7 @@ NEWLINE ("\r"|"\n"|"\r\n") + + "value.str.val = yytext; /* no copying - intentional */ + zendlval->value.str.len = yyleng; + zendlval->type = IS_STRING; +--- a/Zend/zend_language_scanner.c ++++ b/Zend/zend_language_scanner.c +@@ -1019,6 +1019,7 @@ yy6: + #line 1550 "Zend/zend_language_scanner.l" + { + if (CG(short_tags)) { ++ zend_error(E_DEPRECATED, "Usage of short open tag value.str.val = yytext; /* no copying - intentional */ + zendlval->value.str.len = yyleng; + zendlval->type = IS_STRING; +@@ -1298,6 +1299,7 @@ yy45: + #line 1514 "Zend/zend_language_scanner.l" + { + if (CG(short_tags)) { ++ zend_error(E_DEPRECATED, "Usage of short open tag value.str.val = yytext; /* no copying - intentional */ + zendlval->value.str.len = yyleng; + zendlval->type = IS_STRING; --- php5-5.4.6.orig/debian/patches/temporary-path-fixes-for-multiarch.patch +++ php5-5.4.6/debian/patches/temporary-path-fixes-for-multiarch.patch @@ -0,0 +1,132 @@ +Description: transitional workaround for multiarch + As a stopgap for natty, patch the various config.m4 files for modules whose + libraries have moved to the multiarch dir; we can't use --with-libdir yet + because that requires all the build-deps to have moved. +Author: Jonathan Marsden +Bug-Ubuntu: https://bugs.launchpad.net/bugs/739977 +Forwarded: not-needed +Reviewed-by: Steve Langasek + +--- a/ext/dba/config.m4 ++++ b/ext/dba/config.m4 +@@ -239,7 +239,7 @@ AC_DEFUN([PHP_DBA_DB_CHECK],[ + AC_MSG_ERROR([DBA: Could not find necessary header file(s).]) + fi + for LIB in $2; do +- if test -f $THIS_PREFIX/$PHP_LIBDIR/lib$LIB.a || test -f $THIS_PREFIX/$PHP_LIBDIR/lib$LIB.$SHLIB_SUFFIX_NAME; then ++ if test -f $THIS_PREFIX/$PHP_LIBDIR/lib$LIB.a || test -f $THIS_PREFIX/$PHP_LIBDIR/$DEB_HOST_MULTIARCH/lib$LIB.$SHLIB_SUFFIX_NAME || test -f $THIS_PREFIX/$PHP_LIBDIR/lib$LIB.$SHLIB_SUFFIX_NAME; then + lib_found=""; + PHP_TEMP_LDFLAGS(-L$THIS_PREFIX/$PHP_LIBDIR, -l$LIB,[ + AC_TRY_LINK([ +--- a/ext/gd/config.m4 ++++ b/ext/gd/config.m4 +@@ -159,7 +159,7 @@ AC_DEFUN([PHP_GD_XPM],[ + if test "$PHP_XPM_DIR" != "no"; then + + for i in $PHP_XPM_DIR /usr/local /usr/X11R6 /usr; do +- test -f $i/$PHP_LIBDIR/libXpm.$SHLIB_SUFFIX_NAME || test -f $i/$PHP_LIBDIR/libXpm.a && GD_XPM_DIR=$i && break ++ test -f $i/$PHP_LIBDIR/libXpm.$SHLIB_SUFFIX_NAME || test -f $i/$PHP_LIBDIR/$DEB_HOST_MULTIARCH/libXpm.$SHLIB_SUFFIX_NAME || test -f $i/$PHP_LIBDIR/libXpm.a && GD_XPM_DIR=$i && break + done + + if test -z "$GD_XPM_DIR"; then +@@ -396,7 +396,7 @@ dnl Header path + + dnl Library path + for i in $PHP_LIBDIR/gd1.3 $PHP_LIBDIR/gd $PHP_LIBDIR gd1.3 gd ""; do +- test -f "$PHP_GD/$i/libgd.$SHLIB_SUFFIX_NAME" || test -f "$PHP_GD/$i/libgd.a" && GD_LIB="$PHP_GD/$i" ++ test -f "$PHP_GD/$i/libgd.$SHLIB_SUFFIX_NAME" || test -f "$PHP_GD/$i/$DEB_HOST_MULTIARCH/libgd.$SHLIB_SUFFIX_NAME" || test -f "$PHP_GD/$i/libgd.a" && GD_LIB="$PHP_GD/$i" + done + + if test -n "$GD_INCLUDE" && test -n "$GD_LIB"; then +--- a/ext/pcre/config0.m4 ++++ b/ext/pcre/config0.m4 +@@ -21,7 +21,7 @@ PHP_ARG_WITH(pcre-regex,, + AC_MSG_RESULT([$PCRE_INCDIR]) + + AC_MSG_CHECKING([for PCRE library location]) +- for j in $PHP_PCRE_REGEX $PHP_PCRE_REGEX/$PHP_LIBDIR; do ++ for j in $PHP_PCRE_REGEX $PHP_PCRE_REGEX/$PHP_LIBDIR/$DEB_HOST_MULTIARCH $PHP_PCRE_REGEX/$PHP_LIBDIR; do + test -f $j/libpcre.a || test -f $j/libpcre.$SHLIB_SUFFIX_NAME && PCRE_LIBDIR=$j + done + +--- a/acinclude.m4 ++++ b/acinclude.m4 +@@ -2282,7 +2282,7 @@ AC_DEFUN([PHP_SETUP_KERBEROS],[ + fi + + for i in $PHP_KERBEROS; do +- if test -f $i/$PHP_LIBDIR/libkrb5.a || test -f $i/$PHP_LIBDIR/libkrb5.$SHLIB_SUFFIX_NAME; then ++ if test -f $i/$PHP_LIBDIR/libkrb5.$SHLIB_SUFFIX_NAME || test -f $i/$PHP_LIBDIR/$DEB_HOST_MULTIARCH/libkrb5.$SHLIB_SUFFIX_NAME || test -f $i/$PHP_LIBDIR/libkrb5.a; then + PHP_KERBEROS_DIR=$i + break + fi +@@ -2359,7 +2359,7 @@ AC_DEFUN([PHP_SETUP_OPENSSL],[ + if test -r $i/include/openssl/evp.h; then + OPENSSL_INCDIR=$i/include + fi +- if test -r $i/$PHP_LIBDIR/libssl.a -o -r $i/$PHP_LIBDIR/libssl.$SHLIB_SUFFIX_NAME; then ++ if test -r $i/$PHP_LIBDIR/libssl.a -o -r $i/$PHP_LIBDIR/$DEB_HOST_MULTIARCH/libssl.$SHLIB_SUFFIX_NAME -o -r $i/$PHP_LIBDIR/libssl.$SHLIB_SUFFIX_NAME; then + OPENSSL_LIBDIR=$i/$PHP_LIBDIR + fi + test -n "$OPENSSL_INCDIR" && test -n "$OPENSSL_LIBDIR" && break +--- a/ext/ldap/config.m4 ++++ b/ext/ldap/config.m4 +@@ -95,7 +95,7 @@ if test "$PHP_LDAP" != "no"; then + LDAP_PTHREAD= + fi + +- if test -f $LDAP_LIBDIR/liblber.a || test -f $LDAP_LIBDIR/liblber.$SHLIB_SUFFIX_NAME; then ++ if test -f $LDAP_LIBDIR/liblber.a || test -f $LDAP_LIBDIR/$DEB_HOST_MULTIARCH/liblber.$SHLIB_SUFFIX_NAME || test -f $LDAP_LIBDIR/liblber.$SHLIB_SUFFIX_NAME; then + PHP_ADD_LIBRARY_WITH_PATH(lber, $LDAP_LIBDIR, LDAP_SHARED_LIBADD) + PHP_ADD_LIBRARY_WITH_PATH(ldap, $LDAP_LIBDIR, LDAP_SHARED_LIBADD) + +--- a/ext/mssql/config.m4 ++++ b/ext/mssql/config.m4 +@@ -38,7 +38,7 @@ if test "$PHP_MSSQL" != "no"; then + fi + fi + +- if test ! -r "$FREETDS_INSTALLATION_DIR/$PHP_LIBDIR/libsybdb.a" && test ! -r "$FREETDS_INSTALLATION_DIR/$PHP_LIBDIR/libsybdb.so"; then ++ if test ! -r "$FREETDS_INSTALLATION_DIR/$PHP_LIBDIR/libsybdb.a" && test ! -r "$FREETDS_INSTALLATION_DIR/$PHP_LIBDIR/$DEB_HOST_MULTIARCH/libsybdb.so" && test ! -r "$FREETDS_INSTALLATION_DIR/$PHP_LIBDIR/libsybdb.so"; then + AC_MSG_ERROR(Could not find $FREETDS_INSTALLATION_DIR/$PHP_LIBDIR/libsybdb.[a|so]) + fi + +--- a/ext/pdo_dblib/config.m4 ++++ b/ext/pdo_dblib/config.m4 +@@ -46,7 +46,7 @@ if test "$PHP_PDO_DBLIB" != "no"; then + PHP_LIBDIR=lib + fi + +- if test ! -r "$PDO_FREETDS_INSTALLATION_DIR/$PHP_LIBDIR/libsybdb.a" && test ! -r "$PDO_FREETDS_INSTALLATION_DIR/$PHP_LIBDIR/libsybdb.so"; then ++ if test ! -r "$PDO_FREETDS_INSTALLATION_DIR/$PHP_LIBDIR/libsybdb.a" && test ! -r "$PDO_FREETDS_INSTALLATION_DIR/$PHP_LIBDIR/$DEB_HOST_MULTIARCH/libsybdb.so" && test ! -r "$PDO_FREETDS_INSTALLATION_DIR/$PHP_LIBDIR/libsybdb.so"; then + AC_MSG_ERROR(Could not find $PDO_FREETDS_INSTALLATION_DIR/$PHP_LIBDIR/libsybdb.[a|so]) + fi + +--- a/ext/mysql/config.m4 ++++ b/ext/mysql/config.m4 +@@ -2,16 +2,6 @@ dnl + dnl $Id$ + dnl + +-AC_DEFUN([MYSQL_LIB_CHK], [ +- str="$MYSQL_DIR/$1/lib$MYSQL_LIBNAME.*" +- for j in `echo $str`; do +- if test -r $j; then +- MYSQL_LIB_DIR=$MYSQL_DIR/$1 +- break 2 +- fi +- done +-]) +- + AC_DEFUN([PHP_MYSQL_SOCKET_SEARCH], [ + for i in \ + /var/run/mysqld/mysqld.sock \ +@@ -93,7 +83,7 @@ Note that the MySQL client library is no + fi + + for i in $PHP_LIBDIR $PHP_LIBDIR/mysql; do +- MYSQL_LIB_CHK($i) ++ test -f "$MYSQL_DIR/$i/lib$MYSQL_LIBNAME.$SHLIB_SUFFIX_NAME" || test -f "$MYSQL_DIR/$i/$DEB_HOST_MULTIARCH/lib$MYSQL_LIBNAME.$SHLIB_SUFFIX_NAME" || test -r "$MYSQL_DIR/$i/lib$MYSQL_LIBNAME.a" && MYSQL_LIB_DIR=$MYSQL_DIR/$i + done + + if test -z "$MYSQL_LIB_DIR"; then --- php5-5.4.6.orig/debian/patches/044-strtod_arm_fix.patch +++ php5-5.4.6/debian/patches/044-strtod_arm_fix.patch @@ -0,0 +1,54 @@ +--- a/Zend/zend_strtod.c ++++ b/Zend/zend_strtod.c +@@ -152,14 +152,25 @@ typedef unsigned long int uint32_t; + #define IEEE_LITTLE_ENDIAN + #endif + +-#if defined(__arm__) && !defined(__VFP_FP__) +-/* +- * * Although the CPU is little endian the FP has different +- * * byte and word endianness. The byte order is still little endian +- * * but the word order is big endian. +- * */ +-#define IEEE_BIG_ENDIAN ++#if defined(__arm__) || defined(__thumb__) ++/* ARM traditionally used big-endian words; and within those words the ++ byte ordering was big or little endian depending upon the target. ++ Modern floating-point formats are naturally ordered; in this case ++ __VFP_FP__ will be defined, even if soft-float. */ + #undef IEEE_LITTLE_ENDIAN ++#undef IEEE_BIG_ENDIAN ++#if defined(__VFP_FP__) || defined(__MAVERICK__) ++# ifdef __ARMEL__ ++# define IEEE_LITTLE_ENDIAN ++# else ++# define IEEE_BIG_ENDIAN ++# endif ++#else ++# define IEEE_BIG_ENDIAN ++# ifdef __ARMEL__ ++# define IEEE_BYTES_LITTLE_ENDIAN ++# endif ++#endif + #endif + + #ifdef __vax__ +@@ -267,8 +278,7 @@ BEGIN_EXTERN_C() + + #if defined(IEEE_LITTLE_ENDIAN) + defined(IEEE_BIG_ENDIAN) + defined(VAX) + \ + defined(IBM) != 1 +- Exactly one of IEEE_LITTLE_ENDIAN IEEE_BIG_ENDIAN, VAX, or +- IBM should be defined. ++#error "Exactly one of IEEE_LITTLE_ENDIAN IEEE_BIG_ENDIAN, VAX, or IBM should be defined." + #endif + + typedef union { +@@ -288,7 +298,7 @@ BEGIN_EXTERN_C() + * An alternative that might be better on some machines is + * #define Storeinc(a,b,c) (*a++ = b << 16 | c & 0xffff) + */ +-#if defined(IEEE_LITTLE_ENDIAN) + defined(VAX) + defined(__arm__) ++#if defined(IEEE_LITTLE_ENDIAN) + defined(VAX) + defined(IEEE_BYTES_LITTLE_ENDIAN) + #define Storeinc(a,b,c) (((unsigned short *)a)[1] = (unsigned short)b, \ + ((unsigned short *)a)[0] = (unsigned short)c, a++) + #else --- php5-5.4.6.orig/debian/patches/force_libmysqlclient_r.patch +++ php5-5.4.6/debian/patches/force_libmysqlclient_r.patch @@ -0,0 +1,41 @@ +Description: Force linking to mysqlclient_r to avoid symbol conflicts. + apr-util's mysql driver is linked against that version of the library + but due to missing proper symbols versioning we are forced to link to + the re-entrant library too. +Origin: other, http://bugs.debian.org/469081 +Forwarded: not-needed +Last-Update: 2010-01-18 + +--- a/ext/mysql/config.m4 ++++ b/ext/mysql/config.m4 +@@ -76,7 +76,7 @@ elif test "$PHP_MYSQL" != "no"; then + Note that the MySQL client library is not bundled anymore!]) + fi + +- if test "$enable_maintainer_zts" = "yes"; then ++ if true || test "$enable_maintainer_zts" = "yes"; then + MYSQL_LIBNAME=mysqlclient_r + else + MYSQL_LIBNAME=mysqlclient +--- a/ext/mysqli/config.m4 ++++ b/ext/mysqli/config.m4 +@@ -25,7 +25,7 @@ elif test "$PHP_MYSQLI" != "no"; then + MYSQL_LIB_CFG='--libmysqld-libs' + dnl mysqlnd doesn't support embedded, so we have to add some extra stuff + mysqli_extra_sources="mysqli_embedded.c" +- elif test "$enable_maintainer_zts" = "yes"; then ++ elif true || test "$enable_maintainer_zts" = "yes"; then + MYSQL_LIB_CFG='--libs_r' + MYSQL_LIB_NAME='mysqlclient_r' + else +--- a/ext/pdo_mysql/config.m4 ++++ b/ext/pdo_mysql/config.m4 +@@ -55,7 +55,7 @@ if test "$PHP_PDO_MYSQL" != "no"; then + if test "x$SED" = "x"; then + AC_PATH_PROG(SED, sed) + fi +- if test "$enable_maintainer_zts" = "yes"; then ++ if true || test "$enable_maintainer_zts" = "yes"; then + PDO_MYSQL_LIBNAME=mysqlclient_r + PDO_MYSQL_LIBS=`$PDO_MYSQL_CONFIG --libs_r | $SED -e "s/'//g"` + else --- php5-5.4.6.orig/debian/patches/004-ldap_fix.patch +++ php5-5.4.6/debian/patches/004-ldap_fix.patch @@ -0,0 +1,27 @@ +Description: Prevent null dereferencing in ldap_explode_dn() +Origin: vendor +Bug-Debian: http://bugs.debian.org/205405 +Forwarded: no +Last-Update: 2010-01-18 + +--- a/ext/ldap/ldap.c ++++ b/ext/ldap/ldap.c +@@ -1212,7 +1212,7 @@ PHP_FUNCTION(ldap_explode_dn) + } + + i=0; +- while (ldap_value[i] != NULL) i++; ++ while (ldap_value && ldap_value[i] != NULL) i++; + count = i; + + array_init(return_value); +@@ -1222,7 +1222,8 @@ PHP_FUNCTION(ldap_explode_dn) + add_index_string(return_value, i, ldap_value[i], 1); + } + +- ldap_value_free(ldap_value); ++ if (ldap_value) ++ ldap_value_free(ldap_value); + } + /* }}} */ + --- php5-5.4.6.orig/debian/patches/fpm-config.patch +++ php5-5.4.6/debian/patches/fpm-config.patch @@ -0,0 +1,54 @@ +Description: Add major version number to paths and allow process pools + to be configured in individual files in /etc/php5/fpm/pool.d/ +Origin: vendor +Forwarded: not-needed +Last-Update: 2010-07-30 + +--- a/sapi/fpm/php-fpm.conf.in ++++ b/sapi/fpm/php-fpm.conf.in +@@ -12,7 +12,7 @@ + ; Relative path can also be used. They will be prefixed by: + ; - the global prefix if it's been set (-p arguement) + ; - @prefix@ otherwise +-;include=etc/fpm.d/*.conf ++;include=@EXPANDED_SYSCONFDIR@/php5/fpm/*.conf + + ;;;;;;;;;;;;;;;;;; + ; Global Options ; +@@ -22,14 +22,14 @@ + ; Pid file + ; Note: the default prefix is @EXPANDED_LOCALSTATEDIR@ + ; Default Value: none +-;pid = run/php-fpm.pid ++pid = @EXPANDED_LOCALSTATEDIR@/run/php5-fpm.pid + + ; Error log file + ; If it's set to "syslog", log is sent to syslogd instead of being written + ; in a local file. + ; Note: the default prefix is @EXPANDED_LOCALSTATEDIR@ + ; Default Value: log/php-fpm.log +-;error_log = log/php-fpm.log ++error_log = @EXPANDED_LOCALSTATEDIR@/log/php5-fpm.log + + ; syslog_facility is used to specify what type of program is logging the + ; message. This lets syslogd specify that messages from different facilities +@@ -116,6 +116,10 @@ + ; used in logs and stats. There is no limitation on the number of pools which + ; FPM can handle. Your system will tell you anyway :) + ++; To configure the pools it is recommended to have one .conf file per ++; pool in the following directory: ++include=@EXPANDED_SYSCONFDIR@/php5/fpm/pool.d/*.conf ++ + ; Start a new pool named 'www'. + ; the variable $pool can we used in any directive and will be replaced by the + ; pool name ('www' here) +@@ -458,7 +462,7 @@ pm.max_spare_servers = 3 + ; Chdir to this directory at the start. + ; Note: relative path can be used. + ; Default Value: current directory or / when chroot +-;chdir = /var/www ++chdir = / + + ; Redirect worker stdout and stderr into main error log. If not set, stdout and + ; stderr will be redirected to /dev/null according to FastCGI specs. --- php5-5.4.6.orig/debian/patches/gdIOCtx.patch +++ php5-5.4.6/debian/patches/gdIOCtx.patch @@ -0,0 +1,124 @@ +--- a/ext/gd/gd_ctx.c ++++ b/ext/gd/gd_ctx.c +@@ -46,33 +46,6 @@ static void _php_image_output_ctxfree(st + } + } + +-static void _php_image_stream_putc(struct gdIOCtx *ctx, int c) { +- char ch = (char) c; +- php_stream * stream = (php_stream *)ctx->data; +- TSRMLS_FETCH(); +- php_stream_write(stream, &ch, 1); +-} +- +-static int _php_image_stream_putbuf(struct gdIOCtx *ctx, const void* buf, int l) +-{ +- php_stream * stream = (php_stream *)ctx->data; +- TSRMLS_FETCH(); +- return php_stream_write(stream, (void *)buf, l); +-} +- +-static void _php_image_stream_ctxfree(struct gdIOCtx *ctx) +-{ +- TSRMLS_FETCH(); +- +- if(ctx->data) { +- php_stream_close((php_stream *) ctx->data); +- ctx->data = NULL; +- } +- if(ctx) { +- efree(ctx); +- } +-} +- + /* {{{ _php_image_output_ctx */ + static void _php_image_output_ctx(INTERNAL_FUNCTION_PARAMETERS, int image_type, char *tn, void (*func_p)()) + { +@@ -81,12 +54,11 @@ static void _php_image_output_ctx(INTERN + int file_len = 0; + long quality, basefilter; + gdImagePtr im; ++ FILE *fp = NULL; + int argc = ZEND_NUM_ARGS(); + int q = -1, i; + int f = -1; + gdIOCtx *ctx = NULL; +- zval *to_zval = NULL; +- php_stream *stream; + + /* The third (quality) parameter for Wbmp stands for the threshold when called from image2wbmp(). + * The third (quality) parameter for Wbmp and Xbm stands for the foreground color index when called +@@ -103,7 +75,7 @@ static void _php_image_output_ctx(INTERN + * PHP_GDIMG_TYPE_WBM + * PHP_GDIMG_TYPE_WEBP + * */ +- if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "r|z/!ll", &imgind, &to_zval, &quality, &basefilter) == FAILURE) { ++ if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "r|p!ll", &imgind, &file, &file_len, &quality, &basefilter) == FAILURE) { + return; + } + } +@@ -117,21 +89,19 @@ static void _php_image_output_ctx(INTERN + } + } + +- if (argc > 1 && to_zval != NULL) { +- if (Z_TYPE_P(to_zval) == IS_RESOURCE) { +- php_stream_from_zval_no_verify(stream, &to_zval); +- if (stream == NULL) { +- RETURN_FALSE; +- } +- } else if (Z_TYPE_P(to_zval) == IS_STRING) { +- stream = php_stream_open_wrapper(Z_STRVAL_P(to_zval), "wb", REPORT_ERRORS|IGNORE_PATH|IGNORE_URL_WIN, NULL); +- if (stream == NULL) { +- RETURN_FALSE; +- } +- } else { +- php_error_docref(NULL TSRMLS_CC, E_WARNING, "Invalid 2nd parameter, it must a filename or a stream"); ++ if (argc > 1 && file_len) { ++ if (strlen(file) != file_len) { ++ RETURN_FALSE; ++ } ++ PHP_GD_CHECK_OPEN_BASEDIR(file, "Invalid filename"); ++ ++ fp = VCWD_FOPEN(file, "wb"); ++ if (!fp) { ++ php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to open '%s' for writing: %s", file, strerror(errno)); + RETURN_FALSE; + } ++ ++ ctx = gdNewFileCtx(fp); + } else { + ctx = emalloc(sizeof(gdIOCtx)); + ctx->putC = _php_image_output_putc; +@@ -145,14 +115,6 @@ static void _php_image_output_ctx(INTERN + #endif + } + +- if (!ctx) { +- ctx = emalloc(sizeof(gdIOCtx)); +- ctx->putC = _php_image_stream_putc; +- ctx->putBuf = _php_image_stream_putbuf; +- ctx->gd_free = _php_image_stream_ctxfree; +- ctx->data = (void *)stream; +- } +- + switch(image_type) { + case PHP_GDIMG_CONVERT_WBM: + if(q<0||q>255) { +@@ -189,11 +151,12 @@ static void _php_image_output_ctx(INTERN + break; + } + +-#if HAVE_LIBGD204 + ctx->gd_free(ctx); +-#else +- ctx->free(ctx); +-#endif ++ ++ if(fp) { ++ fflush(fp); ++ fclose(fp); ++ } + + RETURN_TRUE; + } --- php5-5.4.6.orig/debian/patches/use_embedded_timezonedb.patch +++ php5-5.4.6/debian/patches/use_embedded_timezonedb.patch @@ -0,0 +1,642 @@ + +Add support for use of the system timezone database, rather +than embedding a copy. Discussed upstream but was not desired. + +History: +r8: fix compile error without --with-system-tzdata configured +r7: improve check for valid timezone id to exclude directories +r6: fix fd leak in r5, fix country code/BC flag use in + timezone_identifiers_list() using system db, + fix use of PECL timezonedb to override system db, +r5: reverts addition of "System/Localtime" fake tzname. + updated for 5.3.0, parses zone.tab to pick up mapping between + timezone name, country code and long/lat coords +r4: added "System/Localtime" tzname which uses /etc/localtime +r3: fix a crash if /usr/share/zoneinfo doesn't exist (Raphael Geissert) +r2: add filesystem trawl to set up name alias index +r1: initial revision + +--- a/ext/date/lib/parse_tz.c ++++ b/ext/date/lib/parse_tz.c +@@ -24,6 +24,16 @@ + + #include "timelib.h" + ++#ifdef HAVE_SYSTEM_TZDATA ++#include ++#include ++#include ++#include ++#include ++ ++#include "php_scandir.h" ++#endif ++ + #include + + #ifdef HAVE_LOCALE_H +@@ -35,7 +45,12 @@ + #else + #include + #endif ++ ++#ifndef HAVE_SYSTEM_TZDATA + #include "timezonedb.h" ++#endif ++ ++#include + + #if (defined(__APPLE__) || defined(__APPLE_CC__)) && (defined(__BIG_ENDIAN__) || defined(__LITTLE_ENDIAN__)) + # if defined(__LITTLE_ENDIAN__) +@@ -55,9 +70,14 @@ + + static void read_preamble(const unsigned char **tzf, timelib_tzinfo *tz) + { +- /* skip ID */ +- *tzf += 4; +- ++ if (memcmp(tzf, "TZif", 4) == 0) { ++ *tzf += 20; ++ return; ++ } ++ ++ /* skip ID */ ++ *tzf += 4; ++ + /* read BC flag */ + tz->bc = (**tzf == '\1'); + *tzf += 1; +@@ -260,7 +280,397 @@ void timelib_dump_tzinfo(timelib_tzinfo + } + } + +-static int seek_to_tz_position(const unsigned char **tzf, char *timezone, const timelib_tzdb *tzdb) ++#ifdef HAVE_SYSTEM_TZDATA ++ ++#ifdef HAVE_SYSTEM_TZDATA_PREFIX ++#define ZONEINFO_PREFIX HAVE_SYSTEM_TZDATA_PREFIX ++#else ++#define ZONEINFO_PREFIX "/usr/share/zoneinfo" ++#endif ++ ++/* System timezone database pointer. */ ++static const timelib_tzdb *timezonedb_system = NULL; ++ ++/* Hash table entry for the cache of the zone.tab mapping table. */ ++struct location_info { ++ char code[2]; ++ double latitude, longitude; ++ char name[64]; ++ char *comment; ++ struct location_info *next; ++}; ++ ++/* Cache of zone.tab. */ ++static struct location_info **system_location_table; ++ ++/* Size of the zone.tab hash table; a random-ish prime big enough to ++ * prevent too many collisions. */ ++#define LOCINFO_HASH_SIZE (1021) ++ ++static uint32_t tz_hash(const char *str) ++{ ++ const unsigned char *p = (const unsigned char *)str; ++ uint32_t hash = 5381; ++ int c; ++ ++ while ((c = *p++) != '\0') { ++ hash = (hash << 5) ^ hash ^ c; ++ } ++ ++ return hash % LOCINFO_HASH_SIZE; ++} ++ ++/* Parse an ISO-6709 date as used in zone.tab. Returns end of the ++ * parsed string on success, or NULL on parse error. On success, ++ * writes the parsed number to *result. */ ++static char *parse_iso6709(char *p, double *result) ++{ ++ double v, sign; ++ char *pend; ++ size_t len; ++ ++ if (*p == '+') ++ sign = 1.0; ++ else if (*p == '-') ++ sign = -1.0; ++ else ++ return NULL; ++ ++ p++; ++ for (pend = p; *pend >= '0' && *pend <= '9'; pend++) ++ ;; ++ ++ /* Annoying encoding used by zone.tab has no decimal point, so use ++ * the length to determine the format: ++ * ++ * 4 = DDMM ++ * 5 = DDDMM ++ * 6 = DDMMSS ++ * 7 = DDDMMSS ++ */ ++ len = pend - p; ++ if (len < 4 || len > 7) { ++ return NULL; ++ } ++ ++ /* p => [D]DD */ ++ v = (p[0] - '0') * 10.0 + (p[1] - '0'); ++ p += 2; ++ if (len == 5 || len == 7) ++ v = v * 10.0 + (*p++ - '0'); ++ /* p => MM[SS] */ ++ v += (10.0 * (p[0] - '0') ++ + p[1] - '0') / 60.0; ++ p += 2; ++ /* p => [SS] */ ++ if (len > 5) { ++ v += (10.0 * (p[0] - '0') ++ + p[1] - '0') / 3600.0; ++ p += 2; ++ } ++ ++ /* Round to five decimal place, not because it's a good idea, ++ * but, because the builtin data uses rounded data, so, match ++ * that. */ ++ *result = round(v * sign * 100000.0) / 100000.0; ++ ++ return p; ++} ++ ++/* This function parses the zone.tab file to build up the mapping of ++ * timezone to country code and geographic location, and returns a ++ * hash table. The hash table is indexed by the function: ++ * ++ * tz_hash(timezone-name) ++ */ ++static struct location_info **create_location_table(void) ++{ ++ struct location_info **li, *i; ++ char zone_tab[PATH_MAX]; ++ char line[512]; ++ FILE *fp; ++ ++ strncpy(zone_tab, ZONEINFO_PREFIX "/zone.tab", sizeof zone_tab); ++ ++ fp = fopen(zone_tab, "r"); ++ if (!fp) { ++ return NULL; ++ } ++ ++ li = calloc(LOCINFO_HASH_SIZE, sizeof *li); ++ ++ while (fgets(line, sizeof line, fp)) { ++ char *p = line, *code, *name, *comment; ++ uint32_t hash; ++ double latitude, longitude; ++ ++ while (isspace(*p)) ++ p++; ++ ++ if (*p == '#' || *p == '\0' || *p == '\n') ++ continue; ++ ++ if (!isalpha(p[0]) || !isalpha(p[1]) || p[2] != '\t') ++ continue; ++ ++ /* code => AA */ ++ code = p; ++ p[2] = 0; ++ p += 3; ++ ++ /* coords => [+-][D]DDMM[SS][+-][D]DDMM[SS] */ ++ p = parse_iso6709(p, &latitude); ++ if (!p) { ++ continue; ++ } ++ p = parse_iso6709(p, &longitude); ++ if (!p) { ++ continue; ++ } ++ ++ if (!p || *p != '\t') { ++ continue; ++ } ++ ++ /* name = string */ ++ name = ++p; ++ while (*p != '\t' && *p && *p != '\n') ++ p++; ++ ++ *p++ = '\0'; ++ ++ /* comment = string */ ++ comment = p; ++ while (*p != '\t' && *p && *p != '\n') ++ p++; ++ ++ if (*p == '\n' || *p == '\t') ++ *p = '\0'; ++ ++ hash = tz_hash(name); ++ i = malloc(sizeof *i); ++ memcpy(i->code, code, 2); ++ strncpy(i->name, name, sizeof i->name); ++ i->comment = strdup(comment); ++ i->longitude = longitude; ++ i->latitude = latitude; ++ i->next = li[hash]; ++ li[hash] = i; ++ /* printf("%s [%u, %f, %f]\n", name, hash, latitude, longitude); */ ++ } ++ ++ fclose(fp); ++ ++ return li; ++} ++ ++/* Return location info from hash table, using given timezone name. ++ * Returns NULL if the name could not be found. */ ++const struct location_info *find_zone_info(struct location_info **li, ++ const char *name) ++{ ++ uint32_t hash = tz_hash(name); ++ const struct location_info *l; ++ ++ if (!li) { ++ return NULL; ++ } ++ ++ for (l = li[hash]; l; l = l->next) { ++ if (strcasecmp(l->name, name) == 0) ++ return l; ++ } ++ ++ return NULL; ++} ++ ++/* Filter out some non-tzdata files and the posix/right databases, if ++ * present. */ ++static int index_filter(const struct dirent *ent) ++{ ++ return strcmp(ent->d_name, ".") != 0 ++ && strcmp(ent->d_name, "..") != 0 ++ && strcmp(ent->d_name, "posix") != 0 ++ && strcmp(ent->d_name, "posixrules") != 0 ++ && strcmp(ent->d_name, "right") != 0 ++ && strstr(ent->d_name, ".tab") == NULL; ++} ++ ++static int sysdbcmp(const void *first, const void *second) ++{ ++ const timelib_tzdb_index_entry *alpha = first, *beta = second; ++ ++ return strcmp(alpha->id, beta->id); ++} ++ ++ ++/* Create the zone identifier index by trawling the filesystem. */ ++static void create_zone_index(timelib_tzdb *db) ++{ ++ size_t dirstack_size, dirstack_top; ++ size_t index_size, index_next; ++ timelib_tzdb_index_entry *db_index; ++ char **dirstack; ++ ++ /* LIFO stack to hold directory entries to scan; each slot is a ++ * directory name relative to the zoneinfo prefix. */ ++ dirstack_size = 32; ++ dirstack = malloc(dirstack_size * sizeof *dirstack); ++ dirstack_top = 1; ++ dirstack[0] = strdup(""); ++ ++ /* Index array. */ ++ index_size = 64; ++ db_index = malloc(index_size * sizeof *db_index); ++ index_next = 0; ++ ++ do { ++ struct dirent **ents; ++ char name[PATH_MAX], *top; ++ int count; ++ ++ /* Pop the top stack entry, and iterate through its contents. */ ++ top = dirstack[--dirstack_top]; ++ snprintf(name, sizeof name, ZONEINFO_PREFIX "/%s", top); ++ ++ count = php_scandir(name, &ents, index_filter, php_alphasort); ++ ++ while (count > 0) { ++ struct stat st; ++ const char *leaf = ents[count - 1]->d_name; ++ ++ snprintf(name, sizeof name, ZONEINFO_PREFIX "/%s/%s", ++ top, leaf); ++ ++ if (strlen(name) && stat(name, &st) == 0) { ++ /* Name, relative to the zoneinfo prefix. */ ++ const char *root = top; ++ ++ if (root[0] == '/') root++; ++ ++ snprintf(name, sizeof name, "%s%s%s", root, ++ *root ? "/": "", leaf); ++ ++ if (S_ISDIR(st.st_mode)) { ++ if (dirstack_top == dirstack_size) { ++ dirstack_size *= 2; ++ dirstack = realloc(dirstack, ++ dirstack_size * sizeof *dirstack); ++ } ++ dirstack[dirstack_top++] = strdup(name); ++ } ++ else { ++ if (index_next == index_size) { ++ index_size *= 2; ++ db_index = realloc(db_index, ++ index_size * sizeof *db_index); ++ } ++ ++ db_index[index_next++].id = strdup(name); ++ } ++ } ++ ++ free(ents[--count]); ++ } ++ ++ if (count != -1) free(ents); ++ free(top); ++ } while (dirstack_top); ++ ++ qsort(db_index, index_next, sizeof *db_index, sysdbcmp); ++ ++ db->index = db_index; ++ db->index_size = index_next; ++ ++ free(dirstack); ++} ++ ++#define FAKE_HEADER "1234\0??\1??" ++#define FAKE_UTC_POS (7 - 4) ++ ++/* Create a fake data segment for database 'sysdb'. */ ++static void fake_data_segment(timelib_tzdb *sysdb, ++ struct location_info **info) ++{ ++ size_t n; ++ char *data, *p; ++ ++ data = malloc(3 * sysdb->index_size + 7); ++ ++ p = mempcpy(data, FAKE_HEADER, sizeof(FAKE_HEADER) - 1); ++ ++ for (n = 0; n < sysdb->index_size; n++) { ++ const struct location_info *li; ++ timelib_tzdb_index_entry *ent; ++ ++ ent = (timelib_tzdb_index_entry *)&sysdb->index[n]; ++ ++ /* Lookup the timezone name in the hash table. */ ++ if (strcmp(ent->id, "UTC") == 0) { ++ ent->pos = FAKE_UTC_POS; ++ continue; ++ } ++ ++ li = find_zone_info(info, ent->id); ++ if (li) { ++ /* If found, append the BC byte and the ++ * country code; set the position for this ++ * section of timezone data. */ ++ ent->pos = (p - data) - 4; ++ *p++ = '\1'; ++ *p++ = li->code[0]; ++ *p++ = li->code[1]; ++ } ++ else { ++ /* If not found, the timezone data can ++ * point at the header. */ ++ ent->pos = 0; ++ } ++ } ++ ++ sysdb->data = (unsigned char *)data; ++} ++ ++/* Returns true if the passed-in stat structure describes a ++ * probably-valid timezone file. */ ++static int is_valid_tzfile(const struct stat *st) ++{ ++ return S_ISREG(st->st_mode) && st->st_size > 20; ++} ++ ++/* Return the mmap()ed tzfile if found, else NULL. On success, the ++ * length of the mapped data is placed in *length. */ ++static char *map_tzfile(const char *timezone, size_t *length) ++{ ++ char fname[PATH_MAX]; ++ struct stat st; ++ char *p; ++ int fd; ++ ++ if (timezone[0] == '\0' || strstr(timezone, "..") != NULL) { ++ return NULL; ++ } ++ ++ snprintf(fname, sizeof fname, ZONEINFO_PREFIX "/%s", timezone); ++ ++ fd = open(fname, O_RDONLY); ++ if (fd == -1) { ++ return NULL; ++ } else if (fstat(fd, &st) != 0 || !is_valid_tzfile(&st)) { ++ close(fd); ++ return NULL; ++ } ++ ++ *length = st.st_size; ++ p = mmap(NULL, st.st_size, PROT_READ, MAP_SHARED, fd, 0); ++ close(fd); ++ ++ return p != MAP_FAILED ? p : NULL; ++} ++ ++#endif ++ ++static int inmem_seek_to_tz_position(const unsigned char **tzf, char *timezone, const timelib_tzdb *tzdb) + { + int left = 0, right = tzdb->index_size - 1; + #ifdef HAVE_SETLOCALE +@@ -299,36 +709,125 @@ static int seek_to_tz_position(const uns + return 0; + } + ++static int seek_to_tz_position(const unsigned char **tzf, char *timezone, ++ char **map, size_t *maplen, ++ const timelib_tzdb *tzdb) ++{ ++#ifdef HAVE_SYSTEM_TZDATA ++ if (tzdb == timezonedb_system) { ++ char *orig; ++ ++ orig = map_tzfile(timezone, maplen); ++ if (orig == NULL) { ++ return 0; ++ } ++ ++ (*tzf) = (unsigned char *)orig ; ++ *map = orig; ++ ++ return 1; ++ } ++#endif ++ return inmem_seek_to_tz_position(tzf, timezone, tzdb); ++} ++ + const timelib_tzdb *timelib_builtin_db(void) + { ++#ifdef HAVE_SYSTEM_TZDATA ++ if (timezonedb_system == NULL) { ++ timelib_tzdb *tmp = malloc(sizeof *tmp); ++ ++ tmp->version = "0.system"; ++ tmp->data = NULL; ++ create_zone_index(tmp); ++ system_location_table = create_location_table(); ++ fake_data_segment(tmp, system_location_table); ++ timezonedb_system = tmp; ++ } ++ ++ ++ return timezonedb_system; ++#else + return &timezonedb_builtin; ++#endif + } + + const timelib_tzdb_index_entry *timelib_timezone_builtin_identifiers_list(int *count) + { ++#ifdef HAVE_SYSTEM_TZDATA ++ *count = timezonedb_system->index_size; ++ return timezonedb_system->index; ++#else + *count = sizeof(timezonedb_idx_builtin) / sizeof(*timezonedb_idx_builtin); + return timezonedb_idx_builtin; ++#endif + } + + int timelib_timezone_id_is_valid(char *timezone, const timelib_tzdb *tzdb) + { + const unsigned char *tzf; +- return (seek_to_tz_position(&tzf, timezone, tzdb)); ++ ++#ifdef HAVE_SYSTEM_TZDATA ++ if (tzdb == timezonedb_system) { ++ char fname[PATH_MAX]; ++ struct stat st; ++ ++ if (timezone[0] == '\0' || strstr(timezone, "..") != NULL) { ++ return 0; ++ } ++ ++ snprintf(fname, sizeof fname, ZONEINFO_PREFIX "/%s", timezone); ++ ++ return stat(fname, &st) == 0 && is_valid_tzfile(&st); ++ } ++#endif ++ ++ return (inmem_seek_to_tz_position(&tzf, timezone, tzdb)); + } + + timelib_tzinfo *timelib_parse_tzfile(char *timezone, const timelib_tzdb *tzdb) + { + const unsigned char *tzf; ++ char *memmap = NULL; ++ size_t maplen; + timelib_tzinfo *tmp; + +- if (seek_to_tz_position(&tzf, timezone, tzdb)) { ++ if (seek_to_tz_position(&tzf, timezone, &memmap, &maplen, tzdb)) { + tmp = timelib_tzinfo_ctor(timezone); + + read_preamble(&tzf, tmp); + read_header(&tzf, tmp); + read_transistions(&tzf, tmp); + read_types(&tzf, tmp); +- read_location(&tzf, tmp); ++ ++#ifdef HAVE_SYSTEM_TZDATA ++ if (memmap) { ++ const struct location_info *li; ++ ++ /* TZif-style - grok the location info from the system database, ++ * if possible. */ ++ ++ if ((li = find_zone_info(system_location_table, timezone)) != NULL) { ++ tmp->location.comments = strdup(li->comment); ++ strncpy(tmp->location.country_code, li->code, 2); ++ tmp->location.longitude = li->longitude; ++ tmp->location.latitude = li->latitude; ++ tmp->bc = 1; ++ } ++ else { ++ strcpy(tmp->location.country_code, "??"); ++ tmp->bc = 0; ++ tmp->location.comments = strdup(""); ++ } ++ ++ /* Now done with the mmap segment - discard it. */ ++ munmap(memmap, maplen); ++ } else ++#endif ++ { ++ /* PHP-style - use the embedded info. */ ++ read_location(&tzf, tmp); ++ } + } else { + tmp = NULL; + } +--- a/ext/date/lib/timelib.m4 ++++ b/ext/date/lib/timelib.m4 +@@ -78,3 +78,17 @@ stdlib.h + + dnl Check for strtoll, atoll + AC_CHECK_FUNCS(strtoll atoll strftime) ++ ++PHP_ARG_WITH(system-tzdata, for use of system timezone data, ++[ --with-system-tzdata[=DIR] to specify use of system timezone data], ++no, no) ++ ++if test "$PHP_SYSTEM_TZDATA" != "no"; then ++ AC_DEFINE(HAVE_SYSTEM_TZDATA, 1, [Define if system timezone data is used]) ++ ++ if test "$PHP_SYSTEM_TZDATA" != "yes"; then ++ AC_DEFINE_UNQUOTED(HAVE_SYSTEM_TZDATA_PREFIX, "$PHP_SYSTEM_TZDATA", ++ [Define for location of system timezone data]) ++ fi ++fi ++ +--- a/ext/date/php_date.c ++++ b/ext/date/php_date.c +@@ -863,6 +863,23 @@ static char* guess_timezone(const timeli + } else if (*DATEG(default_timezone) && timelib_timezone_id_is_valid(DATEG(default_timezone), tzdb)) { + return DATEG(default_timezone); + } ++ /* Try to guess timezone from system information */ ++ { ++ struct tm *ta, tmbuf; ++ time_t the_time; ++ char *tzid = NULL; ++ ++ the_time = time(NULL); ++ ta = php_localtime_r(&the_time, &tmbuf); ++ if (ta) { ++ tzid = timelib_timezone_id_from_abbr(ta->tm_zone, ta->tm_gmtoff, ta->tm_isdst); ++ } ++ if (! tzid) { ++ tzid = "UTC"; ++ } ++ ++ return tzid; ++ } + /* Fallback to UTC */ + php_error_docref(NULL TSRMLS_CC, E_WARNING, DATE_TZ_ERRMSG "We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone."); + return "UTC"; --- php5-5.4.6.orig/debian/patches/use_system_crypt_fixes.patch +++ php5-5.4.6/debian/patches/use_system_crypt_fixes.patch @@ -0,0 +1,11 @@ +--- a/ext/standard/tests/strings/bug51059.phpt ++++ b/ext/standard/tests/strings/bug51059.phpt +@@ -3,7 +3,7 @@ Bug #51059 crypt() segfaults on certain + --FILE-- + --- php5-5.4.6.orig/debian/patches/bug53070.patch +++ php5-5.4.6/debian/patches/bug53070.patch @@ -0,0 +1,20 @@ +--- a/ext/enchant/enchant.c ++++ b/ext/enchant/enchant.c +@@ -429,6 +429,8 @@ PHP_FUNCTION(enchant_broker_set_dict_pat + if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "rls", &broker, &dict_type, &value, &value_len) == FAILURE) { + RETURN_FALSE; + } ++ ++ PHP_ENCHANT_GET_BROKER; + + if (!value_len) { + RETURN_FALSE; +@@ -485,6 +487,8 @@ PHP_FUNCTION(enchant_broker_get_dict_pat + default: + RETURN_FALSE; + } ++ ++ PHP_ENCHANT_GET_BROKER; + + RETURN_STRING(value, 1); + } --- php5-5.4.6.orig/debian/patches/sybase-alias.patch +++ php5-5.4.6/debian/patches/sybase-alias.patch @@ -0,0 +1,41 @@ +--- a/ext/mssql/php_mssql.c ++++ b/ext/mssql/php_mssql.c +@@ -178,6 +178,38 @@ const zend_function_entry mssql_function + PHP_FE(mssql_execute, arginfo_mssql_execute) + PHP_FE(mssql_free_statement, arginfo_mssql_free_statement) + PHP_FE(mssql_guid_string, arginfo_mssql_guid_string) ++#if !defined(PHP_WIN32) && !defined(HAVE_SYBASE_CT) ++ PHP_FALIAS(sybase_connect, mssql_connect, arginfo_mssql_connect) ++ PHP_FALIAS(sybase_pconnect, mssql_pconnect, arginfo_mssql_connect) ++ PHP_FALIAS(sybase_close, mssql_close, arginfo_mssql_close) ++ PHP_FALIAS(sybase_select_db, mssql_select_db, arginfo_mssql_select_db) ++ PHP_FALIAS(sybase_query, mssql_query, arginfo_mssql_query) ++ PHP_FALIAS(sybase_fetch_batch, mssql_fetch_batch, arginfo_mssql_fetch_batch) ++ PHP_FALIAS(sybase_affected_rows, mssql_rows_affected, arginfo_mssql_rows_affected) ++ PHP_FALIAS(sybase_free_result, mssql_free_result, arginfo_mssql_fetch_batch) ++ PHP_FALIAS(sybase_get_last_message, mssql_get_last_message, arginfo_mssql_get_last_message) ++ PHP_FALIAS(sybase_num_rows, mssql_num_rows, arginfo_mssql_fetch_batch) ++ PHP_FALIAS(sybase_num_fields, mssql_num_fields, arginfo_mssql_fetch_batch) ++ PHP_FALIAS(sybase_fetch_field, mssql_fetch_field, arginfo_mssql_fetch_field) ++ PHP_FALIAS(sybase_fetch_row, mssql_fetch_row, arginfo_mssql_fetch_batch) ++ PHP_FALIAS(sybase_fetch_array, mssql_fetch_array, arginfo_mssql_fetch_array) ++ PHP_FALIAS(sybase_fetch_assoc, mssql_fetch_assoc, arginfo_mssql_fetch_assoc) ++ PHP_FALIAS(sybase_fetch_object, mssql_fetch_object, arginfo_mssql_fetch_batch) ++ PHP_FALIAS(sybase_field_length, mssql_field_length, arginfo_mssql_field_length) ++ PHP_FALIAS(sybase_field_name, mssql_field_name, arginfo_mssql_field_length) ++ PHP_FALIAS(sybase_field_type, mssql_field_type, arginfo_mssql_field_length) ++ PHP_FALIAS(sybase_data_seek, mssql_data_seek, arginfo_mssql_data_seek) ++ PHP_FALIAS(sybase_field_seek, mssql_field_seek, arginfo_mssql_fetch_field) ++ PHP_FALIAS(sybase_result, mssql_result, arginfo_mssql_result) ++ PHP_FALIAS(sybase_next_result, mssql_next_result, arginfo_mssql_fetch_assoc) ++ PHP_FALIAS(sybase_min_error_severity, mssql_min_error_severity, arginfo_mssql_min_error_severity) ++ PHP_FALIAS(sybase_min_message_severity, mssql_min_message_severity, arginfo_mssql_min_error_severity) ++ PHP_FALIAS(sybase_init, mssql_init, arginfo_mssql_init) ++ PHP_FALIAS(sybase_bind, mssql_bind, arginfo_mssql_bind) ++ PHP_FALIAS(sybase_execute, mssql_execute, arginfo_mssql_execute) ++ PHP_FALIAS(sybase_free_statement, mssql_free_statement, arginfo_mssql_free_statement) ++ PHP_FALIAS(sybase_guid_string, mssql_guid_string, arginfo_mssql_guid_string) ++#endif + PHP_FE_END + }; + /* }}} */ --- php5-5.4.6.orig/debian/patches/backport-upstream-lp592442.patch +++ php5-5.4.6/debian/patches/backport-upstream-lp592442.patch @@ -0,0 +1,21 @@ +--- a/ext/openssl/xp_ssl.c ++++ b/ext/openssl/xp_ssl.c +@@ -395,6 +395,18 @@ static inline int php_openssl_setup_cryp + } + #endif + ++#if OPENSSL_VERSION_NUMBER >= 0x0090806fL ++ { ++ zval **val; ++ ++ if (stream->context && SUCCESS == php_stream_context_get_option( ++ stream->context, "ssl", "no_ticket", &val) && ++ zval_is_true(*val)) { ++ SSL_CTX_set_options(sslsock->ctx, SSL_OP_NO_TICKET); ++ } ++ } ++#endif ++ + sslsock->ssl_handle = php_SSL_new_from_context(sslsock->ctx, stream TSRMLS_CC); + if (sslsock->ssl_handle == NULL) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "failed to create an SSL handle"); --- php5-5.4.6.orig/debian/patches/108-64_bit_datetime.patch +++ php5-5.4.6/debian/patches/108-64_bit_datetime.patch @@ -0,0 +1,12 @@ +--- a/ext/standard/datetime.c ++++ b/ext/standard/datetime.c +@@ -20,6 +20,9 @@ + + /* $Id$ */ + ++#define _XOPEN_SOURCE /* needed to get strptime() declared */ ++#define _BSD_SOURCE /* needed to get ulong declared */ ++ + #include "php.h" + #include "zend_operators.h" + #include "datetime.h" --- php5-5.4.6.orig/debian/patches/libdb_is_-ldb +++ php5-5.4.6/debian/patches/libdb_is_-ldb @@ -0,0 +1,17 @@ +Description: Let configure check detect version-less libdbs to support + newer versions without patching the configure code. +Origin: vendor +Forwarded: no +Last-Update: 2010-01-18 + +--- a/ext/dba/config.m4 ++++ b/ext/dba/config.m4 +@@ -362,7 +362,7 @@ if test "$PHP_DB4" != "no"; then + break + fi + done +- PHP_DBA_DB_CHECK(4, db-5.1 db-5.0 db-4.8 db-4.7 db-4.6 db-4.5 db-4.4 db-4.3 db-4.2 db-4.1 db-4.0 db-4 db4 db, [(void)db_create((DB**)0, (DB_ENV*)0, 0)]) ++ PHP_DBA_DB_CHECK(4, db, [(void)db_create((DB**)0, (DB_ENV*)0, 0)]) + fi + PHP_DBA_STD_RESULT(db4,Berkeley DB4) + --- php5-5.4.6.orig/debian/patches/php_crypt_revamped.patch +++ php5-5.4.6/debian/patches/php_crypt_revamped.patch @@ -0,0 +1,573 @@ +--- a/ext/standard/config.m4 ++++ b/ext/standard/config.m4 +@@ -58,6 +58,12 @@ if test "$ac_cv_func_crypt" = "no"; then + AC_DEFINE(HAVE_CRYPT, 1, [ ]) + ]) + fi ++ ++AC_CHECK_FUNCS(crypt_r, [ php_crypt_r="1" ], [ php_crypt_r="0" ]) ++if test "x$php_crypt_r" = "x1"; then ++ PHP_CRYPT_R_STYLE ++ AC_DEFINE(HAVE_CRYPT_R, 1, [ ]) ++fi + + AC_CACHE_CHECK(for standard DES crypt, ac_cv_crypt_des,[ + AC_TRY_RUN([ +@@ -229,11 +235,68 @@ main() { + ac_cv_crypt_SHA256=no + ])]) + ++dnl ++dnl Define PHP_*_CRYPT according to system ++dnl ++ ++if test "$ac_cv_crypt_des" = "yes"; then ++ ac_result=1 ++ ac_crypt_des=1 ++else ++ ac_result=0 ++ ac_crypt_des=0 ++fi ++AC_DEFINE_UNQUOTED(PHP_STD_DES_CRYPT, $ac_result, [Whether the system supports standard DES salt]) ++ ++if test "$ac_cv_crypt_md5" = "yes"; then ++ ac_result=1 ++ ac_crypt_md5=1 ++else ++ ac_result=0 ++ ac_crypt_md5=0 ++fi ++AC_DEFINE_UNQUOTED(PHP_MD5_CRYPT, $ac_result, [Whether the system supports MD5 salt]) ++ ++if test "$ac_cv_crypt_blowfish" = "yes"; then ++ ac_result=1 ++ ac_crypt_blowfish=1 ++else ++ ac_result=0 ++ ac_crypt_blowfish=0 ++fi ++AC_DEFINE_UNQUOTED(PHP_BLOWFISH_CRYPT, $ac_result, [Whether the system supports BlowFish salt]) ++ ++if test "$ac_cv_crypt_ext_des" = "yes"; then ++ ac_result=1 ++ ac_crypt_edes=1 ++else ++ ac_result=0 ++ ac_crypt_edes=0 ++fi ++AC_DEFINE_UNQUOTED(PHP_EXT_DES_CRYPT, $ac_result, [Whether the system supports extended DES salt]) ++ ++if test "$ac_cv_crypt_SHA512" = "yes"; then ++ ac_result=1 ++ ac_crypt_sha512=1 ++else ++ ac_result=0 ++ ac_crypt_sha512=0 ++fi ++AC_DEFINE_UNQUOTED(PHP_SHA512_CRYPT, $ac_result, [Whether the system supports SHA512 salt]) ++ ++if test "$ac_cv_crypt_SHA256" = "yes"; then ++ ac_result=1 ++ ac_crypt_sha256=1 ++else ++ ac_result=0 ++ ac_crypt_sha256=0 ++fi ++AC_DEFINE_UNQUOTED(PHP_SHA256_CRYPT, $ac_result, [Whether the system supports SHA256 salt]) + + dnl + dnl If one of them is missing, use our own implementation, portable code is then possible + dnl +-if test "$ac_cv_crypt_blowfish" = "no" || test "$ac_cv_crypt_des" = "no" || test "$ac_cv_crypt_ext_des" = "no" || test "x$php_crypt_r" = "x0"; then ++if test "$ac_cv_crypt_SHA512" = no || test "$ac_cv_crypt_SHA256" = "no" || test "$ac_cv_crypt_blowfish" = "no" || test "$ac_cv_crypt_des" = "no" || test "$ac_cv_crypt_md5" = "no" || test "$ac_cv_crypt_ext_des" = "no" || test "x$php_crypt_r" = "x0"; then + + dnl + dnl Check for __alignof__ support in the compiler +@@ -267,74 +330,15 @@ if test "$ac_cv_crypt_blowfish" = "no" | + AC_DEFINE([HAVE_ATTRIBUTE_ALIGNED], 1, [whether the compiler supports __attribute__ ((__aligned__))]) + fi + +- +- AC_DEFINE_UNQUOTED(PHP_USE_PHP_CRYPT_R, 1, [Whether PHP has to use its own crypt_r for blowfish, des, ext des and md5]) +- AC_DEFINE_UNQUOTED(PHP_STD_DES_CRYPT, 1, [Whether the system supports standard DES salt]) +- AC_DEFINE_UNQUOTED(PHP_BLOWFISH_CRYPT, 1, [Whether the system supports BlowFish salt]) +- AC_DEFINE_UNQUOTED(PHP_EXT_DES_CRYPT, 1, [Whether the system supports extended DES salt]) +- AC_DEFINE_UNQUOTED(PHP_MD5_CRYPT, 1, [Whether the system supports MD5 salt]) +- AC_DEFINE_UNQUOTED(PHP_SHA512_CRYPT, 1, [Whether the system supports SHA512 salt]) +- AC_DEFINE_UNQUOTED(PHP_SHA256_CRYPT, 1, [Whether the system supports SHA256 salt]) ++ ac_result=1 + + PHP_ADD_SOURCES(PHP_EXT_DIR(standard), crypt_freesec.c crypt_blowfish.c crypt_sha512.c crypt_sha256.c php_crypt_r.c) + else +- if test "$ac_cv_crypt_des" = "yes"; then +- ac_result=1 +- ac_crypt_des=1 +- else +- ac_result=0 +- ac_crypt_des=0 +- fi +- AC_DEFINE_UNQUOTED(PHP_STD_DES_CRYPT, $ac_result, [Whether the system supports standard DES salt]) +- +- if test "$ac_cv_crypt_blowfish" = "yes"; then +- ac_result=1 +- ac_crypt_blowfish=1 +- else +- ac_result=0 +- ac_crypt_blowfish=0 +- fi +- AC_DEFINE_UNQUOTED(PHP_BLOWFISH_CRYPT, $ac_result, [Whether the system supports BlowFish salt]) +- +- if test "$ac_cv_crypt_ext_des" = "yes"; then +- ac_result=1 +- ac_crypt_edes=1 +- else +- ac_result=0 +- ac_crypt_edes=0 +- fi +- AC_DEFINE_UNQUOTED(PHP_EXT_DES_CRYPT, $ac_result, [Whether the system supports extended DES salt]) +- +- if test "$ac_cv_crypt_md5" = "yes"; then +- ac_result=1 +- ac_crypt_md5=1 +- else +- ac_result=0 +- ac_crypt_md5=0 +- fi +- AC_DEFINE_UNQUOTED(PHP_MD5_CRYPT, $ac_result, [Whether the system supports MD5 salt]) +- +- if test "$ac_cv_crypt_sha512" = "yes"; then +- ac_result=1 +- ac_crypt_sha512=1 +- else +- ac_result=0 +- ac_crypt_sha512=0 +- fi +- AC_DEFINE_UNQUOTED(PHP_SHA512_CRYPT, $ac_result, [Whether the system supports SHA512 salt]) +- +- if test "$ac_cv_crypt_sha256" = "yes"; then +- ac_result=1 +- ac_crypt_sha256=1 +- else +- ac_result=0 +- ac_crypt_sha256=0 +- fi +- AC_DEFINE_UNQUOTED(PHP_SHA256_CRYPT, $ac_result, [Whether the system supports SHA256 salt]) +- +- AC_DEFINE_UNQUOTED(PHP_USE_PHP_CRYPT_R, 0, [Whether PHP has to use its own crypt_r for blowfish, des and ext des]) ++ ac_result=0 + fi + ++AC_DEFINE_UNQUOTED(PHP_USE_PHP_CRYPT_R, $ac_result, [Whether PHP has to use its own crypt_r for blowfish, des and ext des]) ++ + dnl + dnl Check for available functions + dnl +--- a/ext/standard/crypt.c ++++ b/ext/standard/crypt.c +@@ -32,13 +32,12 @@ + #if PHP_USE_PHP_CRYPT_R + # include "php_crypt_r.h" + # include "crypt_freesec.h" +-#else +-# if HAVE_CRYPT_H +-# if defined(CRYPT_R_GNU_SOURCE) && !defined(_GNU_SOURCE) +-# define _GNU_SOURCE +-# endif +-# include ++#endif ++#if HAVE_CRYPT_H ++# if defined(CRYPT_R_GNU_SOURCE) && !defined(_GNU_SOURCE) ++# define _GNU_SOURCE + # endif ++# include + #endif + #if TM_IN_SYS_TIME + #include +@@ -64,56 +63,50 @@ + * PHP_EXT_DES_CRYPT, PHP_MD5_CRYPT and PHP_BLOWFISH_CRYPT as appropriate + * for the target platform. */ + +-#if PHP_STD_DES_CRYPT +-#define PHP_MAX_SALT_LEN 2 +-#endif +- +-#if PHP_EXT_DES_CRYPT +-#undef PHP_MAX_SALT_LEN +-#define PHP_MAX_SALT_LEN 9 ++#if defined(HAVE_CRYPT_R) && (defined(_REENTRANT) || defined(_THREAD_SAFE)) ++# define PHP_USE_SYSTEM_CRYPT_R + #endif + +-#if PHP_MD5_CRYPT +-#undef PHP_MAX_SALT_LEN +-#define PHP_MAX_SALT_LEN 12 +-#endif ++#define PHP_MAX_STD_DES_SALT_LEN 2 ++#define PHP_MAX_STD_DES_HASH_LEN 11 + +-#if PHP_BLOWFISH_CRYPT +-#undef PHP_MAX_SALT_LEN +-#define PHP_MAX_SALT_LEN 60 +-#endif +- +-#if PHP_SHA512_CRYPT +-#undef PHP_MAX_SALT_LEN +-#define PHP_MAX_SALT_LEN 123 +-#endif +- +- +-/* If the configure-time checks fail, we provide DES. +- * XXX: This is a hack. Fix the real problem! */ +- +-#ifndef PHP_MAX_SALT_LEN +-#define PHP_MAX_SALT_LEN 2 +-#undef PHP_STD_DES_CRYPT +-#define PHP_STD_DES_CRYPT 1 +-#endif ++#define PHP_MAX_EXT_DES_SALT_LEN 9 ++#define PHP_MAX_EXT_DES_HASH_LEN 11 ++ ++#define PHP_MAX_MD5_SALT_LEN 12 ++#define PHP_MAX_MD5_HASH_LEN 22 ++ ++#define PHP_MAX_BLOWFISH_SALT_LEN 29 ++#define PHP_MAX_BLOWFISH_HASH_LEN 31 ++ ++#define PHP_MAX_SHA256_SALT_LEN 37 ++#define PHP_MAX_SHA256_HASH_LEN 43 ++ ++#define PHP_MAX_SHA512_SALT_LEN 37 ++#define PHP_MAX_SHA512_HASH_LEN 86 ++ ++/* ++ * Maximum salt length is from SHA512 ++ * Maximum hash length is from SHA512 ++ */ ++#define PHP_MAX_SALT_LEN 37 ++#define PHP_MAX_HASH_LEN 86 + + #define PHP_CRYPT_RAND php_rand(TSRMLS_C) + + PHP_MINIT_FUNCTION(crypt) /* {{{ */ + { + REGISTER_LONG_CONSTANT("CRYPT_SALT_LENGTH", PHP_MAX_SALT_LEN, CONST_CS | CONST_PERSISTENT); +- REGISTER_LONG_CONSTANT("CRYPT_STD_DES", PHP_STD_DES_CRYPT, CONST_CS | CONST_PERSISTENT); +- REGISTER_LONG_CONSTANT("CRYPT_EXT_DES", PHP_EXT_DES_CRYPT, CONST_CS | CONST_PERSISTENT); +- REGISTER_LONG_CONSTANT("CRYPT_MD5", PHP_MD5_CRYPT, CONST_CS | CONST_PERSISTENT); +- REGISTER_LONG_CONSTANT("CRYPT_BLOWFISH", PHP_BLOWFISH_CRYPT, CONST_CS | CONST_PERSISTENT); +- ++ REGISTER_LONG_CONSTANT("CRYPT_STD_DES", PHP_STD_DES_CRYPT | PHP_USE_PHP_CRYPT_R, CONST_CS | CONST_PERSISTENT); ++ REGISTER_LONG_CONSTANT("CRYPT_EXT_DES", PHP_EXT_DES_CRYPT | PHP_USE_PHP_CRYPT_R, CONST_CS | CONST_PERSISTENT); ++ REGISTER_LONG_CONSTANT("CRYPT_MD5", PHP_MD5_CRYPT | PHP_USE_PHP_CRYPT_R, CONST_CS | CONST_PERSISTENT); ++ REGISTER_LONG_CONSTANT("CRYPT_BLOWFISH", PHP_BLOWFISH_CRYPT | PHP_USE_PHP_CRYPT_R, CONST_CS | CONST_PERSISTENT); + #ifdef PHP_SHA256_CRYPT +- REGISTER_LONG_CONSTANT("CRYPT_SHA256", PHP_SHA256_CRYPT, CONST_CS | CONST_PERSISTENT); ++ REGISTER_LONG_CONSTANT("CRYPT_SHA256", PHP_SHA256_CRYPT | PHP_USE_PHP_CRYPT_R, CONST_CS | CONST_PERSISTENT); + #endif + + #ifdef PHP_SHA512_CRYPT +- REGISTER_LONG_CONSTANT("CRYPT_SHA512", PHP_SHA512_CRYPT, CONST_CS | CONST_PERSISTENT); ++ REGISTER_LONG_CONSTANT("CRYPT_SHA512", PHP_SHA512_CRYPT | PHP_USE_PHP_CRYPT_R, CONST_CS | CONST_PERSISTENT); + #endif + + #if PHP_USE_PHP_CRYPT_R +@@ -124,15 +117,15 @@ PHP_MINIT_FUNCTION(crypt) /* {{{ */ + } + /* }}} */ + ++#if PHP_USE_PHP_CRYPT_R + PHP_MSHUTDOWN_FUNCTION(crypt) /* {{{ */ + { +-#if PHP_USE_PHP_CRYPT_R + php_shutdown_crypt_r(); +-#endif + + return SUCCESS; + } + /* }}} */ ++#endif + + static unsigned char itoa64[] = "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"; + +@@ -150,160 +143,158 @@ static void php_to64(char *s, long v, in + PHP_FUNCTION(crypt) + { + char salt[PHP_MAX_SALT_LEN + 1]; ++ int salt_len = 0; ++ char output[PHP_MAX_SALT_LEN + PHP_MAX_HASH_LEN + 1]; + char *str, *salt_in = NULL; + int str_len, salt_in_len = 0; +- char *crypt_res; +- salt[0] = salt[PHP_MAX_SALT_LEN] = '\0'; ++ char *crypt_res = NULL; ++#if PHP_USE_PHP_CRYPT_R ++ struct php_crypt_extended_data extended_buffer; ++#endif ++#if defined(PHP_USE_SYSTEM_CRYPT_R) ++# if defined(CRYPT_R_STRUCT_CRYPT_DATA) ++ struct crypt_data buffer; ++# elif defined(CRYPT_R_CRYPTD) ++ CRYPTD buffer; ++# else ++# error Data struct used by crypt_r() is unknown. Please report. ++# endif ++#endif + +- /* This will produce suitable results if people depend on DES-encryption +- * available (passing always 2-character salt). At least for glibc6.1 */ +- memset(&salt[1], '$', PHP_MAX_SALT_LEN - 1); ++ salt[0] = salt[PHP_MAX_SALT_LEN] = '\0'; + + if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s|s", &str, &str_len, &salt_in, &salt_in_len) == FAILURE) { + return; + } + +- if (salt_in) { +- memcpy(salt, salt_in, MIN(PHP_MAX_SALT_LEN, salt_in_len)); +- } +- +- /* The automatic salt generation covers standard DES, md5-crypt and Blowfish (simple) */ +- if (!*salt) { +-#if PHP_MD5_CRYPT +- strncpy(salt, "$1$", PHP_MAX_SALT_LEN); +- php_to64(&salt[3], PHP_CRYPT_RAND, 4); +- php_to64(&salt[7], PHP_CRYPT_RAND, 4); +- strncpy(&salt[11], "$", PHP_MAX_SALT_LEN - 11); +-#elif PHP_STD_DES_CRYPT +- php_to64(&salt[0], PHP_CRYPT_RAND, 2); +- salt[2] = '\0'; +-#endif +- salt_in_len = strlen(salt); ++ if (salt_in && (salt_in_len > 0)) { ++ salt_len = MIN(PHP_MAX_SALT_LEN, salt_in_len); ++ memcpy(salt, salt_in, salt_len); ++ salt[salt_len] = '\0'; + } else { +- salt_in_len = MIN(PHP_MAX_SALT_LEN, salt_in_len); ++ /* Use SHA512 as default algorithm */ ++ salt[0] = '$'; salt[1] = '6'; salt[2] = '$'; ++ php_to64(&salt[3], PHP_CRYPT_RAND, 4); ++ php_to64(&salt[7], PHP_CRYPT_RAND, 4); ++ php_to64(&salt[11], PHP_CRYPT_RAND, 4); ++ salt[15] = '$'; salt[16] = '\0'; ++ salt_len = 16; + } + +-/* Windows (win32/crypt) has a stripped down version of libxcrypt and +- a CryptoApi md5_crypt implementation */ +-#if PHP_USE_PHP_CRYPT_R + { +- struct php_crypt_extended_data buffer; ++#if PHP_USE_PHP_CRYPT_R ++ memset(&extended_buffer, 0, sizeof(extended_buffer)); ++#endif ++#if defined(PHP_USE_SYSTEM_CRYPT_R) ++# if defined(CRYPT_R_STRUCT_CRYPT_DATA) ++ buffer->initialized = 0; ++# else ++ memset(&buffer, 0, sizeof(buffer)); ++# endif ++#endif + + if (salt[0]=='$' && salt[1]=='1' && salt[2]=='$') { +- char output[MD5_HASH_MAX_LEN]; +- +- RETURN_STRING(php_md5_crypt_r(str, salt, output), 1); ++ /* CRYPT_MD5 */ ++#if PHP_MD5_CRYPT ++# if defined(PHP_USE_SYSTEM_CRYPT_R) ++# warning Using system MD5 crypt function, which is OK on Debian system ++ crypt_res = crypt_r(str, salt, &buffer); ++# else ++ crypt_res = crypt(str, salt); ++# endif ++#elif PHP_USE_PHP_CRYPT_R ++# error Using PHP MD5 crypt function, should not happen on Debian system ++ crypt_res = php_md5_crypt_r(str, salt, output); ++#endif + } else if (salt[0]=='$' && salt[1]=='6' && salt[2]=='$') { +- const char sha512_salt_prefix[] = "$6$"; +- const char sha512_rounds_prefix[] = "rounds="; +- char *output; +- int needed = (sizeof(sha512_salt_prefix) - 1 +- + sizeof(sha512_rounds_prefix) + 9 + 1 +- + salt_in_len + 1 + 86 + 1); +- output = emalloc(needed); +- salt[salt_in_len] = '\0'; +- +- crypt_res = php_sha512_crypt_r(str, salt, output, needed); +- if (!crypt_res) { +- if (salt[0]=='*' && salt[1]=='0') { +- RETVAL_STRING("*1", 1); +- } else { +- RETVAL_STRING("*0", 1); +- } +- } else { +- RETVAL_STRING(output, 1); +- } +- +- memset(output, 0, needed); +- efree(output); ++ /* CRYPT_SHA512 */ ++#if PHP_SHA512_CRYPT ++# warning Using system SHA512 crypt function, which is OK on Debian system ++# if defined(PHP_USE_SYSTEM_CRYPT_R) ++ crypt_res = crypt_r(str, salt, &buffer); ++# else ++ crypt_res = crypt(str, salt); ++# endif ++#elif PHP_USE_PHP_CRYPT_R ++# error Using PHP SHA512 crypt function, should not happen on Debian system ++ crypt_res = php_sha512_crypt_r(str, salt, output, sizeof(output)); ++#endif + } else if (salt[0]=='$' && salt[1]=='5' && salt[2]=='$') { +- const char sha256_salt_prefix[] = "$5$"; +- const char sha256_rounds_prefix[] = "rounds="; +- char *output; +- int needed = (sizeof(sha256_salt_prefix) - 1 +- + sizeof(sha256_rounds_prefix) + 9 + 1 +- + salt_in_len + 1 + 43 + 1); +- output = emalloc(needed); +- salt[salt_in_len] = '\0'; +- +- crypt_res = php_sha256_crypt_r(str, salt, output, needed); +- if (!crypt_res) { +- if (salt[0]=='*' && salt[1]=='0') { +- RETVAL_STRING("*1", 1); +- } else { +- RETVAL_STRING("*0", 1); +- } +- } else { +- RETVAL_STRING(output, 1); +- } +- +- memset(output, 0, needed); +- efree(output); ++ /* CRYPT_SHA256 */ ++#if PHP_SHA256_CRYPT ++# warning Using system SHA256 crypt function, which is OK on Debian system ++# if defined(PHP_USE_SYSTEM_CRYPT_R) ++ crypt_res = crypt_r(str, salt, &buffer); ++# else ++ crypt_res = crypt(str, salt); ++# endif ++#elif PHP_USE_PHP_CRYPT_R ++# error Using PHP SHA256 crypt function, should not happen on Debian system ++ crypt_res = php_sha256_crypt_r(str, salt, output, sizeof(output)); ++#endif + } else if ( + salt[0] == '$' && + salt[1] == '2' && + salt[2] >= 'a' && salt[2] <= 'z' && + salt[3] == '$' && +- salt[4] >= '0' && salt[4] <= '3' && +- salt[5] >= '0' && salt[5] <= '9' && + salt[6] == '$') { +- char output[PHP_MAX_SALT_LEN + 1]; +- +- memset(output, 0, PHP_MAX_SALT_LEN + 1); +- ++ /* CRYPT_BLOWFISH */ ++#if PHP_BLOWFISH_CRYPT ++# error Using system BlowFish crypt function, should not happen on Debian system ++# if defined(PHP_USE_SYSTEM_CRYPT_R) ++ crypt_res = crypt_r(str, salt, &buffer); ++# else ++ crypt_res = crypt(str, salt); ++# endif ++#elif PHP_USE_PHP_CRYPT_R ++# warning Using PHP BlowFish crypt function, which is OK on Debian system + crypt_res = php_crypt_blowfish_rn(str, salt, output, sizeof(output)); +- if (!crypt_res) { +- if (salt[0]=='*' && salt[1]=='0') { +- RETVAL_STRING("*1", 1); +- } else { +- RETVAL_STRING("*0", 1); +- } +- } else { +- RETVAL_STRING(output, 1); +- } +- +- memset(output, 0, PHP_MAX_SALT_LEN + 1); ++#endif ++ } else if (salt[0]=='_' && ++ salt_len == 9) { ++ /* CRYPT_EXT_DES */ ++#if PHP_EXT_DES_CRYPT ++# error Using system extended DES crypt function, should not happen on Debian system ++# if defined(PHP_USE_SYSTEM_CRYPT_R) ++ crypt_res = crypt_r(str, salt, &buffer); ++# else ++ crypt_res = crypt(str, salt); ++# endif ++#elif PHP_USE_PHP_CRYPT_R ++# warning Using PHP extended DES crypt function, which is OK on Debian system ++ _crypt_extended_init_r(); ++ crypt_res = _crypt_extended_r(str, salt, &extended_buffer); ++#endif + } else { +- memset(&buffer, 0, sizeof(buffer)); ++ /* CRYPT_STD_DES */ ++#if PHP_STD_DES_CRYPT ++# warning Using system standard DES crypt function, which is OK on Debian system ++# if defined(PHP_USE_SYSTEM_CRYPT_R) ++ crypt_res = crypt_r(str, salt, &buffer); ++# else ++ crypt_res = crypt(str, salt); ++# endif ++#elif PHP_USE_PHP_CRYPT_R ++# error Using PHP standard DES crypt function, should not happen on Debian system + _crypt_extended_init_r(); +- +- crypt_res = _crypt_extended_r(str, salt, &buffer); +- if (!crypt_res) { +- if (salt[0]=='*' && salt[1]=='0') { +- RETURN_STRING("*1", 1); +- } else { +- RETURN_STRING("*0", 1); +- } +- } else { +- RETURN_STRING(crypt_res, 1); +- } ++ crypt_res = _crypt_extended_r(str, salt, &extended_buffer); ++#endif + } +- } +-#else + +-# if defined(HAVE_CRYPT_R) && (defined(_REENTRANT) || defined(_THREAD_SAFE)) +- { +-# if defined(CRYPT_R_STRUCT_CRYPT_DATA) +- struct crypt_data buffer; +- memset(&buffer, 0, sizeof(buffer)); +-# elif defined(CRYPT_R_CRYPTD) +- CRYPTD buffer; +-# else +-# error Data struct used by crypt_r() is unknown. Please report. +-# endif +- crypt_res = crypt_r(str, salt, &buffer); + if (!crypt_res) { +- if (salt[0]=='*' && salt[1]=='0') { +- RETURN_STRING("*1", 1); +- } else { +- RETURN_STRING("*0", 1); +- } ++ if (salt[0]=='*' && salt[1]=='0') { ++ RETVAL_STRING("*1", 1); ++ } else { ++ RETVAL_STRING("*0", 1); ++ } + } else { +- RETURN_STRING(crypt_res, 1); ++ RETVAL_STRING(crypt_res, 1); ++ } ++ memset(salt, 0, sizeof(salt)); ++ if (output[0]!='\0') { ++ memset(output, 0, sizeof(output)); + } + } +-# endif +-#endif + } + /* }}} */ + #endif --- php5-5.4.6.orig/debian/patches/113-php.ini_securitynotes.patch +++ php5-5.4.6/debian/patches/113-php.ini_securitynotes.patch @@ -0,0 +1,20 @@ +Description: Adds security notices to php.ini settings +Origin: vendor +Forwarded: not-needed +Last-Update: 2010-01-18 + +--- a/php.ini-development ++++ b/php.ini-development +@@ -305,6 +305,12 @@ serialize_precision = 17 + ; or per-virtualhost web server configuration file. This directive is + ; *NOT* affected by whether Safe Mode is turned On or Off. + ; http://php.net/open-basedir ++ ++; NOTE: this is considered a "broken" security measure. ++; Applications relying on this feature will not receive full ++; support by the security team. For more information please ++; see /usr/share/doc/php5-common/README.Debian.security ++; + ;open_basedir = + + ; This directive allows you to disable certain functions for security reasons. --- php5-5.4.6.orig/debian/patches/052-phpinfo_no_configure.patch +++ php5-5.4.6/debian/patches/052-phpinfo_no_configure.patch @@ -0,0 +1,33 @@ +Description: Disable configure parameters on phpinfo() output + . + Patch needs to be discussed with upstream and the issues that lead to + its addition re-checked. Quoting changelog entry: + . + Add [...], which disables the display of our "Configure Command" in + phpinfo(), which was the source of many bogus bug reports over the + years, due to people misinterpreting its meaning. +Origin: vendor +Forwarded: no +Last-Update: 2010-01-18 + +--- a/ext/standard/info.c ++++ b/ext/standard/info.c +@@ -704,7 +704,7 @@ PHPAPI void php_print_info(int flag TSRM + #ifdef ARCHITECTURE + php_info_print_table_row(2, "Architecture", ARCHITECTURE); + #endif +-#ifdef CONFIGURE_COMMAND ++#if 0 + php_info_print_table_row(2, "Configure Command", CONFIGURE_COMMAND ); + #endif + +--- a/ext/standard/tests/general_functions/phpinfo.phpt ++++ b/ext/standard/tests/general_functions/phpinfo.phpt +@@ -20,7 +20,6 @@ PHP Version => %s + + System => %s + Build Date => %s%a +-Configure Command => %s + Server API => Command Line Interface + Virtual Directory Support => %s + Configuration File (php.ini) Path => %s --- php5-5.4.6.orig/debian/patches/036-fd_setsize_fix.patch +++ php5-5.4.6/debian/patches/036-fd_setsize_fix.patch @@ -0,0 +1,26 @@ +Description: Fixes misuse of FD_SET() +Origin: vendor +Forwarded: no +Last-Update: 2010-01-18 + +--- a/ext/sockets/sockets.c ++++ b/ext/sockets/sockets.c +@@ -892,6 +892,7 @@ static int php_sock_array_to_fd_set(zval + + php_sock = (php_socket*) zend_fetch_resource(element TSRMLS_CC, -1, le_socket_name, NULL, 1, le_socket); + if (!php_sock) continue; /* If element is not a resource, skip it */ ++ if (php_sock->bsd_socket > FD_SETSIZE) continue; /* must ignore it */ + + PHP_SAFE_FD_SET(php_sock->bsd_socket, fds); + if (php_sock->bsd_socket > *max_fd) { +--- a/ext/standard/streamsfuncs.c ++++ b/ext/standard/streamsfuncs.c +@@ -621,6 +621,8 @@ static int stream_array_to_fd_set(zval * + * is not displayed. + * */ + if (SUCCESS == php_stream_cast(stream, PHP_STREAM_AS_FD_FOR_SELECT | PHP_STREAM_CAST_INTERNAL, (void*)&this_fd, 1) && this_fd != -1) { ++ if (this_fd > FD_SETSIZE) ++ continue; + + PHP_SAFE_FD_SET(this_fd, fds); + --- php5-5.4.6.orig/debian/patches/PEAR-Builder-print-info-about-php5-dev.patch +++ php5-5.4.6/debian/patches/PEAR-Builder-print-info-about-php5-dev.patch @@ -0,0 +1,10 @@ +--- a/PEAR/Builder.php 2011-05-14 20:43:01.000000000 +0000 ++++ b/PEAR/Builder.php 2011-05-26 15:56:41.096485701 +0000 +@@ -309,6 +309,8 @@ class PEAR_Builder extends PEAR_Common + } + + if (!$err) { ++ print "If the command failed with 'phpize: not found' then you need to install php5-dev package"; ++ print "You can do it by running 'apt-get install php5-dev' as a root user"; + return $this->raiseError("`phpize' failed"); + } --- php5-5.4.6.orig/debian/patches/fix_crash_in__php_mssql_get_column_content_without_type.patch +++ php5-5.4.6/debian/patches/fix_crash_in__php_mssql_get_column_content_without_type.patch @@ -0,0 +1,17 @@ +--- a/ext/mssql/php_mssql.c ++++ b/ext/mssql/php_mssql.c +@@ -1106,6 +1106,14 @@ static void php_mssql_get_column_content + return; + } + ++ if (res_length == 0) { ++ ZVAL_NULL(result); ++ return; ++ } else if (res_length < 0) { ++ ZVAL_FALSE(result); ++ return; ++ } ++ + res_buf = (unsigned char *) emalloc(res_length+1); + bin = ((DBBINARY *)dbdata(mssql_ptr->link, offset)); + res_buf[res_length] = '\0';