diff options
Diffstat (limited to 'main')
-rw-r--r-- | main/php/APKBUILD | 24 | ||||
-rw-r--r-- | main/php/CVE-2010-2225.patch | 194 | ||||
-rw-r--r-- | main/php/curl-flush.patch | 17 | ||||
-rw-r--r-- | main/php/gd-info-segfault.patch | 26 | ||||
-rw-r--r-- | main/php/zend_execute_API.c.patch | 10 |
5 files changed, 12 insertions, 259 deletions
diff --git a/main/php/APKBUILD b/main/php/APKBUILD index f933f01bd4..d102fe061a 100644 --- a/main/php/APKBUILD +++ b/main/php/APKBUILD @@ -1,9 +1,9 @@ # Contributor: Carlo Landmeter <clandmeter at gmail> # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=php -pkgver=5.3.2 -_suhosinver=${pkgver}-0.9.9.1 -pkgrel=8 +pkgver=5.3.3 +_suhosinver=${pkgver}-0.9.10 +pkgrel=0 pkgdesc="The PHP language runtime engine" url="http://www.php.net/" license="PHP-3" @@ -64,19 +64,20 @@ subpackages="$pkgname-dev $pkgname-doc $pkgname-cli $pkgname-pear source="http://www.php.net/distributions/${pkgname}-${pkgver}.tar.bz2 http://download.suhosin.org/suhosin-patch-${_suhosinver}.patch.gz php-install-pear-xml.patch - zend_execute_API.c.patch - CVE-2010-2225.patch + php-uclibc.patch " _extdir="/usr/lib/php/20090626" -build() { +prepare() { cd "$srcdir/$pkgname-$pkgver" - # beat the pear installer into using xml.so patch -p1 -i "$srcdir"/php-install-pear-xml.patch || return 1 + patch -p1 -i "$srcdir"/php-uclibc.patch || return 1 +} - patch -p0 -i "$srcdir"/CVE-2010-2225.patch || return 1 +build() { + cd "$srcdir/$pkgname-$pkgver" # apply suhosin patch gunzip -c ${srcdir}/suhosin-patch-${_suhosinver}.patch.gz \ @@ -259,8 +260,7 @@ dev() { mv "$pkgdir"/usr/bin/phpize "$subpkgdir"/usr/bin/ } -md5sums="46f500816125202c48a458d0133254a4 php-5.3.2.tar.bz2 -4647b05330862d6a1fc4469245cc6ade suhosin-patch-5.3.2-0.9.9.1.patch.gz +md5sums="21ceeeb232813c10283a5ca1b4c87b48 php-5.3.3.tar.bz2 +b66b27c43b1332400ef8982944c3b95b suhosin-patch-5.3.3-0.9.10.patch.gz 5111e3be06d391f8772587c675240fab php-install-pear-xml.patch -55f9d24316a57e0c0f6b4b84791a1a17 zend_execute_API.c.patch -373a2705d03a13b77b590026b0ae47aa CVE-2010-2225.patch" +26adfe0e744ec05fa9e368bbdee83176 php-uclibc.patch" diff --git a/main/php/CVE-2010-2225.patch b/main/php/CVE-2010-2225.patch deleted file mode 100644 index 08c71f26b0..0000000000 --- a/main/php/CVE-2010-2225.patch +++ /dev/null @@ -1,194 +0,0 @@ -Index: ext/spl/tests/SplObjectStorage_unserialize_nested.phpt -=================================================================== ---- ext/spl/tests/SplObjectStorage_unserialize_nested.phpt (revision 0) -+++ ext/spl/tests/SplObjectStorage_unserialize_nested.phpt (revision 300843) -@@ -0,0 +1,47 @@ -+--TEST-- -+SPL: Test unserializing tested & linked storage -+--FILE-- -+<?php -+$o = new StdClass(); -+$a = new StdClass(); -+ -+$o->a = $a; -+ -+$so = new SplObjectStorage(); -+ -+$so[$o] = 1; -+$so[$a] = 2; -+ -+$s = serialize($so); -+echo $s."\n"; -+ -+$so1 = unserialize($s); -+var_dump($so1); -+ -+--EXPECTF-- -+C:16:"SplObjectStorage":76:{x:i:2;O:8:"stdClass":1:{s:1:"a";O:8:"stdClass":0:{}},i:1;;r:2;,i:2;;m:a:0:{}} -+object(SplObjectStorage)#4 (1) { -+ ["storage":"SplObjectStorage":private]=> -+ array(2) { -+ ["%s"]=> -+ array(2) { -+ ["obj"]=> -+ object(stdClass)#5 (1) { -+ ["a"]=> -+ object(stdClass)#6 (0) { -+ } -+ } -+ ["inf"]=> -+ int(1) -+ } -+ ["%s"]=> -+ array(2) { -+ ["obj"]=> -+ object(stdClass)#6 (0) { -+ } -+ ["inf"]=> -+ int(2) -+ } -+ } -+} -+ -Index: ext/spl/tests/SplObjectStorage_unserialize_bad.phpt -=================================================================== ---- ext/spl/tests/SplObjectStorage_unserialize_bad.phpt (revision 0) -+++ ext/spl/tests/SplObjectStorage_unserialize_bad.phpt (revision 300843) -@@ -0,0 +1,45 @@ -+--TEST-- -+SPL: Test that serialized blob contains unique elements (CVE-2010-2225) -+--FILE-- -+<?php -+ -+$badblobs = array( -+'x:i:2;i:0;,i:1;;i:0;,i:2;;m:a:0:{}', -+'x:i:3;O:8:"stdClass":0:{},O:8:"stdClass":0:{};R:1;,i:1;;O:8:"stdClass":0:{},r:2;;m:a:0:{}', -+'x:i:3;O:8:"stdClass":0:{},O:8:"stdClass":0:{};r:1;,i:1;;O:8:"stdClass":0:{},r:2;;m:a:0:{}', -+); -+foreach($badblobs as $blob) { -+try { -+ $so = new SplObjectStorage(); -+ $so->unserialize($blob); -+ var_dump($so); -+} catch(UnexpectedValueException $e) { -+ echo $e->getMessage()."\n"; -+} -+} -+--EXPECTF-- -+Error at offset 6 of 34 bytes -+Error at offset 46 of 89 bytes -+object(SplObjectStorage)#2 (1) { -+ ["storage":"SplObjectStorage":private]=> -+ array(2) { -+ ["%s"]=> -+ array(2) { -+ ["obj"]=> -+ object(stdClass)#3 (0) { -+ } -+ ["inf"]=> -+ int(1) -+ } -+ ["%s"]=> -+ array(2) { -+ ["obj"]=> -+ object(stdClass)#1 (0) { -+ } -+ ["inf"]=> -+ object(stdClass)#4 (0) { -+ } -+ } -+ } -+} -+ -Index: ext/spl/spl_observer.c -=================================================================== ---- ext/spl/spl_observer.c (revision 300842) -+++ ext/spl/spl_observer.c (revision 300843) -@@ -115,6 +115,7 @@ - zval_ptr_dtor(&element->inf); - } /* }}} */ - -+ - spl_SplObjectStorageElement* spl_object_storage_get(spl_SplObjectStorage *intern, zval *obj TSRMLS_DC) /* {{{ */ - { - spl_SplObjectStorageElement *element; -@@ -632,15 +633,24 @@ - zval_ptr_dtor(&pcount); - - while(count-- > 0) { -+ spl_SplObjectStorageElement *pelement; -+ - if (*p != ';') { - goto outexcept; - } - ++p; -+ if(*p != 'O' && *p != 'C' && *p != 'r') { -+ goto outexcept; -+ } - ALLOC_INIT_ZVAL(pentry); - if (!php_var_unserialize(&pentry, &p, s + buf_len, &var_hash TSRMLS_CC)) { - zval_ptr_dtor(&pentry); - goto outexcept; - } -+ if(Z_TYPE_P(pentry) != IS_OBJECT) { -+ zval_ptr_dtor(&pentry); -+ goto outexcept; -+ } - ALLOC_INIT_ZVAL(pinf); - if (*p == ',') { /* new version has inf */ - ++p; -@@ -649,6 +659,16 @@ - goto outexcept; - } - } -+ -+ pelement = spl_object_storage_get(intern, pentry TSRMLS_CC); -+ if(pelement) { -+ if(pelement->inf) { -+ var_push_dtor(&var_hash, &pelement->inf); -+ } -+ if(pelement->obj) { -+ var_push_dtor(&var_hash, &pelement->obj); -+ } -+ } - spl_object_storage_attach(intern, pentry, pinf TSRMLS_CC); - zval_ptr_dtor(&pentry); - zval_ptr_dtor(&pinf); -Index: ext/standard/var_unserializer.c -=================================================================== ---- ext/standard/var_unserializer.c (revision 300842) -+++ ext/standard/var_unserializer.c (revision 300843) -@@ -56,7 +56,7 @@ - var_hash->data[var_hash->used_slots++] = *rval; - } - --static inline void var_push_dtor(php_unserialize_data_t *var_hashx, zval **rval) -+PHPAPI void var_push_dtor(php_unserialize_data_t *var_hashx, zval **rval) - { - var_entries *var_hash = var_hashx->first_dtor, *prev = NULL; - -Index: ext/standard/php_var.h -=================================================================== ---- ext/standard/php_var.h (revision 300842) -+++ ext/standard/php_var.h (revision 300843) -@@ -60,6 +60,7 @@ - var_destroy(&(var_hash)) - - PHPAPI void var_replace(php_unserialize_data_t *var_hash, zval *ozval, zval **nzval); -+PHPAPI void var_push_dtor(php_unserialize_data_t *var_hash, zval **val); - PHPAPI void var_destroy(php_unserialize_data_t *var_hash); - - #define PHP_VAR_UNSERIALIZE_ZVAL_CHANGED(var_hash, ozval, nzval) \ -Index: ext/standard/var_unserializer.re -=================================================================== ---- ext/standard/var_unserializer.re (revision 300842) -+++ ext/standard/var_unserializer.re (revision 300843) -@@ -54,7 +54,7 @@ - var_hash->data[var_hash->used_slots++] = *rval; - } - --static inline void var_push_dtor(php_unserialize_data_t *var_hashx, zval **rval) -+PHPAPI void var_push_dtor(php_unserialize_data_t *var_hashx, zval **rval) - { - var_entries *var_hash = var_hashx->first_dtor, *prev = NULL; - diff --git a/main/php/curl-flush.patch b/main/php/curl-flush.patch deleted file mode 100644 index 14fc31a0bc..0000000000 --- a/main/php/curl-flush.patch +++ /dev/null @@ -1,17 +0,0 @@ ---- /repository/php-src/ext/curl/interface.c 2009/06/15 12:38:11 1.62.2.14.2.57 -+++ /repository/php-src/ext/curl/interface.c 2009/06/28 10:00:28 1.62.2.14.2.58 -@@ -1827,6 +1827,14 @@ - if (ch->handlers->write->method == PHP_CURL_RETURN && ch->handlers->write->buf.len > 0) { - smart_str_0(&ch->handlers->write->buf); - RETURN_STRINGL(ch->handlers->write->buf.c, ch->handlers->write->buf.len, 1); -+ } -+ -+ /* flush the file handle, so any remaining data is synched to disk */ -+ if (ch->handlers->write->method == PHP_CURL_FILE && ch->handlers->write->fp) { -+ fflush(ch->handlers->write->fp); -+ } -+ if (ch->handlers->write_header->method == PHP_CURL_FILE && ch->handlers->write_header->fp) { -+ fflush(ch->handlers->write_header->fp); - } - - if (ch->handlers->write->method == PHP_CURL_RETURN) { diff --git a/main/php/gd-info-segfault.patch b/main/php/gd-info-segfault.patch deleted file mode 100644 index 846a19ef74..0000000000 --- a/main/php/gd-info-segfault.patch +++ /dev/null @@ -1,26 +0,0 @@ -Index: ext/gd/libgd/gd_compat.c -=================================================================== ---- ext/gd/libgd/gd_compat.c (Revision 286947) -+++ ext/gd/libgd/gd_compat.c (Revision 286948) -@@ -14,7 +14,7 @@ - return JPEG_LIB_VERSION; - } - --int gdJpegGetVersionString() -+const char * gdJpegGetVersionString() - { - switch(JPEG_LIB_VERSION) { - case 62: -Index: ext/gd/libgd/gd_compat.h -=================================================================== ---- ext/gd/libgd/gd_compat.h (Revision 286947) -+++ ext/gd/libgd/gd_compat.h (Revision 286948) -@@ -8,7 +8,7 @@ - #endif - - const char * gdPngGetVersionString(); --int gdJpegGetVersionString(); -+const char * gdJpegGetVersionString(); - int gdJpegGetVersionInt(); - int overflow2(int a, int b); - diff --git a/main/php/zend_execute_API.c.patch b/main/php/zend_execute_API.c.patch deleted file mode 100644 index 0976a7b391..0000000000 --- a/main/php/zend_execute_API.c.patch +++ /dev/null @@ -1,10 +0,0 @@ ---- PHP_5_3/Zend/zend_execute_API.c 2009/12/18 18:41:53 292294 -+++ PHP_5_3/Zend/zend_execute_API.c 2009/12/18 19:12:11 292295 -@@ -838,6 +838,7 @@ - zval *param; - - if (EX(function_state).function->type == ZEND_INTERNAL_FUNCTION -+ && (EX(function_state).function->common.fn_flags & ZEND_ACC_CALL_VIA_HANDLER) == 0 - && !ARG_SHOULD_BE_SENT_BY_REF(EX(function_state).function, i + 1) - && PZVAL_IS_REF(*fci->params[i])) { - SEPARATE_ZVAL(fci->params[i]); |