summaryrefslogtreecommitdiffstats
path: root/main
diff options
context:
space:
mode:
Diffstat (limited to 'main')
-rw-r--r--main/php/APKBUILD24
-rw-r--r--main/php/CVE-2010-2225.patch194
-rw-r--r--main/php/curl-flush.patch17
-rw-r--r--main/php/gd-info-segfault.patch26
-rw-r--r--main/php/zend_execute_API.c.patch10
5 files changed, 12 insertions, 259 deletions
diff --git a/main/php/APKBUILD b/main/php/APKBUILD
index f933f01bd..d102fe061 100644
--- a/main/php/APKBUILD
+++ b/main/php/APKBUILD
@@ -1,9 +1,9 @@
# Contributor: Carlo Landmeter <clandmeter at gmail>
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=php
-pkgver=5.3.2
-_suhosinver=${pkgver}-0.9.9.1
-pkgrel=8
+pkgver=5.3.3
+_suhosinver=${pkgver}-0.9.10
+pkgrel=0
pkgdesc="The PHP language runtime engine"
url="http://www.php.net/"
license="PHP-3"
@@ -64,19 +64,20 @@ subpackages="$pkgname-dev $pkgname-doc $pkgname-cli $pkgname-pear
source="http://www.php.net/distributions/${pkgname}-${pkgver}.tar.bz2
http://download.suhosin.org/suhosin-patch-${_suhosinver}.patch.gz
php-install-pear-xml.patch
- zend_execute_API.c.patch
- CVE-2010-2225.patch
+ php-uclibc.patch
"
_extdir="/usr/lib/php/20090626"
-build() {
+prepare() {
cd "$srcdir/$pkgname-$pkgver"
-
# beat the pear installer into using xml.so
patch -p1 -i "$srcdir"/php-install-pear-xml.patch || return 1
+ patch -p1 -i "$srcdir"/php-uclibc.patch || return 1
+}
- patch -p0 -i "$srcdir"/CVE-2010-2225.patch || return 1
+build() {
+ cd "$srcdir/$pkgname-$pkgver"
# apply suhosin patch
gunzip -c ${srcdir}/suhosin-patch-${_suhosinver}.patch.gz \
@@ -259,8 +260,7 @@ dev() {
mv "$pkgdir"/usr/bin/phpize "$subpkgdir"/usr/bin/
}
-md5sums="46f500816125202c48a458d0133254a4 php-5.3.2.tar.bz2
-4647b05330862d6a1fc4469245cc6ade suhosin-patch-5.3.2-0.9.9.1.patch.gz
+md5sums="21ceeeb232813c10283a5ca1b4c87b48 php-5.3.3.tar.bz2
+b66b27c43b1332400ef8982944c3b95b suhosin-patch-5.3.3-0.9.10.patch.gz
5111e3be06d391f8772587c675240fab php-install-pear-xml.patch
-55f9d24316a57e0c0f6b4b84791a1a17 zend_execute_API.c.patch
-373a2705d03a13b77b590026b0ae47aa CVE-2010-2225.patch"
+26adfe0e744ec05fa9e368bbdee83176 php-uclibc.patch"
diff --git a/main/php/CVE-2010-2225.patch b/main/php/CVE-2010-2225.patch
deleted file mode 100644
index 08c71f26b..000000000
--- a/main/php/CVE-2010-2225.patch
+++ /dev/null
@@ -1,194 +0,0 @@
-Index: ext/spl/tests/SplObjectStorage_unserialize_nested.phpt
-===================================================================
---- ext/spl/tests/SplObjectStorage_unserialize_nested.phpt (revision 0)
-+++ ext/spl/tests/SplObjectStorage_unserialize_nested.phpt (revision 300843)
-@@ -0,0 +1,47 @@
-+--TEST--
-+SPL: Test unserializing tested & linked storage
-+--FILE--
-+<?php
-+$o = new StdClass();
-+$a = new StdClass();
-+
-+$o->a = $a;
-+
-+$so = new SplObjectStorage();
-+
-+$so[$o] = 1;
-+$so[$a] = 2;
-+
-+$s = serialize($so);
-+echo $s."\n";
-+
-+$so1 = unserialize($s);
-+var_dump($so1);
-+
-+--EXPECTF--
-+C:16:"SplObjectStorage":76:{x:i:2;O:8:"stdClass":1:{s:1:"a";O:8:"stdClass":0:{}},i:1;;r:2;,i:2;;m:a:0:{}}
-+object(SplObjectStorage)#4 (1) {
-+ ["storage":"SplObjectStorage":private]=>
-+ array(2) {
-+ ["%s"]=>
-+ array(2) {
-+ ["obj"]=>
-+ object(stdClass)#5 (1) {
-+ ["a"]=>
-+ object(stdClass)#6 (0) {
-+ }
-+ }
-+ ["inf"]=>
-+ int(1)
-+ }
-+ ["%s"]=>
-+ array(2) {
-+ ["obj"]=>
-+ object(stdClass)#6 (0) {
-+ }
-+ ["inf"]=>
-+ int(2)
-+ }
-+ }
-+}
-+
-Index: ext/spl/tests/SplObjectStorage_unserialize_bad.phpt
-===================================================================
---- ext/spl/tests/SplObjectStorage_unserialize_bad.phpt (revision 0)
-+++ ext/spl/tests/SplObjectStorage_unserialize_bad.phpt (revision 300843)
-@@ -0,0 +1,45 @@
-+--TEST--
-+SPL: Test that serialized blob contains unique elements (CVE-2010-2225)
-+--FILE--
-+<?php
-+
-+$badblobs = array(
-+'x:i:2;i:0;,i:1;;i:0;,i:2;;m:a:0:{}',
-+'x:i:3;O:8:"stdClass":0:{},O:8:"stdClass":0:{};R:1;,i:1;;O:8:"stdClass":0:{},r:2;;m:a:0:{}',
-+'x:i:3;O:8:"stdClass":0:{},O:8:"stdClass":0:{};r:1;,i:1;;O:8:"stdClass":0:{},r:2;;m:a:0:{}',
-+);
-+foreach($badblobs as $blob) {
-+try {
-+ $so = new SplObjectStorage();
-+ $so->unserialize($blob);
-+ var_dump($so);
-+} catch(UnexpectedValueException $e) {
-+ echo $e->getMessage()."\n";
-+}
-+}
-+--EXPECTF--
-+Error at offset 6 of 34 bytes
-+Error at offset 46 of 89 bytes
-+object(SplObjectStorage)#2 (1) {
-+ ["storage":"SplObjectStorage":private]=>
-+ array(2) {
-+ ["%s"]=>
-+ array(2) {
-+ ["obj"]=>
-+ object(stdClass)#3 (0) {
-+ }
-+ ["inf"]=>
-+ int(1)
-+ }
-+ ["%s"]=>
-+ array(2) {
-+ ["obj"]=>
-+ object(stdClass)#1 (0) {
-+ }
-+ ["inf"]=>
-+ object(stdClass)#4 (0) {
-+ }
-+ }
-+ }
-+}
-+
-Index: ext/spl/spl_observer.c
-===================================================================
---- ext/spl/spl_observer.c (revision 300842)
-+++ ext/spl/spl_observer.c (revision 300843)
-@@ -115,6 +115,7 @@
- zval_ptr_dtor(&element->inf);
- } /* }}} */
-
-+
- spl_SplObjectStorageElement* spl_object_storage_get(spl_SplObjectStorage *intern, zval *obj TSRMLS_DC) /* {{{ */
- {
- spl_SplObjectStorageElement *element;
-@@ -632,15 +633,24 @@
- zval_ptr_dtor(&pcount);
-
- while(count-- > 0) {
-+ spl_SplObjectStorageElement *pelement;
-+
- if (*p != ';') {
- goto outexcept;
- }
- ++p;
-+ if(*p != 'O' && *p != 'C' && *p != 'r') {
-+ goto outexcept;
-+ }
- ALLOC_INIT_ZVAL(pentry);
- if (!php_var_unserialize(&pentry, &p, s + buf_len, &var_hash TSRMLS_CC)) {
- zval_ptr_dtor(&pentry);
- goto outexcept;
- }
-+ if(Z_TYPE_P(pentry) != IS_OBJECT) {
-+ zval_ptr_dtor(&pentry);
-+ goto outexcept;
-+ }
- ALLOC_INIT_ZVAL(pinf);
- if (*p == ',') { /* new version has inf */
- ++p;
-@@ -649,6 +659,16 @@
- goto outexcept;
- }
- }
-+
-+ pelement = spl_object_storage_get(intern, pentry TSRMLS_CC);
-+ if(pelement) {
-+ if(pelement->inf) {
-+ var_push_dtor(&var_hash, &pelement->inf);
-+ }
-+ if(pelement->obj) {
-+ var_push_dtor(&var_hash, &pelement->obj);
-+ }
-+ }
- spl_object_storage_attach(intern, pentry, pinf TSRMLS_CC);
- zval_ptr_dtor(&pentry);
- zval_ptr_dtor(&pinf);
-Index: ext/standard/var_unserializer.c
-===================================================================
---- ext/standard/var_unserializer.c (revision 300842)
-+++ ext/standard/var_unserializer.c (revision 300843)
-@@ -56,7 +56,7 @@
- var_hash->data[var_hash->used_slots++] = *rval;
- }
-
--static inline void var_push_dtor(php_unserialize_data_t *var_hashx, zval **rval)
-+PHPAPI void var_push_dtor(php_unserialize_data_t *var_hashx, zval **rval)
- {
- var_entries *var_hash = var_hashx->first_dtor, *prev = NULL;
-
-Index: ext/standard/php_var.h
-===================================================================
---- ext/standard/php_var.h (revision 300842)
-+++ ext/standard/php_var.h (revision 300843)
-@@ -60,6 +60,7 @@
- var_destroy(&(var_hash))
-
- PHPAPI void var_replace(php_unserialize_data_t *var_hash, zval *ozval, zval **nzval);
-+PHPAPI void var_push_dtor(php_unserialize_data_t *var_hash, zval **val);
- PHPAPI void var_destroy(php_unserialize_data_t *var_hash);
-
- #define PHP_VAR_UNSERIALIZE_ZVAL_CHANGED(var_hash, ozval, nzval) \
-Index: ext/standard/var_unserializer.re
-===================================================================
---- ext/standard/var_unserializer.re (revision 300842)
-+++ ext/standard/var_unserializer.re (revision 300843)
-@@ -54,7 +54,7 @@
- var_hash->data[var_hash->used_slots++] = *rval;
- }
-
--static inline void var_push_dtor(php_unserialize_data_t *var_hashx, zval **rval)
-+PHPAPI void var_push_dtor(php_unserialize_data_t *var_hashx, zval **rval)
- {
- var_entries *var_hash = var_hashx->first_dtor, *prev = NULL;
-
diff --git a/main/php/curl-flush.patch b/main/php/curl-flush.patch
deleted file mode 100644
index 14fc31a0b..000000000
--- a/main/php/curl-flush.patch
+++ /dev/null
@@ -1,17 +0,0 @@
---- /repository/php-src/ext/curl/interface.c 2009/06/15 12:38:11 1.62.2.14.2.57
-+++ /repository/php-src/ext/curl/interface.c 2009/06/28 10:00:28 1.62.2.14.2.58
-@@ -1827,6 +1827,14 @@
- if (ch->handlers->write->method == PHP_CURL_RETURN && ch->handlers->write->buf.len > 0) {
- smart_str_0(&ch->handlers->write->buf);
- RETURN_STRINGL(ch->handlers->write->buf.c, ch->handlers->write->buf.len, 1);
-+ }
-+
-+ /* flush the file handle, so any remaining data is synched to disk */
-+ if (ch->handlers->write->method == PHP_CURL_FILE && ch->handlers->write->fp) {
-+ fflush(ch->handlers->write->fp);
-+ }
-+ if (ch->handlers->write_header->method == PHP_CURL_FILE && ch->handlers->write_header->fp) {
-+ fflush(ch->handlers->write_header->fp);
- }
-
- if (ch->handlers->write->method == PHP_CURL_RETURN) {
diff --git a/main/php/gd-info-segfault.patch b/main/php/gd-info-segfault.patch
deleted file mode 100644
index 846a19ef7..000000000
--- a/main/php/gd-info-segfault.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-Index: ext/gd/libgd/gd_compat.c
-===================================================================
---- ext/gd/libgd/gd_compat.c (Revision 286947)
-+++ ext/gd/libgd/gd_compat.c (Revision 286948)
-@@ -14,7 +14,7 @@
- return JPEG_LIB_VERSION;
- }
-
--int gdJpegGetVersionString()
-+const char * gdJpegGetVersionString()
- {
- switch(JPEG_LIB_VERSION) {
- case 62:
-Index: ext/gd/libgd/gd_compat.h
-===================================================================
---- ext/gd/libgd/gd_compat.h (Revision 286947)
-+++ ext/gd/libgd/gd_compat.h (Revision 286948)
-@@ -8,7 +8,7 @@
- #endif
-
- const char * gdPngGetVersionString();
--int gdJpegGetVersionString();
-+const char * gdJpegGetVersionString();
- int gdJpegGetVersionInt();
- int overflow2(int a, int b);
-
diff --git a/main/php/zend_execute_API.c.patch b/main/php/zend_execute_API.c.patch
deleted file mode 100644
index 0976a7b39..000000000
--- a/main/php/zend_execute_API.c.patch
+++ /dev/null
@@ -1,10 +0,0 @@
---- PHP_5_3/Zend/zend_execute_API.c 2009/12/18 18:41:53 292294
-+++ PHP_5_3/Zend/zend_execute_API.c 2009/12/18 19:12:11 292295
-@@ -838,6 +838,7 @@
- zval *param;
-
- if (EX(function_state).function->type == ZEND_INTERNAL_FUNCTION
-+ && (EX(function_state).function->common.fn_flags & ZEND_ACC_CALL_VIA_HANDLER) == 0
- && !ARG_SHOULD_BE_SENT_BY_REF(EX(function_state).function, i + 1)
- && PZVAL_IS_REF(*fci->params[i])) {
- SEPARATE_ZVAL(fci->params[i]);